[Q] Debrand Lumia 1020 ATT - Nokia Lumia 1020

I've been searching for months and I haven't found a way to debrand the Lumia 1020 from ATT.
The company locks features (like internet sharing, for example) , event if you unlock the phone...
Is it the lack of interest from hackers and developers, or is ATT really that strong at keeping us from debranding it?

spaceOpia1 said:
I've been searching for months and I haven't found a way to debrand the Lumia 1020 from ATT.
The company locks features (like internet sharing, for example) , event if you unlock the phone...
Is it the lack of interest from hackers and developers, or is ATT really that strong at keeping us from debranding it?
Click to expand...
Click to collapse
See from page #54 with the assembly (DLL) modified if you are unable to flash, maybe this can help you (RM-877 > RM-877 or RM-875).

anaheiim said:
See from page #54 with the assembly (DLL) modified if you are unable to flash, maybe this can help you (RM-877 > RM-877 or RM-875).
Click to expand...
Click to collapse
Thanks for the info Anaheim.
I downloaded your dll files, but from the edits on your post, you mention that the first modified dll (Nokia.CareSuite.PlugIns.MurzimRecovery.dll) caused problems, but did you revert back the first modified dll before replaceing the second (Nokia.Packages.VariantPackage.DataPackage20.dll) ?
also, your thread (on page 54) mentions modifying the vpl file. What is required to modify exactly?
I read around the thread and other forums as well and there are many ways poeple do it. Some even change two other files (the dcp and the bin file), while some only people change file names, and some people chage the content of the files
any help will be greatly appreciated
thanks

spaceOpia1 said:
Thanks for the info Anaheim.
I downloaded your dll files, but from the edits on your post, you mention that the first modified dll (Nokia.CareSuite.PlugIns.MurzimRecovery.dll) caused problems, but did you revert back the first modified dll before replaceing the second (Nokia.Packages.VariantPackage.DataPackage20.dll) ?
also, your thread (on page 54) mentions modifying the vpl file. What is required to modify exactly?
I read around the thread and other forums as well and there are many ways poeple do it. Some even change two other files (the dcp and the bin file), while some only people change file names, and some people chage the content of the files
any help will be greatly appreciated
thanks
Click to expand...
Click to collapse
I tried with both DLLs at the same time, it did not work.
The flash procedure is performed from the VPL file (VPL file contains all the file names, for then flashed this files). It is a sort of "guide". VPL file is "signed by" the signature.bin file that contains his signature. It is useful to modified the VPL if you change / replace / etc some files.
I have not tried changing some file, because I have not had time.

anaheiim said:
I tried with both DLLs at the same time, it did not work.
The flash procedure is performed from the VPL file (VPL file contains all the file names, for then flashed this files). It is a sort of "guide". VPL file is "signed by" the signature.bin file that contains his signature. It is useful to modified the VPL if you change / replace / etc some files.
I have not tried changing some file, because I have not had time.
Click to expand...
Click to collapse
Ok thx,
so I keep the original Nokia.CareSuite.PlugIns.MurzimRecovery.dll and only change Nokia.Packages.VariantPackage.DataPackage20.dll with the one you supplied.
I tried flashing the ROM with a country variant RM-875 from GB (with only Nokia.Packages.VariantPackage.DataPackage20.dll modified) but I still got the ffu error.
I will continue to work on it and keep you updated
thanks again

spaceOpia1 said:
Ok thx,
so I keep the original Nokia.CareSuite.PlugIns.MurzimRecovery.dll and only change Nokia.Packages.VariantPackage.DataPackage20.dll with the one you supplied.
I tried flashing the ROM with a country variant RM-875 from GB (with only Nokia.Packages.VariantPackage.DataPackage20.dll modified) but I still got the ffu error.
I will continue to work on it and keep you updated
thanks again
Click to expand...
Click to collapse
Any updates on this? Where you able to successfully flash the Lumia 1020 att model?

blackbo said:
Any updates on this? Where you able to successfully flash the Lumia 1020 att model?
Click to expand...
Click to collapse
No, no news.

Related

dgs.img file (CSC) what's inside?

