Hi Everyone !!
Work on the first custom rom WP8 for Huawei w1 been completed successfully .
Time for something new !
I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .
Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.
I'll keep you informed about the progress !! :fingers-crossed:
I collect money for the ATF and the new phone, otherwise I can't continue to work. In the future, project will be developed for many other devices with WP8.
Interesting. First of all: Congrats on the succesfull flash,
second of all: I hope you can resurrect your Lumia 1520 how did you get the 1520 to accept the modified rom though? Though Lumias check the signature after the flashing process has completed?
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
WojtasXda said:
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
Click to expand...
Click to collapse
Getting the boot files might be the trickier method, but you could try what I described in your other post. I guess the ATF Box is your best chance. I'll look through the 1520 update cabs maybe theres something in there that'll help you build the mbn boot image, like on htcs. (which are, for the 8s encrypted, for the 8x not, as far as I know.) If you feel okay with it you can shoot me a message with tips on how you managed to do that, if not, that's not a problem
WojtasXda said:
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
Click to expand...
Click to collapse
Are you reading this thread: http://www.coolxap.com/forum-199-1.html ?
I received a lot of information about huawei w1 on this site. When read about it in December 2013.
Actually if the verification bypass works (which, knowing MS's tight security on Nokias, I highly doubt), it just needs to be released as a method, and after that, anyone can make their own custom ROM.
I'd definitely make some changes to the system (clear out some default apps, add some of my own, change the accent colours, allow interop and other caps to any apps, increase custom app limit), but that would break the built-in system updater. So beware modders, DO NOT use official updates when on modded firmware!
WojtasXda said:
Hi Everyone !!
Work on the first custom rom WP8 for Huawei w1 been completed successfully .
Time for something new !
I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .
Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.
I'll keep you informed about the progress !! :fingers-crossed:
Click to expand...
Click to collapse
Hi,
I have an ATF Box (lordmaxey & me interop unlocked our Lumias with it, do you remember me ) and would like to help you. Feel free to PM me
Another question, did you just modify the .ffu file via Hex Editor? I've tried it myself a long time ago, but it didn't work and I had to repair it with my ATF. Is there a bug in newer Nokia FFU files?
myst02
feherneoh said:
Flashing the custom ROM is not hard, so I would give it a try
Just be sure you don't touch boot partitions, so you will be able to boot into flashmode
On L520, I could simply flash ANY ffu using CareSuite, so flashing works, just need idea, what to change in ROM
Click to expand...
Click to collapse
How are you able to bypass signature checking though? Funny how on Lumias you can apparently edit the MainOS Partition but cannot touch the Boot ones, and on HTC it's exactly the reverse.
Guys ... the only barrier that separates us from the Custom ROM are 2 files that i need to create and adapt to the device. I mean MPRG8974.mbn ((hex) and msimage8974.mbn . Anyone who has knowledge on this topic, please help !!
This is my other topic about mprg/misimage
http://forum.xda-developers.com/hardware-hacking/hardware/qpst-help-create-mprg-msimage-mbn-t2949492
Here is a lot of information about QPST
http://forum.xda-developers.com/showthread.php?t=2136738
how to build mprg and msimage [/url]
http://blog.csdn.net/ziyouwa/article/details/16331545
feherneoh said:
Start phone recovery process in CareSuite, select official firmware, press start
When it asks you, to connect the phone, just replace the ffu file with the modified one
Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE
Click to expand...
Click to collapse
how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?
feherneoh said:
Start phone recovery process in CareSuite, select official firmware, press start
When it asks you, to connect the phone, just replace the ffu file with the modified one
Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE
Click to expand...
Click to collapse
Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?
For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.
Therefore necessary there is start working on the most needed things.
ngame said:
how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?
Click to expand...
Click to collapse
Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.
Well ... I go learn and explore the dark side of QPST
Regards
WojtasXda said:
Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?
For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.
Therefore necessary there is start working on the most needed things.
Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.
Well ... I go learn and explore the dark side of QPST
Regards
Click to expand...
Click to collapse
I know it's not easy and simple and I know there's at least one tool to create and edit ffu files and it's also not public but i thought he developed a FFU Editor app ! or he flashed Custom Rom many times !
and also I think you mean Phone Image Designer of Microsoft :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
feherneoh said:
I have used HxD hex editor to find the partition headers, then used OSFMount to mount them. You can either mount a part of the ffu, or copy the partition to a separate image
As far as I know (my bricked 520 proves it) SoC's built-in ROM checks the first partition's signature using the public key in Q-Fuse, so let's crack RSA and stuff like that. SPL/HSPL was used to load CE, NT on ARM uses UEFI
Click to expand...
Click to collapse
you bricked your phone when you try this way ?
If( YourAnswer == "Yes" )
{
MessageBox.Show("Surely This way can't be useful or it's not the complete way and we need to research more");
}
else
{
//More Details go here
}
feherneoh said:
This happened when I tried to modify first partition (shown in attachments in previous post)
I'm not sure, if I added that in this thread, too, but only try, if you have JTAG box, so you won't mess up everything
Click to expand...
Click to collapse
Unfortunately I have no JTAG box (riff , atf and etc.)
I will look for way you provide and check it .
I have to find someone with JTAG in Mashad,Iran . Is there anyone ?
it is necessary to learn how to create MPRG / MSIMAGE and use QPST Then jtag will not be needed. These files are obtained by reading the data from the memory EMMC in this case VHD would be the best solution.
OK OK your way worked
I could create 3 Partitions from my L920 (RM-821) Rom .
I couldn't access MainOS partition in this ROM .
sounds good to find this working way but need to work on it hours and hours .
feherneoh said:
Once found something like MPRG in ffu
Open another SoC's MPRG, and look for the first 8 0r 16 bytes in ffu file
Click to expand...
Click to collapse
I do not know if this is true, but MPRGXXXX.bin or MPRG.hex (Intel hex) suitable for many devices. Msimage is built only for the appropriate device.
@WojtasXda : Are you using caresuite to flash the rom, or do you have another tool?
Click to expand...
Click to collapse
Yes i have own tools for example WP8RUU or WP8CRUU
Things that might be of interest to a custom ROM developer:
* I've just made big progress in figuring out how capabilities work on the phone. Setting them via custom ROM is definitely one of the easier ways it might be done, if you can create arbitrary registry keys and set arbitrary values in them.
* One particularly valuable thing you could add to a non-Samsung ROM is the RPC driver/service/whatever that lets Samsung's RCPComponent library work. I don't know how hard it would be to hack that in, though. The binaries and the registry keys for the service shouldn't be hard to obtain, but I don't know if there will be problems with signatures or anything. Still, if you can get it working, this would mean that Samsung homebrew, and everything we can do with it (such as write arbitrary places in the registry and move files around as SYSTEM) becomes available on the 1520.
