Comments (20)
TomKing062
commented on July 22, 2024
5
spd_dump fixed 012305c
fdl1 execute still not work
got splloader executed without verify (i thought it couldn't be done last month), so a5pro(cc) will use spl method instead of fdl1 method, this need some tests
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
4
Nice keep up the good work. Any way to support you, donation?
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
4
DONE
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
3
- tested a t610, fdl1 execute will fail because i set wrong register value in custom_exec.bin
- spd_dump can't use
exec_addrnow, rename method likespd_dump_3f48works
will fix later
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
1
use spreadtrum_flash-main_exec instead of interactive
I'm using Android 10 with software version L1732.6.17.01.00 in Hisense A5PRO cc This root method apply with this software version? And where to use
spreadtrum_flash-main_exec? I can't find where it is
git clone the repo, and build within the folder
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
1
q5 added
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
With --verbose 1
./spd_dump --wait 5000 --verbose 1 exec_addr 0x5500 fdl uboot-mod.bin 0x9efffe00 exec read_part teecfg 0
1M teecfg.bin read_part trustos 0 6M tos.bin read_part sml 0 1M sml.bin erase_part splloader reset
Waiting for connection (5000s)
libusb_control_transfer ok
send: unknown message
recv: type = 0x81, size = 6
CHECK_BAUD bootrom
BSL_REP_VER: "SPRD3\0"
send: type = 0x00, size = 0
recv: type = 0x80, size = 0
CMD_CONNECT bootrom
input >
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
use spreadtrum_flash-main_exec instead of interactive
from cve-2022-38694_unlock_bootloader.
ferlanero
commented on July 22, 2024
use spreadtrum_flash-main_exec instead of interactive
I'm using Android 10 with software version L1732.6.17.01.00 in Hisense A5PRO cc This root method apply with this software version? And where to use spreadtrum_flash-main_exec? I can't find where it is
from cve-2022-38694_unlock_bootloader.
ferlanero
commented on July 22, 2024
use spreadtrum_flash-main_exec instead of interactive
I'm using Android 10 with software version L1732.6.17.01.00 in Hisense A5PRO cc This root method apply with this software version? And where to use
spreadtrum_flash-main_exec? I can't find where it isgit clone the repo, and build within the folder
Is it necessary to prepare the phone in any way before applying root? I have OEM unlocking and USB debugging allowed in Developer options already
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
use spreadtrum_flash-main_exec instead of interactive
now I have this issue
libusb_control_transfer ok
send: unknown message
recv: type = 0x81, size = 6
CHECK_BAUD bootrom
BSL_REP_VER: "SPRD3\0"
send: type = 0x00, size = 0
recv: type = 0x80, size = 0
CMD_CONNECT bootrom
current exec_addr is 0x5500
loadfile("uboot-mod.bin") failed
from cve-2022-38694_unlock_bootloader.
ferlanero
commented on July 22, 2024
use spreadtrum_flash-main_exec instead of interactive
now I have this issue
libusb_control_transfer ok send: unknown message recv: type = 0x81, size = 6 CHECK_BAUD bootrom BSL_REP_VER: "SPRD3\0" send: type = 0x00, size = 0 recv: type = 0x80, size = 0 CMD_CONNECT bootrom current exec_addr is 0x5500 loadfile("uboot-mod.bin") failed
After reaching this step, does the phone still start?
from cve-2022-38694_unlock_bootloader.
zackyjsd
commented on July 22, 2024
感谢大佬的工作和分享!关注这个洞很久了,终于等到有可用的exp,顺便提一下,这个手机的root有几个人在论坛悬赏几百美金,如果成功root,大佬绝对是第一功臣~
https://forum.xda-developers.com/t/hisense-a5-pro-cc-how-to-root-unlock-bootloader.4109021/page-8
https://forum.xda-developers.com/t/award-for-anyone-who-roots-hisense-a5-pro-cc.4112773/
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
fdl1 execute fixed 0482afc
download tool from releases
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
now fdl1 can be executed without verify
though i am still not sure if fdl1 from SmileX(t610) can be used to unlock a5p/a5pcc (ddr init is slightly different)
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
about spl method, not written yet
device will not unlock if ddr init in fdl1 failed , if this happen , modify spl and ddr init will use exactly value from manufacturer, i will see if fdl1 can work first
from cve-2022-38694_unlock_bootloader.
TomKing062
commented on July 22, 2024
smilex fdl1 not work, a5p/a5pcc still need compile fdl1 manually
this takes at least 1 day
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
smilex fdl1 not work, a5p/a5pcc still need compile fdl1 manually this takes at least 1 day
Good work, could you document how to compile fdl1 for other t610 devices? (I have a hisense q5) :)
from cve-2022-38694_unlock_bootloader.
Xinon232
commented on July 22, 2024
thanks :)
Unfortunately I can't install the root... the executable only says: Waiting for device....
However adb does recognize my phone, spd_dump.exe doesn't... any solution advice?
from cve-2022-38694_unlock_bootloader.
zhinu
commented on July 22, 2024
AMAZING
from cve-2022-38694_unlock_bootloader.
Related Issues (20)
- Private Key HOT 6
- please add support for zte blade a54 HOT 6
- query HOT 3
- ZTE Blade A51 bootloop HOT 5
- 关于简化 system-root方法的建议 HOT 4
- slow spd_dump download speed on Linux, libusb HOT 3
- Can't flash vbmeta on windows10,ud710 HOT 4
- bootloop on rmx3231 HOT 4
- Can you make bootloader unlock for Nokia C21 Fingerprint Edition TA-1352 SC9863А
- Pls make bootloader unlock for itel p40+ t606 HOT 2
- [bootloop with resigned boot][A11]RMX3511(ums9230) HOT 30
- [bootloop with resigned boot][A11]Bootloader unlocked, but, how can I root with Magisk? ZTE Blade A51 HOT 18
- 希望添加海信E22平板的支持 HOT 1
- [bootloop with resigned boot][A11]ZTE Blade A31 (SC9863A) HOT 5
- Some GSI roms not working with magisk HOT 1
- Realme ums9230 may use both emmc/ufs but unlock only give one HOT 6
- Getting error unlocking the bootloader on itel p40+ HOT 11
- Hi can I use it on teclast t40hd
- 海信A7 CC无法导出boot.img
- Support for Nokia G22 TA-1528
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2022-38694_unlock_bootloader.