Database Develop

[HOW-TO]UnBrick the UnBrickable Vibrant

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Introduction:
After months of research and development, both hardware and software... I'm happy to announce UnBrickable Mod is a matter of modifing your phone once, with a single small wire. From that point on, you can click a button to unbrick. This can even be applied to a phone which is already bricked.
This is an example from the Captivate. The procedure is the same on the Vibrant.
Instructions
You Must have UnBrickable Mod applied to your device. If you're not sure, run this tool under Linux: http://forum.xda-developers.com/showthread.php?t=1257434
This currently only works for Linux based computers or Windows based computers with proper drivers installed, with a Linux Virtual Machine, Get Ubuntu here: http://www.ubuntu.com , Get Virtualbox Here: http://www.virtualbox.org/wiki/Downloads
You must have Java installed on your computer: http://www.java.com/en/download/
Unbricking:
1. Apply UnBrickable Mod to your device:http://forum.xda-developers.com/showthread.php?t=1273083
2. Run UnBrickable Resurrector: Get it from THIS POST: http://forum.xda-developers.com/showthread.php?p=17135277#post17135277 This will only work on linux currently. Install Linux or dual boot if you have windows.
3. Run Heimdall One-Click http://forum.xda-developers.com/showthread.php?t=1278683
4. repeat steps 2 and 3 with bootloader flashing enabled (Heimdall One-Click has a safety mechanism which requires you to flash once before flashing bootloaders).
conclusion
You've unbricked the unbrickable captivate... This should not have been difficult. If it was, you should learn teh computer better... Really. And with that said, I'm happy to announce that you no longer have to flash with a fear of bricking.
HIBL
The HIBL is the key to resurrecting a S5PC110 based processor. I'm going to let Rebellos explain the inner workings of the Hummingbird Interceptor Bootloader. It's really quite amazing. While my work is more hardware and high level tasks like making things into one-clicks, Rebellos' work involves reverse software engineering, assembly language, and more...
Rebellos said:
Okay, so, what is Hummingbird Interceptor Boot Loader (HIBL)?
Basically: It allows to load any amount of data (limited by size of RAM block, the biggest one single block available is 256MB) through USB connection with PC under any specified address into memory and then execute it.
Technically: It does consist of 2 pieces fused together - BL1_stage1 and BL1_stage2.
Each stage starts from 16bytes (4 ARM WORDs) of secure boot header. In stage1 these are mandatory, in stage2 they can be random (nulled them in my code), so EntryPoint of each stage does start at its 0x10 offset.
BL1_stage1, loaded under 0xD0020000 address, is short code, digitally signed by Samsung. It has been released to break "Chain of Trust" and alter Secure Boot into Non-Secure Boot process. Literally stage1 just do some compare operations and then jumpout to BL1_stage2. (Yes, I also see no point of releasing hardware secured CPU version together with software which is bypassing it's security)
BL1_stage2, must be placed at 0xD0022000 address (it's fused together with stage1 into HIBL, so it's at 0x2000 offset of HIBL.bin) it is unsigned because Secure Boot Context, prepared by iROM (BL0) has been already ignored by stage1.
Its FASM_ARM sourcecode:
http://code.google.com/p/hummingbir...unk/HummingBirdInterceptorBootloader/HIBL.ASM
This is where the code start real work, it does begin with standard ARM core jump vector table (just to keep stick to standard, these aren't used anyway).
1. It does use I9000 BL1_stage2 functions (init_system) which I linked to it, these are used to init DMC controllers, as to this point code is executing in and working with very tiny, 96KB iRAM space, after calling this function it turns all 512MB of RAM available.
2. Make sure DMC is configured properly (write some value to address 0x40~~ memory space, then read it and compare with previously written)
3. Reinit iRAM heap to the BL0 initial state (to convince it USB dload mode haven't been called yet), by storing and restoring UART pointer only (to keep debug output flowing properly)
4. Call iROM usb_downloader function.
5. Read the address where downloaded data has been placed.
6. Jump into this address.
This, properly used provides similiar debug output (similiar, because its outdated testlog)
Code:
�������������������������������������������������� ����������������������
Uart negotiation Error
----------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
----------------------------------------
Calling IBL Stage2
DONE!
Testing BL3 area
DONE!
iRAM reinit
DONE!
Please prepare USB dltool with BL3
Starting download...
0x00000000
Desired BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3...
//OUTPUT BELOW IS COMING FROM SBL
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
It opens infinite capabilities. Instead of SBL to unbrick, Uboot can be loaded, or any armlinux kernel. It's all up to you - XDA Developers.
Click to expand...
Click to collapse
Tools
Windows32 command line app and drivers http://forum.xda-developers.com/attachment.php?attachmentid=709292&d=1315091521 (doesn't work very well... just want you to know this)
Linux one-click Resurrector: http://forum.xda-developers.com/attachment.php?attachmentid=712232&d=1315349672

Wow. i mark it! thank you for your great work!

