Hello,is it possible to port on msm8953 #2
Comments
|
有可能。需要在EDL固件里找到设备对应的firehose mbn, 然后用https://github.com/bkerler/edl 试试看能否读出PBL和QFPROM。如果可以,说明这条路走得通。但是后面的过程仍然漫长且繁琐,并且vendor对bootloader的修改越多就会越麻烦。同时,由于使用了EDL中的exploit,设备每次启动都需要借助USB。如果你编译的bootloader指的是aboot/lk,或者你不需要获取设备的trustzone/hypervisor权限,建议参考https://github.com/msm8916-mainline/lk2nd |
|
...lk2nd多了一层引导我感觉太麻烦了,lk2nd我上个月已经移植上了 |
|
不过我想我把9008触点给他飞一下应该可以 |
|
目前只支持软件重启到9008,不支持冷启动9008, i.e. 必须通过reboot edl / fastboot oem edl等方式进EDL。个人认为lk2nd已经足够方便了,毕竟有secure boot就认命吧。菊厂的8916,8952有部分无secboot的型号,想体验的话可以去收一个。如果没有修改底层(sbl1/tz/rpm/dsp)的需求,就没有必要。如果一定要用这个实现修改aboot,需要修改sbl1、修改pbl,然后把https://github.com/fxsheep/lk4edl 移植到8953 |
|
话说pbl咋改?不是固化到soc里面了吗? 话说PBL咋回读 |
|
PBL用https://github.com/bkerler/edl 读取 |
|
话说不行酷安聊,我家这里GitHub总是被墙 |
|
额话说msm8974的SBL啥的代码能够上哪里找? 我有个msm8974的手机没锁secure boot |
|
Hello, mind if i write in english? Some time ago I tried the same approach on msm8953 and I managed to crash the phone a couple times with peek and poke commands. After disassembling the loader I think i found the address in the stack for the return address of the function that reads the edl commands, so I guess the same exploit is possible. |
|
我试了一下,qfp能完整读出来,但是pbl读到75%就显示viceClass - USBError(19, 'No such device (it may have been disconnected)') |
I think that you can use English,but my English is terrible |
I have a msm8953 device(huawei maimang 5,same as G9 plus,nova plus) and just build a lk1st on it.But my device has enabled secure boot so it cannot boot my costum bootloader. I want to port with this projcet,is it possible?and how to do that?
我有一个msm8953的设备(华为麦芒5,和G9plus,Nova Plus相同) 并且我为它编译了一个自己的bootloader,但是它开启的secure boot所以无法引导。我想借助你们的这个项目,有可能吗?如何做?
P.S.如果你来自中国就直接用中文,我在酷安上面看到你们这个项目的
The text was updated successfully, but these errors were encountered: