sickypedia
commented
3 years ago @bkerler Sorry for marking you here, not trying to be rude. I have spent another entire day trying to figure this out, but can't seem to make progress :(
Closed sickypedia closed 3 years ago
sickypedia
commented
3 years ago @bkerler Sorry for marking you here, not trying to be rude. I have spent another entire day trying to figure this out, but can't seem to make progress :(
sickypedia
commented
3 years ago Also, I was unable to get any output when trying to add the extracted loaders (*elf) to the Loader dir using fhloaderparse.py.
Does this have anything to do with VIP programming firehose limitations and is there a possibility to patch the programmer(s)? And since 'firmwarewrite' is listed among the capabilities, would I be able to write in qfil mode?
sickypedia
commented
3 years ago Another thought - I see that MsmDownloadTool for OnePlus 8T has readback mode. Since the SoC is the same as mine, SDM8250 (865), is there a possibility to unpack my OFP, repack firehose and partition files from it into OPS (after making changes to Settings.xml) and try readback through MsmDownloadTool? Would this work in theory as, I think 8T also has VIP programming
sickypedia
commented
3 years ago I could use MsmDownloadTool from Oppo/Realme, but unfortunately it requires authentication, the Oneplus version does not, hence the thought around repack to bypass auth
on4r4p
commented
3 years ago You could try MsmDT 2.0.5.1 with codemeter and a license file if it asks for pass while attempting to flash the device type: te123 but i wouldnt bet on it .. All thos windoz tools (well most of them) are full of malware and false hope.
sickypedia
commented
3 years ago You could try MsmDT 2.0.5.1 with a license file and codemeter if it ask for pass while attempting to flash the device type te123 but i wouldnt bet on it .. All thos windoz tools (well most of them) are full of malware and false hope.
Thanks for your response, @on4r4p Will test the version you're referring to, possibly in a VM first :)
bkerler
commented
3 years ago Oppo devices use vip programming. Unless you flash the exact commands and the exact data that oppo has signed, it won't work. To put it simple, just don't buy oppo devices, they can't be unbricked unless oppo releases non-vip firehose loaders.
sickypedia
commented
3 years ago @bkerler Thank you for your response! Would you place OnePlus in the same category? Is VIP programming being used in their new devices as well?
bkerler
commented
3 years ago Not yet. Oneplus is already supported by my tool. So far they don't use vip.
sickypedia
commented
3 years ago Okay great, thanks. Closing this issue.
Hello, I extracted the OFP file for my device using your oppo decrypt tool. After extraction the following FH loaders were available, also listed in SAHARA section of Setting.xml:
prog_firehose_ddr4.elf prog_firehose_ddr5.elf prog_firehose_lite.elf prog_firehose_ddr4_fwupdate.elf prog_firehose_ddr5_fwupdate.elf
I have tried all loaders one by one and none of them seem to offer the readback capability based on the supported functions reported. All commands to print gpt timeout, sharing output logs for each loader below:
Logs below:
Click to expand!
**kubuntu@kubuntu:~/edl$ ./edl.py printgpt --memory=ufs --loader=prog_firehose_ddr5_fwupdate.elf** .main - Device detected :) main - Mode detected: sahara Device is in EDL mode .. continuing. sahara - ------------------------ HWID: 0x000c30e100510000 (MSM_ID:0x000c30e1,OEM_ID:0x0051,MODEL_ID:0x0000) CPU detected: "SM8250:CD90-PH805-1A" PK_HASH: 0x2be76ceede8483f5002fa75a77392a891cbc530e8b010dc1c77dcc75f37090fb Serial: 0xeXXXXXX0 sahara - Uploading loader prog_firehose_ddr5_fwupdate.elf ... Successfully uploaded programmer :) firehose - INFO: Chip serial num: 3896613600 (0xeXXXXXX0) **firehose - Supported Functions: nop,configure,setbootablestoragedrive,power,firmwarewrite,getstorageinfo** firehose - firehose_client - Target detected: SM8250:CD90-PH805-1A firehose firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes firehose firehose - [LIB]: Couldn't detect TargetName firehose - TargetName=Unknown firehose - MemoryName=UFS firehose - Version=1 **kubuntu@kubuntu:~/edl$ ./edl.py printgpt --memory=ufs --loader=prog_firehose_ddr4_fwupdate.elf** ............main - Device detected :) main - Mode detected: sahara Device is in EDL mode .. continuing. sahara - ------------------------ HWID: 0x000c30e100510000 (MSM_ID:0x000c30e1,OEM_ID:0x0051,MODEL_ID:0x0000) CPU detected: "SM8250:CD90-PH805-1A" PK_HASH: 0x2be76ceede8483f5002fa75a77392a891cbc530e8b010dc1c77dcc75f37090fb Serial: 0xeXXXXXX0 sahara - Uploading loader prog_firehose_ddr4_fwupdate.elf ... Successfully uploaded programmer :) firehose firehose - [LIB]: Nop failed. **firehose - No supported functions detected, configuring qc generic commands** firehose - firehose_client - Target detected: SM8250:CD90-PH805-1A firehose - TargetName= firehose - MemoryName=ufs firehose - Version= kubuntu@kubuntu:~/edl$ ./edl.py printgpt --memory=ufs --loader=prog_firehose_lite.elf ........main - Device detected :) main - Mode detected: sahara Device is in EDL mode .. continuing. sahara - ------------------------ HWID: 0x000c30e100510000 (MSM_ID:0x000c30e1,OEM_ID:0x0051,MODEL_ID:0x0000) CPU detected: "SM8250:CD90-PH805-1A" PK_HASH: 0x2be76ceede8483f5002fa75a77392a891cbc530e8b010dc1c77dcc75f37090fb Serial: 0xeXXXXXX0 sahara - Uploading loader prog_firehose_lite.elf ... Successfully uploaded programmer :) firehose - INFO: Chip serial num: 3896613600 (0xeXXXXXX0) **firehose - Supported Functions: nop,configure,power,peek** firehose - firehose_client - Target detected: SM8250:CD90-PH805-1A firehose - TargetName= firehose - MemoryName=UFS firehose - Version= kubuntu@kubuntu:~/edl$ ./edl.py printgpt --memory=ufs --loader=prog_firehose_ddr4.elf ......main - Device detected :) main - Mode detected: sahara Device is in EDL mode .. continuing. sahara - ------------------------ HWID: 0x000c30e100510000 (MSM_ID:0x000c30e1,OEM_ID:0x0051,MODEL_ID:0x0000) CPU detected: "SM8250:CD90-PH805-1A" PK_HASH: 0x2be76ceede8483f5002fa75a77392a891cbc530e8b010dc1c77dcc75f37090fb Serial: 0xeXXXXXX0 sahara - Uploading loader prog_firehose_ddr4.elf ... Successfully uploaded programmer :) firehose firehose - [LIB]: Nop failed. **firehose - No supported functions detected, configuring qc generic commands** firehose - firehose_client - Target detected: SM8250:CD90-PH805-1A firehose - TargetName= firehose - MemoryName=ufs firehose - Version= kubuntu@kubuntu:~/edl$ ./edl.py printgpt --memory=ufs --loader=prog_firehose_ddr5.elf main - Device detected :) main - Mode detected: sahara Device is in EDL mode .. continuing. sahara - ------------------------ HWID: 0x000c30e100510000 (MSM_ID:0x000c30e1,OEM_ID:0x0051,MODEL_ID:0x0000) CPU detected: "SM8250:CD90-PH805-1A" PK_HASH: 0x2be76ceede8483f5002fa75a77392a891cbc530e8b010dc1c77dcc75f37090fb Serial: 0xeXXXXXX0 sahara - Uploading loader prog_firehose_ddr5.elf ... Successfully uploaded programmer :) firehose - INFO: Chip serial num: 3896613600 (0xeXXXXXX0) firehose - firehose_client - Target detected: SM8250:CD90-PH805-1A firehose firehose - [LIB]:Am I doing something wrong here, or just plain unlucky? I was able to read from a OnePlus X using the loaders offered in the repository, which had multiple functions reported. Please help. I am trying to backup all partitions before I proceed with firmware updates.