Hey guys, I don't know if this is of any use for you, but I think it won't hurt to share it.
Based on some posts and ideas I read in different threads, I managed to write to the EFIESP and the PLATpartition of the stock rom of my HTC 8S. I changed the bootimages in the PLAT partition to a custom one,flashed the image and it worked. I'll attach a picture to prove it and if that's not enough, I will post a video.
So, the first step is to download the stock rom (obviously...) and extract the .exe file. (I use 7-ZIP) Then there is a file called "RUU_signed.nbh". If you open it with a Hex Viewer, like HxD, you can find multiple partition Headers. I found 4 that I can use, the rest is encrypted with what appears to be Bitlocker, hence the different headers. Now, what I did was mark the area of the first partition (starts approximately at offset 228BEF90 and is a FAT16 Partition) and continued the selection until the end of the file. Then I created a new one and pasted it. I ddid the same with the rest, always selecting and copying from where the partition starts until the end of the whole file and pasted it into a new one. Then I mounted the files using OSFMount and voilà, you can put stuff and files in there! If you finished, you just unmount the files. Then I opened each file again with HxD, selected EVERYTHING and pasted it
to the according area in the original RUU_signed.nbh. I started with the first one, then the second and so on, so you don't overwrite the changes you have made if you start in reverse order. After packing the file, I tried to flash it and to my surprise, IT WORKED! After rebooting I saw my custom bootimage! Downside of this is obviously that it requires you to use the stock firmware and it will be overwritten once you update your device. But I hope our skilled Devs here have some use for those 2 partitions. Theres 2 more that are usable, but I don't know their names, but you can still put files in them.
Now again, I don't know if this is of any use for you devs, but I still felt kind of obligated to share it
Stupid thing, I put my HTC 8S into Diag Mode and THEN flashed it, now it doesn't connect as MTP but as HTC Diagnostic Interface and I can't change it back because I can't deploy anything to the device. It works perfectly, boots and everything, but no USB Connection via MTP. So be very careful before flashing, since the mode is determined by a NV value which you can't edit afterwards.
This is not a tutorial to be followed by everyday users, but something ment for developers. You do everything at your own risk! And keep in mind that this has only been tested on an HTC 8S!
cheers, hutchinsane_
Yeah, I heard that it is possible, though I hadn't had a chance to test it on my 8X.
As for EFIESP: you can edit \efi\Microsoft\Boot\BCD to enable Kernel Debugger functionality and it is basically enough to hack the whole OS even with actions currently performed.
The most interesting partitions are MainOS (second to last), and Data (last one). Interop Unlock can be done in MainOS.
Thing is that newest ROMs are encrypted (not hard to crack but still)
Darn, hoped I was the first to come up with the idea. I do have acces to the file you're talking about. MainOS seems to be encrypted with Bitlocker since their headers start with -FVE-FS-. I could take a look into the 8X Rom aswell, I expect the situation to be the same. So is there a thread on the Kernel Debugger thing?
EDIT: I just did what you set, although I used a program called "Visual BCD Editor" since I don't know about editing the BCD Store just YET. Now I edited some values from "False" to "True" and for 1 second it showed me what appeared to be a windows boot selection. Now when I boot up, and once the "Windows Phone" blueish logo appears, it shows "Not for resale", meaning that we actually can edit BCD on this device!
Very nice Work
I run in Nokia Lumia 920 RM-821 APAC Malaysia Amber ROM
I find the same
Maybe we can edit Lumia 920 FFU and get first Custom ROM
that's enough to enable WinDbg operopability.
Code:
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD /dbgsettings usb targetname:woatarget
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD -set {default} debug on
bcdedit /store F:\EFIESP\efi\Microsoft\Boot\BCD -set {default} dbgtransport kdusb.dll
Sorry for my Question but how can we find that here is the end of a file in HxD .
I'm now looking for it to flash a Custom Rom on my Lumia 920 but I can't build images correctly using HxD and OSFMount.
Thanks .
@ngame Thanks If you look at your first 2 screenshots, you didn't select the "ë" You MUST select and copy it aswell, it's always the start of a partition, fot FAT aswell as for NTFS. After that, you should be able to mount. For finding the end, I didn't. I just Selected until the end of the file and pasted it back in. It should work, Afterall, my HTC has a "custom" rom aswell now, since there's a custom bootimage
@ultrashot Thanks! I used the commands and it worked succesfully. Waiting on the phone to flash now
EDIT: It doesn't boot once you set a) the target b) the type or something else. but enabling the kernel debugger itself works. Trying to figure out which value makes it unbootable.
ngame said:
Sorry for my Question but how can we find that here is the end of a file in HxD .
I'm now looking for it to flash a Custom Rom on my Lumia 920 but I can't build images correctly using HxD and OSFMount.
Thanks .
Click to expand...
Click to collapse
u must ask me dude .
zimone die
amir323b said:
u must ask me dude .
zimone die
Click to expand...
Click to collapse
PM Me please if you know
Thanks
hutchinsane_ said:
@ngame Thanks If you look at your first 2 screenshots, you didn't select the "ë" You MUST select and copy it aswell, it's always the start of a partition, fot FAT aswell as for NTFS. After that, you should be able to mount. For finding the end, I didn't. I just Selected until the end of the file and pasted it back in. It should work, Afterall, my HTC has a "custom" rom aswell now, since there's a custom bootimage
Click to expand...
Click to collapse
I will test again
Sorry in advance if this is a stupid question ...
Here is a list of partitions from my 928 .ffu but which ones are needed to edit? Just the FAT and NTFS partitions? Are any of the others of any interest?
As far as I know, you have to look for the specific headers, since some are encrypted with Bitlocker, therefor have the "-FVE-FS-" header. Easiest way is to use the search function of HxD and search for NTFS, FAT12 and FAT16 partitions Also, there are no stupid questons
hutchinsane_ said:
As far as I know, you have to look for the specific headers, since some are encrypted with Bitlocker, therefor have the "-FVE-FS-" header. Easiest way is to use the search function of HxD and search for NTFS, FAT12 and FAT16 partitions Also, there are no stupid questons
Click to expand...
Click to collapse
:highfive: Here's a better list including the device layout and read and write partitions if it helps anyone. Also when mounting FAT16 or FAT12 partitions it says it needs to be formatted or is unsupported. What am I doing wrong???
Can you ost a screenshot of the file you use as a partition? I don't know if it even works with Nokia Roms. Which one are you using exactly? I might be able to have a look at it.
feherneoh said:
Don't try it on Lumias, as your phone will stuck in Quallcomm HS-USB QDLoader mode, like my L520 did
Click to expand...
Click to collapse
You tried this way ?
now you can't flash your Phone using Care Suite ?
did you try Reffbox or ATF to repair your Boot Loader and flash your phone again ?
Hey, Lumia owners, get out of here!
By the way, Huawei W1 has same access to partitions. You can join forces and develop one hack for both phones.
-W_O_L_F- said:
Hey, Lumia owners, get out of here!
By the way, Huawei W1 has same access to partitions. You can join forces and develop one hack for both phones.
Click to expand...
Click to collapse
I think @reker can help us . he created a W1 Custom Rom
ngame said:
I think @reker can help us . he created a W1 Custom Rom
Click to expand...
Click to collapse
Not rom any more, I'm making tool can directly operate NTFS, so I can modify everything without losing any data. A hard work XD
reker said:
Not rom any more, I'm making tool can directly operate NTFS, so I can modify everything without losing any data. A hard work XD
Click to expand...
Click to collapse
Can't you publish it ? or Private send it to me ?
This tool can modify every NTFS Partition ?
@-W_O_L_F- They do? Didn't know that, thanks for the info! Yeah, might be a good idea, actually.
@reker how do you plan on doing this? adding the tool to the rom or deploying it as a xap? I actually need a way to use hidden pages without the toast launcher, or to include the toast launcher into the rom since I can't deploy it anymore
ngame said:
Can't you publish it ? or Private send it to me ?
This tool can modify every NTFS Partition ?
Click to expand...
Click to collapse
Proto-type now, NTFS is a biiiiiig thing. I will release it when finish.
Related
Hi, I would greatly appreciate it if someone could upload the recovery parition (preferably English) to somewhere and provide a link; I bought my shift second hand and had Windows Developer Preview with no Recovery Partiton and I would be very thankful if someone could upload it.
Not Duplicate
AdinK said:
Hi, I would greatly appreciate it if someone could upload the recovery parition (preferably English) to somewhere and provide a link; I bought my shift second hand and had Windows Developer Preview with no Recovery Partiton and I would be very thankful if someone could upload it.
Click to expand...
Click to collapse
Every previous post contains links that are broken or simply dumping and restoring insturctions so this is not duplicate.
I have an English Vista recovery on my Shift, but I don't know how I could copy it off, you could give me some information about it, I will take a look at it anyways tomorrow or so. If you could profide usefull information I could do it faster.
And.. Why do you want to recover the whole windows? I have done it once and I removed it directly and installed windows 7 on it. Its way faster, Everything works. And just a bit snappier and populair then Vista(alot of people were amazed by my shift, but when I said Vista was on, they were not amused xD).
Armazia said:
I have an English Vista recovery on my Shift, but I don't know how I could copy it off, you could give me some information about it, I will take a look at it anyways tomorrow or so. If you could profide usefull information I could do it faster.
And.. Why do you want to recover the whole windows? I have done it once and I removed it directly and installed windows 7 on it. Its way faster, Everything works. And just a bit snappier and populair then Vista(alot of people were amazed by my shift, but when I said Vista was on, they were not amused xD).
Click to expand...