Somewhat relatedly, I find myself in need of a new phone (I think my ATIV S may be unrecoverable, and it wasn't even due to a hack I was doing!) and this piques my interest in getting a 1520...
feherneoh said:
Also (just an idea) RT certificates could be added. Maybe some(!) RT apps could run on the phones
Click to expand...
Click to collapse
These apps work now on WP8.1
wp8.1 supports appx and appxbundle formats so we don't have problem with running them on phones .
If you mean running apps like Multimedia 8 on phone I think we will run into resolution problem .
Not going to happen. First of all, the ported desktop apps only work when signature enforcement is off ("jailbroken") even *on RT*; until/unless we get a signature bypass for WP8 that's a complete non-starter.
The other major problem is that all the base libraries for RT are different than for WP. This extends all the way down to the really core stuff like Kernel32.DLL; RT (like normal Windows) has one, but WP8 doesn't (the functions are split into kernelbase.dll and kernel32legacy.dll). Then there's all the code (like support for the normal desktop interface) that WP8 just flat out doesn't have.
I'm not saying it's impossible to get RT code running on WP8... but it's probably easier to port the entire RT OS to the phone (which is *not* easy, but is possible) than it is to get RT software running on WP8 OS.
Related
Hey guys, I don't know if this is of any use for you, but I think it won't hurt to share it.
Based on some posts and ideas I read in different threads, I managed to write to the EFIESP and the PLATpartition of the stock rom of my HTC 8S. I changed the bootimages in the PLAT partition to a custom one,flashed the image and it worked. I'll attach a picture to prove it and if that's not enough, I will post a video.
So, the first step is to download the stock rom (obviously...) and extract the .exe file. (I use 7-ZIP) Then there is a file called "RUU_signed.nbh". If you open it with a Hex Viewer, like HxD, you can find multiple partition Headers. I found 4 that I can use, the rest is encrypted with what appears to be Bitlocker, hence the different headers. Now, what I did was mark the area of the first partition (starts approximately at offset 228BEF90 and is a FAT16 Partition) and continued the selection until the end of the file. Then I created a new one and pasted it. I ddid the same with the rest, always selecting and copying from where the partition starts until the end of the whole file and pasted it into a new one. Then I mounted the files using OSFMount and voilà, you can put stuff and files in there! If you finished, you just unmount the files. Then I opened each file again with HxD, selected EVERYTHING and pasted it
to the according area in the original RUU_signed.nbh. I started with the first one, then the second and so on, so you don't overwrite the changes you have made if you start in reverse order. After packing the file, I tried to flash it and to my surprise, IT WORKED! After rebooting I saw my custom bootimage! Downside of this is obviously that it requires you to use the stock firmware and it will be overwritten once you update your device. But I hope our skilled Devs here have some use for those 2 partitions. Theres 2 more that are usable, but I don't know their names, but you can still put files in them.
Now again, I don't know if this is of any use for you devs, but I still felt kind of obligated to share it
Stupid thing, I put my HTC 8S into Diag Mode and THEN flashed it, now it doesn't connect as MTP but as HTC Diagnostic Interface and I can't change it back because I can't deploy anything to the device. It works perfectly, boots and everything, but no USB Connection via MTP. So be very careful before flashing, since the mode is determined by a NV value which you can't edit afterwards.
This is not a tutorial to be followed by everyday users, but something ment for developers. You do everything at your own risk! And keep in mind that this has only been tested on an HTC 8S!
cheers, hutchinsane_
Yeah, I heard that it is possible, though I hadn't had a chance to test it on my 8X.
As for EFIESP: you can edit \efi\Microsoft\Boot\BCD to enable Kernel Debugger functionality and it is basically enough to hack the whole OS even with actions currently performed.
The most interesting partitions are MainOS (second to last), and Data (last one). Interop Unlock can be done in MainOS.
Thing is that newest ROMs are encrypted (not hard to crack but still)
Darn, hoped I was the first to come up with the idea. I do have acces to the file you're talking about. MainOS seems to be encrypted with Bitlocker since their headers start with -FVE-FS-. I could take a look into the 8X Rom aswell, I expect the situation to be the same. So is there a thread on the Kernel Debugger thing?
EDIT: I just did what you set, although I used a program called "Visual BCD Editor" since I don't know about editing the BCD Store just YET. Now I edited some values from "False" to "True" and for 1 second it showed me what appeared to be a windows boot selection. Now when I boot up, and once the "Windows Phone" blueish logo appears, it shows "Not for resale", meaning that we actually can edit BCD on this device!
Very nice Work
I run in Nokia Lumia 920 RM-821 APAC Malaysia Amber ROM
I find the same
Maybe we can edit Lumia 920 FFU and get first Custom ROM
that's enough to enable WinDbg operopability.
Code:
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD /dbgsettings usb targetname:woatarget
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD -set {default} debug on
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD -set {default} dbgtransport kdusb.dll
Sorry for my Question but how can we find that here is the end of a file in HxD .
I'm now looking for it to flash a Custom Rom on my Lumia 920 but I can't build images correctly using HxD and OSFMount.
Thanks .
@ngame Thanks If you look at your first 2 screenshots, you didn't select the "ë" You MUST select and copy it aswell, it's always the start of a partition, fot FAT aswell as for NTFS. After that, you should be able to mount. For finding the end, I didn't. I just Selected until the end of the file and pasted it back in. It should work, Afterall, my HTC has a "custom" rom aswell now, since there's a custom bootimage
@ultrashot Thanks! I used the commands and it worked succesfully. Waiting on the phone to flash now
EDIT: It doesn't boot once you set a) the target b) the type or something else. but enabling the kernel debugger itself works. Trying to figure out which value makes it unbootable.
ngame said:
Sorry for my Question but how can we find that here is the end of a file in HxD .
I'm now looking for it to flash a Custom Rom on my Lumia 920 but I can't build images correctly using HxD and OSFMount.
Thanks .
Click to expand...
Click to collapse
u must ask me dude .
zimone die
amir323b said:
u must ask me dude .
zimone die
Click to expand...
Click to collapse
PM Me please if you know
Thanks
hutchinsane_ said:
@ngame Thanks If you look at your first 2 screenshots, you didn't select the "ë" You MUST select and copy it aswell, it's always the start of a partition, fot FAT aswell as for NTFS. After that, you should be able to mount. For finding the end, I didn't. I just Selected until the end of the file and pasted it back in. It should work, Afterall, my HTC has a "custom" rom aswell now, since there's a custom bootimage
Click to expand...
Click to collapse
I will test again
Sorry in advance if this is a stupid question ...
Here is a list of partitions from my 928 .ffu but which ones are needed to edit? Just the FAT and NTFS partitions? Are any of the others of any interest?
