Related
Ok people, I finally dumped emulator image. It has many interesting stuff inside
First of all here all avalible MUI's (Most of them are not finished yet):
"0413"="Nederlands"
"0809"="UK English"
"0419"="Русский"
"0405"="Čeština"
"0816"="Português (Portugal)"
"0C0A"="Español"
"040B"="suomi"
"0409"="US English"
"0804"="中文(标准)"
"041D"="Svenska"
"040C"="Français"
"040E"="Magyar"
"0414"="Norsk"
"0406"="Dansk"
"0407"="Deutsch"
"0408"="Ελληνικά"
"0416"="Português (Brasil)"
"0410"="Italiano"
"0415"="polski"
"0412"="한국어"
"0404"="繁體中文"
"0411"="日本語"
Second, there are many keyboard dictionaries for all avalible in ROM langs
Third, here the link for download http://www.multiupload.com/N6S9LOO9OF
REMEMBER THIS IS x86 VERSION OF WP7.1 IT WON'T WORK ON ANY EXISTING WP DEVICE! YOU WON'T BE ABLE TO PORT IT ON ANY DEVICE OR GET WORKING ANY EXE/DLL FROM THIS ROM!
Have Fun Guys
Thanks, man! Let's see it in action
Thanks for sharing! I have a question for you, though: I've tried modifying the image with Xipport and BOOOFF to get it unlocked in the emulator, but I won't run the image after any modification/repackaging.
On the previous images, I could just dump/rebuild the image without issues, but on Mango, even a rebuild with no modifications causes the emulator to freeze after the "Windows Phone" splash screen with the accent color progress bar.
Any thoughts? Is Microsoft using some sort of a checksum or something?
I haven't looked at unlocking image yet...so I can't say anything about that...tools that you are using is quite old...maybe they do something incorrect...need some time to figure out what goes wrong...
Tell me how you get image unlocked and I will look later into this problem...
Football said:
I haven't looked at unlocking image yet...so I can't say anything about that...tools that you are using is quite old...maybe they do something incorrect...need some time to figure out what goes wrong...
Tell me how you get image unlocked and I will look later into this problem...
Click to expand...
Click to collapse
I'll fire you a PM
Jaxbot said:
I'll fire you a PM
Click to expand...
Click to collapse
I feel YukiXDA cracking this one too?????
FlowerPotmen said:
I feel YukiXDA cracking this one too?????
Click to expand...
Click to collapse
Haven't heard anything but I would assume so. From what I can tell, while recompiled images are indeed valid, some sort of security mechanism is preventing the compositor (start screen) from loading correctly. That, or it's a really convenient glitch
Then, why don't you just crack the emulator executable? Shouldn't be much more than a conditional jump
i hate to ask this ( quiet embarrassed)
i have downloaded the files, but how do i run this in the wp7 emulator?
When this downloaded is extracted, it produces a number of folders but not a bin file, so not sure how to use it with the SDK emulator ?
baseliner said:
When this downloaded is extracted, it produces a number of folders but not a bin file, so not sure how to use it with the SDK emulator ?
Click to expand...
Click to collapse
It's a dump which means those are system files and folders of WP7.1
Hi All
I've searched and not found much info on this.
I've got a dump of an HTC HD7 using the Riff box (JTAG). The file is a 512MB BIN file.
Basically I would like to be able to see the files inside it. Ideally I would like to see the files/folders/structure inside the dump. I don't know how difficult or easy this is, so forgive me if I'm asking for the impossible. But is there a way of converting the bin file to something like a cab/nbh or even the files/folders so that I can view them in explorer or some similar tool?
At the moment I'm viewing the file in a hex editor trying to carve out certain files. But I figure since the file system and structure is known on Windows Phone 7, there may be a way of converting the entire image to a better support format.
So if anyone can suggest any tools or ways of doing this, it would be much appreciated.
Thanks
How do you use the jtag to get a dump of it? I don't know if you can use htcrie or not (search in this forum for the tool)
Sent from my SGH-i917 using XDA Windows Phone 7 App
snickler said:
How do you use the jtag to get a dump of it? I don't know if you can use htcrie or not (search in this forum for the tool)
Click to expand...
Click to collapse
I use the Riff Box which is supposed to a dump of the ROM/NAND, which it did, into a .bin file.
I've tried htcrie, but it doesn't load the bin file. I've tried looking for a tool that converts the .bin to a nbh, but found nothing so far
puunda said:
I use the Riff Box which is supposed to a dump of the ROM/NAND, which it did, into a .bin file.
I've tried htcrie, but it doesn't load the bin file. I've tried looking for a tool that converts the .bin to a nbh, but found nothing so far
Click to expand...
Click to collapse
Where do you get a riff box from? I want to dump my rom. I would look into the Windows Mobile threads and see if there is a tutorial OR pm ansar or xboxmod and see if they can help out. If possible can you provide how to obtain an use the riff box?
Sent from my SGH-i917 using XDA Windows Phone 7 App
nbh or nb it's for bootloader to write to nand, so it will have diff format with nand dump.
ted973 said:
nbh or nb it's for bootloader to write to nand, so it will have diff format with nand dump.
Click to expand...
Click to collapse
I'm not sure. I took a complete dump of the HD7 and it gave me a 512MB file in a .bin format. I believe that includes the bootloader and everything else, but I could be wrong.
I don't mind what kind of file it gets converted to, as long as I can view the files inside. Thanks
puunda said:
I'm not sure. I took a complete dump of the HD7 and it gave me a 512MB file in a .bin format. I believe that includes the bootloader and everything else, but I could be wrong.
I don't mind what kind of file it gets converted to, as long as I can view the files inside. Thanks
Click to expand...
Click to collapse
Try this thread http://forum.xda-developers.com/showthread.php?t=1260757 . There's something on there that speaks about WP7 Binary tools.
snickler said:
Try this thread http://forum.xda-developers.com/showthread.php?t=1260757 . There's something on there that speaks about WP7 Binary tools.
Click to expand...
Click to collapse
I've looked on that thread and have downloaded the tools. I've also messaged the author of the tool, but not got a reply yet. It looks like the tools which does work on the raw dump/bin files are for the logo and bootloader, not the entire image.
I'm still working on it, but there seems to be a lot of info that I need to sort though.
You may use Qualcomm tool from riff plugin. It's view all partitions
Missed this one.
No questions in the development section please!
Thread Closed
I was wondering, since it looks like HTCdev has stopped working, would it be possible to alter the Unlock_code.bin file that comes from HTCdev that works for my device to work with another device? I just opened the bin file with notepad to verify that we could edit the file. If we could figure out what makes the Unlock_code.bin file work with my device, maybe we could create a new Unlock_code.bin file to work with a different device, or at least that was what I was thinking.
I'm not smart enough to know that answer, but I'd be willing to throw mine in as well.
I know that unlock code is probably the key, but I haven't seen what's inside that file yet. I can't imagine you could just change that code for your device (since you can still get that code) - that would be too easy.
Sent from my HTC6500LVW using Tapatalk 4
I need about 4 of them so I can see whats the same vs whats different.
This is a piece of what you find in the Unlock File - 潻刈ഌ垀皅꜂Ẩ筣 - it is in the ball park of 120 characters long, that is just a guesstimate.
Yeah its a bunch of gibberish like it's encrypted or encoded or something. Will send mine over in a few if you think it's worth looking at.
Sent from my HTC6500LVW using Tapatalk 4
*Removed due to incorrect information*
This is the font I used to help display the characters better - http://www.prokerala.com/downloads/fonts/AnjaliOldLipi.ttf - to install in Win 7 download the file, double click to open, select install on the top left of the window. After that you will be able to select the font in the font list in notepad or whatever text editor you choose.
- Edit - I was incorrect in stating that it was in Malayalam, that appears to only be for ഌ , the part about the font helping better display the characters is true.
Guys, it's not gonna be in a human readable language because that would be dumb of HTC since anyone would be able to replicate the unlock then. Best bet is that comparing several using a hex editor will help.
Isnt the file signed? Thats the whole point of the token really? If you edit it you would lose the signature?
Notepad++ is a good translator And thats how it looks like when you go from ASCII to HEX the Bold is what I coun't convert.
Code:
894009A6BCAB49F9AFB7D42D5F8A6F49
7465B991F0D7F613FA9DD0DAF2D23C27
BD6D3951EFBF892065
97832A471A4B663C84412681030E1925
96563BFCBD7EA8C12406A99131757C42
9AAB1412B82271777FD78ED08D732B31
828DEE3C78C6F6B973A76FCF800C4A0B
410B
D717C8ED04EEFCE23604A5
C7E445D763BEAA86DCFE1145626F[B][U]‹ÿ[/U][/B]73D99D3739E772C6136F"51DC3797
450166F8004461596BA4
85ECF55695D17B7967240B27F94CC481
C320CD7E2B86620BEEA0F0E5C8C7A216
565BF3A6762C3FC662EA0F7B40C5FDA0
7962739CBB1286A32F5BB9B3A6597374
B8E346CC17178ADA1FC66BA18BA905F7
5F4D59C87E97E69CD186353B
I went ahead and did a conversion as well. I know 123421342 said that these were signed files but is there a way to copy the signature that is associated with the Unlock_Code.bin file? I do not really understand how signed files work, but HTCdev gives a different file per user, are the signatures the same on all of the Unlock_Code.bin files or is it a unique signature for each bin file that only works with your device?
Also, I do not know what I did differently when translating my bin file to Hex but it appeared that all of it was translated.
Code:
E6BDBBE58888E0B48CE59E80E79A85EA
9C82E1BAA8E7ADA3E88D91EF86B8ECA6
BFE7A4B8E79383E0ACA0EFA885E5A19C
E4809EEFA398E3A398E48FA1EBBFAFEC
A584E8BD8CE790AEE598B0E9B8B4ECA1
ADE8AC93E9B786E2AAACF394B386EEA1
A2E79289EB8FBFEEACA8EE8EADE59698
EAB898E1AFA6E2939FEBAA81E0B0B1E9
87B1EF94BDE0B4A2E79FA3EA968EEC81
A0ED83B2E6A88EE8A89BE5A788E4B1BC
E18EAAED8395E7B59FE2A4AFE29BB5EE
99BEE6A0B9EBB3ACEB9A82EE9C90EFB9
8BEE9888E698A4EE8DA1EC82A6E28EB3
F3A4B198E49689E281B3EB9F98E99ABF
E69A8BE786B6F1B1A396EC9AB3EF89B4
E38F92EEA48BE2BE8AEF90AFEAB19CE7
A796E1B2A7DE93E8AAB6E3BC8CE1938A
EFAD81EC8F89EC8B87E5B292EE85B6EA
BC86E7A9B0ECB8A1E4AF82E2A29BE281
9ADD99EE9FB3C394E4ADBEE2AF80EE9E
83E1A3BEEC81A5EE9295E3AA9AE58090
E598B3ECA696E6B3BAE0A497E884ABEA
B89AE6B1BCE29A99ECB0AFE2BF88E585
AFEE82BEEBBF84
Wozzie said:
I went ahead and did a conversion as well. I know 123421342 said that these were signed files but is there a way to copy the signature that is associated with the Unlock_Code.bin file? I do not really understand how signed files work, but HTCdev gives a different file per user, are the signatures the same on all of the Unlock_Code.bin files or is it a unique signature for each bin file that only works with your device?
Also, I do not know what I did differently when translating my bin file to Hex but it appeared that all of it was translated.
