Unlock support for sp9832e_1h10_gofu #39
Comments
|
i have seen your fdls, custom_exec is needed there is an un-prefect method to find the address, send_single_test.patch i assume sp9832e has a similar bootrom structure to 9863a stack of 9863a is 0x3010-0x5000, so send 8 bytes zero (or directly "00 52 00 00 00 00 00 00") to 0x4ff8, 0x4fe8, 0x4fd8 ... until bootrom stuck(with zero) or fdl1 executed (with 0x5200) after find the address i can dump full BootROM besides, "SPRD4:AutoD" belongs to autodloader_handler in uboot, "SPRD3" belongs to BootROM
|
|
take 9863a as example
when write 8 zero to 0x4f48, BootROM won't reply "7E 00 80" to "7E 00 02" |
|
Thanks @TomKing062 I'll give it a try. Regarding SPRD3 I don't believe I have seen or been able to enter a mode where this is present. It is always SPRD4 via |
|
Thank you for the help once again. I've taken the patch and done the following. Not really sure I'm using it correctly. Created Then used that in the following command: How do I check for I've made a script to run against the range 0x5000 -> 0x3000. So should be easy enough to debug once I figure out the command. |
recover spl
|
|
I believe I may have found it at
|
|
ud710: |
|
Ohh. Yes that makes more sense. So the 52 was a mistake? Going through again with zeroes I get a timeout reached on around starting at 0x4f48, 0x4f38, 0x4f28: starting at 0x4f28, 0x4f38, 0x4f48: |
|
main part done, exec_addr is 0x4f18 for normal download and 0x4ee8 for fallback download |
|
Thank you @TomKing062 I will be attempting the SPL method. I've read through https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/AddSupportToModel#modify-images does that mean I need to compile from source and do: https://github.com/TomKing062/jing_patch ? |
|
no need to compile |
|
I also have a sp9832e_1h10_go(fu) phone which I'm trying to unlock and flash a modified system. I'm able to use spd_dump successfully. @BenEdridge: How did you go with the the SPL method? Did it work? Like you, I'm not sure if my attempt at patching fdl1/fdl2 is correct. Don't want to accidentally brick the device. @TomKing062: A release for the sp9832e_1h10_go may assist certain ZTE models/re-brands (eg. the ZTE Blade A31 Lite mentioned by another user). Thank you for your great work. |
|
Thank them with your wallet! TK deserves your support! In this economy
every little bit helps the devs - and TK has been working tirelessly for
months on this.
…On Tue, May 21, 2024, 7:16 AM sj882s ***@***.***> wrote:
I also have a sp9832e_1h10_go(fu) phone which I'm trying to unlock and
flash a modified system. I'm able to use spd_dump successfully.
@BenEdridge <https://github.com/BenEdridge>: How did you go with the the
SPL method? Did it work? Like you, not I'm not sure if my attempt at
patching fdl1/fdl2 is correct. Don't want to accidentally brick the device.
@TomKing062 <https://github.com/TomKing062>: A release for the
sp9832e_1h10_go may assist certain ZTE models/re-brands (eg. the ZTE Blade
A31 Lite mentioned by another user). Thank you for your great work.
—
Reply to this email directly, view it on GitHub
<#39 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A5TIDEDTMUQGXMACSASB5RTZDNJLZAVCNFSM6AAAAABBGSKACGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRSG42DEMRTGE>
.
You are receiving this because you are subscribed to this thread.Message
ID: <TomKing062/CVE-2022-38694_unlock_bootloader/issues/39/2122742231@
github.com>
|
I have a
sp9832edevice and the relevant stock fdl1, fdl2, spl and uboot img files. I also have the device XML file containing details on partition layout.I've attempted to patch fdl1 and fdl2 files but not 100% sure I'm doing it correctly. I believe I also need to create a custom_exec file as per: https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/AddSupportToModel
Is it possible on this device or am I wasting my time?
The text was updated successfully, but these errors were encountered: