alate lee said:

我 konw how to set authorized token , i wnat to test on my le2100 codename 9r to colorOS 11 .

Is this related to the 10 pro?

evilhawk00 said:

An idea came to my mind.

I've checked the after-sale package of 10T, which can be downloaded from https://yun.daxiaamu.com/OnePlus_Roms/一加OnePlus Ace Pro/原厂包 氧OS 12.1 A.05/CPH2415GDPR_11_A.05_2022080401330000.zip?preview

If you extract the zip file you'll even find out it's not a .ofp file but a zip file containing many little files. It is completely different from the previous known after-sale packages. Looking at the file name format plus the screenshot you've shown, I'm pretty sure the zip file is the same as the one that can be downloaded from the tool. The weirdest part is that I found no way to import the zip package to the tool because it's not even a .ofp file. ?????

Plus, looking at this https://www.droidwin.com/leaked-edl-flash-tool-for-oneplus-realme-oppo-is-here/ I'm pretty sure it can only import .ofp file because I found no way to import a zip file like that.

However, if I simply change the file type part of the file name from "firmware*.zip" to "firmware*.ofp", it can import the .ofp file. So my question is, why is it downloading non-encrypted .zip files?

I'm guessing:
What if the flash tool actually encrypts the downloaded zip file to .ofp after downloading? Maybe it encrypts the zip to .ofp and adds the token of the downloader to the .ofp file and signs the .ofp file as a VIP signature? So the .ofp can only be flashed by the downloader? Maybe there's some kind of watermark technics to the .ofp file? The flash tool file size is small so it can be easily shared but the .ofp file size is big, so it is definitely the best place to put a watermark. Then during flashing, the flash tool reads the signature from .ofp again and checks if the current user is the signer(creator) of the .ofp? People used the .ofp from somewhere else and imported it to the tool, maybe that's why it failed with "flash_sign_error". ????? I really think connecting to the server during flashing makes no sense because the user has already logged in to the account, so why bother again? IMO, putting a watermark on the .ofp file is enough to protect it from flash tool Hex editing bypass. What if the .ofp has to be downloaded by the same login user token?

Above is my guess, because I still have no clue how to import a non-encrypted zip file. If this is the case, someone may need to flash the firmware downloaded by the tool, not just import external .ofp files.

Click to expand...

This will need further analysis. I'll download the OP10 Pro files directly from the tool. Afaik, the files are hosted on Amazon S3 service. Let's see if those files are any different

Ph0nysk1nk said:

OnePlus 9 or 9Rt is excluded from this nonsense. Luck you .

Here's a 9r Msm tool. Password dmxv

TeraBox - Free Cloud Storage Up To 1 TB, Send Large Files Online

TeraBox offers 1 tb free cloud storage & online file transfer. Login or Download TeraBox app to get 1 tb storage and use it on your PC, Mac, iPhone & Android.

www.terabox.com

Click to expand...

9rt is not excluded from this nonsense. He is also an OPPO. I wouldn't be here if it had msm xd/.

EtherealRemnant said:

Interesting. I just went ahead and downloaded it on my phone (I'm not near my computer). I assumed like everything else it was only OTAs and MSMs that got posted there. This is indeed something I haven't seen before, complete with engineering files marked confidential.

It will be interesting if/when a 10T MSM leaks to see if that firehose is special or not.

Though I'm not an expert on the firehose, I'm even more sure that the non-encrypted zip file is a non-encrypted MSM firmware package. (I think it is the base file used to create a .ofp)

I found these articles(All written in Mandarin, here's the link with Google Translate):
https://lixiaogang03-github-io.translate.goog/2020/10/20/刷机工具/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-TW&_x_tr_pto=wapp
https://www-twblogs-net.translate.g...-TW&_x_tr_tl=en&_x_tr_hl=zh-TW&_x_tr_pto=wapp
These articles introduce how to use the QPST flash tool(Which can be downloaded from https://createpoint.qti.qualcomm.com/to) to flash a "flat build".

Most of the files mentioned in the article can also be found in the 10T firmware package, such as:

/IMAGES/prog_firehose_ddr.elf
/IMAGES/qupv3fw.elf
/IMAGES/rawprogram0.xml
/IMAGES/patch0.xml

dladz said:

Sounds like MSM is no go, it is what it is... Oppo did their job well....


I'll be honest though, of all the ROMs I've ever flashed on OnePlus devices.. which is a lot..

I've never once required any MSM tool to save my device, it's either been stock recovery, a new ROM, TWRP or if I've really really needed it if RMA'd the device..

Do we really need MSM? Would that work everyone has put in to get MSM working have been better spent getting TWRP functional? Testing is only booting as is actual use and it could offer a recovery avenue as well as a flashing method.

Not all phone have a method from my experience, a tonne of HTC device didn't and they were my favourite devices.

Click to expand...

Can't say it is no go currently, the result is still unknown. There are some OPPO backend APIs still working great until now with token setup, and another firmware format that is not encrypted .ofp was discovered(Non-encrypted MSM zip pack). The community only confirmed the failure with the hex edited binary when flashing .ofp firmware, but the following solution is still open for testing:

• Flashing the Non-encrypted MSM zip pack with the token obtained.

evilhawk00 said:

Can't say it is no go currently, the result is still unknown. There're some OPPO backend APIs still working great until now with token setup, and another firmware format that is not encrypted .ofp was discovered(Non-encrypted MSM zip pack). The community only confirmed the failure with the hex edited binary when flashing .ofp firmware, but the following solution is still open for testing:

• Flashing the Non-encrypted MSM zip pack with the token obtained.