As far as I know, you have to look for the specific headers, since some are encrypted with Bitlocker, therefor have the "-FVE-FS-" header. Easiest way is to use the search function of HxD and search for NTFS, FAT12 and FAT16 partitions Also, there are no stupid questons
hutchinsane_ said:
As far as I know, you have to look for the specific headers, since some are encrypted with Bitlocker, therefor have the "-FVE-FS-" header. Easiest way is to use the search function of HxD and search for NTFS, FAT12 and FAT16 partitions Also, there are no stupid questons
Click to expand...
Click to collapse
:highfive: Here's a better list including the device layout and read and write partitions if it helps anyone. Also when mounting FAT16 or FAT12 partitions it says it needs to be formatted or is unsupported. What am I doing wrong???
Can you ost a screenshot of the file you use as a partition? I don't know if it even works with Nokia Roms. Which one are you using exactly? I might be able to have a look at it.
feherneoh said:
Don't try it on Lumias, as your phone will stuck in Quallcomm HS-USB QDLoader mode, like my L520 did
Click to expand...
Click to collapse
You tried this way ?
now you can't flash your Phone using Care Suite ?
did you try Reffbox or ATF to repair your Boot Loader and flash your phone again ?
Hey, Lumia owners, get out of here!
By the way, Huawei W1 has same access to partitions. You can join forces and develop one hack for both phones.
-W_O_L_F- said:
Hey, Lumia owners, get out of here!
By the way, Huawei W1 has same access to partitions. You can join forces and develop one hack for both phones.
Click to expand...
Click to collapse
I think @reker can help us . he created a W1 Custom Rom
ngame said:
I think @reker can help us . he created a W1 Custom Rom
Click to expand...
Click to collapse
Not rom any more, I'm making tool can directly operate NTFS, so I can modify everything without losing any data. A hard work XD
reker said:
Not rom any more, I'm making tool can directly operate NTFS, so I can modify everything without losing any data. A hard work XD
Click to expand...
Click to collapse
Can't you publish it ? or Private send it to me ?
This tool can modify every NTFS Partition ?
@-W_O_L_F- They do? Didn't know that, thanks for the info! Yeah, might be a good idea, actually.
@reker how do you plan on doing this? adding the tool to the rom or deploying it as a xap? I actually need a way to use hidden pages without the toast launcher, or to include the toast launcher into the rom since I can't deploy it anymore
ngame said:
Can't you publish it ? or Private send it to me ?
This tool can modify every NTFS Partition ?
Click to expand...
Click to collapse
Proto-type now, NTFS is a biiiiiig thing. I will release it when finish.
Hi there
Well, as we really need Interop Unlock for our Lumia phones, i decided to check this out myself.
As i already have ATF Box for a long time, i decided to buy JTAG activation and dolphin clip + lumia jigs, that i do not have to solder my phone.
Also i have ordered a Lumia 520 testing phone on ebay.
So, as the ATF Team made an awesome JTAG software update, i'm trying to interop unlock that Lumia 520 the hardware way, as just software seems to be too tough...
Well, what i did so far:
1. Freshly flashed Lumia 520 RM-914 with latest stock rom
2. Did the setup/beginning after turning it on for 1st time
3. developer unlocked it with SDK on PC
4. Made Full Dump with JTAG from dev-unlocked phone
5. Mounted MainOS partition of dump with program "OSFMount" (-->appears as Local harddisk example drive E: )
6.Loaded the SOFTWARE hive with regedit on PC from "E:\Windows\System32\config"
7. Edited the following values:
PortalUrlInt = http://127.0.0.1
PortalUrlProd = http://127.0.0.1
MaxUnsignedApp = 10003
8. unloaded SOFTWARE hive
9. unmounted dump-image
10. wrote image back via jtag
I thought it might be a good Idea to dev-unlock the phone before messing with the registry, to make sure "DeveloperUnlockState = 1" gets written the "legal" way, as the key is not available in registry before.
Maybe it's better to just modify an existing key, than adding a new one...
Well, long story short: The result is not totally satisfying.
After writing the modified image back to the EMMC, the phone is booting up, but i can NOT deploy homebrew apps that require interop unlock, like @GoodDayToDies "EnableAllSideloading.xap" for example.
But i can deploy "nomal" apps like @cpuguys "Toastlauncher" and @GoodDayToDies "Webserver"
The weird thing: If i check the reg-values via WebServer on the Phone, i can see my edited values.
So the changes ARE written to the phone. The phone just doesn't use them...
So, the good thing: phone is booting with modified rom :good:
But, the bad thing: Changes are not working.
EDIT:
SUCCESS!!!
After adding
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i could successfully sideload "EnableAllSideloading.xap"
After executing enableallsideloading i could sideload latest WPHTweaks build.
Now i have 3rd tile row enabled!
awesome!
Also member @myst02 is working on interop-unlocking the lumia phones. So we decided to make this a together-project.
See his achievements here: http://forum.xda-developers.com/showthread.php?t=2713098&page=10 :good:
reserved
to be able to sideload EnableAllSideloading.xap you need to change following registry key:
Software\Microsoft\SecurityManager\CapabilityClasses
add: MultiSz String
name: ID_CAP_DEVELOPERUNLOCK_API
value: CAPABILITY_CLASS_THIRD_PARTY_APPLICATIONS
have fun.
I have found this during smurfing on the internet.
Dont know if this is something worth trying, but maybe it gives you some pointers or help.
http://windowsphonehub.in/tutorials...eloper-unlock-windows-phone-sideload-10-xaps/
lordmaxey said:
Well, as we really need Interop Unlock for our Lumia phones, i decided to check this out myself.
Click to expand...
Click to collapse
Good job!
lordmaxey said:
Let's get this rolling, guys! :good:
Click to expand...
Click to collapse
BTW, it's not a real "hack", and not acceptable/affordable for the 99.9% Lumia users and developers...
Wow you did a fantastic job
as @error0x0000034 mentioned you forget to open DeveloperUnlock_API
Software\Microsoft\SecurityManager\CapabilityClass es
add: MultiSz String
name: ID_CAP_DEVELOPERUNLOCK_API
value: CAPABILITY_CLASS_THIRD_PARTY_APPLICATIONS
sensboston said:
BTW, it's not a real "hack", and not acceptable/affordable for the 99.9% Lumia users and developers...
Click to expand...
Click to collapse
Yeah, but it's at least something worth trying
ngame said:
Wow you did a fantastic job
as @error0x0000034 mentioned you forget to open DeveloperUnlock_API
Software\Microsoft\SecurityManager\CapabilityClass es
add: MultiSz String
name: ID_CAP_DEVELOPERUNLOCK_API
value: CAPABILITY_CLASS_THIRD_PARTY_APPLICATIONS
Click to expand...
Click to collapse
Oh, i see...
I'm just wondering that this CAP was not secessary on Ativ S?
Or am i wrong?
I really thought it was just the 3 regkeys quoted in the first post...
lordmaxey said:
Yeah, but it's at least something worth trying
Oh, i see...
I'm just wondering that this CAP was not secessary on Ativ S?
Or am i wrong?
I really thought it was just the 3 regkeys quoted in the first post...
Click to expand...
Click to collapse
I don't remember Ativ S Interop but I know it had a BootStrap app
maybe that app unlock this api i'm not sure but I know you have to open this cap first to run EnableAllCapabilities
Nice work :good:
so now , you can make a small bussines with this
interop unlock for only *** $
and you are now the one and only interop unlocked retail Lumia owner
ceesheim said:
Nice work :good:
so now , you can make a small bussines with this
interop unlock for only *** $
Click to expand...
Click to collapse
Haha Yay, i'm going to be rich *lol*
ceesheim said:
and you are now the one and only interop unlocked retail Lumia owner
Click to expand...
Click to collapse
No, not yet.
I'm trying to deploy the bootstrap samsung app to the 520 this afternoon. If it works, i maybe can deploy the other apps.
If not, i'm trying to open that CAP by editing the Dump again and writing it back via JTAG.
We'll see, but i'm curious
btw: Why are these damn smileys always displayed in the next line?
btw: Why are these damn smileys always displayed in the next line?
don't know , i just seen that too
lordmaxey said:
Haha Yay, i'm going to be rich *lol*
No, not yet.
I'm trying to deploy the bootstrap samsung app to the 520 this afternoon. If it works, i maybe can deploy the other apps.
If not, i'm trying to open that CAP by editing the Dump again and writing it back via JTAG.
We'll see, but i'm curious
btw: Why are these damn smileys always displayed in the next line?
Click to expand...
Click to collapse
Samsung Bootstrap uses some Samsung-specific DLLs as far as I know. This won't help you, tried this already on my Huawei Ascend W1. This won't work on your Lumia either I think. But its worth a try of course.
You'll have to edit the registry key I mentioned before to be able to sideload EnableAllSideloading.xap. You need to load the SOFTWARE file from Windows/System32/config again into your registry and edit following key. Maybe try using a registry editor on your phone before using the method you described above, but I don't think that this will work. So, you probably have no other choice than opening up your device again and edit the SOFTWARE reg-file. Then sideload EnableAllSideloading.xap and you'll be able to sideload pretty much everything you want.
Question for more experienced devs and hackers:
Is there a registry tweak or some settings anywhere else on the phone that we can access though JTAG and that allows us to boot the phone (Lumia in this case) as a mass storage device with full filesystem access? Like on the Huawei Ascend W1. This would simplify the process of changing registry keys a lot.
Best regards and good luck.
lordmaxey said:
Haha Yay, i'm going to be rich *lol*
No, not yet.
I'm trying to deploy the bootstrap samsung app to the 520 this afternoon. If it works, i maybe can deploy the other apps.
If not, i'm trying to open that CAP by editing the Dump again and writing it back via JTAG.
We'll see, but i'm curious
btw: Why are these damn smileys always displayed in the next line?
Click to expand...
Click to collapse
Bootstrap Samsung will not work on Lumia.
error0x0000034 said:
Samsung Bootstrap uses some Samsung-specific DLLs as far as I know. This won't help you, tried this already on my Huawei Ascend W1. This won't work on your Lumia either I think. But its worth a try of course.
You'll have to edit the registry key I mentioned before to be able to sideload EnableAllSideloading.xap. You need to load the SOFTWARE file from Windows/System32/config again into your registry and edit following key. Maybe try using a registry editor on your phone before using the method you described above, but I don't think that this will work. So, you probably have no other choice than opening up your device again and edit the SOFTWARE reg-file. Then sideload EnableAllSideloading.xap and you'll be able to sideload pretty much everything you want.
Click to expand...
Click to collapse
Like this then, right?
Ok, I'll try this next week, i sadly won't have time this weekend.
error0x0000034 said:
Question for more experienced devs and hackers:
Is there a registry tweak or some settings anywhere else on the phone that we can access though JTAG and that allows us to boot the phone (Lumia in this case) as a mass storage device with full filesystem access? Like on the Huawei Ascend W1. This would simplify the process of changing registry keys a lot.
Best regards and good luck.
Click to expand...
Click to collapse
No. once JTAG halts the phone, it's halted. You can't just "pause" the phone, make changes and continue booting. Sadly.
So, only chance is by writing the modified dump back.
It's not for Lumia only, it's a universal method for every WP8 devices (including emulator) that could enter MassStorage mode
And the Bootstrap app is not a magic, it use the system service by Samsung to modify the CapabilityClasses registry key mentioned by above and this could be done by modify reg hive directly
lordmaxey said:
Like this then, right?
Ok, I'll try this next week, i sadly won't have time this weekend.
Click to expand...
Click to collapse
exactly. I have done this on my Ascend W1 several times, but its easier, because I can enter Mass Storage Mode through bootloader.
No. once JTAG halts the phone, it's halted. You can't just "pause" the phone, make changes and continue booting. Sadly.
So, only chance is by writing the modified dump back.
Click to expand...
Click to collapse
I don't know how JTAG method works exactly, I only know that the device needed isn't cheap and can restore bricked phones. How it works? I have no idea, but I'm sure I'll learn quickly.
I will do some research on that soon. I'm a learning noob. :cyclops:
best regards,
error0x0000034
error0x0000034 said:
I don't know how JTAG method works exactly, I only know that the device needed isn't cheap and can restore bricked phones. How it works? I have no idea, but I'm sure I'll learn quickly.
I will do some research on that soon. I'm a learning noob. :cyclops:
Click to expand...
Click to collapse
Me neither
Most credits go to X-Shadow from advance-box team.
Because i had the Idea of modifying the phone dump and read/write via JTAG.
But usually, ATF only supported bootloader repair via JTAG. So i contacted X-Shadow and within only two weeks he updated the jtag-application, and added Custom Read/Write to every part of the EMMC.
That's how i could dump the rom, modify it and write it back.
Absolutely awesome work from that team, just releasing a software because of ONE single inquiry. :good::good::good:
Aw crap, I totally forgot to tell you to test a pure-interop app (like the bootstrap one). You interop-unlocked but failed to capability-unlock, and most WP8 homebrew requires both so of course you couldn't sideload it. DERP
But hey, if you successfully edited the capability class of ID_CAP_DEVELOPERUNLOCK_API - and it looks like you did, or could - then you can use EnableAllSideloading to capability-unlock the phone (it just edits all the other capabilities' classes). I could probably also write a "BootstrapNokia" app if you'd like; I think we have interop-based registry functions for WP8 Lumias, which would allow (for example) making SamWP8 Tools work on your Nokia as well.
SamWP8 tools on Nokia would be great.
I'll check that monday evening, when i'm back at my computer.
I'll keep you informed
GoodDayToDie said:
Aw crap, I totally forgot to tell you to test a pure-interop app (like the bootstrap one). You interop-unlocked but failed to capability-unlock, and most WP8 homebrew requires both so of course you couldn't sideload it. DERP
But hey, if you successfully edited the capability class of ID_CAP_DEVELOPERUNLOCK_API - and it looks like you did, or could - then you can use EnableAllSideloading to capability-unlock the phone (it just edits all the other capabilities' classes). I could probably also write a "BootstrapNokia" app if you'd like; I think we have interop-based registry functions for WP8 Lumias, which would allow (for example) making SamWP8 Tools work on your Nokia as well.
Click to expand...
Click to collapse
isn't it better to put FCROUTER and other samsung dlls in Windows folder?
as far as i know ID_CAP_INTEROPSERVICES allow it
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Having a Heavy Service of Samsung will Drain your battery fast.
Will a soft reset by pressing volume down+power button do the work???
souma_rox said:
Will a soft reset by pressing volume down+power button do the work???
Click to expand...
Click to collapse
no it won't because the packages need to be installed and by doing a hard reset the phone installs them
Are you suggesting that we can flash engineering images on retail devices, from the device? If so, have you tried this on anything Samsung?
But the xap is not installing ? =/
Damn this life
I want such thing for my L920
djamol said:
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Click to expand...
Click to collapse
Your app can't be deployed because it has interop services as capability
ya it's not installing
You have to replace it with extras + info
Freely remove interop services , deploy and then replace
@djamol as you know I have Ativ S now and I can send you any thing you want from my I8750
And even from GDR2 , 3 or later roms
And I know there's a way to ruin huawei w1 in mass storage mode .
Let's do a research with reker
and how exactly do I replace it? none of what I've been doing seems to work.
djamol said:
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Click to expand...
Click to collapse
This should allow us to install the WiFi Calling service from their phones and install it on others!
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages to their System.
If we get at least any "TESTING" certificate (provided by MSFT in 10 Environment publicly) to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a First-Ever Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
djamol said:
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages.
If we get at least any "TESTING" certificate to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
Click to expand...
Click to collapse
yeah sure .
let me see can I extract the Rom or not if I couldn't I will flash for you to GDR2
you are already using W10 TP ?
If yes let me know . I'll send you a better trick to work on it
ngame said:
yeah sure .
let me see can I extract the Rom or not if I couldn't I will flash for you to GDR2
you are already using W10 TP ?
If yes let me know . I'll send you a better trick to work on it
Click to expand...
Click to collapse
Hey, Do not flash your Device. You can extract ROM using wolf's tool. They are really awesome. After then you can mount with OSFMount .bin files.
I never Install WP 10. Because of it's very buggy and initial Build. I'll get it later pre-Installed Device. Anyway can you tell me your trick? Then it will be useful for everyone. Especially for @GoodDayToDie for his HTC M8. and we all know that he is genius man.
Its inside of the ROMs for The Lumia 521, 925, and I believe the OneM8 for T-Mobile as well (might be a few devices I'm missing.) Unfortunately my 3TB hard-drive crashed and the VHD of it that I had is gone.
ngame said:
You have to replace it with extras + info
Freely remove interop services , deploy and then replace
@djamol as you know I have Ativ S now and I can send you any thing you want from my I8750
And even from GDR2 , 3 or later roms
And I know there's a way to ruin huawei w1 in mass storage mode .
Let's do a research with reker
Click to expand...
Click to collapse
Good work but....
I have extras + info in SD but If I try to replace app files manually, the application does not start
djamol said:
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages to their System.
If we get at least any "TESTING" certificate (provided by MSFT in 10 Environment publicly) to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a First-Ever Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
Click to expand...
Click to collapse
Ok i did everything successfully but the problem is the HARD RESET part u know my device is perfect now if I hard reset then I will have to download all the apps again...
Hey insted of hard reset if I update my phone to win10 will it work????
@WojtasXda : Thnx. Did you copied files without modifying "Apps" Folder ?
If you modified "Apps" folder, it'll get encrypted.
And one more tip for you. Do not place your Huawei OEMSettings.reg on Lumia. It will work on unlocked bootloaders only.
@souma_rox : Do not try if you're not a cool developer. Yeah, really. If something goes wrong, you will get soft brick your device.
Right now, this resources is not use full or I've not find any use from Samsung one. So, I think you have to wait for any cool findings.
Anyway. If you want to try. You can do it using language update. Let me know.
djamol said:
@WojtasXda : Thnx. Did you copied files without modifying "Apps" Folder ?
If you modified "Apps" folder, it'll get encrypted.
And one more tip for you. Do not place your Huawei OEMSettings.reg on Lumia. It will work on unlocked bootloaders only.
@souma_rox : Do not try if you're not a cool developer. Yeah, really. If something goes wrong, you will get soft brick your device.
Right now, this resources is not use full or I've not find any use from Samsung one. So, I think you have to wait for any cool findings.
Anyway. If you want to try. You can do it using language update. Let me know.
Click to expand...
Click to collapse
yeah as djamol mentioned please do not try STUPID COPY PASTES ! It's not a funny game .
and if you think this app can do a REAL full unlock or something else you are surely WRONG . so wait .
this app and this trick will not do any special interesting work on your phone without Capability Unlock . this hack maybe the best hack that I've ever seen for Lumia phones but it's only a base . @djamol : finally I had downgraded to GDR2 for you and I packed same files you archived in windows zip .
some of those files weren't exists on GDR2 .
I packed the dll files and package files in this zip . I will wait on gdr2 while you confirm you don't need any more files
(because of file size restrictions here I renamed rar file to apk .
after download rename it again to rar or simply open it using WinRAR , 7-Zip or etc.
@ngame
Yes, Yes, Yes
What I'm Looking For.
Today something going to be happen... Yeah!
I can't wait for it... Very excited...
Thanks Bro.. Muhha...
Wait I'll send you a PM for required Stuff.
Update Mar-12/2016: as long as on the market appeared a long line of new types of mtk6260 mtk6261 mtk2502C mtk2502A (etc) watches equipped with strange new PCB or flash_ID parameters, the new release <Readback Extractor mtk 2.0> now has the capacity to identify, to read, check, rebuild firmware and collect and insert in the .cfg files the flash_ID's coded inside the ROM dump for almost all types of mtk watchphones or smartwatches based on RTOS Nucleus
NOTE: being tested already for mtk6260 mtk6261 mtk2502C and mtk2502A
In short - if you intend to install in your smartwatch new firmwares, mods etc, before to initiate any flashing with the Flash Tool app (pushing that goddamn < Download > button) think twice, 'bove all better DO a backup for the original firmware, why so? because it's containing all original drivers hence you'll be able to recover 100% your watch in case of bricking.
How to:
First you have need of a full dump of your ROM. Assuming that you already got a Flash Tool 5.15.16 and drivers, and you were at the point of flashing something (already chose the download agent and scatter file)
preparations:
a. Set options/backup and restore on no action
b. load the download agent (you find this file inside the flash tool folder)
c. load a scatter firmware - for initialization flash tool needs a scatter file (.cfg) - for dz09 you get this one - for any other than mtk6260A get here and get a firmware compatible with your PCB
d. in case you have W10 - go to the start menu and click on power and hold down the shift key while clicking on restart. A screen then comes up and you need to choose troubleshooting and then startup options. It will then reboot and give you a menu. press 7 which is ignore signed drivers and then when windows comes up, you will be able to install the drivers.
for instance let's say you have a DZ09 smartwatch:
1 - press < Readback > in upper menu and so < Add > in the middle menu
2 - click twice on the item appears in the main window, set name as ROM_DZ choose in browser the path and save
3 - set as Physical start address 0x00000000 and as Length 0x01000000 or 0x00800000 or 00400000 (try them in this order) then ok
4 - turn off the watch, press < Readback > in the middle menu wait 2 seconds and connect through USB your watch
5 - wait until the upload is complete (big green ring)
Now second stage:
1 - download the app I've built attached here (Readback Extractor mtk) and unzip it
2 - create a folder where you intend to keep in safe the original firmware and name it for instance DZ09-Orig
3 - do a copy of Readback Extractor mtk 2.0.exe and place it inside the DZ09-Orig folder then click twice on it
4 - press <Load Readback file> and browse after the ROM_DZ file created before with the Flash Tool then open
5 - Wait about a minute while the app will check bit by bit the integrity of your file
6 - If everything went ok and your file is healthy then app will show " health 100% " so you can proceed to the next step
7 - Press <Rebuild Firmware> and wait about one minute (it shows a progress counter)
8 - When appears the message " - ALL DONE!!!" close app and go back in the DZ09-Orig folder, now you'll find there a set of new files which are the original firmware kit ready to be flashed back in your phone anytime you want
9 - Enjoy flashing anything you like without any fear that something bad can happen
Some tricks for writing IMEI in your watch NVRAM:
you connect to usb your watch (turned on this time) and set the com port on the watch screen, go in device manager and check the port number your watch is connected, then you open Tera Term hyperterminal (google for this app), connect it as serial com on watch com port and then give the command:
AT + EGMR = 1, 7, " imei number "
if on screen appears OK then ready, you've changed your imei
AFTERWARDS READ ME story - Anywhere you search, there is no one to tell you explicitly how to extract from your mtk smartwatch the firmware kit
All says a halfmouth: Do a full < Readback > in Flash Tool, you'll do it being confident that from now on you say goodbye to any risk because you have A BACKUP hence you start flashing new firmwares. And the Big Brick is coming , you smile and get back to your < Readback > backup discovering that, sadly, you have a binary bulk at first sight good for nothing. It cannot be so useless, isn't it? after all it contains full dump of your ROM! I was in exactly the same situation, so 'cause I didn't find any answer I've started reverse engineering . . . and it worked, first I did it manually for guys being in the same situation, 've noticed that is a common issue so I had to choose how to help, simpler but dangerous (for you) way, to create a tutorial <how to> or the hard way (hard for me), to develop an app which will do all "cooking" automatically and I choose the second because in manually way there is a quite big "chance" to mess up with your primary bootloader which could get to a real tragedy - no modem - brickest brick you saw in your entire life
Readback extractor mtk 2.1 beta
Flash Tool and drivers
Lil to late for me XD.... *just ordered a new one btw*
franc33s said:
Lil to late for me XD.... *just ordered a new one btw*
Click to expand...
Click to collapse
Sorry man, couldn't earlier because I have mine either of two weeks or so. . . still a beginner
Look at the bright side, best lessons we learn from our own mistakes, best part is that if you buy the new one from the same seller, you'll have the firmware hence two working watches!
Are there apps in the works to change watch faces without flashing?
kyitech said:
Are there apps in the works to change watch faces without flashing?
Click to expand...
Click to collapse
Unfortunately, yet, there is no way to get in contact with the watch else than through proprietary mediatek drivers so that the only ways to communicate for now are Flash Tool app and bluetooth modem proprietary commands (the most important of them being secret as well)
To do such a reverse engineering is way way way over my pay grade
Still I'm working for an app which could replace any media in the watch (backgrounds, icons) but through flashing method of course
Thanks for the info...I just think this watch have great potential
Golem_ said:
Unfortunately, yet, there is no way to get in contact with the watch else than through proprietary mediatek drivers so that the only ways to communicate for now are Flash Tool app and bluetooth modem proprietary commands (the most important of them being secret as well)
To do such a reverse engineering is way way way over my pay grade
Still I'm working for an app which could replace any media in the watch (backgrounds, icons) but through flashing method of course
Click to expand...
Click to collapse
Sorry for not knowing, but what about bluetooth app transfer in the Google play store. How can they be used on dz09-?
kyitech said:
Sorry for not knowing, but what about bluetooth app transfer in the Google play store. How can they be used on dz09-?
Click to expand...
Click to collapse
. . . bluetooth modem AT commands, just I told this before, generally speaking, in this way all bluetooth app are working, in our case they are proprietary and most of them SECRET. For more information please check this link, it is an older tutorial posted by me on that site
franc33s said:
Lil to late for me XD.... *just ordered a new one btw*
Click to expand...
Click to collapse
I'm almost sure you found these before me, still, here link you have more than 10 versions of dz09 firmwares (others than we checked before)
It looks like they made a firmware for each phone ) very prolific guys when about dz09
Hope this time you catch the right one!
Golem_ said:
I'm almost sure you found these before me, still, here link you have more than 10 versions of dz09 firmwares (others than we checked before)
It looks like they made a firmware for each phone ) very prolific guys when about dz09
Hope this time you catch the right one!
Click to expand...
Click to collapse
yup already did try them all, they boot fine, just no luck getting the Padgene (padgeME) one yet (so my touchscreen driver would work), the guy is still uploading more firmwares tough *fingers crossed*
Golem_ is a hero!
Thanks for all the time you spend with the gt08
flashtool
Hy ,
I am trying to search for the wright flashtool to make my backup.
And where can i find a tutorial?
I have a gv08s.
Wich drivers do i need, and wich version of flashtool?
Thanks in advance
xeph20 said:
Golem_ is a hero!
Thanks for all the time you spend with the gt08
Click to expand...
Click to collapse
thank you for kind words!
Golem_ said:
thank you for kind words!
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
carlospaco said:
Hy ,
I am trying to search for the wright flashtool to make my backup.
And where can i find a tutorial?
I have a gv08s.
Wich drivers do i need, and wich version of flashtool?
Thanks in advance
Click to expand...
Click to collapse
here link you find a good tutorial but instead <download> you have to use <readback>
Golem_ said:
here link you find a good tutorial but instead <download> you have to use <readback>
Click to expand...
