Hello,
I recently purchased this TCL A1 (A501DL) from Walmart, with the intent of rooting it. It runs android oreo, 8.1.0. I have a few questions about it.
Question 1) Is rooting such a device even possible? I know a lot of phones have root capability, however this is a very simplistic pay-as-you-go phone, it was only made for one purpose
Question 2) Is there an accessible bootloader? I can only seem to be able to boot into recovery mode. I've tried power button + volume up, power button + volume down, and power button + both volume keys, and each time only recovery has come up. I have checked unlock bootloader in the developer options.
I appreciate any help in this endeavor. Thanks!
@FosterGecko
If you can enable the 2 phone's Android features as shown next
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
you can root the phone.
DELETED
FosterGecko said:
Hello,
I recently purchased this TCL A1 (A501DL) from Walmart, with the intent of rooting it. It runs android oreo, 8.1.0. I have a few questions about it.
Question 1) Is rooting such a device even possible? I know a lot of phones have root capability, however this is a very simplistic pay-as-you-go phone, it was only made for one purpose
Question 2) Is there an accessible bootloader? I can only seem to be able to boot into recovery mode. I've tried power button + volume up, power button + volume down, and power button + both volume keys, and each time only recovery has come up. I have checked unlock bootloader in the developer options.
I appreciate any help in this endeavor. Thanks!
Click to expand...
Click to collapse
see mtkclient for bootloader unlocking and rooting
luridphantom said:
see mtkclient for bootloader unlocking and rooting
Click to expand...
Click to collapse
Indeed. I was completely incorrect on my statement. I will remove the misinformation. It appears that these TracFone branded Mediatek devices can at last be rooted.
There may be another way to unlock Tracfone/USCellular devices. I'll layout the references and quote the relevant parts.
From the GrapheneOS Command Line install
Carrier variants of Pixels use the same stock OS and firmware with a non-zero carrier id flashed onto the persist partition in the factory. The carrier id activates carrier-specific configuration in the stock OS including disabling carrier and bootloader unlocking. The carrier may be able to remotely disable this, but their support staff may not be aware and they probably won't do it.
Click to expand...
Click to collapse
I have dumped my USCellular TCL A30 and have oempersist.bin and persist.bin files
It looks like the search string is CARRIER_ID
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
If it works then OEM unlocking and fastboot should be available.
Anyone see any issues with this approach?
971shep said:
There may be another way to unlock Tracfone/USCellular devices. I'll layout the references and quote the relevant parts.
From the GrapheneOS Command Line install
I have dumped my USCellular TCL A30 and have oempersist.bin and persist.bin files
It looks like the search string is CARRIER_ID
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
If it works then OEM unlocking and fastboot should be available.
Anyone see any issues with this approach?
Click to expand...
Click to collapse
is there any way i could get that dump you made? been searching for a full dump for months.
r1pp3d2 said:
is there any way i could get that dump you made? been searching for a full dump for months.
Click to expand...
Click to collapse
The super.bin alone was 5.4 GB which is too big for my ISP email provider. I used mtkclient which is some work to install but easy to use once in place. An easy way around this is to download the live cd from their website and use it. Get your dump in the live cd and then copy the file to a big usb driver or sftp them to another computer.
971shep said:
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
Click to expand...
Click to collapse
Do you plan on testing this?
Honkette1738 said:
Do you plan on testing this?
Click to expand...
Click to collapse
I used ghex on both persist.bin and oempersist.bin. They are both essentially empty:
rows and rows of
00 00 00 00 00 00 00 00 00.
I was suspucious that mtkclient may not have accurately pulled the files but other files dumped by mtkclient are not empty. In any event, I hit a dead end - there was no carrier id to edit. Not to mention that the MAGISK/mtkclient instructions for rooting the device put it into a bootloop. I was able to recover with the recovery option.
What I would really like to to get a broad overview about the Android booting process and the security works.
971shep said:
rows and rows of
00 00 00 00 00 00 00 00 00.
Click to expand...
Click to collapse
How large are the files? Maybe they need to be opened in a text editor?
Related
1. Download the file
2. Change the extension of the downloaded file. Zip (should happen: RM803_12w07_prod_generic_updated_nokia_osbl.zip)
3. Open the file. It should contain two files. We take out the file «nokia_osbl.mbn».
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Connecting the Nokia 710 to a computer in a mode of Qualcomm (Turn off the phone. Hold down the volume + and connect the USB). We wait until the removable drive will appear.
5. Download the program "HxD" ftp://wa651f4:[email protected]/HxDSetupEN.zip
6. Run as Administrator HxD. Click the "Advanced -> Open Disk." My phone number appears in the program as a "Removable Disk 1."
7. We find our phone number. Remove the check mark "read only". Click "OK". The section begins with a boot sector with number 1001. To quickly find the sector take advantage of the panels at the top.
8. Make sure it starts with a «0B 00".
9. We hide HxD open it phone.
10. Now open the file «nokia_osbl.mdn» HxD in and copy all its contents (you can press Ctrl + A and Ctrl + C).
11. Go back to HxD open the phone.
12. At the beginning of the sector in 1001, about the letters «0B 00" right click and click 'Insert the replacement. "
13. Save the changes.
14. Disable USB. We take out the battery. Turn on the phone. Now you can flash with the NCS. But in order to install custom firmware, you have to re-open mode of Qualcomm.
Only for Lumia 710? Can this work with Lumia 800?
ybregeon said:
Only for Lumia 710? Can this work with Lumia 800?
Click to expand...
Click to collapse
As far as I know you can update a Lumia 800 to DLOAD via the NCS. I'm not really sure why you would do this, though.
I am new in this field, but i you know a solution to DLOAD my lumia 800 with NCS, please share with me, cause i totally ignore how to do it. Thanks in advance
So, once upgraded to Qualcomm, if ever it needs to go back to Nokia DLOAD, just use these steps, am i right?
Good work, vova
babu.rajiv2007 said:
So, once upgraded to Qualcomm, if ever it needs to go back to Nokia DLOAD, just use these steps, am i right?
Good work, vova
Click to expand...
Click to collapse
you are right
Big Thanks
Man i love you, i was looking like crazy for this
ChrisKringel said:
As far as I know you can update a Lumia 800 to DLOAD via the NCS. I'm not really sure why you would do this, though.
Click to expand...
Click to collapse
Can you elaborate on how to do that?
The Power+VolUp and recover? OR some other trick?
Skrypek said:
Can you elaborate on how to do that?
The Power+VolUp and recover? OR some other trick?
Click to expand...
Click to collapse
Yes, please do elaborate. I'd like to convert the Qualcomm bootloader on my 800 to the DLOAD.
---------- Post added at 09:27 PM ---------- Previous post was at 09:25 PM ----------
ChrisKringel said:
As far as I know you can update a Lumia 800 to DLOAD via the NCS. I'm not really sure why you would do this, though.
Click to expand...
Click to collapse
I have the QC bootloader on my phone and I'm having a heck of a time trying to upgrade it to the Tango update. I feel like it's the QC bootloader that's somehow blocking me from using NCS. I have a thread for my problem http://forum.xda-developers.com/showthread.php?t=1734174.
I think if I can get the DLOAD on my phone then it can get stock upgrades...but at this point, my phone is stuck with an old version with no upgrade path.
Details please
Hi as a noob I'm weak but wanabee smart Not to waste my phone. In the tuto, at the end when suppose to paste. Should it be over what's already there if so then we need to select from section 1001 and paste over or else. I'm really not sure how to paste it caus' HxD does not give me the 'Insert the replacement
Thanks
RM-809
Hi, this is my first post here and I want to solve one question
I can use this process on my Nokia Lumia 710 RM-809?
I am from Brazil and here only sold the RM-809, branded ou unbranded.
Thanks
NCS doesn't recognize my phone
I upgraded to DLOAD from Qualcomm based on your instructions. That went well. But even now, Nokia Care Suite doesn't recognize my phone. I want to flash latest roms and don't need modded roms. Please let me know as to how I can do this. TIA
Edit: NM, I was able to do it.
6. Run as Administrator HxD. Click the "Advanced -> Open Disk." My phone number appears in the program as a "Removable Disk 1."
Click to expand...
Click to collapse
i've run HxD as administrator I can't seem to find "Advanced -> Open Disk."?
kingcartwright said:
i've run HxD as administrator I can't seem to find "Advanced -> Open Disk."?
Click to expand...
Click to collapse
Its in Extras / Open Disk.
hmm...Still no way to downgrade to Qualcomm?
hi
same as someone posted earlier
i cant seem to paste anything over the old file
i dont want to delete something i shouldnt
can anybody help?
answered my own question
i missed the bit where it said read only and untick
How do i insert replacement? I dont see the option under right click.
I am running HdX as admin and unchecked read only. I can see the option when in the downloaded file but on the phone side it is grayed out.
Can you explain better...
12. At the beginning of the sector in 1001, about the letters «0B 00" right click and click 'Insert the replacement. "
no image of this should i overwrite "0B 00" with all file's content, insert before "0B 00" or overwrite all the content of the sector 1001?
Thanks for the help
PS: no "insert the replacement" option. only paste/write
Sorry but... what is the difference between DLOAD and Qualcomm? Is one of those "better"? thanks.
Could anybody write instruction step by step for unlocking bootloader? I have a problems with understanding this
HTML:
http://forum.xda-developers.com/g2-mini/development/bootloader-unlock-t2827748
Here are the instructions written by @Zaaap72 :
Zaaap72 said:
If you want to try on your own: (Do it on your own risk)
Code:
Get aboot.img and abootb.img:
dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/sdcard/aboot.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/abootb of=/sdcard/abootb.img
Open each with a hex editor.
Search for the byte chain 20 00 EB 00 00 50 E3 E0 FF FF 0A
Make sure that it exists only once.
Replace the next 4 byte by DF FF FF EA.
You will get: 20 00 EB 00 00 50 E3 E0 FF FF 0A DF FF FF EA
Save aboot.img as aboot4.img and abootb.img as abootb4.img
[COLOR="Red"][B]Do it on your own risk![/B][/COLOR]
Flash them back:
dd if=/sdcard/aboot4.img of=/dev/block/platform/msm_sdcc.1/by-name/aboot
dd if=/sdcard/abootb4.img of=/dev/block/platform/msm_sdcc.1/by-name/abootb
If you don't understand this instructions then don't even try it!
Zaaap
If you try it, do it on your own risk.
I'm not responsible if you brick your device.
Click to expand...
Click to collapse
If you need any help ask at his thread or here.
Sent from my D620R [Stock 4.4.2]
I need a help with all of it
When I want to take out and modify aboot.img and abootb.img I must use root explorer, right?
And when I will be editing thoose files I must do this at phone using hex editor or on my computer?
And one question about putting it into the phone... For this I must use root explorer?
Or maybe You have thoose files? In this way I could flash them instead of my files
debowiakr said:
I need a help with all of it
When I want to take out and modify aboot.img and abootb.img I must use root explorer, right?
And when I will be editing thoose files I must do this at phone using hex editor or on my computer?
And one question about putting it into the phone... For this I must use root explorer?
Click to expand...
Click to collapse
[Q] Why would you want to unlock bootloader?
If you are not a developer you will have no use for it at the moment.
Answers:
A) No, you don't need root explorer.
B) You need a terminal emulator or use adb.
C) You can use what ever hex editor you like, i did it on my pc using HxD.
D) Like A) and B).
E) I don't know what phone you have, so i don't know what files you need and you don't know how to use them.
F) ! Don't do it. You might brick your phone for no reason !