I just resurrected a Vibrant today using the method above. This tested great. No problems to note at all.
Here's a picture of my work http://forum.xda-developers.com/showthread.php?p=17896376#post17896376
This is slightly more difficult then a captivate because there is no room to work around the resistors.

thanks to you i finally got my vibrant unbricked thanks a lot for this .....................

Aneez1990 said:
thanks to you i finally got my vibrant unbricked thanks a lot for this .....................
Click to expand...
Click to collapse
You're welcome. Glad this helped.

Very sexy work... its nice to have this as a backup and itll be Very nice once people develop ffirmware to work with the unbrickable mod, like nexus s bootloaders or wp7 or iOs or whatever... thanks again
Sent from a cell tower to the XDA server to you.

younix258 said:
Very sexy work... its nice to have this as a backup and itll be Very nice once people develop ffirmware to work with the unbrickable mod, like nexus s bootloaders or wp7 or iOs or whatever... thanks again
Sent from a cell tower to the XDA server to you.
Click to expand...
Click to collapse
I'd like to see Ubuntu. Turn these devices into a lamp server or security/web cam orsomething when were done with them.

I would also like to see work on Ubuntu. is there any work being done for that? I'm still thinking about getting the UB mod sometime soon.

Hey guys Im having a problem with step #2. It says to download Unbrickable Resurector but this post is the HIBL post with no "Unbrickable resurector" download link. Is that just an error or do I just download the file listed on the previous post called "UltimateUnbrickResurector.zip"? Thanks for any clarification...
Also, when I launch the resurector on the previous post I get the following error smdk-usbdl: not found. Do I need to have Heimdall running prior to launching the resurector? Thanks again...
Code:
Please wait.... Uploading..
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Building command list
Building command list
Requesting Permission to access device/tmp/skorpnHeimdallOneClick51336EBC/Script.sh: 3: /tmp/skorpnHeimdallOneClick51336EBC/UnBrickPack/smdk-usbdl: not found

Moved this post to the "Mod" thread.
The Resurrector is not working, either because the mod was done incorrectly, or my Ubuntu machine has been setup wrong. The Resurrector keeps giving me the smdk-usbdl: not found error, but the file exists. My best guess is that the Mod was done incorrectly, either that or my Linux box is being a pain... Also noticed adb not working as well.
EDIT: Im going to go out on a limb and say this error is telling me the "usb device" has not been found, which would mean my mod did not take.

edit never mind found the answer was just wondering if it were possible to learn the wielding part of the guide on the internet and such also what type of tools would i need please and thank you

dohandrew said:
edit never mind found the answer was just wondering if it were possible to learn the wielding part of the guide on the internet and such also what type of tools would i need please and thank you
Click to expand...
Click to collapse
If you're asking, you will want to find someone more experienced.

i see where would u suggest going to ? im located in california i dont really know of a place that does welding on phones

Adam will do it for $30 + shipping, PM him.
Atleast thats what hes said (correct me if im wrong)

Adam, did you say you can do this mod for $30 + s&h?
Also, Im wondering if you upgraded to Ubuntu 11.10 yet? I just decided to upgrade before even thinking about it possibly effecting the mode detect, heimdal one click or the resurrector. You think the upgrade can break these apps any?

SkOrPn said:
Adam, did you say you can do this mod for $30 + s&h?
Also, Im wondering if you upgraded to Ubuntu 11.10 yet? I just decided to upgrade before even thinking about it possibly effecting the mode detect, heimdal one click or the resurrector. You think the upgrade can break these apps any?
Click to expand...
Click to collapse
Yes I do. No it doesn't.

AdamOutler said:
Yes I do. No it doesn't.
Click to expand...
Click to collapse
Excellent Im on 11.10, and thanks for the info...

I was able to remove the resistor and replace it with another resistor from an old samsung phone. I used a circuit writer pen from radio shack, it lays down a conductive polymer, which I used to adhere the new resistor onto the bottom spot on the board. "the resistors are so small I could not imagine being able to do this with a soldering iron. I would have probably shorted something out because the amount of solder that needs to be laid down might not even fit on an ants back (seriously!)"
Another note: when using resurector, my phone only went into download mode if I pressed on "only" the volume down button.-I hope this helps someone out there with a brick like the one I had.

Does that mean after applying this mod the vibrant will never brick at any cause ???

galaxyfitftw said:
Does that mean after applying this mod the vibrant will never brick at any cause ???
Click to expand...
Click to collapse
yes that is the meaning of this mod....is just awesome

[HOW TO] Root Remix Mini

Hi all,
I have been going on xdadevelopers a lot and have received so much helpful information. Now, I decided to give in my contribution to the forum. This is my first tutorial so there might be some mistakes...please be easy on me.
The reason I write this tutorial is because I have not found a good one yet on the internet. Although this thread "Just rooted my remix mini" provided some information, but I feel like a more detailed tutorial would be appropriate. So here we go!
Success screenshot:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Credits: all credits goes to these two links and authors:
http://forum.xda-developers.com/remix/remix-mini/rooted-remix-mini-t3311736
http://23pin.logdown.com/posts/435610-root-remix-mini
Requirements:
- Difficult level: Medium
- Tools:
+ Small screw driver
+ Scissors
+ A USB flash drive.
+ Thin metal wire.
+ Serial Converter (I bought on Amazon.com)
- Software:
+ Appropriate driver for the serial converter. Mine is CP2102 driver. Download here. If your serial converter use PL2303 then download this driver. You can google for your specific driver as well.
+ CoolTerm. Download here
+ SuperSU. Download here
- A lot of patience.
Steps:
1. As you can see, I stripped the wire and cut it in small pieces. As long as it is metal wire, that's okay.
2. Open up the Remix Mini with a screw driver.
2a. Flip it up side down, and rip the rubber ring out. It's okay, it will still adhere to the case afterward. Once you ripped it out, you will see two screws holding the remix mini. Proceed unscrew them and gently take the case apart.
2b. Gently take the case apart:
3. Connecting the serial converter to the board.
3a. Plug the 3 metal wires into RX, TX, and GND cable endings of the serial converter.
3b. Connect the other ends of 3 mental wires into RX, TX, and GND of the board.
3c. Make sure connection as such: RX to TX, TX to RX, and GND to GND. This part took me a lot of patience because the wires kept falling off. So please try to keep them in place.
4. Install appropriate serial converter driver.
5. Plug the serial converter into PC.
6. Extract and open CoolTerm.
6a. Click Options -> Serial Port -> Hit "Re-Scan Serial Ports" so it detects the appropriate port for serial converter. Mine is COM3.
- To find out, go to Device Manager -> Ports
6b. Select the right port. Then change the setting as in the picture:
Baudrate: 115200
Data Bits: 8
Parity: None
Stop Bits: 1
Click to expand...
Click to collapse
6c. Go to tab Terminal -> Select Line Mode.
6d. Hit OK.
7. Power Remix mini up (make sure this happens or you will get serial 103 or 104 error code)
8. Hit Connect button in CoolTerm.
8a. If you have done everything correctly until here, texts will appear in CoolTerm as your Remix Mini booting up.
8b. The texts will keep flowing up. Wait until you only see CPU readings. Then proceed to next step.
9. Download the UPDATE-SuperSU-v2.46.zip file. (Please double check the zip's file name. In my case, I am using SuperSU version 2.46)
9a. Copy UPDATE-SuperSU-v2.46.zip file onto flash drive.
9b. Extract the downloaded "UPDATE-SuperSU-v2.46.zip", from the extracted, go to META-INF/com/google/android/update-binary, copy "update-binary" file onto flash drive.
9c. Make sure you have 2 files, UPDATE-SuperSU-v2.46.zip AND update-binary, on the flash drive.
9d. Plug the flash drive to Remix Mini.
10. Commands: (copy each line and paste into CoolTerm)
Code:
/dev/tty.usbserial 115200
mount -o rw,remount /
mount -o rw,remount /system
mkdir /tmp
cd /system/bin
ln -s busybox-smp unzip
cd /data/local/tmp
cp /mnt/usbhost/Storage01/UPDATE-SuperSU-v2.46.zip /data/local/tmp [COLOR="Red"]<- Double check zip's file name and try Storage02 if Storage01 does not work because it depends on which usb port you plug the flash drive in. [/COLOR]
cp /mnt/usbhost/Storage01/update-binary /data/local/tmp
cd /data/local/tmp
sh update-binary 0 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip
reboot
11. Success. :victory::good:
11a. Wait for Remix Mini booting up, optimizing app..and DONE! CONGRATS! You have now voided your Remix Mini's warranty and cannot receive OTA system update anymore.
I have not figured out how to update manually but please hit me up if anyone knows how.
11b. Download Root checker to verify.
GOOD LUCK!!!!!! :good:

I'm gonna wait for an easier way..

This has got to be a joke.

Bro, have you tried kingroot, I'm not crazy about it but it works 99℅of the time
Sent from my LG-D415 using Tapatalk

No it is not a joke, no it will not get easier. Jide made it clear they will not support rooting. The amount of support available is minimal so this is the way. Difficult not if you have done stuff like this before ( FTA satellite. Etc.) kingoroot and all other software has been proven NOT to work. Hardware hacking is the only way so far.
Note: first boot takes longer than factory. Be patient. Jide will know it has been hacked so no support for updates but the opportunity to customize was worth it for me.

robot_head said:
Bro, have you tried kingroot, I'm not crazy about it but it works 99℅of the time
Sent from my LG-D415 using Tapatalk
Click to expand...
Click to collapse
I tried everything..even Baidu Root...nothing works...I am happy that I can do so many things with the Remix Mini now...rooting it was a genius decision lol

Major kudos, this is a true root method for all the hardware hackers out there. You've never truly "hacked" until you've tapped into a UART console. Very exciting!

So when I try this the remix mini just sits at the splash screen and coolterm just keeps saysing
Code:
/dev/block/mmcblk0p12fs_mgr: exec: pid 1667 exited with return code 1: Unknown error 256fs_mgr: begin to format ext4 buffer : /dev/block/mmcblk0p12fs_mgr: finish format to ext4:
while counting up on the pid number. Any idea why that might be?

bullet25 said:
So when I try this the remix mini just sits at the splash screen and coolterm just keeps saysing
Code:
/dev/block/mmcblk0p12fs_mgr: exec: pid 1667 exited with return code 1: Unknown error 256fs_mgr: begin to format ext4 buffer : /dev/block/mmcblk0p12fs_mgr: finish format to ext4:
while counting up on the pid number. Any idea why that might be?
Click to expand...
Click to collapse
I have not seen that before. May I ask at which step that this occurred? This looked like the device was formatting ext4 itself...it's weird.. can you double check and try everything again carefully?

unloseking2500 said:
I have not seen that before. May I ask at which step that this occurred? This looked like the device was formatting ext4 itself...it's weird.. can you double check and try everything again carefully?
Click to expand...
Click to collapse
I happens at step 8. I think the mini might actually be dead because even closed up it doesn't boot.

Sounds like a software issue. Someone else had a recovery partitionfrom Jide search maybe they could upload it.

bullet25 said:
I happens at step 8. I think the mini might actually be dead because even closed up it doesn't boot.
Click to expand...
Click to collapse
Interesting...yeah, try oncouch1's method..try to recover from a partition..see if it helps?!

oncouch1 said:
No it is not a joke, no it will not get easier. Jide made it clear they will not support rooting. The amount of support available is minimal so this is the way. Difficult not if you have done stuff like this before ( FTA satellite. Etc.) kingoroot and all other software has been proven NOT to work. Hardware hacking is the only way so far..
Click to expand...
Click to collapse
I also believe so. Grats on your success tho.
I have a question:-
I have a Tronsmart Vega S95 Telos with Remix OS firmware (Amlogic S905/Mali-450mp5/2 Gb Samsung DDR3/16 Gb Samsung KLMAG2WEMB-B031 eMMC/Realtek RTL8211F Ethernet/Ampak AP6335 Wifi+BT 4.0/Genesis GL850G USB 2.0 hub/JMicron JM20329 USB 2.0 to SATA bridge).
I opened up the TV box and saw the pin holes for PL2303 interface. I tried connect my PL2303 cable with its driver on Mac OS. The connection was succesful, I saw the response in my terminal in the form of message feed. But, I can't go any further. I'm still new to PL2303 use and I don't know how to go from the message feed to issue some commands. Then I see your thread and I think now I got some hope.
My question (again) is:- Do you think I can use your method to root my Tronsmart S95 Telos (with Remix OS flashed and working)?
Many thanks in advance.
PS. Here is the link to a photo of the S95 Telos board showing the PL2303 interface. The photo is not mine. I linked it from a guy tutoring the teardown, but my board looks exactly the same.
(I'm a new XDA user so I can't attach a photo from outside link, sorry for inconvenience)
www,cnx-software.com/wp-content/uploads/2015/12/Tronsmart_Vega_S95_Telos_Board_Large,jpg