Code:
E6BDBBE58888E0B48CE59E80E79A85EA
9C82E1BAA8E7ADA3E88D91EF86B8ECA6
BFE7A4B8E79383E0ACA0EFA885E5A19C
E4809EEFA398E3A398E48FA1EBBFAFEC
A584E8BD8CE790AEE598B0E9B8B4ECA1
ADE8AC93E9B786E2AAACF394B386EEA1
A2E79289EB8FBFEEACA8EE8EADE59698
EAB898E1AFA6E2939FEBAA81E0B0B1E9
87B1EF94BDE0B4A2E79FA3EA968EEC81
A0ED83B2E6A88EE8A89BE5A788E4B1BC
E18EAAED8395E7B59FE2A4AFE29BB5EE
99BEE6A0B9EBB3ACEB9A82EE9C90EFB9
8BEE9888E698A4EE8DA1EC82A6E28EB3
F3A4B198E49689E281B3EB9F98E99ABF
E69A8BE786B6F1B1A396EC9AB3EF89B4
E38F92EEA48BE2BE8AEF90AFEAB19CE7
A796E1B2A7DE93E8AAB6E3BC8CE1938A
EFAD81EC8F89EC8B87E5B292EE85B6EA
BC86E7A9B0ECB8A1E4AF82E2A29BE281
9ADD99EE9FB3C394E4ADBEE2AF80EE9E
83E1A3BEEC81A5EE9295E3AA9AE58090
E598B3ECA696E6B3BAE0A497E884ABEA
B89AE6B1BCE29A99ECB0AFE2BF88E585
AFEE82BEEBBF84
Click to expand...
Click to collapse
It's like making an md5 hash. If you change a single bit the hash is changed. If you change the contents htc would have to sign it again so it has the private key signature
Sent from my HTC6435LVW using xda app-developers app
Please excuse my ignorance, I really do not have much knowledge of file signatures.
If HTC can resign the bin file, what is stopping us from doing something similar? Isnt it possible to view and make a copy of the file signature before it is altered? I realize these sort of things are in place to not be circumvented but the same could be said about all the work that has been developed here on XDA to unlock bootloaders along with other things.
Wozzie said:
Please excuse my ignorance, I really do not have much knowledge of file signatures.
If HTC can resign the bin file, what is stopping us from doing something similar? Isnt it possible to view and make a copy of the file signature before it is altered? I realize these sort of things are in place to not be circumvented but the same could be said about all the work that has been developed here on XDA to unlock bootloaders along with other things.
Click to expand...
Click to collapse
It's like a checksum, I presume. If the data changes, the signature changes as well to match the checksum. Unless you have inside knowledge of this, it will be extremely difficult to hack the tokens.
Meaning, if you change the data inside the file, you can't reuse the signature.
karn101 said:
It's like a checksum, I presume. If the data changes, the signature changes as well to match the checksum. Unless you have inside knowledge of this, it will be extremely difficult to hack the tokens.
Meaning, if you change the data inside the file, you can't reuse the signature.
Click to expand...
Click to collapse
Would it be possible to extract the signature of a file that has not been altered and then add that signature to an altered file?
I know it seems like a lot of work but if we could figure out how to create our own Unlock_Code.bin files, not only this phone but possibly other HTC phones might be able to use this method.
Wozzie said:
Would it be possible to extract the signature of a file that has not been altered and then add that signature to an altered file?
I know it seems like a lot of work but if we could figure out how to create our own Unlock_Code.bin files, not only this phone but possibly other HTC phones might be able to use this method.
Click to expand...
Click to collapse
No files are signed with a private key unless we have the key by stealing it or leaking it we can't sign things with their signature
Sent from my HTC6435LVW using xda app-developers app
Wozzie said:
Would it be possible to extract the signature of a file that has not been altered and then add that signature to an altered file?
I know it seems like a lot of work but if we could figure out how to create our own Unlock_Code.bin files, not only this phone but possibly other HTC phones might be able to use this method.
Click to expand...
Click to collapse
The signature changes with the file. The unaltered file's signature would not match the alerted file.
Sent from my HTC6500LVW using Tapatalk 4
anyone attempted to super CID it? make the phone similar to the sprint or other cdma with the same bootloader to get the code to unlock on htcdev?
just throwing that out there. i wont be on the ONE till late this year so i wont be able to work on it. :/
synisterwolf said:
anyone attempted to super CID it? make the phone similar to the sprint or other cdma with the same bootloader to get the code to unlock on htcdev?
just throwing that out there. i wont be on the ONE till late this year so i wont be able to work on it. :/
Click to expand...
