[Q] Idea / Possibility to open Bootloader ... - Windows Phone 8 Q&A, Help & Troubleshooting

I've searched a little bit in GDTD's Native Access Web Server and found something interesting...
shouldn't it be possible with the interop unlock / new registry access to disable the secure boot via changing the
"HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\State\UEFISecureBootEnabled" to "0" (default is "1")
another question: would it be worth to do it or lead to something? (custom ROM Flash for example?)

I believe that registry value reports the state of the system, rather than controlling it; the same value is present on RT and changing it doesn't seem to have any affect.
Good idea, though, and worth exploring.

Related

MSM72xx chipset-level configuration tools

**BE VERY CAREFUL WITH THESE TOOLS. IT IS ENTIRELY POSSIBLE TO DO IRREPAIRABLE DAMAGE.**
Ripped from the Xperia ROM, these programs allow control over a number of settings in the device.
RegisterEditor should allow direct reading and writing of registers on the qualcomm msm72xx chipset, which will allow control over virtually every setting available, just need to determine addresses and potential values, etc
TBattery talks directly to the battery chipset, and returns values such as mAh capacity, battery temperature, current draw, percentage remaining, etc.
DbgTerm allows real time display of Debug Log on device.
DebugTool allows among other things redirecting of KITL output to USB. You can also configure the level of logging for the Debug Log and have it save the log to SD.
Save Kernel KITL Log to SD:
1.) Open DebugTool.exe, input value 43D in [5]DebugFlags, click menu -> write
2.) Shut Down with Power Button (long press), and start up
3.) Do actions you want to be logged (load program that fails, drivers, etc.)
4.) Plug phone into usb, connect w/activesync and copy off /Storage Card/HtcLog/*.txt
5.) Open DebugTool.exe, input value 0 in [5]DebugFlags, click menu -> write
FMTuner allows direct advanced control over the FM Radio chipset, among other things allows activation without headphones (although I don't see a way to route audio to the speaker)
Uni-AT allows issuing of AT commands to the ROM.
dump a raphael ROM and open up rilphone.dll in a hex editor, look for the strings like +CRING, @AGPSADDRESS, $HSUPA_STATUS, these are AT Commands that can be issued to the radio ROM, to query status and alter settings.
Query an existing setting like so:
AT+CRING?
AT$HSUPA_STATUS?
[email protected]?
Querying a command should give you some input as to the required format.
Change a setting like so:
AT+CRING=1
AT$HSUPA_STATUS=1
[email protected]=1
For a setting with multiple parameters, such as AT+HTCNV, set it like so: AT+HTCNV=param1,param2,param3
Useful AT Commands:
AT+RADIOVER : returns radio rom version
AT+HTCNV : returns +HTCNV: 1,10,8 - param1 = DTM support, 1/0, param2 = MCS support 8/10/12, param3 = HSDPA Category 6/8/12
AT+HTCENS : ENS support 1/0
Reserved for more stuff
WOW!!!!!!!!
this would get alot more views in the diamond section.... thanx for posting it still
Looks like most of these tools were posted in Diamond section already here: http://forum.xda-developers.com/showthread.php?t=416334&highlight=htc+debug+tools
However everyone seemed to miss the significance of RegisterEditor entirely, it's listed in the linked Wiki as a 'very basic registry editor' but it has nothing to do with the registry at all..
Anyway, this is a dup post. Doh! But these versions are newer, and i'll try to make it more useful by including more knowledge about the apps
Wow! Kudos for this! Amazing. Register Editor is very powerful. Gotta map this out
Interesting. I wonder if these tools could be useful in unlocking the FM radio on CDMA Touch Pros.
[Edit: I noticed that you specified these were for the 72XX chipset. Any idea what kind of compatibility they have with the 75XX?]
Not sure, worth a try since they are similar, the api might be the same. You should be able to try a read operation without harming anything..
FMTUner Tested on Raphael
I've tested FMtuner on Raphael CDMA but nothing happens, I mean, the tool works, but no frequency is detected.
Fabian
bedoig said:
Interesting. I wonder if these tools could be useful in unlocking the FM radio on CDMA Touch Pros.
[Edit: I noticed that you specified these were for the 72XX chipset. Any idea what kind of compatibility they have with the 75XX?]
Click to expand...
Click to collapse
there is CDMA debugtools set, grab it from any cdma beta rom (maybe posted on ppcgeeks, if not, i can upload it here), similar to gsm but for example the AT tool differs (UNI_AT will not work on CDMA) etc etc.
bump for adding new AT commands
Is there some documentation for tBattery explaining exactly what each reading is?
Also have a suggestion if possible that it include a time hack with each sampe it saves to the log instead of just a start and end time.
Thanks in advance.
cmonex said:
there is CDMA debugtools set, grab it from any cdma beta rom (maybe posted on ppcgeeks, if not, i can upload it here), similar to gsm but for example the AT tool differs (UNI_AT will not work on CDMA) etc etc.
Click to expand...
Click to collapse
Could you post the CDMA debugtools set?
Thankyou very much
someone asked me in PM today to post the tools, see attachment.
tbattery
how exactly do i install this program? do i just copy it to my SD card and open it from my phone? thanks in advance
yup, copy to eg SDcard to DebugTools folder and run the debugtool

Registry changes are lost after reboot :-(

Hello,
I would like to change the multiline-capabilites key in HKLM/System/State/Phone to '1' in order to make the menus necessary to control the line for outgoing calls appear. Since the changes will only take effect after reboot, I have to do so. However, after reboot, the menus still do not appear, but the registry key is changed back to '0'. I guess this is due to the simcard, which does not have a valid CSP-entry for ALS. Is there any possibility to make the phone not check the CSP but just keep the entry I set manually?
Thanks,
Chris
Any idea someone?
Shouldn't be to much of an issue (if you know how)?
I just want a registry entry not to change after reboot...
try to create reg script and put it in autorun or some small program in .net that executes silently and write changes to registry
CSP-override
Hello kulla,
kulla said:
try to create reg script and put it in autorun or some small program in .net that executes silently and write changes to registry
Click to expand...
Click to collapse
Thanks for your reply.
I'm not sure if your idea would do the trick, and I hardly doubt it.
I guess the registry entry is set as soon as the phone recognises the simcard.
At this point, the phone will either boot the Line2 capable taskbar and menus, or the regular menu, depending on this particular reg-key.
Therefore setting this key later in the boot-up procedure does probably not have any effect on the menu bar, as it would have been already loaded and configured when the reg-script would start.
I rather would like to somehow "protect" the reg-key from beeing altered by the phone during bootup.
There should be some way to prevent the phone from reading out the CSP from the simcard and writing it into the registry. I'm not sure if this is of any help - on Nokia phones, this feature (ignoring simcard/CSP) is called "CSP-override".
Maybe someone knows anything similar for Windows-Mobile?
Thanks,
Chris
Is there really nothing one can do to prevent windows from overriding the registry?
Is there really nothing one could can do to prevent windows from overriding the registry?
Unfortunately no. To the best of my knowledge, some ROMS are programmed to automatically revert to default registry values after a reboot.

[Q] How to use google as search engine in IE?

Does any one know if there is any way to set the IE to use Goolge as the search engine? Thank you.
It's possible via a registry tweak, or sometimes (if already configured this way from the factory) in the Settings screen for IE. Unless you have a Samsung phone, though, the registry option is probably not available. Flashing a foreign ROM (one that comes with Google integration) might work, but you also might create more problems.
There's a way to do it on Lumia phones which I would guess doesn't work for other manufacturers...