Hi Guys,
Looking at the different OTA packages available, and the files provided with Odin in order to flash back to stock the Nexus S, I can see that there's a file called "dgs.img" that is never reflashed/touched using the OTA files provided by Google.
In order to reflash dgs.img you need to use Odin and select the CSC part.
Do you know what's inside that img?
Looking at the fastboot screen of 2.3.3 I can see an info called "CARRIER - ", the American T-Mobile Nexus S has "TMO" written on it, the I9023 sold in Europe by Vodafone has "Vodafone".
Reflashing the CSC with the file provided in this forum (as far as I know, given by a Service Centre in UK), the Carrier info become "EUR"
Is there a way to look inside that image and have a look at it?
thanks!
Cheers,
T.
Now I have the same question now...Since I can't unyaffs it...
OK man, I figured it out~after a showering time ^_^
Use notepad to open the dgs.img, the world is bright!~~
How I figured this out? Firstly I unyaffs-ed the img and got the note" broken img file", and I am quite puzzled with the size, 1k...seems a bit too small for a img?
after that I read something about csc changing under I9000~
And in the end, when I was showering, a thought just came to me: this is not a img file, just a text file.
I tried, and I am right!~
Cheers
OK, I successfully changed the carrier info to TMO. Open this file in Hex Workplace and change the EUR numbers to the 54 4D 4F, and everything is fine now~~
The reason why just can't edit under notepad is because it will change the 00 between two TMOs to 20, so this leads the problem.
marsrogers said:
OK man, I figured it out~after a showering time ^_^
Use notepad to open the dgs.img, the world is bright!~~
How I figured this out? Firstly I unyaffs-ed the img and got the note" broken img file", and I am quite puzzled with the size, 1k...seems a bit too small for a img?
after that I read something about csc changing under I9000~
And in the end, when I was showering, a thought just came to me: this is not a img file, just a text file.
I tried, and I am right!~
Cheers
Click to expand...
Click to collapse
yes... just guessing what's the difference for example between the EUR and VDF version in terms of phone behaviour... maybe OTA update availability??

[Request] Any Brazil open device user

Ok, this request is for ALL the 920h/925/925G users (anyone with an 850 UMTS band). We need ANYONE from brazil with a device that has or was going to update to the Brazil V20a to enter the following link and get us the bin format link back as the bin format firmware is what we need to get JUST the baseband. Elsewise we may need to flash the WHOLE firmware and bin flash downgrade to root and recovery partition. I'd rather not put more people through this headache....
Link:
http://csmg.lgmobile.com:9002/csmg/b2c/client/cs_auth_model_check.jsp?esn=[YOUR IMEI HERE PLEASE]
The link you are looking for is similar to this one.....
http://csmg.lgmobile.com:9002/ezls/...IN_LGP925AT-00-V10e-310-410-AUG-10-2011+0.ZIP (this is the BIN firmware for AT&T's stock firmware.)
Thank you guys and remember, you're doing this not only for yourself, but for the community as well.
Note: We already have the kdz (http://csmg.lgmobile.com/swdata/WEBSW/LGP920H/ABRAML/V20a_00/V20A_00.kdz), we need the bin.
I tried to do it but I get only a blank screen on explorer and some information about my serial number and imei on Chrome. No links were there.
any guides so I can help?
mussacredi said:
I tried to do it but I get only a blank screen on explorer and some information about my serial number and imei on Chrome. No links were there.
any guides so I can help?
Click to expand...
Click to collapse
PM sent and updated PM sent...
Thank you.
I got the same result. If you explain how to put the URL together with the info I got, I can help you. Thanks.
That's my result:
LGP920H 6BRAML 109BSZD011069 20110912
are you try another browser? firefox? IE??
Using another browser won´t help, but the file is in fact a XML. Use view source to see it. It´s a list of fields and values. We just need to know how to use this info to build the BIN file URL.
It's being done right. With the information provided, I was able to try a few things, but I was not able to find Bin files, but only KDZ. I've also reached out to others in the community for possible outside the box root options. I'm not making any promises, but I'm resourcing. I'm sure we'll find a way.

[TOOL/REDIRECT] LGExtract

Hello LGP920 users, I don't have this phone (I own a 970), but, I'm working in a tool that can help you guys too.
The purpose of the tool is to extract the files .bin / .fls from the .kdz files, to use the tool SmartFlash.
I don't know if this kind of topic (duplicated) is allowed, but, is a tool for "all" lg phones.
For now its really useful for P920 and P970, because we can flash files bin / fls with SmartFlash tool.
Other phones has different file structures...
Check it here: http://forum.xda-developers.com/showthread.php?p=24083497
I'm not copying and pasting the text here, because I'm editing the another thread.
Please report any errors there.
Thanks.
PS: Moderators, sorry for anything
Thanks, certainly these tools are useful for developers.
navossoc said:
Hello LGP920 users, I don't have this phone (I own a 970), but, I'm working in a tool that can help you guys too.
The purpose of the tool is to extract the files .bin / .fls from the .kdz files, to use the tool SmartFlash.
I don't know if this kind of topic (duplicated) is allowed, but, is a tool for "all" lg phones.
For now its really useful for P920 and P970, because we can flash files bin / fls with SmartFlash tool.
Other phones has different file structures...
Check it here: http://forum.xda-developers.com/showthread.php?p=24083497
I'm not copying and pasting the text here, because I'm editing the another thread.
Please report any errors there.
Thanks.
PS: Moderators, sorry for anything
Click to expand...
Click to collapse
OMG it works thanks man
I works thanks!
navossoc said:
Hello LGP920 users, I don't have this phone (I own a 970), but, I'm working in a tool that can help you guys too.
The purpose of the tool is to extract the files .bin / .fls from the .kdz files, to use the tool SmartFlash.
I don't know if this kind of topic (duplicated) is allowed, but, is a tool for "all" lg phones.
For now its really useful for P920 and P970, because we can flash files bin / fls with SmartFlash tool.
Other phones has different file structures...
Check it here: http://forum.xda-developers.com/showthread.php?p=24083497
I'm not copying and pasting the text here, because I'm editing the another thread.
Please report any errors there.
Thanks.
PS: Moderators, sorry for anything
Click to expand...
Click to collapse
YES. Now all I need to do is find the location of the baseband in the phone!
Sent from my Samsung Galaxy S II w/ CM9
Did anyone tryed to use Smartflash tool with p920? It could work with the right dll files.
I wants to ask you that why I can't to extract the rom of Lgextract
using LGP920.dll extracted wdb instead of renaming i extracted using the original name
ralf05 said:
I wants to ask you that why I can't to extract the rom of Lgextract
Click to expand...
Click to collapse
Did you tried extract another file? or a kdz?
Your problem seems to be with Microsoft Enhanced Cryptographic Provider.
I will made some changes at the code to handle errors better and provide more details.
You should wait for the next update.
[]'s
navossoc said:
Did you tried extract another file? or a kdz?
Your problem seems to be with Microsoft Enhanced Cryptographic Provider.
I will made some changes at the code to handle errors better and provide more details.
You should wait for the next update.
[]'s
Click to expand...
Click to collapse
I tried extract kdz, but also have this problem
Thank you for your great software, I will try it after you updated.`
ralf05 said:
I tried extract kdz, but also have this problem
Thank you for your great software, I will try it after you updated.`
Click to expand...
Click to collapse
No problem at all. Just trying to help
Just to help me understand the cause of your error.
What is your operating system?
[]'s
With LGExtract, roms can be prerooted even if the Megatron root exploit is fixed Thanks a lot
Hi guys, going off another thread I didn't find this thread using search so just popping in the search word extractor so the next poor bugger doesn't get flamed for not using search
Tool is great and will help a lot when we get the next rom we can root but has a better baseband
navossoc said:
No problem at all. Just trying to help
Just to help me understand the cause of your error.
What is your operating system?
[]'s
Click to expand...
Click to collapse
My operaing system is windows 7 ultimate sp1.
Thank you very much!
ralf05 said:
My operaing system is windows 7 ultimate sp1.
Thank you very much!
Click to expand...
Click to collapse
Try it now, release 0.2.1.
Let me know what happens...
If any error occurs, post the message here.
I think it should fix your issue.
[]'s
navossoc said:
Try it now, release 0.2.1.
Let me know what happens...
If any error occurs, post the message here.
I think it should fix your issue.
[]'s
Click to expand...
Click to collapse
It can work now and thank you your help very much.
ralf05 said:
It can work now and thank you your help very much.
Click to expand...
Click to collapse
Nice, good to know.
Please check the output files in a hex editor to see if it make sense.
If the file has some headers (boot, recovery, lgdrm, divxkey, fota, system, etc...)
[]'s
navossoc said:
Nice, good to know.
Please check the output files in a hex editor to see if it make sense.
If the file has some headers (boot, recovery, lgdrm, divxkey, fota, system, etc...)
[]'s
Click to expand...
Click to collapse
I used a hex editor check the output file(LGP920_AP[0].bin) has the above headers.
ralf05 said:
I used a hex editor check the output file(LGP920_AP[0].bin) has the above headers.
Click to expand...
Click to collapse
Nice, so I think this release really has solved you problem ;P
Enjoy.
[]'s
navossoc said:
The purpose of the tool is to extract the files .bin / .fls from the .kdz files, to use the tool SmartFlash.
Click to expand...
Click to collapse
If you can find out, could you post what modem/baseband processor is used in these devices: P920, P925G, P970 ?
This info should be available in the Service/Hidden Menu and in the modem firmware file. Look for "Qualcomm", "Infineon", "x-gold"...