So I shouldn't do that at the moment?
Maybe You're right, I won't do that but thanks for help
My phone is Lg D620r
debowiakr said:
So I shouldn't do that at the moment?
Maybe You're right, I won't do that but thanks for help
My phone is Lg D620r
Click to expand...
Click to collapse
Since we have no custom recovery/kernel/rom you can do nothing extra with the unlocked bootloader.
As soon as we have some thing usefull, I'm sure some one will write a guide for it.
File for LG D620r is attached to the thread as it is what i have.
Zaaap
How do I check if my recovery is unlocked?
luk45 said:
How do I check if my recovery is unlocked?
Click to expand...
Click to collapse
I don't know any official way to tell if your bootloader is locked or not.
I modified an extracted boot.img (kernel) and flashed it back.
Then i flashed a custom kernel build by Garcia.
In both cases I didn't get a security error and the phone booted.
This custom kernel is not ready for use now, but it is a prove of concept and promising for the future.
If you are not a developer or plan to start developing there is no use of an unlocked bootloader at the moment.
Zaaap
Sent from my LG-D620 using XDA Premium 4 mobile app
Sorry, for bringing up this old thread, but I found something very interesting and this thread seems fitting.
Apparently, there is this thing called LGTool. It can do a lot of things for various models, including unlocking the bootloader. List of officially supported devices.
Also,
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my D620r [Stock 4.4.2 , -V- Kernel]
Today I bricked my phone when I try to flash back to 6.0 because I was lazy and use dd to flash modem(radio).
And here is a warningO NOT flash your nexus 6p's bootloader,radio directly,becuase radio,bootloader image for this phone is packed.Using dd to flashing it directly will make you phone bricked.
And my phone is locked because I want to use device protection.So no luck flash radio via fastboot directly.
So I manage a new way to let bootloader thought bootloader can be unlock.
I learn about "factory reset protection"(frp) partition from
http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539
.
So all factory reset protection problem is just about that frp partition.You just need to dump it out using dd,then use winhex or other software edit the last bit to 01,then your phone is able to unlock.No need for password.
And don't give the device protection too much hope.Many people can unlock it easily because you just need to edit frp partition.Use jtag tools,wire emmc out,even UART or just download mode,and edit that bit then your phone is unlocked.
Apple is the same.Although apple will check iDevices ID,but many people who fix phones in China has some backdoor to unlock it(means reuse it again,data is loss,but who care these data).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
akaHardison said:
Today I bricked my phone when I try to flash back to 6.0 because I was lazy and use dd to flash modem(radio).
And here is a warningO NOT flash your nexus 6p's bootloader,radio directly,becuase radio,bootloader image for this phone is packed.Using dd to flashing it directly will make you phone bricked.
And my phone is locked because I want to use device protection.So no luck flash radio via fastboot directly.
So I manage a new way to let bootloader thought bootloader can be unlock.
I learn about "factory reset protection"(frp) partition from
http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539
.
So all factory reset protection problem is just about that frp partition.You just need to dump it out using dd,then use winhex or other software edit the last bit to 01,then your phone is able to unlock.No need for password.
And don't give the device protection too much hope.Many people can unlock it easily because you just need to edit frp partition.Use jtag tools,wire emmc out,even UART or just download mode,and edit that bit then your phone is unlocked.
Apple is the same.Although apple will check iDevices ID,but many people who fix phones in China has some backdoor to unlock it(means reuse it again,data is loss,but who care these data).
View attachment 3679303
Click to expand...
Click to collapse
can you detail the process with pictures if possible.. should help a lot of ppl around here..
rohit25 said:
can you detail the process with pictures if possible.. should help a lot of ppl around here..
Click to expand...