Idea: Getting Interop-Unlock for Lumia Devices

As a new user with less then 10 posts I'm forced to post this here. I know that this topic has to be at a different place.
Reading this post
http://forum.xda-developers.com/showthread.php?t=2435697​
which enables an Interop-Unlock for Samsung Phones I came to the source code of GoodDayToDie's "EnableAllSideloading_Release_ARM.xap"
http://forum.xda-developers.com/showpost.php?p=45606584​
In my undestanding, this changes some registry keys
Code:
...
NativeRegistry.WriteMultiString(RegistryHive.HKLM, @"SOFTWARE\Microsoft\SecurityManager\CapabilityClasses", cap, isvUnlock
...
I found this registry editor which can be easily deployed with dev unlock
http://forum.xda-developers.com/showthread.php?t=2395480​
So is it possible to do the steps GoodDayToDie's unlocking app does manually through the registry editor?
b9228 said:
As a new user with less then 10 posts I'm forced to post this here. I know that this topic has to be at a different place.
Reading this post
http://forum.xda-developers.com/showthread.php?t=2435697​
which enables an Interop-Unlock for Samsung Phones I came to the source code of GoodDayToDie's "EnableAllSideloading_Release_ARM.xap"
http://forum.xda-developers.com/showpost.php?p=45606584​
In my undestanding, this changes some registry keys
Code:
...
NativeRegistry.WriteMultiString(RegistryHive.HKLM, @"SOFTWARE\Microsoft\SecurityManager\CapabilityClasses", cap, isvUnlock
...
I found this registry editor which can be easily deployed with dev unlock
http://forum.xda-developers.com/showthread.php?t=2395480​
So is it possible to do the steps GoodDayToDie's unlocking app does manually through the registry editor?
Click to expand...
Click to collapse
The registry editor that has write access rights? Since I think such isn't available on Lumia devices. I might be wrong now.
Nope, the editor isn't able to write to the registry only read...Needs the Interop Cap which in turn won't let you sideload without Interop Unlock...
The idea is a fair one, but if you read the first post of snickler's registry tools thread more carefully, you'll see it says it cannot write to HKEY_LOCAL_MACHINE area, and the registry key in question is in HKLM. I'm not sure what else the Interop-Unlock xap does, but this issue is already a blocker.
Until someone finds a way to properly edit that area of the registry, sadly, we're stuck with no Interop-Unlock for Nokia Lumias.
b9228 said:
As a new user with less then 10 posts I'm forced to post this here. I know that this topic has to be at a different place.
Reading this post
http://forum.xda-developers.com/showthread.php?t=2435697​
which enables an Interop-Unlock for Samsung Phones I came to the source code of GoodDayToDie's "EnableAllSideloading_Release_ARM.xap"
http://forum.xda-developers.com/showpost.php?p=45606584​
In my undestanding, this changes some registry keys
Code:
...
NativeRegistry.WriteMultiString(RegistryHive.HKLM, @"SOFTWARE\Microsoft\SecurityManager\CapabilityClasses", cap, isvUnlock
...
I found this registry editor which can be easily deployed with dev unlock
http://forum.xda-developers.com/showthread.php?t=2395480​
So is it possible to do the steps GoodDayToDie's unlocking app does manually through the registry editor?
Click to expand...
Click to collapse
Your method is completely wrong in 2 ways.
One, the method you found is enabling other functions that you NEED interop-unlock to perform. Editing the registry is pretty much a chicken-or-egg problem. In order to edit the registry, we need Interop-unlock. In order to be Interop-unlocked, we need registry access.
Two, The registry editor only has read-access. In order to have write access it needs Interop CAP in WMAppManifest.xml which once placed, the app will refuse to deploy. A backdoor we found is that apps can be installed with Interop access if installed from the Store. First & Second-Party developers (namely Microsoft and OEMs) are the only devs able to upload InteropCAP apps to the store.
The Samsung Diagnostics tool is one exception, its an app made by Samsung but not from the Store but has registry read and write access. We used a hidden registry editor page in the app to Interop-Unlock the ATIV S. This method doesn't work on Nokia's because the method Samsung uses to edit the registry isn't available on Nokia.
One app that I've been looking into is the Preview for Developers app, if enabled, it writes an "1" (which is sort of binary for "yes") to the registry. If disabled, it writes a "0" to the registry (which is sort of binary for "no"). Looking into ways that I can reverse engineer it.
Interop = Access to the system registry and files.
Interop Unlock = Apps are now freely able to edit registry and certain system files but only if declared with Interop CAP (applies to side-loaded apps)
Interop CAP = In the WMAppManifest.xml, the app basically declares what functions it needs to use. If the CAP (declared function) is not declared in the Manifest, that function is unusable.
Gooddaytodie recently said he'd try new methods to interope unlock lumias
I have my fingers crossed