Click to collapse
That would be an interesting approach. Or at least try to change the CID to T-Mobile or something. I honestly don't think it would work though.
synisterwolf said:
anyone attempted to super CID it? make the phone similar to the sprint or other cdma with the same bootloader to get the code to unlock on htcdev?
just throwing that out there. i wont be on the ONE till late this year so i wont be able to work on it. :/
Click to expand...
Click to collapse
Have to be s-off don't ya?
Code:
(bootloader) [SD_ERR] The project does not support SD card
(bootloader) E0902910 E0902E20
FAILED (status read failed (Too many links))
finished. total time: 0.003s
Flyhalf205 said:
Have to be s-off don't ya?
Click to expand...
Click to collapse
thought you already had s-off? this wont work for ya? idk what bootload you guys are on. :/
http://forum.xda-developers.com/showthread.php?t=2314582
Hey guys,
It seems more and more people are receiving the new version of the P8000:
- Stock Android 6
- New fingerprint scanner that is moved slightly higher and is able to unlock phone from screen-off (I confirm this is working)
- Sim 2 is combined with the micro-sd (I haven't tried whether you can have them both in at the same time)
- Somethings new about the display, since people are reporting errors with it after flashing older roms.
Warning: do NOT flash other roms. We have no way to unbrick the soft bricks yet!
---
Other topics that refer to this version:
http://forum.xda-developers.com/elephone-p8000/general/rom-p8000-t3431571
http://forum.xda-developers.com/elephone-p8000/help/stock-rom-p8000b-t3434477
http://forum.xda-developers.com/elephone-p8000/general/p8000-version-announced-t3346848
---
For development:
- The phone does not come pre-rooted. We have no way to flash custom recovery yet. Any tips for getting root? I've tried such tools as Kingo and vRoot, they don't work.
- We need the blocks file (scatter file) for SP Flash Tools. MTKDroidTools reports "unknown rom structure". Any help? Would love to start working on this.
Looking forward to hearing from others who have this version/who can help me with these questions.
Thanks!
Emile
Nice! Can you provide a dump from /system and /boot maybe?
BlueFlame4 said:
Nice! Can you provide a dump from /system and /boot maybe?
Click to expand...
Click to collapse
I would, if I knew how to. Any pointers?
Emileh said:
I would, if I knew how to. Any pointers?
Click to expand...
Click to collapse
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask
BlueFlame4 said:
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask
Click to expand...
Click to collapse
Thank you for your great instructions! The problem is that we've yet to achieve root on this device. We don't have a custom recovery for this version of the P8000 yet and other 'standard' methods of rooting don't work for me.
(I'm pretty solid in shell, so I'll do this afterwards, but I guess root is actually the first step).
// Edit to say: it does not come pre-rooted
Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.
flo1k said:
Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.
Click to expand...
Click to collapse
Ok, we know that, but doesn't really help us
Can you write them an e-mail?
I will do
Edit: OK, see if there will be an answer.
Thank you flo1k!
I have e-mailed as well, and would like to post on the Elephone forum, but don't seem to have access (because of minimum post count, I guess)
Anyone willing to ask for a ROM for the new P8000 on the forum there?
ROM Dump
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)
FrauHofrat said:
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)
Click to expand...
Click to collapse
The second choice looks promising
Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished
FrauHofrat said:
Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished
Click to expand...
Click to collapse
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Just checking thank you for your help in any case!! Really looking forward to it.
// edit: ah, you just used the old scatter file. But does that one work for this version?
Emileh said:
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Click to expand...
Click to collapse
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
// edit: ah, you just used the old scatter file. But does that one work for this version?
Click to expand...
Click to collapse
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....
FrauHofrat said:
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....
Click to expand...
Click to collapse
But if the phone boots with the firmware, doesnt that mean that the scatter file of the regular P8000 works? Since it flashes the firmware correctly.
The problem is that I was not able to flash the 'readback files' to the faulty phone.
When selecting 'Only Download' at SP-Flashtool I got the error "PMT... must be download"
When selecting 'Firmware Upgrade" I got some BROM error code
In both cases I used the same scatter,txt which I used to 'readback' the firmware from the working phone
Actually I have to correct my statement in post #15:
I flashed the faulty phone with the last 5.1 stock ROM (160711) - with this stock ROM the phone boots up but LCD (and probably more things) is not working.
I have actually gotten alot further
You have the use the scatter.txt from Android 6.0, which works perfectly fine. I have been able to extract boot.img, system.img and recovery.img that way (using Readback in SP Flash Tools)
Which ones do you need?
They probably flash fine (only thing I've flashed so far are custom recoveries, and although my ported PhilZ starts, I havent gotten it to mount anything.)
A little warning: don't use anything that has anything to do with Android 5.1. Those scatter files don't work
These are great news!
"Which ones do you need?"
Probably all of them
Ok this contains the scatter file, preloader, system.img, boot.img and stock recovery.img
https://ehaffmans.stackstorage.com/index.php/s/uKGKCir0BociydU
You need SP Flash Tools v5, select the scatter file first, then deselect everything, and only select these 4 and manually select the correct files.
Btw, the name of the preloader file is wrong, don't worry. It came from this phone
I am of course not responsible for anything!
Can you guys please confirm this doesn't contain anything personal? Like personal files or IMEI or something. Thanks!
I figured after reading a few things on the new S10 (non-flashable) combinations we could open up a thread and see if we can crack this probem. To start with, and although I've only started my research on this, I have a unpacked S10+ (TMB) firmware, lz4 decompressing and unpacking as much as i can. Kernel will be unpacked the normal way, and all arm type will need to be reversed or at least analyzed. I figured I'd start with the strings "factory approval", "token", etc.
The token unlocking I've read about is supposedly done by very few people that request payment, but we can figure this out ourselves. They probably just have Samsung hookups. You can get the token message in download mode by flashing an empty steady.bin
or try in a linux terminal
$ truncate -s 1024 steady.bin && tar -H ustar -c steady.bin>test_token_failed.tar
or
$ dd if=/dev/urandom of=steady.bin bs=1 count=1024 (tried both with random and zero, and got the same failure codes, maybe another user will have better luck?)
May have to unpack all the APK's from the system image and disassemble in search of strings, and with strings we'll find functions. I'm really thinking it's going to be a code that you can write to steady.bin then flash and unlock. Steady.bin is 1024 bits in size on all the firmware's i've seen. Steady.bin is also associated widely with Reactivation locks (even the Samsung Watches)
Let's reverse these things and get back our repair firmware. I myself don't care about FRP, but for tool development and need combination firmware working!! This is sad, Samsung!
kalexander7 said:
I figured after reading a few things on the new S10 (non-flashable) combinations we could open up a thread and see if we can crack this probem. To start with, and although I've only started my research on this, I have a unpacked S10+ (TMB) firmware, lz4 decompressing and unpacking as much as i can. Kernel will be unpacked the normal way, and all arm type will need to be reversed or at least analyzed. I figured I'd start with the strings "factory approval", "token", etc.
The token unlocking I've read about is supposedly done by very few people that request payment, but we can figure this out ourselves. They probably just have Samsung hookups. You can get the token message in download mode by flashing an empty steady.bin
or try in a linux terminal
$ truncate -s 1024 steady.bin && tar -H ustar -c steady.bin>test_token_failed.tar
or
$ dd if=/dev/urandom of=steady.bin bs=1 count=1024 (tried both with random and zero, and got the same failure codes, maybe another user will have better luck?)
May have to unpack all the APK's from the system image and disassemble in search of strings, and with strings we'll find functions. I'm really thinking it's going to be a code that you can write to steady.bin then flash and unlock. Steady.bin is 1024 bits in size on all the firmware's i've seen. Steady.bin is also associated widely with Reactivation locks (even the Samsung Watches)
Let's reverse these things and get back our repair firmware. I myself don't care about FRP, but for tool development and need combination firmware working!! This is sad, Samsung!
Click to expand...