Yoswin said:
I also believe so. Grats on your success tho.
I have a question:-
I have a Tronsmart Vega S95 Telos with Remix OS firmware (Amlogic S905/Mali-450mp5/2 Gb Samsung DDR3/16 Gb Samsung KLMAG2WEMB-B031 eMMC/Realtek RTL8211F Ethernet/Ampak AP6335 Wifi+BT 4.0/Genesis GL850G USB 2.0 hub/JMicron JM20329 USB 2.0 to SATA bridge).
I opened up the TV box and saw the pin holes for PL2303 interface. I tried connect my PL2303 cable with its driver on Mac OS. The connection was succesful, I saw the response in my terminal in the form of message feed. But, I can't go any further. I'm still new to PL2303 use and I don't know how to go from the message feed to issue some commands. Then I see your thread and I think now I got some hope.
My question (again) is:- Do you think I can use your method to root my Tronsmart S95 Telos (with Remix OS flashed and working)?
Many thanks in advance.
PS. Here is the link to a photo of the S95 Telos board showing the PL2303 interface. The photo is not mine. I linked it from a guy tutoring the teardown, but my board looks exactly the same.
(I'm a new XDA user so I can't attach a photo from outside link, sorry for inconvenience)
www,cnx-software.com/wp-content/uploads/2015/12/Tronsmart_Vega_S95_Telos_Board_Large,jpg
Click to expand...
Click to collapse
Hi honestly I had never heard of your box. I am not sure if you can use the same software etc. If you could communicate with the box you should be able to hack it. That being said depending on cost you may want to leave it to someone with experience! Remix was 50 bucks so no big risk for me.

...
oncouch1 said:
Hi honestly I had never heard of your box. I am not sure if you can use the same software etc. If you could communicate with the box you should be able to hack it. That being said depending on cost you may want to leave it to someone with experience! Remix was 50 bucks so no big risk for me.
Click to expand...
Click to collapse
Thanks for reply. I don't think the method can hard brick my device any way. The box itself can be flashed via a PC program made by CPU manufacturer (Amlogic here) and I have both stock firmware and Remix OS firmware images. So I think it's gonna worth a try. Thanks any way for your comment.

Keep us posted, may need one of those!?

Okay got my remix replaced. New remix updated to latest update then did root. It started boot looping. Had to run these commands in coolterm turing a boot loop.
Code:
mount -o rw,remount /system
dd of=/dev/block/by-name/system if=/data/local/tmp/system_image
Don't know if that was the latest update to cause that or what but its all working now. Also was able to easily install the google play services again and get playstore.
Of course I once again broke the power button because that wire is hanging on by a thread.

Apologies for the noob question but what does a root on the Remix Mini allow someone to do with regards to OS options and what are the other advantages?

vinicioh23 said:
I'm gonna wait for an easier way..
Click to expand...
Click to collapse
Please see this: https://secure.avaaz.org/en/petitio...tters_Users_need_root_access_to_remix_mini_1/

Just wanted to give a thanks it worked perfect for me...Just want to add that if you happen to use a built in serial port on an older pc or laptop don't forget to put a ttl converter on your port, or your console screen will be garbage printing out

[SOLVED] CM 12.1 stuck in bootloop after installing certain apps

So recently I ran into a problem where installing certain apps causes bootloop for me, such as:
SimSocial ( https://play.google.com/store/apps/details?id=it.rignanese.leo.slimfacebook )
Camera Roll - Gallery ( https://play.google.com/store/apps/details?id=us.koller.cameraroll )
Twidere for Twitter ( https://play.google.com/store/apps/details?id=org.mariotaku.twidere )
After installing the above apps, the launcher crashes, then the phone reboots itself. After restarting, the same thing happens again. The only way to end it is to remove the app using the recovery.
The problem seems to be very similar to the one described here
After some research, the problem seems to be caused by this
Someone made a fix here, but apparently it's made for the Moto G, and it doesn't work on Xperia SP (I've tried, the phone can't even boot afterwards)
I have no idea how to implement the fix myself because I'm a noob to all of this.
Does anyone have an idea on how to fix this without upgrading to a newer version of android?
The rom I'm using is Candy5 ( https://forum.xda-developers.com/xperia-sp/development/rom-candy5-t3196185 ), if that does any help.

Try "Low-RAM Property Patcher" by AdrianDC. Maybe it will work in "Candy".

ze7zez said:
Try "Low-RAM Property Patcher" by AdrianDC. Maybe it will work in "Candy".
Click to expand...
Click to collapse
Just tried and it didn't work. The amount of ram doesn't seem to be related to my issue too :/

Each time, on a clean ROM, install each application separately and save the logcat after running it.
When you do this, try different installation order of subsequent applications.
In this way, you have the chance to find out which application is causing problems.

ze7zez said:
Each time, on a clean ROM, install each application separately and save the logcat after running it.
When you do this, try different installation order of subsequent applications.
In this way, you have the chance to find out which application is causing problems.
Click to expand...
Click to collapse
I have tried a number of apps and found the apps I mentioned above cause the exact same problem. They cannot run at all. In fact the phone starts crashing right after finishing the installation. I have tried it on a completely clean rom installation too, and the same thing happens. I will try to get a logcat tommorow though.