And the above option can be tested on 9RT, 10 pro, 10T, Nord series, or even other newest OPPO devices that use the latest Sahara protocol because the tool is unified for OPPO and OnePlus devices, all those devices on the list may have a chance. The result is still unknown. The only problem is that people owns those devices haven't stand out for trying other solutions. I only have 8T, I don't own those devices so I can not test them. @hackslash was finding people to try for 10 pro.

Click to expand...

dladz said:

Sounds like MSM is no go, it is what it is... Oppo did their job well....


I'll be honest though, of all the ROMs I've ever flashed on OnePlus devices.. which is a lot..

I've never once required any MSM tool to save my device, it's either been stock recovery, a new ROM, TWRP or if I've really really needed it if RMA'd the device..

Do we really need MSM? Would that work everyone has put in to get MSM working have been better spent getting TWRP functional? Testing is only booting as is actual use and it could offer a recovery avenue as well as a flashing method.

Not all phone have a method from my experience, a tonne of HTC device didn't and they were my favourite devices.

Click to expand...

I agree with this. I have only ever had to use MSM once when I absent mindedly locked the bootloader with a patched boot.img due to late night not thinking. Other than that, I have had no need. I remember the good ole days of the OG Moto Droid, flashing multiple broken ROMs in a single night just via stock recovery before there was ever TWRP. Never had a magic flashing tool like MSM. Maybe the difference is now the devices are more temperamental with their boot sequence, but as I have mentioned in other threads, I think the current OOS/COS flavors are great and so I don't have any desire to tinker around with custom ROMs. I do sympathize with the few that might want that, but I think that is going to be less and less of an option with the direction that Android is heading.

dladz said:

Point I was making is do we actually need it?? From past experience I don't think we do, I never have... Sending the device back for RMA isn't going to kill me or anyone else.

I've watched this and other threads since their inception and it appears every angle has been covered, time will tell I guess.

I'm sure there is someone out there with a bricked device if we're only waiting on someone to test.

It's honestly just fun.
I really don't have any other reason for why I'm doing it xD

hackslash said:

It's honestly just fun.
I really don't have any other reason for why I'm doing it xD

Ha.. I can't argue with that pal

evilhawk00 said:

Can't say it is no go currently, the result is still unknown. There are some OPPO backend APIs still working great until now with token setup, and another firmware format that is not encrypted .ofp was discovered(Non-encrypted MSM zip pack). The community only confirmed the failure with the hex edited binary when flashing .ofp firmware, but the following solution is still open for testing:

• Flashing the Non-encrypted MSM zip pack with the token obtained.

And the above option can be tested on 9RT, 10 pro, 10T, Nord series, or even other newest OPPO devices that use the latest Sahara protocol because the tool is unified for OPPO and OnePlus devices, all those devices on the list may have a chance. The result is still unknown. The only problem is that people who own those devices haven't stood out for trying other solutions. I only have 8T, I don't own those devices so I can not test them. @hackslash was finding people to try for 10 pro.

Click to expand...

The zip files downloaded from the Flash Tool are unique. It doesn't sends a sign request to the server, unlike other OPF files which do require a sign request before flashing. Instead it sends a unique device model request which is failing for some reason. I'll share the endpoints soon, hopefully.

dladz said:

Point I was making is do we actually need it?? From past experience I don't think we do, I never have... Sending the device back for RMA isn't going to kill me or anyone else.

I've watched this and other threads since their inception and it appears every angle has been covered, time will tell I guess.

I'm sure there is someone out there with a bricked device if we're only waiting on someone to test.

There's no OnePlus reseller in my region, I received my device oversea, and I'm the one who can not send RMA
Sending back to CHINA requires paying high customs duty of 40% so maybe I would just buy a new phone. And this is the reason I still stick with OnePlus 8T, lol.

I don't know much about OPPO's RMA but I know that if you f*ked up your SAMSUNG and sent it to RMA and if they can't immediately fix it by a single flashing, they will treat it as man-made damage and refuse to fix it for free. I once f*ked up the partition of my SAMSUNG device but I wasn't able to know the default partition table of the device so I sent it back and the employee just asked me to replace the motherboard(300USD) and it is not free because it is man-made damage so I refused. A few months later, I fixed my device by finding a leaked .pit file with the Odin flash tool, lol.


Anyway, I was just messing with this tool for fun.

mxz55 said:

@OppoTech123 thanks a lot, but can you also publish tools for OnePlus 10T ?

kernel sources for that phone got released early, and lack of flash tool access for developers is the main thing holding back ROMs to get going faster than with most newly released OnePlus devices. Please man

It's not often that someone arrives on XDA that has the ability to give the finger to OnePlus/Oppo's anti development stance that it has employed for the last few years (against its roots of being known as dev friendly brand), to bring some hope.

Click to expand...

The tool is unified for all OnePlus devices and OPPO devices, it is the thing you want. If the community finds a way to use it, it can be used on Oneplus 10T for sure. OPPO uses the same tool for all their devices from now on.

evilhawk00 said:

The tool is unified for all OnePlus devices and OPPO devices, it is the thing you want. If the community finds a way to use it, it can be used on Oneplus 10T for sure. OPPO uses the same tool for all their devices from now on.

Considering some of the posts here about a lack of 10 Pro / 10T owners' cooperation.. what do you think the chances are if i sent you my 10T overseas?

I mean it looks like you're a decent reverse engineer and you said the road ends for you as you don't own a relevant device - if you really want to invest time and effort into hacking the leaked EDL tool further, feel free to PM me and we can arrange the sending of my device (at my risk for everything, including bricks). I am really like 'bleh' if i have to keep using ColorOS on it, its my worst nightmare, so i would go back to buying a second hand 9 Pro for running LineageOS in the meanwhile before 10T gets some ROMs facilitated by having tools available.