Click to collapse
any luck so far ?
sent pm
its actually quite easy to bypass and flash combo.. of course it requires certain files as well as theres a few tricks to it.. the files needed are also not free and hard to find but if u have them then u dont need to purchase factory tokens which can only be used a set number of times forcing you to have to purchase again if u need to...
from my research you cannot make a token aka steady.bin.. its tied to device id aka did.. the ppl that sell em get ur device info then they have access to servers most likely these are businesses that pay for a license with samsung who provides them with access and a signing cert so they can sign the token.. basically takes ur device info then send to server that then uses w.e security amd algorithms to create the token then signs it and sends it back..
steady.bin is then flashed in odin amd then allows factory binary to be flashed.
ive tried to create them with my device info replicating an actual token but it didnt work of course.
ENG tokens are rare and alot more money (probably in thousands) but are done the same way.
i have sold my s10+.
if anyone is interested send me a pm and maybe we can work something out.
I should be able to complete combo flash remotely for example. I do not feel comfortable releasing them to anyone nor the exact method since dont want it to get patched
I can also do some exynos models too but this is untested as i dont own exynos devices.
Shoot me a pm or hit me up on tgram.. should be same as my username on here...
elliwigy said:
its actually quite easy to bypass and flash combo.. of course it requires certain files as well as theres a few tricks to it.. the files needed are also not free and hard to find but if u have them then u dont need to purchase factory tokens which can only be used a set number of times forcing you to have to purchase again if u need to...
from my research you cannot make a token aka steady.bin.. its tied to device id aka did.. the ppl that sell em get ur device info then they have access to servers most likely these are businesses that pay for a license with samsung who provides them with access and a signing cert so they can sign the token.. basically takes ur device info then send to server that then uses w.e security amd algorithms to create the token then signs it and sends it back..
steady.bin is then flashed in odin amd then allows factory binary to be flashed.
ive tried to create them with my device info replicating an actual token but it didnt work of course.
ENG tokens are rare and alot more money (probably in thousands) but are done the same way.
i have sold my s10+.
if anyone is interested send me a pm and maybe we can work something out.
I should be able to complete combo flash remotely for example. I do not feel comfortable releasing them to anyone nor the exact method since dont want it to get patched
I can also do some exynos models too but this is untested as i dont own exynos devices.
Shoot me a pm or hit me up on tgram.. should be same as my username on here...
Click to expand...
Click to collapse
Sure, let's schedule a time for this
kalexander7 said:
Sure, let's schedule a time for this
Click to expand...
Click to collapse
I have s20 model need flash token combination
Sent from my VOG-L09 using Tapatalk
S20? You're in the S10 forums dude.
vro66rand said:
I have s20 model need flash token combination
Click to expand...
Click to collapse
not possible.. even token servers r down
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
mariolcela said:
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
Click to expand...
Click to collapse
you bought it you can try it.. also g975x is LDU model
I dont have a g975x model.
Also its for all g975 models
What does flashing combo files do? Give root or bootloader unlock or something else?
mariolcela said:
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
Click to expand...
Click to collapse
Hey Buddy,
Where did you get it from?
I need a newer version ....
JazonX said:
Hey Buddy,
Where did you get it from?
I need a newer version ....
Click to expand...
Click to collapse
I don't know if they have a newer version but here you go
https://support.halabtech.com
Just search for your phone model
mariolcela said:
I don't know if they have a newer version but here you go
https://support.halabtech.com
Just search for your phone model
Click to expand...
Click to collapse
they dont lol.. bypass is easy
elliwigy said:
they dont lol.. bypass is easy
Click to expand...
Click to collapse
Really ?
Any clue how to do so?
I need help with such a device..
i dont try but if you can wipe the stady partition with root by dd command or you can flash boot-loader of combination directly by dd or purchase one token of desire set flash it and then take a whole backup by twrp and flash it with twrp this is my thinking i dont know this can work but possible that could be
harissiddiq said:
i dont try but if you can wipe the stady partition with root by dd command or you can flash boot-loader of combination directly by dd or purchase one token of desire set flash it and then take a whole backup by twrp and flash it with twrp this is my thinking i dont know this can work but possible that could be
Click to expand...
Click to collapse
huh lmao if u could do any of that then u dont need any token to begin with
[DELETED]