Click to collapse
run "adb shell" in PC
then
"cd /dev/block/platform/s*/f*/b*n*"
then type "dd if=frp of=/sdcard/frp",then the frp partition is dumped in the /sdcard.
use winhex or else edit the last 00 bit to 01,then save the files.
put the frp files back to /sdcard,use "dd if=/sdcard/frp1 of=frp"to flash the unlocked frp back(make sure you are in /dev/block/platform/soc.0/f9824900.sdhci/by-name)
reboot to bootloader,use "fastboot flashing unlock",select yes,then good to go,
Genius ...... Very bad English and grammar.....but I see what you are saying and is pure genius.
What I'm saying is its hard to follow.
Genius guy , dd is dangerous but life saving too
Sent from my Nexus 6P using Tapatalk
Wow, mosdef badass
cool, I wondered about this method months ago but too scared to try it. thanks for trying and sharing it here. cheers!
if you have adb access you can dd a modified devinfo partition back.it will unlock your phone directly.
Sent from iPhone ,using Tapatalk.
this way can work when i have adb access very good idea , what about if i don't have access to adb just fastboot and stock recovery is there any method to unlock my n6p .
Thanked
tenfar said:
if you have adb access you can dd a modified devinfo partition back.it will unlock your phone directly.
Sent from iPhone ,using Tapatalk.
Click to expand...
Click to collapse
hi,
what do you mean by this? I have a LG V10 H901 and I have adb access. what do you mean by modding the devinfo
sorry for being noob
thanks
SuperZoilus said:
hi,
what do you mean by this? I have a LG V10 H901 and I have adb access. what do you mean by modding the devinfo
sorry for being noob
thanks
Click to expand...
Click to collapse
maybe modding devinfo only works for Nexus 6p. try OP's method
I got the cph2459 model to explicitly avoid T-Mobile's lock however I am now in my second bootloop, and finding CPH2459 is a needle in a haystack where GN2200 is all over the place. ;/ I went to OnePlus customer support and they said ill hear back from them within 24 hours, but i luckily broke my backup device two days prior and am locked out of 2FA on most of my accounts. I tried flashing older firmware , and it at first refused to allow any critical partitions to flash killing my ability to use networking, and it then proceeded to bootloop for two or so days now, and at this point my main concern is my attempts at fixing this push the issue beyond recovery.
Still searching for a full image of cph2459
I used fastboot enhanced https://forum.xda-developers.com/t/...enhance-payload-dumper-image-flasher.4310553/
To flash to a lower stock using a OTA payload.bin I would be happy to upload that as well however I messed up my IMEI and the IMEI fix using diag mode has not fixed that issue as of yet
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Once on a lower firmware I let it normally update to the c.10 update and flashed N20 5G [CPH2459] - Unlock/Root/Safetynet (Step-by-Step)
These img to get root and made a full backup I'd be happy to share at no cost.
I have tried correcting my IMEI with two tools now with no luck ive tried reflashing my nhlos core's modem's and I may have to go directly to OnePlus as I switched to the unlocked CPH2459 and returned my GN2200.
ScarletWizard said:
Just saw this
Theres a person gsmafia that has 3 cph firmware password zipped and wants $$
There's an other person. He pretty busy response when he can.
I will pm you the info. I can't post it here.
The pesky badgers will send me warning if I do.
Click to expand...
Click to collapse
I flashed modem backups now trying to flash modemst1 & st2 along with fsg, fsc, and a few other partitions linked to the efs like the efs, efs1, efs2, and efs3 partitions im making a flash script for those partitions and hoping to avoid getting a box to fix. It will be substantially easier once TWRP is completely operational. I will look later today at where it is, and if it needs anything I can contribute to it I will try to add it on, and I also will post my full CPH2459 partitions once EFS is operational so I dont submit partitions that may just give someone else this issue if I cant fix my IMEI ill use a box (NOTE: if you attempt the same it is illegal to change your IMEI in anyway other than restoring the exact IMEI related specifically to your device my posts regarding methods I use to repair my own is EXPLICITLY advice on fixing any baseband or IMEI corruption and not meant to be used for illegal purposes.) I will keep posting any progress in fixing my IMEI and baseband issues and what I had to do to restore my IMEI to its original value from the back of the box.
From my reading into other QUALCOMM and snapdragon issues that mimic my issue it seems the QCN becomes either corrupt, or deleted and has to be fixed, or your EFS or Persist data is deleted, or corrupted and flashing firmware can on rare occasions lead to this issue, and I am going to try various fixes and report back what works in the event anyone else needs to REPAIR an IMEI issue (AGAIN imei changes other then fixing a device to it's actual original imei is in most regions a crime and this information going forward is in no way nor should in anyway be used as advice changing your imei from it's original imei located on the back of the box you received the device in.
micheal2445 said:
I flashed modem backups now trying to flash modemst1 & st2 along with fsg, fsc, and a few other partitions linked to the efs like the efs, efs1, efs2, and efs3 partitions im making a flash script for those partitions and hoping to avoid getting a box to fix. It will be substantially easier once TWRP is completely operational. I will look later today at where it is, and if it needs anything I can contribute to it I will try to add it on, and I also will post my full CPH2459 partitions once EFS is operational so I dont submit partitions that may just give someone else this issue if I cant fix my IMEI ill use a box (NOTE: if you attempt the same it is illegal to change your IMEI in anyway other than restoring the exact IMEI related specifically to your device my posts regarding methods I use to repair my own is EXPLICITLY advice on fixing any baseband or IMEI corruption and not meant to be used for illegal purposes.) I will keep posting any progress in fixing my IMEI and baseband issues and what I had to do to restore my IMEI to its original value from the back of the box.
Click to expand...
Click to collapse
MTK devices are far easier in regards to repairing the issue so what luck we have a Qualcomm device -_-
I used a box, but that information will be really helpful moving forward lol. GSM SHIELD.
If you've followed my prototype ABL image release topics so far, then you should know where it comes from.
This topic will be edited later if X20 one is available.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
WARNING: This is not a guide! Prototype ABL binaries are provided as-is, flashing them can be risky!
DO NOT FLASH IT INTO X20 OR IT WILL CAUSE DEAD BRICK!
1. Enable flashing permission with HDK (an internal flash tool used by triple-color company, sorry can't disclose more details about that). Please search for related service online, we don't provide or promote such service.
2. Download Prototype ABL from following URL:
Click here for Nokia X10 (ScarletWitch)
Click here for Nokia X100 (Deadmau5)
3. Flash prototype ABL manually, then you can confirm bootloader unlock:
Code:
(Nokia X10) fastboot flash abl SCW-abl.elf
(Nokia X100) fastboot flash abl DM5-abl.elf
fastboot reboot-bootloader
fastboot oem unlock-go
4. Once bootloader unlock completed, please reinstall stock OS to restore ABL back to normal.
SHA256 checksum of ABL image:
Code:
SCW-abl: 3a949e4b27c1b559cfd016a894fc1a4bb81d01c9ab323a86ab2603c313f4177b
QKS-abl: missing
DM5-abl: f16bafb998925b7a3f7651eb21edba8bb4283113f56628d9b0b685882015696b
Root Key Hash of ABL images:
Code:
Nokia X10: F552CB7380F2F46F92B4CC25AB923A8A234A45357601BEE1CC06D42C0790C4A0
Nokia X20: 2FDC6D616C061309BBADDDCA9C69CA0F3F8CA0E1CDF5F74F274E34B77F5CE8B6
Nokia X100: 05C8E21116890E3DAF3879ED4939F7F6267A3CA2085E3E943743E938C80C28C1
I'll have a go, thanks!
Alvy123 said:
I'll have a go, thanks!
Click to expand...
Click to collapse
it requires you to gain access of the tool from tri-color company, which is.... actually impossible.
The only way one can use it without any restrictions is if the same one is Nokia's customer support....
hikari_calyx said:
If you've followed my prototype ABL image release topics so far, then you should know where it comes from.