(Q) Internet Sharing registry settings

Does any one know the registry settings to enable internet sharing?
There's a small collection of them, what isn't working about it on your phone? If it's something like the mobile operator permission check, then yeah, we can bypass that.
GoodDayToDie said:
There's a small collection of them, what isn't working about it on your phone? If it's something like the mobile operator permission check, then yeah, we can bypass that.
Click to expand...
Click to collapse
Really? I missed that. Is that in a thread somewhere?
I have the Samsung Ativ S Neo from Ssprint.
-Tdecision10
There are a number of threads about Internet Sharing and about registry tweaking. The requirement for tethering to be enabled on your account is checked by a mobile operator-specific DLL that is used by ICSSVC (the Internet Connection Sharing SerViCe). There's a registry value that tells the phone what DLL to load, or whether to load any. If you don't tell it to use any, it defaults to assuming you have access.
There are a number of ways to make registry changes on your phone. You can flash a custom CSC (not a full ROM, though if you look for "custom ROM" on the dev&hacking subforum, you'll find stuff about it), or you can edit the registry directly using a hijacked app chamber, or you can interop-unlock (itself requiring a registry edit, so you probably need to use the chamber hack unless you're on an old version of Samsung's firmware) and unblock RPC, then use the RPCComponent.
GoodDayToDie said:
There are a number of threads about Internet Sharing and about registry tweaking. The requirement for tethering to be enabled on your account is checked by a mobile operator-specific DLL that is used by ICSSVC (the Internet Connection Sharing SerViCe). There's a registry value that tells the phone what DLL to load, or whether to load any. If you don't tell it to use any, it defaults to assuming you have access.
There are a number of ways to make registry changes on your phone. You can flash a custom CSC (not a full ROM, though if you look for "custom ROM" on the dev&hacking subforum, you'll find stuff about it), or you can edit the registry directly using a hijacked app chamber, or you can interop-unlock (itself requiring a registry edit, so you probably need to use the chamber hack unless you're on an old version of Samsung's firmware) and unblock RPC, then use the RPCComponent.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=54929482&postcount=13
http://forum.xda-developers.com/showpost.php?p=54652850&postcount=575
I followed and did everything posted in these but I'm still not sure if there was a solution for s print.
"and unblock RPC, then use the RPCComponent. " I think this is the part I need to be educated on.
-tdecision10
That is one (of several) methods for editing the registry. It can write more places than the other methods, but only works on Strings and Integers (DWORDs) and is only usable on Samsung phones. It requires that your process have ID_CAP_INTEROPSERVICES, which many OEM apps (and some first-party ones, like Skype) have, but which is not normally available to sideloaded apps.
"Unblock RPC" is the term we use for telling a Samsung service that it's in test mode by placing a file named "Non-production errors.txt" in the Documents folder of the phone. This will allow using RPCComponent anywhere in the registry, instead of just in a few specific places. Search for "unblock rpc" to learn more.
RPCComponent is a Samsung-provided native (C++/CX) DLL and WINMD for accessing various privileged functions by means of a high-privilege RPC (Remote Procedure Call) server. It is not publicly available but is bundled in many of Samsung's OEM apps and is available on this forum inside most .XAP files intended for use on Samsung phones (such as my own BootstrapSamsung tool; see the interop-unlock thread). As mentioned above, you need ID_CAP_INTEROPSERVICES for it to be useful.
GoodDayToDie said:
That is one (of several) methods for editing the registry. It can write more places than the other methods, but only works on Strings and Integers (DWORDs) and is only usable on Samsung phones. It requires that your process have ID_CAP_INTEROPSERVICES, which many OEM apps (and some first-party ones, like Skype) have, but which is not normally available to sideloaded apps.
"Unblock RPC" is the term we use for telling a Samsung service that it's in test mode by placing a file named "Non-production errors.txt" in the Documents folder of the phone. This will allow using RPCComponent anywhere in the registry, instead of just in a few specific places. Search for "unblock rpc" to learn more.
RPCComponent is a Samsung-provided native (C++/CX) DLL and WINMD for accessing various privileged functions by means of a high-privilege RPC (Remote Procedure Call) server. It is not publicly available but is bundled in many of Samsung's OEM apps and is available on this forum inside most .XAP files intended for use on Samsung phones (such as my own BootstrapSamsung tool; see the interop-unlock thread). As mentioned above, you need ID_CAP_INTEROPSERVICES for it to be useful.
Click to expand...
Click to collapse
I interop-unlocked (all-capabilities) my phone using methods you've posted. This was earlier in the year sometime.
http://forum.xda-developers.com/showpost.php?p=54929482&postcount=13
I followed this closely but didn't see any finality.
I just added the Non-production errors.txt in the place noted on that relative thread.
Not sure what to do next.
Forgive me if I am being a bother.
-tdecision10
Yeah i'm completely lost. The EnableAllSideloading XAP won't deploy for me (The manifest could not be loaded and may not be valid) so I can't even full unlock, and I have no clue how to go about using the MBN creator. So if you could hold my hand, I'd love it....