[Q] Debrand Dead End: Nokia Product Support Tool V5

I've downloaded an unbranded stock UK ROM (i think) for a Nokia 1020 64Gb to replace the O2 rubbish.
It is file
RM875_3051.40000.1345.1003_RETAIL_eu_euro1_212_03_336753_prd_signed.ffu
It was automatically downloaded to C:\ProgramData\Nokia\Packages\Products\rm-875
I try to 'make' Product Support Tools for Store 5.0 find the download. It will not.
Regardless of which folder I place the download in (and alter the supposed location path) all the Recovery Tool sees is the software
already installed on the Nokia 1020 - filename. It defaults to this file.
RM875_059T1Z9_3051.40000.1345.1003_062.vpl
This is the nasty O2 branded crap already on the Nokia 1020 and all it wants to find.
Have I just downloaded another O2 branded rom ?
Dead end and out of ideas.
All answers on a postcard please to Muppet The Wonder Dog.
Do I have to remove something that makes it default to the installed
version of software ?
Thanks in anticipation.
To delete.
anaheiim said:
Use 059T1V6 RM-875 VAR EURO GB CV BLACK and http://forum.xda-developers.com/showthread.php?t=2515453
Click to expand...
Click to collapse
Thank you. Will Do.
Jailbreaking iPhones was never this challenging.
anaheiim said:
Use 059T1V6 RM-875 VAR EURO GB CV BLACK and http://forum.xda-developers.com/showthread.php?t=2515453
Click to expand...
Click to collapse
The download was successful. The 059T1V6 files are downloaded to C:\ProgramData\Nokia\Packages\Products\rm-875. I used NaviFirm+ to download.
Alas, Product Support Tool for Store 5.0 does not want to locate the files. Why ? I have moved the files (and changed the path) to different locations in an attempt to persuade the software to locate the 059T1V6 files. But NO ...it will not.
Every time I try to change the address path to where I've moved the files is adds "\Products" to the path address. Not helpful.
When I create the path it thinks it wants .C:\ProgramData\Nokia\Packages\Products\rm-875\Products...and place the files in this folder..it still refuses to locate the files.
Going round in ever decreasing circles.
Thanks in advance Anaheim.
To delete.
anaheiim said:
No, use Data Package Manager for DL your FW
Here http://forum.xda-developers.com/showthread.php?t=2515453
Click to expand...
Click to collapse
The reason I paid & used NaviFirm+ to DL the FW is the DL worked.
I am unable to get Nokia Data Manager to accept any text entry in any of its fields to start a DL.
I am unable to get Nokia Product Support Tool V5 to see/locate the (apparently) identical FW downloaded via NaviFirm+ to start the 'Recovery' process.
I'm on fully patched W7 (x64)
It's a mystery.
To delete.
Here are the dropbox links screenshots of
https://www.dropbox.com/s/h1f1emb2jyuvexl/Screenshot 2014-06-04 12.24.10.png
and to Nokia Care Suite
https://www.dropbox.com/s/1pz22k5a2kvox9d/Screenshot 2014-06-04 12.27.26.png
Thanks
To delete.
anaheiim said:
If you are in offline mode in the Data Package Manager (and according to the screenshot, you are) you can not DL the ROM.
Similarly for Product Support Tool, why did you connect directly your Lumia?
Follow the tutorial that I provided and you will get there.If you are unable to properly follow the steps (in most it's extremely detailed and with the screenshots), sorry but I can not help you.
Click to expand...
Click to collapse
As I said the problem is not in the downloading of the ROM.
It was very easy in NaviFirm+. I recommend the software for its simplicity and ease of use.
I have identical ROMs downloaded via Nokia Data Package & NaviFirm+.
The problem appears that the data path in Product Support Tool for Store V5.0 appends as a suffix '\Products' to the data download path. This is not the default path given from the Data Package Manager. The path is not user editable. If I create the additional folder and move the files to the folder it says it is looking for.... the Nokia package still fails to locate the FW it is trying to Recover. There are no screenshots to illustrate any error message. There is no error message.
I appreciate that it is very difficult to convey the exact steps in unambiguous English. I have been very fortunate in both multiple JailBreaks and the application of Cyanogen Mod to a collection of Samsungs..
To delete.
all paths added have the sub-folder ' \Products
' appended to the text string. I am unable to edit the path name. Just add another.
See
https://www.dropbox.com/s/vyuowb43rafn80a/Screenshot 2014-06-09 11.21.53.png
When I go to try and set the path via Data Package Manger it does not see them;which ever folder they are placed in.
https://www.dropbox.com/s/mxhjlegdqviqqis/Screenshot 2014-06-09 11.25.31.png
Sorry for the thread necro. I have an O2 1020 64GB as well and want to rebrand it, but for love nor money I can't find from where to download the firmware, all sources are down. Any input is appreciated!
triturbo said:
Sorry for the thread necro. I have an O2 1020 64GB as well and want to rebrand it, but for love nor money I can't find from where to download the firmware, all sources are down. Any input is appreciated!
Click to expand...
Click to collapse
One possibility would be to use thor2 to change the product code on the device, then let the WDRT do its job.