This topic will be edited later if X20 one is available.
WARNING: This is not a guide! Prototype ABL binaries are provided as-is, flashing them can be risky!
DO NOT FLASH IT INTO X20 OR IT WILL CAUSE DEAD BRICK!
1. Enable flashing permission with HDK (an internal flash tool used by triple-color company, sorry can't disclose more details about that). Please search for related service online, we don't provide or promote such service.
2. Download Prototype ABL from following URL:
Click here
3. Flash prototype ABL and OEM unlock enabled frp partition manually, then you can confirm bootloader unlock:
Code:
fastboot flash abl SCW-abl.elf
fastboot reboot-bootloader
fastboot oem unlock-go
4. Once bootloader unlock completed, please reinstall stock OS to restore ABL back to normal.
SHA256 checksum of ABL image:
Code:
3a949e4b27c1b559cfd016a894fc1a4bb81d01c9ab323a86ab2603c313f4177b
Root Key Hash of ABL images:
Code:
Nokia X10: F552CB7380F2F46F92B4CC25AB923A8A234A45357601BEE1CC06D42C0790C4A0
Nokia X20: 2FDC6D616C061309BBADDDCA9C69CA0F3F8CA0E1CDF5F74F274E34B77F5CE8B6
Click to expand...
Click to collapse
can I use 3rd-party tools (e.g: Fire Tool) to enable flashing perms, instead of HDK?
I presume that this is all supposed to be a bit of a mystery.
I have a custom abl on a different device.
I just de-engineered it, patched it, re-hashed it.
But thiat device does not have SecureBoot enabled.
That's a rarity.
Renate said:
I presume that this is all supposed to be a bit of a mystery.
I have a custom abl on a different device.
I just de-engineered it, patched it, re-hashed it.
But thiat device does not have SecureBoot enabled.
That's a rarity.
Click to expand...
Click to collapse
Oh wow, that's interesting. Mind telling me the full details about what you did?
AltFantasy said:
Mind telling me the full details about what you did?
Click to expand...
Click to collapse
Here's a whole thread on abl packing: https://forum.xda-developers.com/t/qualcomm-abl-android-bootloader-packing-signing.4473815/
Then there's the reverse engineering, probably using Ghidra or Ida.
Ghidra annoys me so I use my own custom stuff that simply annotates what objdump puts out.
I feel closer to the metal that way.
After unpacking/patching/packing abl you've got a modified abl that the signing is wrong.
If you're Nokia, you just take your super-secret private key and resign the abl.
If SecureBoot is not enabled on your device it does not need to be signed, but it needs to be hashed.
Hashing is not at all secret, it's just SHA256 or SHA384 on the program segments (one of which you altered).
My qcomview.exe can do that easily, it's in the sig.
I tested it for somebody; the unlock works by utilizing this abl. Thanks for the share
so far, not much luck
Nokia X10 (X20) Android 13 chances of new ROM/ some-any ways to override settings/ "jail-break"???
In short : X10, UK, Android 13 - thanks, no thanks! 0 actual improvements as per discussed to some degree on Nokia "support forum". Silly bloatware "features" added, but nothing what would be useful. Have tried 50 apps of different kinds...
forum.xda-developers.com
However, since security update, in "developer mode", I've had an option to unlock OEM loader- DONE! restarted the phone- still shows the same- bootloader UNLOCKED
Alvy123 said:
so far, not much luck
Nokia X10 (X20) Android 13 chances of new ROM/ some-any ways to override settings/ "jail-break"???
In short : X10, UK, Android 13 - thanks, no thanks! 0 actual improvements as per discussed to some degree on Nokia "support forum". Silly bloatware "features" added, but nothing what would be useful. Have tried 50 apps of different kinds...
forum.xda-developers.com
However, since security update, in "developer mode", I've had an option to unlock OEM loader- DONE! restarted the phone- still shows the same- bootloader UNLOCKED
Click to expand...
Click to collapse
that option is actually useless.