okay so I figured out MBN creator (kinda) but I still need to know the proper reg settings to disable the carrier authorization check.... i.e. the setting that points to the carrier specific DLL you mentioned...
EnableAllSideloading doesn't work on WP8.1 because they changed the security on the registry key where it operates. If you can't sideload it, that's because you're not interop-unlocked at all.
MBN Creator should, in theory, not require any particular customization unless your operator requires it; the *default* state of the Internet Sharing feature is "no restrictions, enabled by default". Several people have reported that IS started working after they flashed a custom CSC even though that CSC had nothing to do with IS, just because it removed the carrier-specific customizations that were present (and were blocking IS from working) before.
@tdecision10: If you are or were able to capability-unlock, then you can just sideload any registry editor tool you want and use that. Some of them are better than others, of course. A handful of apps, like WPTelnetD (https://github.com/FurballTheGreat/WPTelnetD/releases), ship with almost no capabilities so that they can be sideloaded on any phone, but you could unpack the XAP and edit the capability list before installing if you want to. A capability that gives access to the relevant registry key is ID_CAP_RUNTIME_CONFIG.
GoodDayToDie said:
EnableAllSideloading doesn't work on WP8.1 because they changed the security on the registry key where it operates. If you can't sideload it, that's because you're not interop-unlocked at all.
MBN Creator should, in theory, not require any particular customization unless your operator requires it; the *default* state of the Internet Sharing feature is "no restrictions, enabled by default". Several people have reported that IS started working after they flashed a custom CSC even though that CSC had nothing to do with IS, just because it removed the carrier-specific customizations that were present (and were blocking IS from working) before.
@tdecision10: If you are or were able to capability-unlock, then you can just sideload any registry editor tool you want and use that. Some of them are better than others, of course. A handful of apps, like WPTelnetD (https://github.com/FurballTheGreat/WPTelnetD/releases), ship with almost no capabilities so that they can be sideloaded on any phone, but you could unpack the XAP and edit the capability list before installing if you want to. A capability that gives access to the relevant registry key is ID_CAP_RUNTIME_CONFIG.
Click to expand...
Click to collapse
Okay, I put Pasquiindustry CustomPFD on my pc unzipped it added that capability in the WPAppManifest. xml file, rezipped it but now it won't deploy.
Did I think it was too simple?
EDIT:
For Spr int, I think I need to figure out how to do this:
TetheringNAIConnection
Optional. Specifies the CDMA TetheringNAI Connection Manager cellular connection that internet sharing will use as a public connection.
If a CDMA mobile operator requires using a Tethering NAI during internet sharing, they must configure a TetheringNAI connection and then specify the connection in this node.
Specified connections will be mapped, by policy, to the internet sharing service. All attempts to enumerate Connection Manager connections for the internet sharing service will return only the mapped connections.
The mapping policy will also include the connections specified in the DedicatedConnections as well.
(This is the error I get)
If the specified connections do not exist, internet sharing will not start because it will not have any cellular connections available to share
Anyone know how to add this to the APN settings?
-tdecision10
well, i reverted to 8.0 and then updated to 8.1 via retail without thinking.... so i got the new firmware and took myself out of the game :crying:
edit: reverted back to 8.0 again and i have the old firmware again. i think using the mbn creator is key. with older versions of windows phone, the APN settings were all built into the rom. now they are provisioned OTA. everytime i change the CSC, the device fails the authorization check with sprints servers and the device doesn't provision itself. what we need is the provxml that contains all of sprints APN settings. I used to have this information in a kitchen for WM 6.5, but sadly, I deleted it a long time ago. i can currently do one thing or another, unlock internet sharing but have no data connection, or, have a data connection with internet sharing locked. i believe that i can make a custom CSC with all the necessary edits but I need to get my hands on the correct sprint provxml first. I've tried and tried to find an old kitchen for Sprint with the correct files in it, but because it's so old most of them are dead download links. I think even a stock RUU for the GOLD_C (Sprint's HTC Arrive) would do. If anyone has this or can track it down I think we'd be in business....
@GoodDayToDie thanks for all the input, it's really helpful. I think that most people have found success by simply changing their CSC because their phones are not CDMA. we've got all these extra restrictions that keep the technology from working automatically
also, i believe that if I could manage to somehow get my MSL unlock code, I could manually program the APN. problem is, CDMA Workshop can't read it, and the free version doesn't let you use the brute force option to find it. Sprint changed their policy in October to under no circumstances giving out the MSL code unless your contract is up. I'm going to continue to keep trying different tech support reps to see if I can get one of them to give it up.
@tdecision10 I'm getting close, but I REALLY need those WM 6.5/7 Sprint OEM packages..... if you know of anyone or come across it browsing it would be immensely helpful!
mtstmp, I have leadpoizon's old rom for HTC Arrive. Let me know if that will work and if so, how to get it to you.
-tdecision10

Categories

Resources