search

munjeni / newflasher

Flash tool for new Sony flash tool protocol (Xperia XZ Premium and further)
330 stars 42 forks source link

Allow flashing global firmwares on Docomo model Xperias #67

Closed K4sum1 closed 9 months ago

K4sum1 commented 9 months ago

For Docomo model phones, newflasher refuses to flash global firmwares on them, even though they're the same hardware. It always ends up erroring out with "Error, didn't got signature OKAY reply! Got reply: FAILFailed to verify cms". It would be nice to be able to get a cheap Docomo Xperia and flash normal firmware onto it, even if it requires the paid bootloader unlock.

--------------------------------------------------------
            newflasher.exe v57 by Munjeni @ 2017/2023
--------------------------------------------------------

Determining available free space by GetDiskFreeSpaceEx:

  Available space to caller    = 510632 MB
  Total space on current drive = 1907726 MB
  Free space on drive          = 510632 MB

Optional step! Type 'y' and press ENTER if you need GordonGate flash driver, or type 'n' to skip.
This creates GordonGate driver installer in the same dir with newflasher.exe!
n
Device path: \\?\usb#vid_0fce&pid_b00b#9&18a9b1f9&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: SOMC Flash Device
Device Instance Id: USB\VID_0FCE&PID_B00B\9&18A9B1F9&0&3

Do you want to keep userdata? Type 'y' and press ENTER to confirm, or type 'n' to erase userdata.
n

Reboot mode at the end of flashing:
  type 'a' for reboot to android, type 'f' for reboot to fastboot, type 's' for reboot to same mode, type 'p' for poweroff, and press ENTER.
a

Optional step! Type 'y' and press ENTER if you want dump trim area, or type 'n' and press ENTER to skip.
Do in mind this doesn't dump drm key since sake authentifiction is need for that! But it is recommend to have dump in case hard brick!
n
Product: SO-05K
Version: 0.4
Bootloader version: 1310-7079_X_Boot_SDM845_LA2.0_P_118
Baseband version: 1311-9109_52.0.B.9.316
Serialno: BH903TUZD1
Secure: yes
Loader version: XFL-SDM845-O-25
Phone ID: 0000:35365209382136
Device ID: 812BDB8F
Platform ID: 2008B0E1
Max download size: 104857600
Sector size: 4096
Rooting status: NOT_ROOTABLE
Ufs info: TOSHIBA,THGAF8G9T43BAIRB,0300
Emmc info: FAILEmmc-info not supported
Default security: ON
Keystore counter: 2
Security state: dS3QaYTgEB9EEOi83MaafFx6k+wygTuc1UW4KpXTsSo=
Sake root: B7DF
S1 root: S1_Root_e090
Root key hash: C8D92A2DBA1482588EFF712963329500AC7155CEA8494FDD4B7B180F2F871801
Slot count: 2
Current slot: a
Battery level: 42

Device is put now in flash mode.

Repartitioning...
Found partition_delivery.xml in partition folder.
Determining LUN0 size...
UFS raw data[0xA9]:

  00000000  40 00 00 00 00 00 03 04 01 00 01 7F 03 01 0F 00  @...............
  00000010  02 10 02 18 01 02 03 04 01 98 10 10 02 00 1D 03  ................
  00000020  01 40 00 00 20 00 10 00 00 0D 05 00 00 00 00 00  .@.. ...........
  00000030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  00000040  23 02 00 01 00 00 00 01 00 00 0C 00 00 00 00 00  #...............
  00000050  EE 58 00 00 00 00 01 02 00 00 00 00 00 EE 58 00  .X............X.
  00000060  00 00 00 23 02 01 01 01 01 00 00 04 00 0C 00 00  ...#............
  00000070  00 00 00 00 04 00 00 00 00 01 02 00 00 00 00 00  ................
  00000080  00 04 00 00 00 00 23 02 02 01 02 01 00 00 04 00  ......#.........
  00000090  0C 00 00 00 00 00 00 04 00 00 00 00 01 02 00 00  ................
  000000A0  00 00 00 00 04 00 00 00 00                       .........

