-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unlock support for sp9832e_1h10_gofu #39
Comments
i have seen your fdls, custom_exec is needed there is an un-prefect method to find the address, send_single_test.patch i assume sp9832e has a similar bootrom structure to 9863a stack of 9863a is 0x3010-0x5000, so send 8 bytes zero (or directly "00 52 00 00 00 00 00 00") to 0x4ff8, 0x4fe8, 0x4fd8 ... until bootrom stuck(with zero) or fdl1 executed (with 0x5200) after find the address i can dump full BootROM besides, "SPRD4:AutoD" belongs to autodloader_handler in uboot, "SPRD3" belongs to BootROM
|
take 9863a as example
when write 8 zero to 0x4f48, BootROM won't reply "7E 00 80" to "7E 00 02" |
Thanks @TomKing062 I'll give it a try. Regarding SPRD3 I don't believe I have seen or been able to enter a mode where this is present. It is always SPRD4 via |
Thank you for the help once again. I've taken the patch and done the following. Not really sure I'm using it correctly. Created
Then used that in the following command:
How do I check for I've made a script to run against the range 0x5000 -> 0x3000. So should be easy enough to debug once I figure out the command. |
recover spl
|
I believe I may have found it at
|
ud710:
|
Ohh. Yes that makes more sense. So the 52 was a mistake? Going through again with zeroes I get a timeout reached on around starting at 0x4f48, 0x4f38, 0x4f28:
starting at 0x4f28, 0x4f38, 0x4f48:
|
main part done, exec_addr is 0x4f18 for normal download and 0x4ee8 for fallback download |
Thank you @TomKing062 I will be attempting the SPL method. I've read through https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/AddSupportToModel#modify-images does that mean I need to compile from source and do: https://github.com/TomKing062/jing_patch ? |
no need to compile |
I also have a sp9832e_1h10_go(fu) phone which I'm trying to unlock and flash a modified system. I'm able to use spd_dump successfully. @BenEdridge: How did you go with the the SPL method? Did it work? Like you, I'm not sure if my attempt at patching fdl1/fdl2 is correct. Don't want to accidentally brick the device. @TomKing062: A release for the sp9832e_1h10_go may assist certain ZTE models/re-brands (eg. the ZTE Blade A31 Lite mentioned by another user). Thank you for your great work. |
Thank them with your wallet! TK deserves your support! In this economy
every little bit helps the devs - and TK has been working tirelessly for
months on this.
…On Tue, May 21, 2024, 7:16 AM sj882s ***@***.***> wrote:
I also have a sp9832e_1h10_go(fu) phone which I'm trying to unlock and
flash a modified system. I'm able to use spd_dump successfully.
@BenEdridge <https://github.com/BenEdridge>: How did you go with the the
SPL method? Did it work? Like you, not I'm not sure if my attempt at
patching fdl1/fdl2 is correct. Don't want to accidentally brick the device.
@TomKing062 <https://github.com/TomKing062>: A release for the
sp9832e_1h10_go may assist certain ZTE models/re-brands (eg. the ZTE Blade
A31 Lite mentioned by another user). Thank you for your great work.
—
Reply to this email directly, view it on GitHub
<#39 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A5TIDEDTMUQGXMACSASB5RTZDNJLZAVCNFSM6AAAAABBGSKACGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRSG42DEMRTGE>
.
You are receiving this because you are subscribed to this thread.Message
ID: <TomKing062/CVE-2022-38694_unlock_bootloader/issues/39/2122742231@
github.com>
|
I have a
sp9832e
device and the relevant stock fdl1, fdl2, spl and uboot img files. I also have the device XML file containing details on partition layout.I've attempted to patch fdl1 and fdl2 files but not 100% sure I'm doing it correctly. I believe I also need to create a custom_exec file as per: https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/AddSupportToModel
Is it possible on this device or am I wasting my time?
The text was updated successfully, but these errors were encountered: