Jump to content

Devs Challenge

Guest Blueton

By Guest Blueton
in ZTE Blade / Libra - Blade.MoDaCo.com

 Share

Recommended Posts

Guest Blueton

Guest Blueton

Posted
Posted

Hi all Devs

Posting this here because we need some help over on the Skate side. Wanted to know if any Devs were up for the challenge of getting the Skate unlocked. Seems like ZTE and Orange have made this almost impossible, so don’t know if any of you like a challenge but thought you might like to test your hacking skills.

Now that Orange has brought the price down to £119.00 – if you haggle with Orange even cheaper, I got mine for £99.00 plus £10.00 top up so £109 all in - and Christmas is coming up it would make a great gift for someone to have this unlocked.

Anyway just thought I’d ask.

Link to the latest work done

http://android.modac...-more-progress/

Guest glossywhite

Guest glossywhite

Posted
Posted

Come on guys, let's get this ball rolling... no slouching! :P

Guest hedgepigdaniel

Guest hedgepigdaniel

Posted
Posted

HAs anyone tried using QPST/QxDM to edit the NV memory?

Guest glossywhite

Guest glossywhite

Posted
Posted

HAs anyone tried using QPST/QxDM to edit the NV memory?

Getting it into diagnostic mode is the problem...

Guest tilal6991

Guest tilal6991

Posted
Posted

Getting it into diagnostic mode is the problem...

ftm mode can be reached by flashing back to stock recovery. However it doesn't let you read or write to nvitems

Guest glossywhite

Guest glossywhite

Posted
Posted

ftm mode can be reached by flashing back to stock recovery. However it doesn't let you read or write to nvitems

Useful.

Guest tilal6991

Guest tilal6991

Posted
Posted

Useful.

yep. However I'm pretty sure mucking around with FTM mode and nvitems was the reason my IMEI was blocked by Orange so I would advise caution.

Guest unrandomsam

Guest unrandomsam

Posted
Posted

I don't think that method will ever work.

Whatever needs to be done needs to be done either by jtag or prior to loading appsboot.

(After switch from the arm9 radio processor to the arm11 one you cannot read the bit of the flash at all that you need).

As long as the JTAG qfuse is not blown (Might be or might not be).

You could get an unlock by post working (But it would invalidate all warranties and be not worth the hassle).

PSAS has a generic msm72xx ram loader

You might be able to boot a ram version of redboot or uboot with the right flash chip support and dump the entire flash over zmodem or something else (Better to get serial console working first at least).

Doing anything from userspace (i.e Android) is not going to work because the rpc calls will return nothing.

Patching amss.mbn to swap around locked and unlocked status might be not too impossible.

armprgZTE.bin (from the blade) might be able to be patched to allow full flash access (Load with psas from 72xx ramloader).

If ZTE use qualcomm's method its not likely to have any easy ways around.

Guest tilal6991

Guest tilal6991

Posted
Posted
I don't think that method will ever work.

Whatever needs to be done needs to be done either by jtag or prior to loading appsboot.

(After switch from the arm9 radio processor to the arm11 one you cannot read the bit of the flash at all that you need).

As long as the JTAG qfuse is not blown (Might be or might not be).

You could get an unlock by post working (But it would invalidate all warranties and be not worth the hassle).

PSAS has a generic msm72xx ram loader

You might be able to boot a ram version of redboot or uboot with the right flash chip support and dump the entire flash over zmodem or something else (Better to get serial console working first at least).

Doing anything from userspace (i.e Android) is not going to work because the rpc calls will return nothing.

Patching amss.mbn to swap around locked and unlocked status might be not too impossible.

armprgZTE.bin (from the blade) might be able to be patched to allow full flash access (Load with psas from 72xx ramloader).

If ZTE use qualcomm's method its not likely to have any easy ways around.

well how does the os know the code to validate it when the user enters an unlock code?

Guest TouchyAndalou

Guest TouchyAndalou

Posted
Posted

The contents of this thread may as well be in a different language for all I know about unlocking, but I'd like to thank anybody working on this and wish you luck. Would be brilliant to get this working on giffgaff.

Guest hotrocks72

Guest hotrocks72

Posted
Posted

I`m looking to get an OMC running on GiffGaff as well unfortunately I havent a clue where to start. Hopefully orange / ZTE havent made this phone unlockable and someone on this site can crack it

Guest unrandomsam

Guest unrandomsam

Posted
Posted (edited)

well how does the os know the code to validate it when the user enters an unlock code?

It just sends the code (as is via an rpc call to the radio).

Doesn't need to know the algorithm at all from the apps processor.

Or something similar.

All the validation logic etc is performed by the radio.

Edited by unrandomsam
Guest unrandomsam

Guest unrandomsam

Posted
Posted

It just sends the code (as is via an rpc call to the radio).

Doesn't need to know the algorithm at all from the apps processor.

Or something similar.

All the validation logic etc is performed by the radio.

I guess the OS knows the very basics (i.e length of the code etc).

Remember there is 2 seperate processors running all the time (apps and amss)

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept