Nokia 8000 and Nokia 6300 4G general discussion thread

[Luxferre]

Hi folks,

Any substantial info on these new Nokia models yet? Besides the known facts they will run on KaiOS 2.5.4 and use the unnecessary BL-4XL (enlarged BL-4UL version) instead of BV-6A of the same 1500 mAh capacity...

I'm ordering a 8000 in December on the first day they officially are imported into Ukraine. As for 6300 4G, there are no official announcements here and they didn't even add this model on Ukrainian Nokia webpage.

Let's hope that these models are identical besides the display, materials and camera. But does anyone here have any of them yet? Do standard tricks like *#*#debug#*#* jailbreaking work? Any info on codenames etc?

Let's further discuss everything regarding this models here.

[perry]

I would be interested in whether it is possible with 63004g to add new words to the t9 dictionary.

[Farooq Karimi Zadeh]

And I wish they had KaiOS 3.0! Now I don't see any reason to switch to one of them...

--
You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/cd74c1bf-2c94-4349-8ea1-d496bcdfa28en%40googlegroups.com.

[Victor Chukalovskiy]

+1 for t9 dictionary feature request.

Besides that, does anyone know if these devices come with good bluetooth audio streaming support? Preferably aptx codec too?

My Alcatel Go Flip with KaiOS 2.5 can't even stream youtube video to a bluetooth headset, what a joke. My proper old Nokia phones from 2000 - 2010 era did that better.

--

[ipas...@gmail.com]

Idk, but bluetooth audio works flawlessly on my Nokia 800 Touh (KaiOS 2.5.2) 

[PuriShnit]

Okay, got my 6300!

*#*#debug#*#* - works.
Installing apps - works.
But... apps with engmode permission, are not allowed to be installed :-(

Phone is on Release-keys & fastboot mode seems to be disabled.

What's next?

[Affe null]

Can you install OmniSD and do a privileged factory reset?
Also, does this script open anything (put this into the WebIDE console of any app or onto a website):
new MozActivity({name:'internal-system-engineering-mode'});
If you get two buttons 'root2user' and 'user2root', the 'user2root' button should enable ADB root mode (at least that's what the code in the testbox app says on Nokia 8110 4G, but I never tested it).

--

You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/176052d46b0.2756.4d0fbcba59d3df19bf8cde900231fc8a%40gmail.com.

[perry]

is it possible to add new words to the dictionary?

[PuriShnit]

- adding words to t9 dictionary is possible (like the 2720 & 800).

- w2d.bananahackers.net, tries opening developer menu, but then instantly moves to the debugger options to select from 'Disabled', 'ADB only' & 'ADB and DevTools'

- tried doing the similar script to open  'internal-system-engineering-mode', it opens & shows 'user2root' & 'root2user', but they won't affect anything.

- EDL mode (by pressing '*' + '# ' buttons, or in shell 'reboot edl'), gives the following info (which doesn't seem to match any known loader...):

    MSM_HW_ID: 0x009600e1

    OEM_PK_HASH: 0x952bed90f6e9eac6e28da21916da4410e3dfebd81c5523ad712bb226db0b5df3

    SBL SW Version: 0x00000000

As a side note, 'getenforce' returns 'Enforcing', which probably means, even if we do gain root access by 'engmode-extension', we won't be able to modify any protected partitions.

(as experienced with other devices...)

[Luxferre]

PuriShnit,

Thanks a lot for the info. It makes things even more intriguing. Unfortunately, I can't research it myself until I get a 8000.

Does our traditional trick with navigator.mozPower.factoryReset('root') work to perform privileged reset? Good old OmniSD should do.

[PuriShnit]

I have installed Wallace-toolbox after removing the engmode permission from the manifest.
When I then try performing a privileged reset (# button), it brings the message box if I want to perform..., but pressing OK doesn't do anything.
So, I was assuming the privileged reset also requires the engmode permission, am I wrong? (I downloaded OmniSD, and saw it also mentions this permission in the manifest).

[Luxferre]

No, the navigator.mozPower.factoryReset('root') call should only require "power" permission.

Can you please attach with WebIDE (palemoon etc) to the running OmniSD process and perform this call from console itself?

[Luxferre]

PuriShnit, also use OmniSD, not Wallace Toolbox.

[PuriShnit]

Hope to find some time today or tomorrow to play with Palemoon. TBH, I never used the WebIDE console... is it something straightforward?

Would a privileged reset help in installing with engmode permissions?

(Furthermore, do you agree that as SELinux is Enforcing, we won't be able to do any modifications?)

--

You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/130e209e-a665-4514-9793-117bf43efc43n%40googlegroups.com.