Click to collapse
Yes , i have done everything like its said, for couple off days, but i keep getting this error always.
lashtool error: S_BROM_DOWNLOAD_EPP_FAIL (2036)
[EPP] FlashTool environment preparation failed
It May be caused from DRAM initialization failed
Pleace check the EMI information of the MAUI load is correct and fit the target.
Hope that someone can help me with this, i am desperated.
Thanks
carlospaco said:
Yes , i have done everything like its said, for couple off days, but i keep getting this error always.
lashtool error: S_BROM_DOWNLOAD_EPP_FAIL (2036)
[EPP] FlashTool environment preparation failed
It May be caused from DRAM initialization failed
Pleace check the EMI information of the MAUI load is correct and fit the target.
Hope that someone can help me with this, i am desperated.
Thanks
Click to expand...
Click to collapse
give me in PM a skype ID
Golem_ said:
give me in PM a skype ID
Click to expand...
Click to collapse
Oh, i am sorry, but i don't have a skype id.
carlospaco said:
Oh, i am sorry, but i don't have a skype id.
Click to expand...
Click to collapse
Alternatives for live screen sharing like, for instance TeamViewer?
Golem_ said:
Alternatives for live screen sharing like, for instance TeamViewer?
Click to expand...
Click to collapse
i have send you id teamviewer
Hello everyone,
Today I am releasing a tool I have developed around mtkclient to bootloader unlock and carrier unlock the LG Stylo 6.
The carrier unlock has not been released yet, i am putting the finishing touches on it. For now i have rebranded the app as MTK Goodies, and it supports an easy bootloader unlock.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Simply follow the driver installation for the windows section of mtkclient.
The tool relies on a prepackaged setup that has mtkclient and SPFlash tool bundled together, i have a 7z hosted here.
Download that and extract its contents to a folder named mtkclient, this folder should reside alongside Stylo6MTKGoodies.exe.
If you dowload the Release 7z from here or the github page, it will already come with this folder included. You only need to download this separately if you are building from the source.
Keep in mind that this is a very early release, so it does have some threading bugs I've still gotta work out. But for the most part, it will run just fine as long as you don't run commands over and over like i did during my testing.
Another thing to note is that after the carrier unlock, the partition erase will power off the device, the same as running mtk reset afterwards, so no need to press Reboot device.
If the program crashes while running a command, kill it with task manager and look for 2 processes, python.exe and flash_tool.exe if either of those and running, kill them. Then restart the app and everything should work fine. The app uses both python to run mtkclient and spflash tool to do some preconnect function to allow mtkclient to force brom. So sometimes if it crashes one or both of those processes wont get killed in the code.
Any questions, help or support or questions, feel free to ask.
Hope everyone finds this as useful as i will, enjoy!
https://github.com/mastercodeon314/Stylo6MTKGoodies
UPDATE 10/5/22:
The carrier unlock feature is now here! I reuploaded the release zips, and now everyone is free to carrier unlock their stylo 6.
As a bonus, this method can work on some select other mtk devices as well, a generic carrier unlock if you will.
PLEASE backup your device using mtkclient (a full rom backup) before trying this, as to have a fall back incase things go wrong, happy modding!
TODO
Package 7z of bundled mtkclient + spflashtool into app to auto extract on execute.
So I'm order to determine what I need to backup from the device before the carrier unlock, I need help with this. My Stylo 6 was originally a metro phone, but I accidentally converted it to TMobile, and its carrier values are messed up.
If you have a Stylo 6 that can connect to it's original carrier still, and is preferably stock, you'd be of serious help here.
I need to compare the IMEI, nt code, and various other bits of information with what they are after the carrier unlock.
I'm particularly interested in the IMEI, and NT code.
Mastercodeon said:
So I'm order to determine what I need to backup from the device before the carrier unlock, I need help with this. My Stylo 6 was originally a metro phone, but I accidentally converted it to TMobile, and its carrier values are messed up.
If you have a Stylo 6 that can connect to it's original carrier still, and is preferably stock, you'd be of serious help here.
I need to compare the IMEI, nt code, and various other bits of information with what they are after the carrier unlock.
I'm particularly interested in the IMEI, and NT code.
Click to expand...
Click to collapse
i have an stock inactive t mobile stylo6 i would like to unlock how could i get the nedded information for you as i tried your method
[email protected] said:
i have an stock inactive t mobile stylo6 i would like to unlock how could i get the nedded information for you as i tried your method
Click to expand...
Click to collapse
Well is your device still carrier locked? I'd need it to still be locked, and be able to connect to the original carrier (for you, TMobile).
Just hold off for me for a bit, cause I have to write up a script that will get the needed information from the device. I'll be comparing the NT code, IMEI, and other values I get from the phone before and after you run the carrier unlock.
[email protected] said:
i have an stock inactive t mobile stylo6 i would like to unlock how could i get the nedded information for you as i tried your method
Click to expand...
Click to collapse
Also, you mentioned you tried my method, how did the program work? Did it connect with mtkclient at all? Haven't used it outside of my laptop or phone, haven't had any use feedback yet.
Mastercodeon said:
Well is your device still carrier locked? I'd need it to still be locked, and be able to connect to the original carrier (for you, TMobile).
Just hold off for me for a bit, cause I have to write up a script that will get the needed information from the device. I'll be comparing the NT code, IMEI, and other values I get from the phone before and after you run the carrier unlock.
Click to expand...
Click to collapse
yes it is still carrier locked but has no service currently. i could very easily activate again if it would help. I will wait to try your method untill your ready if you would like.
[email protected] said:
yes it is still carrier locked but has no service currently. i could very easily activate again if it would help. I will wait to try your method untill your ready if you would like.
Click to expand...
Click to collapse
Yes, reactivate it, and I'll get with you tonight on getting checking the values. I gotta write up the script to dump all the information I need.
Here's the lastest I've got so far.
I have confirmed that the carrier unlock will indeed erase or change the devices IMEI, this issue will be fixed here soon in the next release.
For the time being, I will be deleting the release zips from here, and GitHub.
If you have the older release, please DO NOT run the carrier unlock operation if you do not have your original IMEI written down somewhere and know how to restore it to your phone.
Thank you all for your patience, all good things must come to those who wait, and this is a good thing, it's just coming.
The changes I have to make to get the carrier unlock finished are pretty pale in comparison to how much work it was to get this far, so the wait isn't much longer.
can i get the carrier unlock script please? i have my imei written down, i know how to restore it.
guero.lurias said:
can i get the carrier unlock script please? i have my imei written down, i know how to restore it.
Click to expand...
Click to collapse
I DMed you
Mastercodeon said:
Here's the lastest I've got so far.
I have confirmed that the carrier unlock will indeed erase or change the devices IMEI, this issue will be fixed here soon in the next release.