How can I unpack .mbn files?

Hello all, I am trying to unpack man files to add volte support to a device that has all the hardware needed, but it is not enabled in software and I would like to try and change that. From all my research the files I need are all in the baseband and in .mbn file format, but I cannot find out how to unpack them. Any help would be appreciated!
ghidra or IDA
I'm more conversant with Qualcomm ELF files, hashing, signing and certs.
These seem to have replaced the older MBN.
MBN files are signed. If you mod you'll have to work around this somehow.
See: https://github.com/openpst/libopenpst/blob/master/include/qualcomm/mbn.h
https://github.com/jnaulet/dloadtool/blob/master/mbn.h
Renate said:
I'm more conversant with Qualcomm ELF files, hashing, signing and certs.
These seem to have replaced the older MBN.
MBN files are signed. If you mod you'll have to work around this somehow.
See: https://github.com/openpst/libopenpst/blob/master/include/qualcomm/mbn.h
https://github.com/jnaulet/dloadtool/blob/master/mbn.h
Click to expand...
Click to collapse
I see. This device is quite old and well, to say the least it isn’t an android device either. I’m assuming I would need to find a workaround for this even as it’s running an os that’s nearly a decade old now?
I know that the carrier bundles on this device are signed as well, but people were able to get around that, and this chip was supposedly made with the hexagon DSP and Qualcomm has documentation on how to program for this specific chip/version
aIecxs said:
ghidra or IDA
Click to expand...
Click to collapse
Unfortunately these don't appear to work, or im using them incorrectly
well, maybe you're not an reverse engineer
aIecxs said:
well, maybe you're not an reverse engineer
Click to expand...
Click to collapse
Maybe it’s my first time even hearing of either of those programs and can’t even get one of them to launch without insta crashing, and the other spitting out an error whenever I try to unpack the files.
no problem. just 10 year studying stuff and try again
https://github.com/lololosys/awesome-baseband-research
Hi,
I've probably managed to reverse engineer the MBN. I was able to create my own MBN and load it back.
If anyone wants to get an information, send me a message
RockL79 said:
Unfortunately these don't appear to work, or im using them incorrectly
Click to expand...
Click to collapse
rename it to *.zip
Vortuks said:
Hi,
I've probably managed to reverse engineer the MBN. I was able to create my own MBN and load it back.
If anyone wants to get an information, send me a message
Click to expand...
Click to collapse
they are only ELF files packed in an image, aren't they?
yeah ELF files, with 3 segments. I'm not sure about my knowledge about ELF vs MBN, but I've managed & have a program to extract $ repackage back. I've tested it on Pixel 2 XL and it's working (added support for my country).
WoKoschekk said:
rename it to *.zip
Click to expand...
Click to collapse
unfortunately that didnt work for me either. It could be that the device im trying to work on is quite old and maybe something else has changed since then

Categories

Resources