[Luxferre]

> Would a privileged reset help in installing with engmode permissions?

This is exactly what I'd like you to find out. If you install OmniSD (not Wallace Toolbox, it now uses another method) and perform privileged reset with #, will you be able to then install Wallace Toolbox 0.0.6 and other engmode-enabled apps with no issues?

[Luxferre]

> Furthermore, do you agree that as SELinux is Enforcing, we won't be able to do any modifications?

Once we get root, changing SELinux policy is a matter of a single command, so it shouldn't be a problem.

On Friday, November 27, 2020 at 12:22:30 PM UTC+2 PuriShnit wrote:

[PuriShnit]

I manually installed root on one of the latest Alcatels (by modifying system, using EDL with the loader), and after gaining root (# in shell), I could access the /data partition. But, 'setenforce' to '0' was returning 'Permission denied' (probably doesn't allow echoing 0 to /sys/...), seemingly SELinux is nowadays quite advanced... (we can still hope that on these phones they were not so restrictive).

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/50a4d3ce-3561-4191-bda7-225766dd7e10n%40googlegroups.com.

[perry]

Thanks for testing the T9. If you want you could try to install my βstore, it uses the import () method to install apps.

https://github.com/strukturart/bHacker-store-client

[Luxferre]

So, does OmniSD work for privileged reset? 

[PuriShnit]

Installed OmniSD, privileged reset doesn't do anything (pressing OK, just returns me to the app).

Tried in console, says 'undefined' (hope I am doing it right, will send pic soon.)

What else can we try?

[PuriShnit]

On Fri, Nov 27, 2020 at 12:29 PM PuriShnit <ads...@gmail.com> wrote:

--
You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/cac2522a-b0a7-4a69-8fa6-edaefc32e7a4n%40googlegroups.com.

[yair...@gmail.com]

if its possible to install adbroot and its working ' can you dump the partitions?

ב-יום שישי, 27 בנובמבר 2020 בשעה 14:35:07 UTC+2, Luxferre כתב/ה:

Bro, you need to connect to remote runtime (running adb forward command beforehands, see the manuals) and attach to the running OmniSD project in WebIDE!

[Luxferre]

Nothing is working yet.

[yair...@gmail.com]

i'v also orderd such a device but will take some time till ill get him

ב-יום שישי, 27 בנובמבר 2020 בשעה 14:38:06 UTC+2, yair...@gmail.com כתב/ה:

[yair...@gmail.com]

counting on you (:

ב-יום שישי, 27 בנובמבר 2020 בשעה 14:38:33 UTC+2, Luxferre כתב/ה:

[yair...@gmail.com]

btw i have made patch0 and scatter.xml to the other nokia's (8110,2720,800) but still qfil cannot handle the flashing from somereason

ב-יום שישי, 27 בנובמבר 2020 בשעה 14:38:33 UTC+2, Luxferre כתב/ה:

Nothing is working yet.

[Luxferre]

OK, so it seems like they really updated the permissions grid and introduced some new security mechanism.

PuriShnit, could you please the list from "Permissions table" tab in WebIDE after connecting to the device?

[thk]

Hope this helps.

[Luxferre]

Thanks a lot! Going to study this permissions grid.

[Luxferre]

Alright, so, the suspicious permissions are:

- permissions

- deviceconfig

- external-api

- secureelement-manage

- secureelement-factory-reset

- system-update

I'd suggest appending them to the OmniSD's manifest (in addition to power and others there) and see whether or not this unlocks the navigator.mozPower.factoryReset('root') call.

On Friday, November 27, 2020 at 4:29:05 PM UTC+2 ssz...@gmail.com wrote:

[thk]

Don't know what i'm doing but added those lines and installed again.

Results stay the same.

 "device-storage:apps":{ "access": "readwrite" },

    "webapps-manage":{},
    "power":{},
    "permissions":{},
    "deviceconfig":{},
    "permissions":{},
    "deviceconfig":{},
    "external-api":{},
    "secureelement-manage":{},
    "secureelement-factory-reset":{},
    "system-update":{}
     },

[Unknown Battlegrounds]

Guys, why are you trying to run OmniSD? Wallace Toolbox is better and easier to install anyways.

You received this message because you are subscribed to a topic in the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bananahackers/jxEC3RVMYvI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bananahacker...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/020cdacf-fd52-481f-aecc-f6a5b8f5b746n%40googlegroups.com.

[Luxferre]

Wallace Toolbox uses a privilege escalation method that involves engmodeExtension. Here we have a situation when engmodeExtension is unavailable but mozPower is (kinda) available, and the mozPower method was used in OmniSD.