For the time being, I will be deleting the release zips from here, and GitHub.
If you have the older release, please DO NOT run the carrier unlock operation if you do not have your original IMEI written down somewhere and know how to restore it to your phone.
Thank you all for your patience, all good things must come to those who wait, and this is a good thing, it's just coming.
The changes I have to make to get the carrier unlock finished are pretty pale in comparison to how much work it was to get this far, so the wait isn't much longer.
Click to expand...
Click to collapse
I need the script link i have my IMEI written
Mastercodeon said:
So I'm order to determine what I need to backup from the device before the carrier unlock, I need help with this. My Stylo 6 was originally a metro phone, but I accidentally converted it to TMobile, and its carrier values are messed up.
If you have a Stylo 6 that can connect to it's original carrier still, and is preferably stock, you'd be of serious help here.
I need to compare the IMEI, nt code, and various other bits of information with what they are after the carrier unlock.
I'm particularly interested in the IMEI, and NT code.
Click to expand...
Click to collapse
How do you convert it from MetroPcs to Tmobile?
Please tell my how i can convert carrier
mohabsi said:
How do you convert it from MetroPcs to Tmobile?
Please tell my how i can convert carrier
Click to expand...
Click to collapse
That I'm not sure of yet
could you please share the carrier unlock script?
Hi everyone, sorry for such a long wait, but i have finally released the carrier unlock feature for MTK Goodies!
Check out the release section on the repo here: https://github.com/mastercodeon314/Stylo6MTKGoodies
Please make sure you have the proper drivers that mtk client needs for this to work. Thank you all for your patience, enjoy!
Mastercodeon said:
Hello everyone,
Today I am releasing a tool I have developed around mtkclient to bootloader unlock and carrier unlock the LG Stylo 6.
The carrier unlock has not been released yet, i am putting the finishing touches on it. For now i have rebranded the app as MTK Goodies, and it supports an easy bootloader unlock.
Simply follow the driver installation for the windows section of mtkclient.
The tool relies on a prepackaged setup that has mtkclient and SPFlash tool bundled together, i have a 7z hosted here.
Download that and extract its contents to a folder named mtkclient, this folder should reside alongside Stylo6MTKGoodies.exe.
If you dowload the Release 7z from here or the github page, it will already come with this folder included. You only need to download this separately if you are building from the source.
View attachment 5568077
Keep in mind that this is a very early release, so it does have some threading bugs I've still gotta work out. But for the most part, it will run just fine as long as you don't run commands over and over like i did during my testing.
Another thing to note is that after the carrier unlock, the partition erase will power off the device, the same as running mtk reset afterwards, so no need to press Reboot device.
If the program crashes while running a command, kill it with task manager and look for 2 processes, python.exe and flash_tool.exe if either of those and running, kill them. Then restart the app and everything should work fine. The app uses both python to run mtkclient and spflash tool to do some preconnect function to allow mtkclient to force brom. So sometimes if it crashes one or both of those processes wont get killed in the code.
Any questions, help or support or questions, feel free to ask.
Hope everyone finds this as useful as i will, enjoy!
https://github.com/mastercodeon314/Stylo6MTKGoodies
UPDATE 10/5/22:
The carrier unlock feature is now here! I reuploaded the release zips, and now everyone is free to carrier unlock their stylo 6.
As a bonus, this method can work on some select other mtk devices as well, a generic carrier unlock if you will.
PLEASE backup your device using mtkclient (a full rom backup) before trying this, as to have a fall back incase things go wrong, happy modding!
TODO
Package 7z of bundled mtkclient + spflashtool into app to auto extract on exec
Click to expand...
Click to collapse
Mastercodeon said:
Hello everyone,
Today I am releasing a tool I have developed around mtkclient to bootloader unlock and carrier unlock the LG Stylo 6.
The carrier unlock has not been released yet, i am putting the finishing touches on it. For now i have rebranded the app as MTK Goodies, and it supports an easy bootloader unlock.
Simply follow the driver installation for the windows section of mtkclient.
The tool relies on a prepackaged setup that has mtkclient and SPFlash tool bundled together, i have a 7z hosted here.
Download that and extract its contents to a folder named mtkclient, this folder should reside alongside Stylo6MTKGoodies.exe.
If you dowload the Release 7z from here or the github page, it will already come with this folder included. You only need to download this separately if you are building from the source.
View attachment 5568077
Keep in mind that this is a very early release, so it does have some threading bugs I've still gotta work out. But for the most part, it will run just fine as long as you don't run commands over and over like i did during my testing.
Another thing to note is that after the carrier unlock, the partition erase will power off the device, the same as running mtk reset afterwards, so no need to press Reboot device.
If the program crashes while running a command, kill it with task manager and look for 2 processes, python.exe and flash_tool.exe if either of those and running, kill them. Then restart the app and everything should work fine. The app uses both python to run mtkclient and spflash tool to do some preconnect function to allow mtkclient to force brom. So sometimes if it crashes one or both of those processes wont get killed in the code.
Any questions, help or support or questions, feel free to ask.
Hope everyone finds this as useful as i will, enjoy!
https://github.com/mastercodeon314/Stylo6MTKGoodies
UPDATE 10/5/22:
The carrier unlock feature is now here! I reuploaded the release zips, and now everyone is free to carrier unlock their stylo 6.
As a bonus, this method can work on some select other mtk devices as well, a generic carrier unlock if you will.
PLEASE backup your device using mtkclient (a full rom backup) before trying this, as to have a fall back incase things go wrong, happy modding!
TODO
Package 7z of bundled mtkclient + spflashtool into app to auto extract on execute.
Click to expand...
Click to collapse
So this is the root method as well? What roms are compatible,does it have everything needed to root?
Knox-jack said:
So this is the root method as well? What roms are compatible,does it have everything needed to root?
Click to expand...
Click to collapse
No, this tool does not root the device for you, it only carrier unlocks and bootloader unlocks the device. You can use the Magisk app to root the device, just follow the steps Magisk outlines. As for what roms are compatible, I don't know. I know some people have gotten android 13 as a GSI to work on the Stylo 6, but it was reported to be very laggy. You can join the bootloader lock smiths and ask about roms in the Stylo 6 channel.
Discord - A New Way to Chat with Friends & Communities
Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.
discord.gg
How do I run this program???
Where are the .exe files?
Mastercodeon said:
No, this tool does not root the device for you, it only carrier unlocks and bootloader unlocks the device. You can use the Magisk app to root the device, just follow the steps Magisk outlines. As for what roms are compatible, I don't know. I know some people have gotten android 13 as a GSI to work on the Stylo 6, but it was reported to be very laggy. You can join the bootloader lock smiths and ask about roms in the Stylo 6 channel.
Discord - A New Way to Chat with Friends & Communities
Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.
discord.gg
Click to expand...
Click to collapse
Could you please share a new link to the Discord?