Click to collapse
Thanks, look at this link http://pof.eslack.org/2008/04/22/how-to-dump-and-restore-the-vista-recovery-partition-on-htc-shift/ and as for why I want to well I want to examine the default vista for some drivers, software, blocks, etc and I also want to modify it i.e. make it a Windows 7 Recovery Parition and I dont plan to recover over whole thing if any modify WAIK or OPK config to install different parition without erasing.
Thanks in advance by the way.
AdinK said:
Thanks, look at this link http://pof.eslack.org/2008/04/22/how-to-dump-and-restore-the-vista-recovery-partition-on-htc-shift/ and as for why I want to well I want to examine the default vista for some drivers, software, blocks, etc and I also want to modify it i.e. make it a Windows 7 Recovery Parition and I dont plan to recover over whole thing if any modify WAIK or OPK config to install different parition without erasing.
Thanks in advance by the way.
Click to expand...
Click to collapse
Seems pretty hard for me, Since i'm not a linux guy, I will check it out later today since i'm still at school.
Thanks
Ok, thanks.
AdinK said:
Ok, thanks.
Click to expand...
Click to collapse
I found out how I can dump the recovery, but there is not really a possibility for me to store the whole recovery, maybe I could split it and upload it to mediafire.
I have tried to follow the instructions, which was actually very simple, but when I enter the cmd line, press enter it doesn't return a reply or something with writing or anything, it just enters and the white dot stays there, I don't know if this is normal =/
This Part
This part? "dd if=/dev/sda of=/media/disk/shift-vista-recovery.bin bs=16384 skip=2244480" if so leave it for about 45 minutes if it hasn't finished by then and returned to prompt then somethings wrong :/ but check if the file is there.
Oh and make sure you're copying the correct parition.
Hi all!
I was just wanting to see what other people were using as their metro wallpaper. I was getting bored of the old ones I made and I was still using the consumer preview imageres file so I just started over for the release preview.
Here is my current one (ignore the break in the middle, its just more of the same starfield). Looking forward to seeing what other people are using so that I can steal it
How do you crate that ... it's beautiful
You change the imageres.dll file.
This isn't the exact walkthrough that I used, but it is similar enough (it is in italian so you may need to translate.
http://windows8italia.forumfree.it/?t=60566861
Then it is just a matter of finding an image you like and splitting it in half in a logical way.
I see that someone is following my guides.
This is my first post here and I did not imagine finding this my guide
This guide I made on the Consumer Preview, however, also works on Relase Preview.
If there are errors or incomprehensions let me know
Pasquiindustry said:
I see that someone is following my guides.
This is my first post here and I did not imagine finding this my guide
This guide I made on the Consumer Preview, however, also works on Relase Preview.
If there are errors or incomprehensions let me know
Click to expand...
Click to collapse
Yep it is a great guide. :victory:
The other one that I had used before was on Tweakscene but all of the good stuff seems to be behind a paywall now. There was another one that I had used in the past on a chinese site, but I don't even know how I got there in the first place, let alone how to find it again.
tanders04 said:
Yep it is a great guide. :victory:
The other one that I had used before was on Tweakscene but all of the good stuff seems to be behind a paywall now. There was another one that I had used in the past on a chinese site, but I don't even know how I got there in the first place, let alone how to find it again.
Click to expand...
Click to collapse
Thanks a lot
There are many things to do to improve Windows 8 more ...
This, however, was one of my first guides, and, I repeat, I had written when there was still the CP.
If there are "Resource Editor" that double as command, I could make a more automated little program for customizing the start-screen, although it is very difficult ...
It looks very nice.
Any way to do this without a dual-boot setup? I tried safe mode and the dll is still in use.
groovedexter said:
Any way to do this without a dual-boot setup? I tried safe mode and the dll is still in use.
Click to expand...
Click to collapse
Unfortunately I think it's difficult to do this with Windows only 8 to edit.
You need at least another Operating System that is able to read NTFS partitions, or you must use the CD of Windows Vista / 7
I could think of to "take ownership" and the popular program "unlocker" but I think they can do little on 'OS to change.
Since we all have, I believe, the DVD of Windows 8 (CP or RP), I could find a way to use that. I have to do some small tests first.
Unfortunately the installation DVD of Windows 8 is different from that of Vista / 7 and has been removed according to navigate through files, I'll try and see
[edit]
Ok, I found a way to use the DVD of Windows 8.
In a little 'I'll do a article on my site of the guide and get better compared to the one linked, making it easier and more complete and adapting to the new method and the RP
Stay tuned
p.s. If there are criticisms and suggestions, tell me, so I can make a better guide for you
Pasquiindustry said:
Unfortunately I think it's difficult to do this with Windows only 8 to edit.
You need at least another Operating System that is able to read NTFS partitions, or you must use the CD of Windows Vista / 7
I could think of to "take ownership" and the popular program "unlocker" but I think they can do little on 'OS to change.
Since we all have, I believe, the DVD of Windows 8 (CP or RP), I could find a way to use that. I have to do some small tests first.