[Luxferre]

Ok, so they changed the API itself. If you attach to the running OmniSD process in WebIDE and list navigator.mozPower in JS console, which methods or properties do you see?

[thk]

OmniSd crashed  announcement in phones top row. Not sure if i did it right. With list: or just navigator.mozPower in Kaiosrt- runtime apps- command-console.
Tried both ways-->OmniSD crash.

[PuriShnit]

I was unable to install neither from your B-hacker store nor with OmniSD.
They both list the available apps, but pressing install just doesn't do anything.

BTW, they added emoji to the keyboard...

On 27 November 2020 11:35:43 am perry <struk...@gmail.com> wrote:

Thanks for testing the T9. If you want you could try to install my βstore, it uses the import () method to install apps.

https://github.com/strukturart/bHacker-store-client

PuriShnit schrieb am Freitag, 27. November 2020 um 11:37:44 UTC+1:

I manually installed root on one of the latest Alcatels (by modifying system, using EDL with the loader), and after gaining root (# in shell), I could access the /data partition. But, 'setenforce' to '0' was returning 'Permission denied' (probably doesn't allow echoing 0 to /sys/...), seemingly SELinux is nowadays quite advanced... (we can still hope that on these phones they were not so restrictive).

On 27 November 2020 10:26:07 am Luxferre <subor...@gmail.com> wrote:

> Furthermore, do you agree that as SELinux is Enforcing, we won't be able to do any modifications?

Once we get root, changing SELinux policy is a matter of a single command, so it shouldn't be a problem.

On Friday, November 27, 2020 at 12:22:30 PM UTC+2 PuriShnit wrote:

Hope to find some time today or tomorrow to play with Palemoon. TBH, I never used the WebIDE console... is it something straightforward?

Would a privileged reset help in installing with engmode permissions?

(Furthermore, do you agree that as SELinux is Enforcing, we won't be able to do any modifications?)

On 27 November 2020 10:10:10 am Luxferre <subor...@gmail.com> wrote:

PuriShnit, also use OmniSD, not Wallace Toolbox.

On Friday, November 27, 2020 at 12:07:37 PM UTC+2 Luxferre wrote:

No, the navigator.mozPower.factoryReset('root') call should only require "power" permission.

Can you please attach with WebIDE (palemoon etc) to the running OmniSD process and perform this call from console itself?

On Friday, November 27, 2020 at 11:43:47 AM UTC+2 PuriShnit wrote:

I have installed Wallace-toolbox after removing the engmode permission from the manifest.
When I then try performing a privileged reset (# button), it brings the message box if I want to perform..., but pressing OK doesn't do anything.
So, I was assuming the privileged reset also requires the engmode permission, am I wrong? (I downloaded OmniSD, and saw it also mentions this permission in the manifest).

--

You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/130e209e-a665-4514-9793-117bf43efc43n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/50a4d3ce-3561-4191-bda7-225766dd7e10n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/ccc3bbb7-8e1f-4765-91ad-99b42ac82f02n%40googlegroups.com.

[Farooq Karimi Zadeh]

Hmm. They've gone one step forward and several steps backward?!

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/176107ec480.2756.4d0fbcba59d3df19bf8cde900231fc8a%40gmail.com.

[Luxferre]

Today morning, 8000 appeared in Ukraine (in a single variant - Onyx black DS) at one not-very-known online store, but that store actually is the main Nokia importer for the whole country. So I ordered this device immediately (probably going to order the second one afterwards) and will wait for it within the next week.

> Hmm. They've gone one step forward and several steps backward?!

I guess they just changed the APIs for all engineering-related stuff. And we need to find out how.

[Farooq Karimi Zadeh]

I wish there is a way to get root and install custom apps and especially our own store...

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/714b26c8-ffa6-4d84-8c4f-3005489fbc03n%40googlegroups.com.

[Luxferre]

This will be the primary research target.

By the way, I thought 8000 would be more expensive than 2720 Flip but the official price for them is the same here - 2599 UAH, around $91.

[Unknown Battlegrounds]

I guess Nokia 6300 4G is the "flagship".

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/2ac136ac-e718-4035-832b-9609ce36e143n%40googlegroups.com.

[Luxferre]

Actually, 8000 is.

[perry]

@Luxferre do you think KaiOS removed import ()?

[Luxferre]

Absolutely no idea. If only those with devices actually connected to the running process and showed what errors are displayed when "nothing happens"...

[Luxferre]

Finally got a 8000 today's late evening! Black, DS, TA-1303. Codename is Sparkler, by the way.

Lots of impressions but here's the direct message from gdeploy:

installationFailed: Installing apps with any of these permissions is forbidden: embed-apps,engmode-extension,embed-widgets

Researching right now.

[perry]

hmh, that means i have to change the installation method?

https://github.com/strukturart/bHacker-store-client/blob/d1b331f6346947c35aad740c9b77a37998a8ac38/application/assets/js/install.js#L60

[Luxferre]

That means you just have to wait until a way to circumvent this is found.

[Luxferre]

Well, the forbidden permissions are listed in the preferences which are generally not accessible without privileged mode. And setting privileged mode is not accessible via navigator.mozPower.factoryReset('root') due to this logcat:

12-02 22:21:51.100   492   492 W /system/b2g/b2g: type=1400 audit(0.0:24): avc: denied { create } for comm=444F4D20576F726B6572 name="__post_reset_cmd__.tmp" scontext=u:r:b2g:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=0

12-02 22:21:51.113   492   492 I Gecko   : -*- RecoveryService: Error: Unix error 13 during operation open on file /persist/__post_reset_cmd__.tmp (Permission denied)

So, SELinux actually does the job here and denies the file creation from B2G process. Any ideas, folks?

[PuriShnit]

Bad news - SELinux is quite reliable...

Is the PK_HASH same as 6300, or unique?

[perry]

a KaiOs Dev answered me, import () was removed

[Luxferre]

Yep, just checked - import() is not visible in the mgmt field.

[Luxferre]

Actually, PK_HASH is the same! 

0x952bed90f6e9eac6e28da21916da4410e3dfebd81c5523ad712bb226db0b5df3

So there's hope about when we get one firehose, we get them both.

[PuriShnit]

So, I think we'll need to wait for that ONE loader...

How about finding some common vulnerability for this kernel, Is it a recent security patch?

[Luxferre]

The kernel itself is pretty new as well: 

Linux localhost 4.9.232-perf-g1351206e3af6 #1 SMP PREEMPT Tue Sep 29 14:34:45 CST 2020 armv7l

[Unknown Battlegrounds]

guys, does that mean that the Nokia 8000 is unable to install third party apps? 

--
You received this message because you are subscribed to a topic in the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bananahackers/jxEC3RVMYvI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bananahacker...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/58564250-f01a-4641-a9cd-439c429088efn%40googlegroups.com.

[Luxferre]

No, only some of them that require the engmode-extension permission. For "normal" apps, *#*#debug#*#* code and installing via WebIDE/gdeploy works. But that's not what I'm satisfied with. We need a full jailbreak, not partial.

[thk]

Installed some apps with Kaiosrt.

Adb root rights not available, so uninstalling preinstalled apps not possible..(yet?)

[Victor Chukalovskiy]

Hi, could someone confirm if this is a good summary of the current state of affairs for Nokia 6300 and 8000:

• apps can be side-loaded manually with ADB cli + WebIDE
• 3rd party stores e.g. bananahackers store won't work due to insufficient permissions
  
• no root permissions, no development mode <- pending someone's hack
• no EDL mode partition manipulations <- pending firehouse to become available

Thx!
-Vic

You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/7deef636-36fc-4e34-bae5-5e4ac4ed1e9cn%40googlegroups.com.

[Luxferre]

Yep, this is correct. Except it's called firehose, not firehouse.

[Luxferre]

And also, apps can require certified level but must not require engmode-extension permission.

On Thursday, December 3, 2020 at 6:18:04 PM UTC+2 victor.ch...@gmail.com wrote:

[Victor Chukalovskiy]

Thanks for confirming and for the detail! This is still better than my Alcatel A405DL where my only way to install apps is through EDL firehose partition editing (Web IDE and dev mode won't work no matter what).

Could someone kindly confirm LTE bands supported by your Nokia 8000 / 6300 phones? Nokia website is very elusive on the subject, or I didn't search well.

Would be interest to order & use in Canada if possible

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/644b9e9e-2e3e-4f4c-8192-0c9251e3d485n%40googlegroups.com.

[Luxferre]

Well, I can only confirm that Diag port is open by default (when USB storage mode is off) so it's possible to read those values from EFS on the fly. IIRC the NVitem number we're looking for is 6828 (0x1aac), so I may try reading from it. Also, nvdiag_client utility is accessible via ADB but it's obviously non-functional without root.

[Luxferre]

So, a quick recap of current issues in 8000/6300 4G:

- engmode-extension apps installation forbidden in devtools.apps.forbidden-permissions preference (uneditable without root or privileged WebIDE access);

- navigator.mozPower.factoryReset('root') call forbidden due to SELinux -> even a legit way to obtain priivleged mode is now unavailable;

- navigator.mozApps.mgmt.import call removed altogether.

