vogu172 wrote:
說實在的我現在刷的是...(恕刪)
感謝提供 我有空再試試看 ..
sunup921 wrote:
大大有刷過這個內核嗎...(恕刪)
我今天有看到 好像是延伸下面這篇文章來的..
看起來好像還沒100%完全搞定
http://forum.xda-developers.com/showthread.php?t=1253277
sunup921 wrote:
大大有刷過這個內核嗎...(恕刪)
轉!!【XGT Trans】X10 Bootloader "bypass" 解鎖教程 【開發者向】
原帖地址 forum.xda-developers.com/showthread.php?t=1253277
如果X10有任何損傷我們將不負任何責任,對於BL的操作稍有不慎將會立即變磚,請謹慎操作
這裡的變磚才是真正的磚化,根本沒有救活的希望的,希望各位基友謹慎操作,否則後果不堪設想
警告,如果您不是開發者,請立即關閉頁面,請耐心等待,直到出現一鍵解鎖BL工具為止
解鎖工具下載地址
本帖隱藏的內容
qsd8250.7z
u.115.com/file/dn1wgmur#
解鎖BL意味著可以使用真正的自制內核,並不僅僅侷限於Linux2.6.29了
這將會更加的快捷和簡單,至少和現在的"bypass"相比是這樣的
以下是步驟
本帖隱藏的內容
1 將qsd8250.7z解壓
ESET將會把adb.exe認為是病毒,這是誤報,請不要理會
2 首先需要:
將手機刷為2.1系統【E註:X10的2.1和2.3均基於linux2.6.29內核,理論上是不需要刷機的】因為內核映射模塊是為2.6.29編譯的
3 打開USB調試模式
4 運行 qsd8250_semc.cmd,
如果正常,你會看到這樣的返回結果
process requires standard 2.x android firmware.
Press any key to continue . . .
Getting ROOT rights.
1464 KB/s (585731 bytes in 0.390s)
error: protocol fault (no status)
Waiting ...
Removing NAND MPU restrictions via SEMC backdoor. Permanent. Require ROOT rights.
192 KB/s (3087 bytes in 0.015s)
success
Waiting ...
Getting ROOT rights.
Waiting ...
Writing patched semcboot. Two step process
First, we need get access to semcboot area
504 KB/s (8064 bytes in 0.015s)
Second, we need to write semcboot ;)
1531 KB/s (588236 bytes in 0.375s)
successfully wrote 0001ff80
Press any key to continue . . .
複製代碼
成功, 你的手機已經被成功解鎖
如果您的手機是使用setool2解鎖的,請運行 qsd8250_setool2.cmd
如果您的手機是使用第三方解鎖工具解鎖的, 請不要試圖解鎖BL
強行解鎖將鎖死基帶
------------------------------------------------------------------------------------------------------------------以下內容針對開發者------------------------------------------------------------------------------------------------------------------
okay, now about other details.
1.
unlocked bootloader require unlocked loader, yep ?
loader\loader.sin is special unlocked loader, which will be accepted ONLY after your "unlock" semcboot with previous steps.
to distinguish unlocked semcboot and original semcboot, first letter in version tag of semcboot output will be lower case, i. e. "r8A033"
( same applies for loader version tag )
so, all that stuff with signatures are not for us, so i removed them - loader will ignore signature part of SIN file.
2.
we should make SIN file somehow, right ?
for that i prepared "dumb" bin2sin utility.
Syntax : bin2sin [input] [partition info, 32 digits] [type] [block size]
複製代碼
[input] - is input binary file.
[partition info]
android implementation on s1 semc qualcomm phones based on partitions,so we MUST define it for our file.
you can get required partition info from standard semc sin files, it is first 0x10 bytes of DATA, right after header, i.e.
x10 kernel partition info
03000000220000007502000062000000
複製代碼
[type] - partition type, 9 - partition without spare, 0xA - partition with spare.
kernel partition is partition without spare.
if that parameter omitted, type = 9
[block size] - nand block size, if omitted, it is standard size 0x20000
there is example in sinTools\example_build.cmd
3.
kernel should be prepared specially to be accepted by semcboot.
for that there is tool bin2elf.
Syntax : bin2Elf.exe [nbrOfSegments] [EntryPoint] [Segment1] [LoadAddress1] [Attributes1] ...
複製代碼
we need 2 segments:
segment 1 is unpacked linux kernel image, i.e.
( x10/kernel/arch/arm/boot/Image )
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x20008000
attributes for image 0x0
segment 2 is ramdisk.
it looks like entrypoint and load address for segment 1 is always same for all qsd8250-based semc phone, it is 0x24000000
set attributes for ramdisk 0x80000000, that is extremly important.
there is simple kernel example in sinTools\example_build.cmd
ps.
patched semcboot is doing exactly same thing as official "bootloader unlock" ( for some idiotic reasons called "rooting" ) , it skips checking of aARM firmware part ONLY.
it will NOT unlock your phone from network.
after procedure, you CAN use Emma/seUS safely.
開發筆記1Doomlord:seems the kernel zimage HAS TO BE CALLED image and ramdisk.cpio.gz HAS TO BE ramdisk
then it works
也就是說內核編譯的zImage要被命名為image,ramdisk.cpio.gz要被命名為ramdisk,然後使用sinTool生成的sin才可以被刷寫
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
這東西 不要當白老鼠 XDA神人應該會寫出簡化懶人包...這種磚 應該是US跟FLASH都救不回來 別輕易嘗是比較保險
內文搜尋
從 APP 打開
X