LUN0 size = 62480384

Processing partition-image-LUN0_X-FLASH-ALL-B6B5.sin
 - Extracting from partition-image-LUN0_X-FLASH-ALL-B6B5.sin
 - Extracting signature partitionimage_0.cms
 - Uploading signature F:\Docs\Desktop\H8314_Customized US_52.1.A.3.137-R7C\partition\partitionimage_0.cms
      signature:0000053c
      Error, didn't got signature OKAY reply! Got reply: FAILFailed to verify cms

=========== FIRMWARES HISTORY LOG =============
NEW_VERSION: erased_user_data:true, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA1.0_O_57, cdf_version:1315-7886_R7A, fs_version:GENERIC_51.1.B.0.460, sw_version:1311-9109_51.1.B.0.460
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA1.0_O_59, cdf_version:1315-7886_R9A, fs_version:GENERIC_51.1.B.9.8, sw_version:1311-9109_51.1.B.9.8
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA1.0_O_61, cdf_version:1315-7886_R9A, fs_version:GENERIC_51.1.B.9.29, sw_version:1311-9109_51.1.B.9.29
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R8B, fs_version:GENERIC_52.0.B.8.12, sw_version:1311-9109_52.0.B.8.12
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R9B, fs_version:GENERIC_52.0.B.9.49, sw_version:1311-9109_52.0.B.9.49
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R10B, fs_version:GENERIC_52.0.B.9.103, sw_version:1311-9109_52.0.B.9.103
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.147, sw_version:1311-9109_52.0.B.9.147
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.212, sw_version:1311-9109_52.0.B.9.212
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.263, sw_version:1311-9109_52.0.B.9.263
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.294, sw_version:1311-9109_52.0.B.9.294
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.316, sw_version:1311-9109_52.0.B.9.316
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0.1_Q_206, cdf_version:1315-7886_R7C, fs_version:GENERIC_52.1.B.0.188, sw_version:1311-9109_52.1.B.0.188
NEW_VERSION: erased_user_data:false, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0.1_Q_206, cdf_version:1315-7886_R9C, fs_version:GENERIC_52.1.B.0.266, sw_version:1311-9109_52.1.B.0.266
NEW_VERSION: erased_user_data:true, variant:user, s1boot_version:1310-7079_X_Boot_SDM845_LA2.0_P_118, cdf_version:1315-7886_R11B, fs_version:GENERIC_52.0.B.9.316, sw_version:1311-9109_52.0.B.9.316

=================================================

Set slot 'a' active.

Device is put now out of flash mode.
Sent command: continue.

Done.
Closing device.
Press any key to continue . . .
munjeni commented 9 months ago

Product devices e.g. SO-05K , XX, YY, ZZ ...etc have their own signing procedure and you can't flash firmware in any way, e.g. you can't flash H8314 to SO-05K for example, as a product you getting signature verifiction failure bacause bootloader simply reject flashing firmware from e.g. H8314 to SO-05K product, hope this is clear. You can't bypass that. Phones with "Default security: ON" is protected by signature verification and you/we/I can do nothing about that, the things is digitally signed with a private certificate which only product manufacturer have and one who have licence for that, you can't modify things otherwise you getting signature verification fail as like you getting when newlasher want to flash wrong firmware. Your device model is SO-05K and you must flash only SO-05K firmware and nothing else is possible! Even you think it is the same phone, yes, but product version is not the same!

K4sum1 commented 9 months ago

@munjeni If I unlock the bootloader, is there any way to force flash a firmware, or change the signature somehow?

munjeni commented 9 months ago

If you unlock bootloader you can flash any firmware You can't change signature any way.

K4sum1 commented 9 months ago

@munjeni How would I do it then? I would like to be absolutely certain as my options are either paid bootloader unlock or return it. I would like to at least get working VoLTE in the US (XZ2C/XZ3 OEM, and maybe even modem?), and then if possible compatibility with normal H83x4 ROMs (Complete H8314 firmware on the phone I would assume).

munjeni commented 9 months ago

I don't have time for this please go to https://xdaforums.com/ and search / ask in forum. If you unlock bootloader you can flash only higher level files like system files, not bootloader and low level things. If you need more info go to forum and ask there, I have xperia 10 and I don't know anything about newer devices, to be honest phones not interest me. How to unlock bootloader -> https://developer.sony.com/open-source/aosp-on-xperia-open-devices/get-started/unlock-bootloader/how-to-unlock-bootloader/ , double check what they say before you proced to unlock