Unfortunately the installation DVD of Windows 8 is different from that of Vista / 7 and has been removed according to navigate through files, I'll try and see
[edit]
Ok, I found a way to use the DVD of Windows 8.
In a little 'I'll do a article on my site of the guide and get better compared to the one linked, making it easier and more complete and adapting to the new method and the RP
Stay tuned
p.s. If there are criticisms and suggestions, tell me, so I can make a better guide for you
Click to expand...
Click to collapse
I do it all within windows 8. I don't think it is too difficult.
Here is what I do:
1. Swipe to the charm and go to settings -> change pc settings -> general -> advance start-up options.
2. Once you restart you'll see three metro-esq icons (continue, troubleshoot, turn off PC). Select troubleshoot -> advanced options -> start-up settings.
3. The computer will restart again and you'll get your various start-up options. Select #6. Safe mode with comand prompt.
4. At the cmd prompt take ownership of imageres.dll (takeown /f C:\windows\system32\imagres.dll
5. Restart and go into the system 32 folder on the PC and copy find the imageres.dll file.
6. Right click and change to the security tab and check the box for full control.
7. Copy the file to the desktop or where ever you want to work on it.
8. Change the file with resource hacker as described above to insert your images.
9. Go back to the advance reset options and reset back into safe mode with the cmd prompt. Copy the file from your desktop (or where ever) back to the system 32 folder. (copy c:\users\[user name]\desktop\imageres.dll c:\windows\system32)
You should get confirmation asking to overwrite the file and if the permissions were set correctly you'll get confirmation that the file was copied. When you reset the computer you'll see the new theme in the settings menu.
Good luck!
4. At the cmd prompt take ownership of imageres.dll (takeown /f C:\windows\system32\imagres.dll
Click to expand...
Click to collapse
9. Go back to the advance reset options and reset back into safe mode with the cmd prompt. Copy the file from your desktop (or where ever) back to the system 32 folder. (copy c:\users\[user name]\desktop\imageres.dll c:\windows\system32)
Click to expand...
Click to collapse
I did not think that the "take ownership" really worked
I thought the file imageres.dll was blocked by Windows as a process and not just as a library-resource
good to know
Hey guys,
I made this this afternoon. I wanted something different from the rest that didn't steer too far away from the "norm" that didn't look tacky. gosh there are some really tacky wallpapers getting around.
Anyway I am not even sure any of you will even like this, I am not sure if I even like it yet .....it's growing on me I guess?
Hi Everyone !!
Work on the first custom rom WP8 for Huawei w1 been completed successfully .
Time for something new !
I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .
Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.
I'll keep you informed about the progress !! :fingers-crossed:
I collect money for the ATF and the new phone, otherwise I can't continue to work. In the future, project will be developed for many other devices with WP8.
Interesting. First of all: Congrats on the succesfull flash,
second of all: I hope you can resurrect your Lumia 1520 how did you get the 1520 to accept the modified rom though? Though Lumias check the signature after the flashing process has completed?
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
WojtasXda said:
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
Click to expand...
Click to collapse
Getting the boot files might be the trickier method, but you could try what I described in your other post. I guess the ATF Box is your best chance. I'll look through the 1520 update cabs maybe theres something in there that'll help you build the mbn boot image, like on htcs. (which are, for the 8s encrypted, for the 8x not, as far as I know.) If you feel okay with it you can shoot me a message with tips on how you managed to do that, if not, that's not a problem
WojtasXda said:
Thanks for congrats
I can ressurect my lumia in 2 ways:
1. I need have repair boot files for QPST
2. I need AFT JTAG
I have methods to cheat the verification process. In the same way I did in Huawei W1. :victory:
These are my priorities:
1. Development and refinement the ability to flash the modified FFU file.
2. Ability to run the phone in mass storage mode
3. Modification software
4. Adapting WP8CRUU for Luma 1520
Click to expand...
Click to collapse
Are you reading this thread: http://www.coolxap.com/forum-199-1.html ?
I received a lot of information about huawei w1 on this site. When read about it in December 2013.
Actually if the verification bypass works (which, knowing MS's tight security on Nokias, I highly doubt), it just needs to be released as a method, and after that, anyone can make their own custom ROM.
I'd definitely make some changes to the system (clear out some default apps, add some of my own, change the accent colours, allow interop and other caps to any apps, increase custom app limit), but that would break the built-in system updater. So beware modders, DO NOT use official updates when on modded firmware!
WojtasXda said:
Hi Everyone !!
Work on the first custom rom WP8 for Huawei w1 been completed successfully .
Time for something new !
I would like to announce that I start work on Custom ROM for nokia lumia 1520. First attempt at flashing the modified file ffu done successfully .
Unfortunately, in another attempt something went wrong. I switched the phone in Download mode, QPST can repair the phone but I dont have appropriate files (currently). I have Riff Box JTAG but this programator does not support L1520 and i need ATF jtag.
I'll keep you informed about the progress !! :fingers-crossed:
Click to expand...
