Original Pro 5 with Ubuntu Touch - Meizu Pro 5 ROMs, Kernels, Recoveries, & Other Dev

Is there anyone with the original pro 5 that came with ubuntu touch preinstalled willing to upload a copy of their bootloader? Would like to compare it with the *magic* bootloader that allowed unlocking.
*Update* I verified the sha 1 digests n compared the public certs in the RSA file, the bootloader from that particular meizu rom is indeed signed by meizu.

Related

Looking for testers for carrier unlock on windows/linux

Hey guys, I'm looking for testers for my new unlock program that works on windows/linux.
This unlock is based off of dagentooboy's guide, but does not require you to fiddle with any hex editors.
http://forum.xda-developers.com/showthread.php?t=761045
It currently has 2 modes of operation. In the first, it just shows you the unlock code on the screen. On the second, it creates two versions of the nv_data.bin file, one locked and the other unlocked.
Instructions
Binary release, contains windows and linux binaries and easy to run scripts.
Unzip the galaxy_s_unlocker zip file
Place your nv_data.bin into the folder for your OS (windows or linux) and run either
Code:
unlocker_windows.bat
or
Code:
./unlocker_linux.sh
Download the latest version here:
https://github.com/fbis251/Galaxy-S-Unlocker-for-PC/releases
Source code here:
https://github.com/fbis251/Galaxy-S-Unlocker-for-PC

Teclast X80 Pro (E6E9) - firmware update

Hello.
I know this forum is for X98, but i didn't found more proper one to ask about X80.
Does anyone have original firmware (Android/Windows) for X80 Pro E6E9?
The link on official website doesn't work anymore (https://www.dropbox.com/sh/swbmvr0eha8zgk4/AAAEl6UfFjHZ0BHcmOP_Cfuma?dl=0).
I've found it on baidu.com (https://pan.baidu.com/s/1dFEeKPb#list/path=/), but I cannot download it.
Can anyone help me?
I've found it and i've uploaded it to mega:
https://mega.nz/#F!I0AXGR5C!YiNFkZL9DIvzepH28qAjEQ
Thanks a lot torzech!
By the way where did you manage to find it??
I'm looking for a custom rom for this tablet but cannot find many things...
I don't speak English well.
Please help me, I don't find firmware Lineage 13 or 14.1 on Teclast X80 Pro.
Please, help
Do we have any Teclast X80 Pro (E6E9) users here?
I'm looking for the best Android ROM, but it is very difficult to find one.
Can I ask you for help?
Install
Hello,
How can i install the rom you have sent from the mega server?
X80 Pro: Windows 10 1909 19H2 (18363.476), 10GB free with Android
For those of you still using these tablets with Windows the following might be interesting. On 4PDA (Russian equivalent of XDA, more or less) there is a recent post on how to refresh the Windows installation on the E3E9 and E6E9 versions of these tablets. While I lost my original X80 Pro (by leaving it on a car roof, driving off and only thinking about the stowaway once we were on the motorway) I recently got back the second one I bought for my father (who recently passed away, sadly). While I had customised the Android installation on my own version I had not really touched Windows as a) I don't have much use for it, having used Linux since v0.92 and b) the lack of storage space in the Windows install meant it couldn't even update itself without running out of space. Now that I once more have one of these things taking up space in my laptop bag I thought to give it a workover to see if it could be used in a different way, seeing that the ageing Android version is not likely to get an update and not feeling particularly driven to try to port a more recent version of Android to this dying platform. I have an old Galaxy Tab 3 (which is Intel-based just like the X80 Pro) lying around which runs Android 7.1.2 just fine so it is not entirely impossible to create a port for this platform but... why bother?
Poking around 4PDA I happened upon a recent post describing how to install Windows 10 1909 (19H2) on these tablets and decided to give it a go. The post includes a download link (8.4GB) plus a short description on how to install the thing without the need for external USB hubs or keyboards. The relevant part of the description goes as follows:
Included versions:
Windows 10 Home
Windows 10 Pro for workstations
Windows 10 Enterprise 2019 LTSC (17763.864)
Partition a USB memory stick (minimum capacity 16GB) with a single GPT partition and format it to fat32. For reference, this is what it looks like on my system:
Code:
Model: General USB Flash Disk (scsi)
Disk /dev/sdb: 16.0GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 16.0GB 16.0GB fat32 win10_2019_LTSC_X80 msftdata
Extract the downloaded archive onto this partition. Have a look at the file named install.cmd, this is the script which initiates the install procedure. It is in Russian and uses code page 1251 so it will probably look like gibberish (e.g. Linux does not use Windows code pages). The essential parts of the script you'll want to know are the initial selection of which Windows version to install (1 for Home, 2 for Pro, 3 for Enterprise LTSC), the following question on whether to delete Android ('y' to delete it, 'n' to keep it) and the fact that it expects you to press 'y' after copying the two large DISM install files (sources\install.swm and sources\install2.swm) to the tablet. It will say something along the lines of Windows установлена. ... ерезагруз те устройство... which comes down to 'Windows is installed, press y to continue'. Do so when prompted or you'll be waiting and waiting and waiting...
Put the memory stick in a USB-OTG adapter, connect that to the tablet and boot the thing to Windows.
In Windows go to Settings => Update and Security => Recovery => Restart Now
A blue screen appears with a number of options. Select Troubleshooting => Advanced Options => UEFI Firmware Settings => Restart (the tablet will reboot into UEFI firmware settings).
In the UEFI settings screen go to 'Save & Exit' and select the USB memory in the 'Boot Override' section (somewhere lower down on the screen). The thing will boot to the Windows installer and the above-mentioned 'install.cmd' script will run. Press the keyboard symbol on the bottom of the screen to pop up the on-screen keyboard and select the Windows version to install (1: Home, 2: Pro, 3: Enterprise LTSC), select whether to erase Android ('y') or keep it ('n') and let the thing copy those two large archive files. Once greeted by Windows установлена. ... ерезагруз те устройство... press 'y' and the thing will reboot into the new Windows version... which only speaks Russian for now. If you know any of the Cyrillic-using languages select your favourite and be happy, otherwise select Russian (the top option). It will ask about localisation (I chose объединенное Королевство which stands for 'United Kingdom') and which keyboards to configure. Unless you're used to a Cyrillic keyboard you'll want to add one (select Добавить раскладку which means 'Add Layout') which you're more familiar with, e.g. США ('USA') or one of its derivatives. Once through this hurdle It'll ask for your WiFi settings. The rest depends on how you want to install Windows. For me that comes down to not using a Microsoft account, instead choosing to use a local account and saying нет ('No') to just about everything.
Don't know any Russian? Don't worry, just install one of the photo translator apps on your phone and point it at the screen when it says something you don't understand.
Windows is installed in the Compact mode, after the installation ~10 GB is available in Windows with Android installed.
Once ready you'll want to configure the thing to use your language of choice in the 'Time and Language' section in 'Windows Settings', recognisable by the clock-A-Chinese_ideogram icon, select 'Language' (A-Chinese_ideogram icon). Add the needed localisations to the device in the 'Add a language' section ('+' icon) and (once everything is installed) set the Windows display language to your language of choice. On the same screen select 'Administrative language settings' to set the language for the welcome screen, new accounts and non-Unicode programs to your language of choice. The thing will reboot and with a bit of luck it'll come back to greet you in a language you're comfortable with. This being Windows it sometimes gets stuck in the dreaded "Updating Windows, don't switch off the computer" screen. Should that happen you're probably best off repeating the whole procedure after force-rebooting the thing.
ONLY TRY THIS WHEN YOU'RE CONFIDENT YOU CAN найти выход из трудного угла
MAKE SURE THE TABLET IS FULLY CHARGED BEFORE TRYING THIS - IT CAN TAKE QUITE A WHILE
I used this procedure on a E3E9 version, it is advertised as working on E3E9 and E6E9. I have no idea whether it works on other versions, YMMV.
Once Windows has restarted you can remove the USB-OTG cable and plug in the charger.
Windows will need to be activated. Do what you have to do...
Is there a way to get 2004 on it?
I'm using the russian image, but now I have the same space problem by upgrading to 2004 as before

Need touch drivers for X80 Pro (E3E6)

Hi everyone would be great if someone could supply me with the original drivers for the E3E6 I had a broken windows install and a rooted Android with TWRP and flashed the whole thing to just have it as a Surface Replacement for school.
But I didn't do a proper driver backup like your supposed the drivers i installed are for the Teclast X80 Plus the drivers work fine for the X80 Pro even got the sound working just that touch is inverted and not properly working kinda a bummer because otherwise the device works flawless* again.
The Teclast (EN) link for dropbox is dead.
The Teclast (CN) link is working but I can't create a baidu account because It doesn't list my country as a phone number in the selection form.
The Teclast (SK) link is not obtainable it doesn't even list my device?
Tryed a few touchsetting.gt for differnt models yet didn't quite fix the issue just moving a file to C:\Windows\INF
It either messes up completly horizontal and vertical touch or just the vertical touch.
*Edit Flawless if I hadn't fail to mention that the display driver doesn't seem to work properly as Windows doesn't allow me to change my screen resolution.
**Update Adjusting the resolution works now after I installed some Windows 10 updates.
Found the solution on the techtablets forums. With a working TouchSetting.gt
Because I can't post links yet I'll provide the code for users to reuse just paste the following inside your editor and save it with the name TouchSetting.gt
Hopefully it doesn't needs to be compiled which would make this script useless
Code:
[Setting]
;UpdateCFG=0
SendCFG=1 ;Send CFG to touch IC when loading driver
SleepDisable=0
PhysicalXsize=1733 ;Physical size£¬the unit is 0.1mm
PhysicalYsize=1087
[Support]
ESD=1 ;Driver supports ESD recovery processing
;SensorID=5 ;According to the different SensorID send different configuration
GtpTool=0 ;GuitarTestPlateform tool support
X2X=0
Y2Y=0
X2Y=0
Log=0
Flashless=0
ICType=GT911
PrtScreen=0
CtrlAltDel=0
HomeKeyTouchTime=3
VolumeKeyEnable=1
resetRevert=0 ;reset level revert
[Feature]
Pen=0 ;stylus/pen support
NumberOfKey= ;The total number of keys supported,equal to 0 does not support key
Key1= ;0xe3 is home key,Must be a hexadecimal number
Key2=
Key3=
Key4=
[CFG]
DefaultCFG=0x00,0x20,0x03,0x00,0x05,0x05,0x35,0x00,0x01,0x08,0x28,0x0F,0x50,0x32,0x03,0x05,0x00,0x00,0x00,0x00,0x11,0x00,0x08,0x18,0x1A,0x1E,0x14,0x8C,0x2E,0x0E,0x1B,0x1D,0xA6,0x0F,0x00,0x00,0x00,0x82,0x03,0x1D,0x1E,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x14,0x3C,0x94,0xC5,0x02,0x07,0x00,0x00,0x04,0x8A,0x16,0x00,0x80,0x1B,0x00,0x76,0x22,0x00,0x6C,0x2B,0x00,0x62,0x36,0x00,0x62,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1C,0x1A,0x18,0x16,0x14,0x12,0x10,0x0E,0x0C,0x0A,0x08,0x06,0x04,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x2A,0x29,0x28,0x26,0x24,0x22,0x21,0x20,0x1F,0x1E,0x1D,0x1C,0x18,0x16,0x14,0x13,0x12,0x10,0x0F,0x0C,0x0A,0x08,0x06,0x04,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xA7,0x01
senserid_0=
senserid_1=
senserid_2=
senserid_3=
senserid_4=
senserid_5=

Linux deploy problem

Hello!
I got magisk up and running and busybox installed but when try do deploy a linux via linux deploy i got this error:
/system/bin/sh: <stdin>[4]: /data/user/0/ru.meefik.linuxdeploy/files/bin/linuxdeploy: No such file or directory
Nvm i found a soluition. The problem was in meefik's busybox i just hat to copy all the binaries in the bin folder in the linux deploy folder in /data/user
T mobile problem
so i was trying to unlock my tmobile revvl plus network...i changed to moto g7 plus stock rom...it didnt work....now i can access anything tmobile to unlock the network....please i need help.....is there anywhere i can get tmoblie revvl plus stock rom...or better still ho do i remove the network lock...please help

General Unbrick OP10 Pro (NE2210)

Hello everyone, I found a recovery tool on the open spaces of the Chinese Internet. This tool is for NE2210 only. It's in Chinese, but I don't think there should be any problems using it. Write who used.
Unbrick
The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.
Canuck Knarf said:
The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.
Click to expand...
Click to collapse
what is the file responsible for FTLibBase.dll ??
For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.
I want to try it ...lol...I have one more boot loop / dead battery 10 plus pro
I have been trying this fast boot command to get battery up enough to load boot file, vender_boot and vbmeta file. But after it dose a factory wipe ...kills battery wont reboot.
Using this command i started out with 6708 volts of battery took running command in fastboot 30 minutes to get to 6762 volts. So command dose work .
@Echo off
:start
fastboot getvar battery-voltage
fastboot reboot-bootloader
ping /n 6 localhost >nul
goto start
I need the command to just keep repeating by itself...i can leave it sit there for hours...Can you help ?
Canuck Knarf said:
For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.
Click to expand...
Click to collapse
I have w11, program starts normal, but not connected server.(((
VovaHouse said:
what is the file responsible for FTLibBase.dll ??
Click to expand...
Click to collapse
Can't you replace this file with OnePlus 9 pro msm tool i don't know where it's for but as long you get the msm tool work then it shouldn't be a problem ain't it ?
bir çözüm buldun mu? Aynı hata bende de var
Did you find a solution? i have the same error
Buyukturk said:
Did you find a solution? i have the same error
Click to expand...
Click to collapse
yeah....MSM and pay
Canuck Knarf said:
yeah....MSM and pay
Click to expand...
Click to collapse
unfortunately i couldn't find it
Canuck Knarf said:
evet.... MSM ve ödeme
Click to expand...
Click to collapse
nasıl çözdün bana yardımcı olurmusun
Buyukturk said:
unfortunately i couldn't find it
Click to expand...
Click to collapse
You can find it in the www
Prob is the msm Tool need a auth. (Acc)
DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK
DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK
Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
#1
unofficial (repacked for whatever reason) look like this:
#2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"
beatbreakee said:
Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here View attachment 5855327 #1
unofficial (repacked for whatever reason) look like this: View attachment 5855329 #2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"
Click to expand...
Click to collapse
Thanks for all of the work you have been putting in! I will not give up hope lol, sorry I'm not a dev smart enough to help but I wish everyone luck...
beatbreakee said:
-snip-
Click to expand...
Click to collapse
Glad to see you still around, I was definitely in the boat of thinking someone shut ya down for good. Keep it up man, I'm sure as we rally we'll get there eventually.

Categories

Resources