![]() |
Firmware downgrade from 1.3 to 1.2 possible
I will change back from 1.3 to 1.2 but with the Nokia Flsah tool it is not possible. Have somewone a Solution for a Firmwaredowngrade.
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Not possible; search before creating new duplicate threads...
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Not possible is the default answer for marcaurell.
However it is possible if: a) you have R&D certificate in your device (which only Nokia employees have) b) you use software downgrade exploit (which is not publicly available) |
Re: Firmware downgrade from 1.3 to 1.2 possible
Another option would be to deploy a 1.2 rootfs backup, and flash the kernel using a dd-made backup.
Not the brightest of ideas, as I still don't know why people would want to downgrade, but hey, at least it's an idea. |
Re: Firmware downgrade from 1.3 to 1.2 possible
I think someone did it by using hexedit to change the version number in the older image.
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
But anyways there really is not valid reasons to downgrade, other than sometimes you might want to go on PR1.1 if your ovi store application entry happens to fail the QA (and even then you can use RDA), but if your not ovi store app developer then there really is no reason. |
Re: Firmware downgrade from 1.3 to 1.2 possible
IICR nemomobile requieres pr1.2 to be flashed
but i am curious about those downgrade hacks ... regards |
Re: Firmware downgrade from 1.3 to 1.2 possible
Thank at All for answers and suggestions.
|
Re: Firmware downgrade from 1.3 to 1.2 possible
well I have runned nemomobile on PR1.3 so I don't think that there is any limitations, all the instructions are just for PR1.2.
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
A reason to downgrade in Pr 1.2: to have a usable autocorrection for French :(
Fortunately, we have the Swype keyboard but it's a sad situation. |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
bug in x-loader? bug in nolo? or somehow on device via inception? |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
you need be in normal mode (not open mode) and clean/erase the cert-sw..., and you can downgrade the APE side (not the CMT side) http://mg.pov.lt/harmattan-irclog/%2...03-23T22:15:27 :) |
Re: Firmware downgrade from 1.3 to 1.2 possible
Ok, so what is stored in CAL key "cert-sw"?
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
In normal mode you have read&write access to CAL. So I think downgrade can be done with writing some old cert to CAL, then rebooting & flashing old version of fiasco.
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
I have Dev environment, but I have not libcal-dev and I am not so experienced with C. Do you have binary of cal_write_block?
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
That's actually the reason inception is more dangerous than open mode.
I was thinking about this one day, what lead me to this was some time back somebody had a weird problem, IMEI of the device was corrupted. The fact that cal is locked when running in open mode helps to protect from random faults that could wreck havoc by writing something to a critical area by mistake. In normal mode, under inception/opensh there is no such protection. |
Re: Firmware downgrade from 1.3 to 1.2 possible
@rainisto: is there any way how to repair perm bricked devices? and who can that if nokia care not?
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
However if you have done backup from your CAL then you could in theory restore CAL from your backup. BUT before you get your hopes up, only Nokia employees with R&D certificate can backup&restore CAL areas, and all the people that could generate R&D certificates for N9 have already left the company. And factory line jtag flasher, but its quite unlikely that you get access inside the production factory (and those factory lines are already ramped down anyways). So in short if you happen to mess up your CAL, you can throw the device in garbage for spare parts and buy a new phone. |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
For JTAG flashing you actually do not need fancy equipment, just a cheapy ~200 eur USB/JTAG adapter and some soldering skills is required :D |
Re: Firmware downgrade from 1.3 to 1.2 possible
Ok, so I must be very very carefull to not damage CAL...
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
Quote:
Something else may have been broken, but it sure isn't corruption of the IMEI. And if the N9 is just like the N900, you could probably flash_erase /dev/mtd1 and CAL would be able to partially rebuild itself (kids, don't try this at home!) |
Re: Firmware downgrade from 1.3 to 1.2 possible
OK, if that is so, then where is the MFG calibration data for RFU stored?
I kinda thought it would be in CAL (that it is an abbreviation for CALibration, but maybe I was mistaken...) |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
Won't try wiping mtd1 myself, but ask DocScrutinizer or vi, they idle on IRC long enough to bookmark that part of the IRC log. |
Re: Firmware downgrade from 1.3 to 1.2 possible
Can you point me irc logs?
I already tried freemangordon RE libcal on computer with nandsim and libcal created empty CAL structure in nandsim. So it can be true that NOLO will recreate cal if it is damaged and push new data from BB5... |
Re: Firmware downgrade from 1.3 to 1.2 possible
3 Attachment(s)
Hi there everyone, long time user, first time writing (used maemo since N900 but never felt the need to write before) but maybe I may be of help now.
I've got my Jolla stolen and feels they are out of stock here in Russia so I went for used N9. Somehow it was stuck with Vietnamese FW and I was unable to downgrade to the European version, so I found this thread with instructions in it, I tried to slap some stuff up to be able to write older certificates to be able to downgrade. The CAL structure itself contains the older certificates but uses only the latest version. You can dump your own certificates yourself, they're located on /dev/mtd1. CAL structure itself starts with ConF signature. I basically watched the code at https://github.com/community-ssu/lib...b/master/cal.c and explored the hexdump. I didn't want just to zero out cert-sw because of mentioned lock code problems. The cert-sw section starts as follows and cert itself starts as a3959780. Code:
436f 6e46 0200 0000 6365 7274 2d73 7700 ConF....cert-sw. Then I wrote simple libcal program, compiled it with Qt SDK. Never managed to get around aegis without putting it in deb first, however. The code itself is selfdescriptive and the sources are there if you have your own Qt SDK and want to compile yourself. I've also attached my compiled deb and some of the certificates I've dumped from my N9's CAL area. It reads cert file from /root/cert.bin and then writes it to CAL to the newest slot. Please be careful and only use it if you're absolutely absolutely sure what are you doing. I've managed to downgrade my N9 that way. Please don't shoot yourself in the feet. It's more of an informational post to the question discussed than everyday easy solution. |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
As a note. This should be added to WIKI pages I believe ... |
Re: Firmware downgrade from 1.3 to 1.2 possible
does this mean that we can "downgrade" from for example region version 005 to 001 with this method?
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
|
Re: Firmware downgrade from 1.3 to 1.2 possible
1 Attachment(s)
Quote:
placed in /root/ and named cert.bin. Executed cal-writer with devel-su and develsh to obtain highest permissions, using open-mode kernel. However, cal-write fails at the end and reverts.. Attached is log from cal-writer failing to write the cert. Might be because of certs not from my device (would be cool with instructions on how to extract those) Added this to an idea for coding competition, and will personally spit in an extra award if a complete app can be created http://talk.maemo.org/showpost.php?p...7&postcount=23 |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
If you want write access to CAL, you must boot in normal production kernel, not open-mode. There is no other way. |
Re: Firmware downgrade from 1.3 to 1.2 possible
Quote:
As for the simple application: I'd rather wait for some hardcore experts say is that a good idea, maybe there's some unexpected consequences and whatnot. I will think about it but I don't want to release some software to easily and irreversibly brick their device. Perhaps I'll start with cert-sw extractor for the N950 guys. |
All times are GMT. The time now is 13:12. |
vBulletin® Version 3.8.8