Click to collapse
Hi,
I have an ATF Box (lordmaxey & me interop unlocked our Lumias with it, do you remember me ) and would like to help you. Feel free to PM me
Another question, did you just modify the .ffu file via Hex Editor? I've tried it myself a long time ago, but it didn't work and I had to repair it with my ATF. Is there a bug in newer Nokia FFU files?
myst02
feherneoh said:
Flashing the custom ROM is not hard, so I would give it a try
Just be sure you don't touch boot partitions, so you will be able to boot into flashmode
On L520, I could simply flash ANY ffu using CareSuite, so flashing works, just need idea, what to change in ROM
Click to expand...
Click to collapse
How are you able to bypass signature checking though? Funny how on Lumias you can apparently edit the MainOS Partition but cannot touch the Boot ones, and on HTC it's exactly the reverse.
Guys ... the only barrier that separates us from the Custom ROM are 2 files that i need to create and adapt to the device. I mean MPRG8974.mbn ((hex) and msimage8974.mbn . Anyone who has knowledge on this topic, please help !!
This is my other topic about mprg/misimage
http://forum.xda-developers.com/hardware-hacking/hardware/qpst-help-create-mprg-msimage-mbn-t2949492
Here is a lot of information about QPST
http://forum.xda-developers.com/showthread.php?t=2136738
how to build mprg and msimage [/url]
http://blog.csdn.net/ziyouwa/article/details/16331545
feherneoh said:
Start phone recovery process in CareSuite, select official firmware, press start
When it asks you, to connect the phone, just replace the ffu file with the modified one
Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE
Click to expand...
Click to collapse
how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?
feherneoh said:
Start phone recovery process in CareSuite, select official firmware, press start
When it asks you, to connect the phone, just replace the ffu file with the modified one
Boot partition should not be touched, as the SoC checks its signature, and your phone will be stuck in quallcomm's DLMODE
Click to expand...
Click to collapse
Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?
For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.
Therefore necessary there is start working on the most needed things.
ngame said:
how to modify FFU ? have you any tool for it ?
I know we can Convert it using ImgMounnt but how to reconvert it to ffu ?
Click to expand...
Click to collapse
Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.
Well ... I go learn and explore the dark side of QPST
Regards
WojtasXda said:
Okay, good, Are you sure that your phone will not reject the file when it encounters an error?
How do you think why was invented HSPL ?
For Huawei just enough to crack the flash tool in PC to be able to upload an unsigned app / ffu file. Phone does not validate the data but Huawei is different story. While working on the Custom ROM I used QPST with MPRG ,MSIMAGE, xml's and other files. JTAG also be useful. Without QPST not have been possible creating Custom ROM for Huawei.
Therefore necessary there is start working on the most needed things.
Do you think it is that simple? If yes, where are the custom roms? Where these modified files? Of course there are tools to build files ffu, signing and opening them, but they are not available for "ordinary" people.
Well ... I go learn and explore the dark side of QPST
Regards
Click to expand...
Click to collapse
I know it's not easy and simple and I know there's at least one tool to create and edit ffu files and it's also not public but i thought he developed a FFU Editor app ! or he flashed Custom Rom many times !
and also I think you mean Phone Image Designer of Microsoft :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
feherneoh said:
I have used HxD hex editor to find the partition headers, then used OSFMount to mount them. You can either mount a part of the ffu, or copy the partition to a separate image
As far as I know (my bricked 520 proves it) SoC's built-in ROM checks the first partition's signature using the public key in Q-Fuse, so let's crack RSA and stuff like that. SPL/HSPL was used to load CE, NT on ARM uses UEFI
Click to expand...
Click to collapse
you bricked your phone when you try this way ?
If( YourAnswer == "Yes" )
{
MessageBox.Show("Surely This way can't be useful or it's not the complete way and we need to research more");
}
else
{
//More Details go here
}
feherneoh said:
This happened when I tried to modify first partition (shown in attachments in previous post)
I'm not sure, if I added that in this thread, too, but only try, if you have JTAG box, so you won't mess up everything
Click to expand...
Click to collapse
Unfortunately I have no JTAG box (riff , atf and etc.)
I will look for way you provide and check it .
I have to find someone with JTAG in Mashad,Iran . Is there anyone ?
it is necessary to learn how to create MPRG / MSIMAGE and use QPST Then jtag will not be needed. These files are obtained by reading the data from the memory EMMC in this case VHD would be the best solution.
OK OK your way worked
I could create 3 Partitions from my L920 (RM-821) Rom .
I couldn't access MainOS partition in this ROM .
sounds good to find this working way but need to work on it hours and hours .
feherneoh said:
Once found something like MPRG in ffu
Open another SoC's MPRG, and look for the first 8 0r 16 bytes in ffu file
Click to expand...
Click to collapse
I do not know if this is true, but MPRGXXXX.bin or MPRG.hex (Intel hex) suitable for many devices. Msimage is built only for the appropriate device.
@WojtasXda : Are you using caresuite to flash the rom, or do you have another tool?
Click to expand...
Click to collapse
Yes i have own tools for example WP8RUU or WP8CRUU
Things that might be of interest to a custom ROM developer:
* I've just made big progress in figuring out how capabilities work on the phone. Setting them via custom ROM is definitely one of the easier ways it might be done, if you can create arbitrary registry keys and set arbitrary values in them.
* One particularly valuable thing you could add to a non-Samsung ROM is the RPC driver/service/whatever that lets Samsung's RCPComponent library work. I don't know how hard it would be to hack that in, though. The binaries and the registry keys for the service shouldn't be hard to obtain, but I don't know if there will be problems with signatures or anything. Still, if you can get it working, this would mean that Samsung homebrew, and everything we can do with it (such as write arbitrary places in the registry and move files around as SYSTEM) becomes available on the 1520.
Somewhat relatedly, I find myself in need of a new phone (I think my ATIV S may be unrecoverable, and it wasn't even due to a hack I was doing!) and this piques my interest in getting a 1520...
feherneoh said:
Also (just an idea) RT certificates could be added. Maybe some(!) RT apps could run on the phones
Click to expand...
Click to collapse
These apps work now on WP8.1
wp8.1 supports appx and appxbundle formats so we don't have problem with running them on phones .
If you mean running apps like Multimedia 8 on phone I think we will run into resolution problem .
Not going to happen. First of all, the ported desktop apps only work when signature enforcement is off ("jailbroken") even *on RT*; until/unless we get a signature bypass for WP8 that's a complete non-starter.
The other major problem is that all the base libraries for RT are different than for WP. This extends all the way down to the really core stuff like Kernel32.DLL; RT (like normal Windows) has one, but WP8 doesn't (the functions are split into kernelbase.dll and kernel32legacy.dll). Then there's all the code (like support for the normal desktop interface) that WP8 just flat out doesn't have.
I'm not saying it's impossible to get RT code running on WP8... but it's probably easier to port the entire RT OS to the phone (which is *not* easy, but is possible) than it is to get RT software running on WP8 OS.
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Having a Heavy Service of Samsung will Drain your battery fast.
Will a soft reset by pressing volume down+power button do the work???
souma_rox said:
Will a soft reset by pressing volume down+power button do the work???
Click to expand...
Click to collapse
no it won't because the packages need to be installed and by doing a hard reset the phone installs them
Are you suggesting that we can flash engineering images on retail devices, from the device? If so, have you tried this on anything Samsung?
But the xap is not installing ? =/
Damn this life
I want such thing for my L920
djamol said:
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Click to expand...
Click to collapse
Your app can't be deployed because it has interop services as capability
ya it's not installing
You have to replace it with extras + info
Freely remove interop services , deploy and then replace
@djamol as you know I have Ativ S now and I can send you any thing you want from my I8750
And even from GDR2 , 3 or later roms
And I know there's a way to ruin huawei w1 in mass storage mode .
Let's do a research with reker
and how exactly do I replace it? none of what I've been doing seems to work.
djamol said:
Hi,
After a getting FS Access using InteropServices on Lumia, I've just made small app. That allows us to import any OEM package to Lumia Device.
So, I've Implemented Samsung Resources like "FCRouter" IDrivers/Services and much more from samsung SPH - I800 and it works like a charm.
But I've not got any uses of Samsung one but it would be worth for research and development with appropriate resources.
We can even Import Packages from Engineering, Developer ROM. I.e. for DISABLE_ID_CHECK, DISABLE_SIGNTEST_ENVIRONMENT and much more.
1. Placed "Windows" Folder on SD Card. (Do not Interfere with the folder. It should be like this "D:\Windows")
2. Install XAP.
3. Run Auto Patcher.
In order to apply those packages to the System, you need to make HARD RESET.
If all the result value's gets "TRUE" then make reset, otherwise don't.
You can Import any OEM Package to Lumia Device. Such as, Huawei, HTC, Samsung.
But note that, Do Not Modify any package. It will break the signature and you will brick your device.
Click to expand...
Click to collapse
This should allow us to install the WiFi Calling service from their phones and install it on others!
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages to their System.
If we get at least any "TESTING" certificate (provided by MSFT in 10 Environment publicly) to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a First-Ever Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
djamol said:
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages.
If we get at least any "TESTING" certificate to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
Click to expand...
Click to collapse
yeah sure .
let me see can I extract the Rom or not if I couldn't I will flash for you to GDR2
you are already using W10 TP ?
If yes let me know . I'll send you a better trick to work on it
ngame said:
yeah sure .
let me see can I extract the Rom or not if I couldn't I will flash for you to GDR2
you are already using W10 TP ?
If yes let me know . I'll send you a better trick to work on it
Click to expand...
Click to collapse
Hey, Do not flash your Device. You can extract ROM using wolf's tool. They are really awesome. After then you can mount with OSFMount .bin files.
I never Install WP 10. Because of it's very buggy and initial Build. I'll get it later pre-Installed Device. Anyway can you tell me your trick? Then it will be useful for everyone. Especially for @GoodDayToDie for his HTC M8. and we all know that he is genius man.
Its inside of the ROMs for The Lumia 521, 925, and I believe the OneM8 for T-Mobile as well (might be a few devices I'm missing.) Unfortunately my 3TB hard-drive crashed and the VHD of it that I had is gone.
ngame said:
You have to replace it with extras + info
Freely remove interop services , deploy and then replace
@djamol as you know I have Ativ S now and I can send you any thing you want from my I8750
And even from GDR2 , 3 or later roms
And I know there's a way to ruin huawei w1 in mass storage mode .
Let's do a research with reker
Click to expand...
Click to collapse
Good work but....
I have extras + info in SD but If I try to replace app files manually, the application does not start
djamol said:
@G.moe : Actually It is Policy vulnerability i think so, that the OS Component Doesn't check the any OEM ID or key.
and having legal signed packages will be the "TRUSTED" packages. OS Component will respect them to Install because of they are signed with valid signature.
Also it will work on any OEM Device not specific for the Lumia. On other OEM Device need FS Access to place any appropriate packages to their System.
If we get at least any "TESTING" certificate (provided by MSFT in 10 Environment publicly) to sign own builded packages , then we will get the COMPLETE Control on the OS as a ROOT ACCESS. (like a First-Ever Custom ROM at runtime)
@souma_rox : It is required InteropServices Capability. If anyone don't have Interop Unlocked their Device. Then It is a possible hijacking Extras+Info App. as ngame told you before.
@ngame : Thanx Bro for everything. Can you send me the Packages and Config folder from GDR 2 and 8.1 ?
I want to do a research on it.
@thals1992 : Do you have that packages ? I'll try it and may be that is possible to bring those features on other Device. Thnx
Click to expand...
Click to collapse
Ok i did everything successfully but the problem is the HARD RESET part u know my device is perfect now if I hard reset then I will have to download all the apps again...
Hey insted of hard reset if I update my phone to win10 will it work????
@WojtasXda : Thnx. Did you copied files without modifying "Apps" Folder ?
If you modified "Apps" folder, it'll get encrypted.
And one more tip for you. Do not place your Huawei OEMSettings.reg on Lumia. It will work on unlocked bootloaders only.
@souma_rox : Do not try if you're not a cool developer. Yeah, really. If something goes wrong, you will get soft brick your device.
Right now, this resources is not use full or I've not find any use from Samsung one. So, I think you have to wait for any cool findings.
Anyway. If you want to try. You can do it using language update. Let me know.
djamol said:
@WojtasXda : Thnx. Did you copied files without modifying "Apps" Folder ?
If you modified "Apps" folder, it'll get encrypted.
And one more tip for you. Do not place your Huawei OEMSettings.reg on Lumia. It will work on unlocked bootloaders only.
@souma_rox : Do not try if you're not a cool developer. Yeah, really. If something goes wrong, you will get soft brick your device.
Right now, this resources is not use full or I've not find any use from Samsung one. So, I think you have to wait for any cool findings.
Anyway. If you want to try. You can do it using language update. Let me know.
Click to expand...
Click to collapse
yeah as djamol mentioned please do not try STUPID COPY PASTES ! It's not a funny game .
and if you think this app can do a REAL full unlock or something else you are surely WRONG . so wait .
this app and this trick will not do any special interesting work on your phone without Capability Unlock . this hack maybe the best hack that I've ever seen for Lumia phones but it's only a base . @djamol : finally I had downgraded to GDR2 for you and I packed same files you archived in windows zip .
some of those files weren't exists on GDR2 .
I packed the dll files and package files in this zip . I will wait on gdr2 while you confirm you don't need any more files
(because of file size restrictions here I renamed rar file to apk .
after download rename it again to rar or simply open it using WinRAR , 7-Zip or etc.
@ngame
Yes, Yes, Yes
What I'm Looking For.
Today something going to be happen... Yeah!
I can't wait for it... Very excited...
Thanks Bro.. Muhha...
Wait I'll send you a PM for required Stuff.
before some days extra+info get upadated WP10TP and also on Wp8.1. aftrer update we can't install extra+info to SDcard..now how to mod vcreg with extra+info.. for WP8.1 ..
any one can give me the list of cap. and path of cap_ so i will try to edit CAp_ with modded PDF 3. i think this might be worked
you cant do anything... be patient and wait news...
I think it's better to wait for w10 .
ngame said:
I think it's better to wait for w10 .
Click to expand...
Click to collapse
ya we understand:::;;
waiting for new tweaks:::
done:good::good::good::good::good::good:
A AJAY said:
ya we understand:::;;
waiting for new tweaks:::
done:good::good::good::good::good::good:
Click to expand...
Click to collapse
You are not alone my friend T_T
ciao!! Good news for you, some weeks ago i patched an old version of extra & info, deploy and move it to sd!! try!!
https://mega.nz/#!R5YmVTLI!NpzDEkY80rcqYKaDV94UmFbDagvatsH2IzMTWDA5wQk
canapo92 said:
ciao!! Good news for you, some weeks ago i patched an old version of extra & info, deploy and move it to sd!! try!!
https://mega.nz/#!R5YmVTLI!NpzDEkY80rcqYKaDV94UmFbDagvatsH2IzMTWDA5wQk
Click to expand...
Click to collapse
no luck with the windows application deployment tool, error 0x81030120
I believe this error is related to having interop capabilities in one of the libraries included in your XAP.
is there another deployer tha would work? (i already tested WPV xap deployer, also, no luck with that)
i'm not correct, maybe it's impossible to move e&i into sd, sorry
rickastillo said:
no luck with the windows application deployment tool, error 0x81030120
I believe this error is related to having interop capabilities in one of the libraries included in your XAP.
is there another deployer tha would work? (i already tested WPV xap deployer, also, no luck with that)
Click to expand...
Click to collapse
Have you tried with wppt ??? Or with this modified version of deployment tool http://forum.xda-developers.com/windows-phone-8/development/tool-appdeploy-8-1-capabilities-t3158053
ca_guri01 said:
Have you tried with wppt ??? Or with this modified version of deployment tool http://forum.xda-developers.com/windows-phone-8/development/tool-appdeploy-8-1-capabilities-t3158053
Click to expand...
Click to collapse
nah, tested both tools and nothing
I tried full FS access by patching an old version of CustomPFD to see if i could replace extras&info directly from phone memory.
I think some directories are hidden so i could not find the directory where the apps use to be installed.
However, i found a directory with the OEM apps (touch, extra&info, etc), but it seems that it's there only to be applied after a hard reset or something like that, so just replacing files wasn't enough. Extras&Info wasn't the only app with Interop Caps, but almost any app that is under settings has that cap.
So i unistalled touch settings and downloaded it from SD then i used MetroCommander to replace the SD files the old way (before CustomWPSystem was created, lol). Got nothing but an endless "Loading..." screen, but i guess i did something wrong.
But technically (someone correct me if i'm wrong) we can do Interop+Caps unlock using some other app from settings, right?
I'm pretty sure i've seen a settings app with a lot of capabilities in the manifest, not just InteropCapabilities, i don't remember exactly but it had something to do with SMS
TheBITLINK said:
I tried full FS access by patching an old version of CustomPFD to see if i could replace extras&info directly from phone memory.
I think some directories are hidden so i could not find the directory where the apps use to be installed.
However, i found a directory with the OEM apps (touch, extra&info, etc), but it seems that it's there only to be applied after a hard reset or something like that, so just replacing files wasn't enough. Extras&Info wasn't the only app with Interop Caps, but almost any app that is under settings has that cap.
So i unistalled touch settings and downloaded it from SD then i used MetroCommander to replace the SD files the old way (before CustomWPSystem was created, lol). Got nothing but an endless "Loading..." screen, but i guess i did something wrong.
But technically (someone correct me if i'm wrong) we can do Interop+Caps unlock using some other app from settings, right?
I'm pretty sure i've seen a settings app with a lot of capabilities in the manifest, not just InteropCapabilities, i don't remember exactly but it had something to do with SMS
Click to expand...
Click to collapse
Well , i think that we just have to remain with vanilla wp 8.1 until they fix wp10 annoying bugs, everytime i think i found a work around for a bug, there appear more bugs, my fault though, i chose the fast ring...
Now that Groove supports gapless playback, i'm considering going back to W10M (downgraded last week to WP8.1). But it's a hard choice, it sure has nice features but some bugs are just too annoying.
Did they fix the screenshots not appearing in Messenger/WA bug in 10549?
any updates on this? i have WP8.1 Update 2 and i'm having the same issues, not being able to install extras&info to SD card. i read somewhere on reddit (i think) that someone found a method that works currently, but searching around, i can't seem to find out the procedure..
cpshelley2 said:
i read somewhere on reddit (i think) that someone found a method that works currently, but searching around, i can't seem to find out the procedure..
Click to expand...
Click to collapse
And marmot puts it chocolate in the alu-foil...
dxdy said:
And marmot puts it chocolate in the alu-foil...
Click to expand...
Click to collapse
thank you for that wholly worthless response to an honest inquiry..
Try to push this cab using this metod: http://forum.xda-developers.com/win...ile/guide-deploying-astoria-packages-t3214481
Read this http://forum.xda-developers.com/showpost.php?p=63446863&postcount=58 , in cab folder put this unarchived :
augustinionut said:
Try to push this cab using this metod: http://forum.xda-developers.com/win...ile/guide-deploying-astoria-packages-t3214481
Read this http://forum.xda-developers.com/showpost.php?p=63446863&postcount=58 , in cab folder put this unarchived :
Click to expand...
Click to collapse
not work .gives an error and not restart as like project astoria cabs..so it not work.