You are correct about the bootloop. It affects old rom, pre-CM 13. I have applied the patch you have mentioned a few weeks ago and it did work on my phone, Samsung Galaxy S3 AT&T. I have shared the solution at the proper threads: https://forum.xda-developers.com/showpost.php?p=76721233&postcount=1215.
I think if you want to patch yourself, you might want to look at this. It's for KitKat but I think it should work on Lollipop.
https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184

nehc_rm said:
You are correct about the bootloop. It affects old rom, pre-CM 13. I have applied the patch you have mentioned a few weeks ago and it did work on my phone, Samsung Galaxy S3 AT&T. I have shared the solution at the proper threads: https://forum.xda-developers.com/showpost.php?p=76721233&postcount=1215.
I think if you want to patch yourself, you might want to look at this. It's for KitKat but I think it should work on Lollipop.
https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184
Click to expand...
Click to collapse
Yes I have tried the first solution in your post before making this thread. Unfortunately it caused bootloop (or stuck at the sony logo screen, I can't remember which). I'll try and see if I can get the second solution in your post to work though. Thanks for your reply.

Are there really no other solutions? I've been searching for months and everyone just link the same zip that doesn't work on Xperia SP.

steveglowplunk said:
Are there really no other solutions? I've been searching for months and everyone just link the same zip that doesn't work on Xperia SP.
Click to expand...
Click to collapse
The only options you do have is to do a edit with hex editor. The patch is specific to rom and os version. The person who made this patch did a good job on documenting the steps. https://forum.xda-developers.com/showpost.php?p=77174238&postcount=188
I think I have seen 3 different patches: KitKat, Lollipop, Marshmallow. Patch needs to be applied to proper OS.

I have finally fixed it by following the guide here ( https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184 )
The guide only tells you how to disassemble the libandroidfw.so, but it didn't say how you can "reassemble" it. So I used another software called Binary Ninjia ( https://binary.ninja/demo/ ) to edit it, and it worked! (and yes the demo is enough already)
Tell me if you want the detailed steps on how I did it (I don't think many people still use CM 12.1 on their Xperia SP anyway so I'm not going write it now unless someone asks so)

steveglowplunk said:
I have finally fixed it by following the guide here ( https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184 )
The guide only tells you how to disassemble the libandroidfw.so, but it didn't say how you can "reassemble" it. So I used another software called Binary Ninjia ( https://binary.ninja/demo/ ) to edit it, and it worked! (and yes the demo is enough already)
Tell me if you want the detailed steps on how I did it (I don't think many people still use CM 12.1 on their Xperia SP anyway so I'm not going write it now unless someone asks so)
Click to expand...
Click to collapse
I am glad you've fixed your phone. I was lucky enough that the patch worked on my phone. It's not an easy bug to fix. I am wondering how many people do know about this bug.
If you want to post the guide is up to you. But I think it's worth documenting everything. You never know who might need it.

Looking for this some help
I wouldn't mind a walkthrough on it (if you still remember/have it around)?
I'm trying to patch this for an older phone I have that only supports CM12.1 and it's a pain.

MattEffinTurner said:
I wouldn't mind a walkthrough on it (if you still remember/have it around)?
I'm trying to patch this for an older phone I have that only supports CM12.1 and it's a pain.
Click to expand...
Click to collapse
So obviously you'll need root access (which you should have already if you're using a custom rom anyway), and a pc
ALWAYS MAKE A NANDROID BACKUP FIRST, you never know if things will go wrong
Now install the Binary Ninjia demo ( https://binary.ninja/demo/ ) (There are other disassemblers but this one is what I used in my case, and the demo is free)
Afterwards, everything is basically just following the guide here ( https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184 )
1. Get the libandroidfw.so from "/system/lib" somehow. The guide suggested using adb pull but you can also use whatever root browser of your preference to copy it out and send it to your pc with bluetooth or something
2. Open your libandroidfw.so in Binary Ninjia
3. Open "android::AssetManager::getPkgName(char const*)" on the left by double clicking on it
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Make sure it's set to "Disassembly Graph" at the bottom left
4. Right click on the highlighted line (the code "movs r3,#0") - Patch - Edit Current Line
5. Change the 0 to 1 instead and press enter
6. In the top toolbar, go to to File - Save and save it...somewhere
7. Send the edited libandroidfw.so back to your phone with adb push or bluetooth or whatever method you prefer
8. On the phone, with a root browser or a terminal emulator, copy the edited libandroidfw.so to "/system/lib" and replace the original one
You'll need to remount /system as rw first to be able to successfully replace it
I prefer using the terminal emulator so I'll use this method for demonstration. In the terminal emulator, enter these commands
Code:
su
mount -o remount,rw /system
cp /path/to/<your edited libandroidfw.so> /system/lib
9. Set its permission to -rw-r--r--
If you use a terminal emulator, use the following command to set its permission (in case if you don't know how)
Code:
chmod 644 "/system/lib/libandroidfw.so"
10. Reboot and pray you haven't broken your phone
11. If it boots up, you should be able to live happily ever after with the bootloop crash problem gone
I can't send my edited libandroidfw.so as the fix seems to be rom and device specific. But I hope my guide is clear enough for you to fix the problem on your own. :fingers-crossed:

Excellent!
Thank you so much for this!
After several hours of fighting with it yesterday (and lots of Google-fu) I finally managed to patch the file (and all for the sake of changing a 0 to a 1 in a library file).
Once I get enough posts in, I'll be able to post the patched file for my ROM in it's thread (though I doubt anyone's still using it at this point, lol)

MattEffinTurner said:
Thank you so much for this!
After several hours of fighting with it yesterday (and lots of Google-fu) I finally managed to patch the file (and all for the sake of changing a 0 to a 1 in a library file).
Once I get enough posts in, I'll be able to post the patched file for my ROM in it's thread (though I doubt anyone's still using it at this point, lol)
Click to expand...
Click to collapse
I'm glad to hear you have fixed this annoying problem too.
Just out of interest, was your method similar to mine?

steveglowplunk said:
I'm glad to hear you have fixed this annoying problem too.
Just out of interest, was your method similar to mine?
Click to expand...
Click to collapse
Yes, it was pretty well identical to your method (I used adb push/pull to move the file off and back on).
I knew what I was looking for in the file but it took some time to figure out how to use Binary Ninja.

Mi 9T Pro - Hardbricked & Needing Help

Hello XDA Community,
As a preface, I'm an idiot. I figured I could dabble around with different ROM's and through all of my insightful wisdom appear to have hard-bricked my phone in the process. As seen via the attached photos I at one point was able to boot my phone into Fastboot > TWRP > Flash Rom > Off to the races.
Now the phone will not boot period. When plugged into an outlet the blue indicator atop the camera doesn't even blink a blue color. Moreover, when plugged into my PC it is not found via my PC "Devices & Drives" folder. However, when I open the MiFlash tool the phone reflects as "COM3" whereas before it would show what I assume to be the unique ID for the phone.
I came across another thread titled "[EDL Flash] How to fix your hard brick [Mi 9T Pro/K20 Pro]" but even here it mentions the phone booting and displaying some type of error message.
Anyhow, this is a long shot but figured I'd give it a go and see what comes of it.
Thanks for any insight and for simply taking the time to read my post.
Image of MiFlash reflect COM3:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Update 1 - I've tried to flash a ROM and get error message: "Object reference not set to an instance of an object". Here:

RealSykes said:
Hello XDA Community,
As a preface, I'm an idiot. I figured I could dabble around with different ROM's and through all of my insightful wisdom appear to have hard-bricked my phone in the process. As seen via the attached photos I at one point was able to boot my phone into Fastboot > TWRP > Flash Rom > Off to the races.
Now the phone will not boot period. When plugged into an outlet the blue indicator atop the camera doesn't even blink a blue color. Moreover, when plugged into my PC it is not found via my PC "Devices & Drives" folder. However, when I open the MiFlash tool the phone reflects as "COM3" whereas before it would show what I assume to be the unique ID for the phone.
I came across another thread titled "[EDL Flash] How to fix your hard brick [Mi 9T Pro/K20 Pro]" but even here it mentions the phone booting and displaying some type of error message.
Anyhow, this is a long shot but figured I'd give it a go and see what comes of it.
Thanks for any insight and for simply taking the time to read my post.
Image of MiFlash reflect COM3:
Update 1 - I've tried to flash a ROM and get error message: "Object reference not set to an instance of an object". Here:
Click to expand...
Click to collapse
That error message is some sort of program error:
https://stackify.com/nullreferenceexception-object-reference-not-set/
I'm no expert on c# programming so cannot say why that error occurred.
You could try to use adb commands, see if adb picks the device up, when you say it does not power on at all, does the phone go into bootloader mode? (, power and volume down)

MOD EDIT: QUOTE REMOVED
try it under windows 7 computer, preferably laptop with usb 2.0 port. It can recognize the device, if not, and standart unbrick method doesnt work even under w7, then you have to use test points on motherboard, edl account is needed for that, idk how to get it as i tried to get it several times but received only mails in chinese so i gave up, not paid too much to bother so much time on fixing one phone.
There is even modified version of flash tool that is believed to authorize any account logged in bypassin the authorize account error i can provide a link for you but not tested if its actually working.

MOD EDIT: QUOTE REMOVED
i actually did research about this while ago and it might help the guy unless he is willing to pay some russian scammer 60 bucks via teamspeak that is doing this stuff from either stolen or modified authorized account which i can provide link to @RealSykes pm me if u wanna try and give it a go, u can pay russian scammers few bucks in the end if all tries fails there is even command for adb if you have unlocked bootloader that will enter edl without test pin points, but u need to enter fastboot mode first which im assuming u cant from what i have understand.

Kind of important question, what did you do to screw up your phone? So others know what not to do.

https://c.mi.com/thread-2173190-1-0.html follow steps on this site if you already didnt find this by yourself, maybe it can give you and permission to flash, as it appears for some people it actually gave it. tried it myself for you now, and it appears my account is somehow ready to flash (authorized) now, but, i applied some time ago for actually get it, so, it can be different for you.

RealSykes said:
"Object reference not set to an instance of an object"
Click to expand...
Click to collapse
An Object is an instance of a Class , it is stored some where in memory. A reference is what is used to describe the pointer to the memory location where the Object resides. The message "object reference not set to an instance of an object" means that you are referring to an object the does not exist or was deleted or cleaned up. It's usually better to avoid a NullReferenceException than to handle it after it occurs. To prevent the error, objects that could be null should be tested for null before being used.
if (mClass != null)
{
// Go ahead and use mClass
mClass.property = ...
}
else
{
// Attempting to use mClass here will result in NullReferenceException
}

hardbrick and button not press
Need Guideline stepbystep pls.....

General Unbrick OP10 Pro (NE2210)

Hello everyone, I found a recovery tool on the open spaces of the Chinese Internet. This tool is for NE2210 only. It's in Chinese, but I don't think there should be any problems using it. Write who used.
Unbrick

The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.

Canuck Knarf said:
The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.
Click to expand...
Click to collapse
what is the file responsible for FTLibBase.dll ??

For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.

I want to try it ...lol...I have one more boot loop / dead battery 10 plus pro

I have been trying this fast boot command to get battery up enough to load boot file, vender_boot and vbmeta file. But after it dose a factory wipe ...kills battery wont reboot.
Using this command i started out with 6708 volts of battery took running command in fastboot 30 minutes to get to 6762 volts. So command dose work .
@Echo off
:start
fastboot getvar battery-voltage
fastboot reboot-bootloader
ping /n 6 localhost >nul
goto start

I need the command to just keep repeating by itself...i can leave it sit there for hours...Can you help ?

Canuck Knarf said:
For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.
Click to expand...
Click to collapse
I have w11, program starts normal, but not connected server.(((

VovaHouse said:
what is the file responsible for FTLibBase.dll ??
Click to expand...
Click to collapse
Can't you replace this file with OnePlus 9 pro msm tool i don't know where it's for but as long you get the msm tool work then it shouldn't be a problem ain't it ?

bir çözüm buldun mu? Aynı hata bende de var

Did you find a solution? i have the same error

Buyukturk said:
Did you find a solution? i have the same error
Click to expand...
Click to collapse
yeah....MSM and pay

Canuck Knarf said:
yeah....MSM and pay
Click to expand...
Click to collapse
unfortunately i couldn't find it

Canuck Knarf said:
evet.... MSM ve ödeme
Click to expand...
Click to collapse
nasıl çözdün bana yardımcı olurmusun

Buyukturk said:
unfortunately i couldn't find it
Click to expand...
Click to collapse
You can find it in the www
Prob is the msm Tool need a auth. (Acc)

DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK

DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK

Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
#1
unofficial (repacked for whatever reason) look like this:
#2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"

beatbreakee said:
Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here View attachment 5855327 #1
unofficial (repacked for whatever reason) look like this: View attachment 5855329 #2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"
Click to expand...
Click to collapse
Thanks for all of the work you have been putting in! I will not give up hope lol, sorry I'm not a dev smart enough to help but I wish everyone luck...

beatbreakee said:
-snip-
Click to expand...
Click to collapse
Glad to see you still around, I was definitely in the boat of thinking someone shut ya down for good. Keep it up man, I'm sure as we rally we'll get there eventually.