Do you know what it all looks like? It looks like a declaration of war on the community. It does not affect neither full-stock users nor "normal" developers (loyal to KaiStore) who don't use engineering permissions in their apps (they still can be installed via *#*#debug#*#* code + ADB + WebIDE). They probably won't even notice that only a partial jailbreak is now available here. On the other hand, all the community projects aimed to extend the device capabilities, make it more privacy-friendly, provide some working alternatives to a single app store and return the control over the device to users who bought it, are now being undermined.

At this point, it's obvious that vendors don't want to listen to us. They are driven by greed and deny any possible cooperation. Well, "si vis pacem, para bellum". I hope we prepare a decent response to this new challenge. We need to. No one else will.

[perry]

Do you think you could block the request for a valid certificate during the app installation process? Or create your own certificate in our app store?

[Luxferre]

The apps.serviceCenter.allowedOrigins is also a preference, not setting, and can't be set without root. And "normal" mozApps installation API can't be used for alternative sources without modifying this preference. 

[perry]

https://developer.mozilla.org/en-US/docs/Archive/Marketplace/Monetization/Validating_a_receipt

verify(optional) URL that can be used by an authenticated application to verify a receipt. Note that the Firefox Marketplace always provides this field for an app. If you are going to create your own app marketplace, you might not use this field.

means that it would be possible to create your own marketplace or just a client for the official store ?

[Luxferre]

Receipts are not about alternative app sources, they are about in-store app licensing.

[Affe null]

If the apps.serviceCenter.allowedOrigins preference still includes https://kaios-plus.kaiostech.com/, would it be possible to
 1) Create an empty app and install it with WebIDE
 2) Assign the URL to window.location in the debugging console (with no internet connection, otherwise it will redirect to the KaiOS home page)
 3) Use the navigator.mozApps.installPackage() call in the console to install apps?

Would those apps be allowed to have the engmode-extension permission?

Luxferre wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/7d0bc6b5-22f4-4fb4-a958-43fb5f734bf1n%40googlegroups.com.

[Luxferre]

I guess the problem here might be that all apps mini-manifests must also be served from the same domain. But we can check your suggestion, yes.

[Luxferre]

Hint for developers: if you remove engmode-extension from the permission, you still can use navigator.engmodeExtension.setPropertyValue/getPropertyValue calls in 6300/8000 to manipulate Android properties, and navigator.engmodeExtension.setCameraLed to manipulate the flashlight. You can even reboot on demand with navigator.engmodeExtension.setPropertyValue("sys.powerctl", "reboot") call. However, persist. properties are no longer persisted with these calls and are restored upon reboot.

[Luxferre]

Also, /data/local/service/api-daemon/remote/wavoip2 contains some WhatsApp-related VoIP plugin files. So they didn't improve on the proper channel capturing and used some workaround. Anyway, be prepared to receive VoIP in WhatsApp here soon.

[Luxferre]

Guys,

If anyone knows how to make Android Marshmallow base display the SD card mount point as /storage/sdcard (or /storage/sdcard1) instead of /storage/XXXX-XXXX (by volume serial number), I know how to root these devices now, but only provided we have a working /storage/sdcard path. Not /sdcard but /storage/sdcard, this is important.

Any ideas?

[perry]

hmh i don't quite understand the question, would you like a different path to the individual sdcards?

[perry]

adb get-serialno  ?

[Luxferre]

Nope, I need some way to make the OS have the sdcard mounted as /storage/sdcard instead of /storage/XXXX-XXXX. 

[perry]

root@Nokia 8110 4G:/storage/sdcard # 

is the sdcard not so accessible with a none rooted device?

[PuriShnit]

How about modifying the SD card's volume serial to "sdcard" instead of "XXXX-XXXX"?

[Luxferre]

LOL :) The volume serial is a 32-bit integer internally, and displayed as 8 hex digits: like 0012-34AB.

Perry, the default mountpoint is totally different from 8110 and even from 2720 here. It's akin to "normal" Android 6 Marshmallow.

[moische grossberger]

hello has anyone got on?

--

You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/83c50869-bc28-4e57-9308-ced37b6b74e6n%40googlegroups.com.

[Luxferre]

Meanwhile, ADB shell turns out to be directly working in 8000's recovery (under limited non-root user, of course) and the whole recovery seems to be the same as in 6300 4G. Which not only means that production update keys are the same, but also that command prompt and all getprop fields in this recovery ADB shell are saying "Nokia 6300 4G". ROFL.

[Chris S]

probably via blowfish (javascript lib) , there are some good examples on the web

* http://i-code.co.uk/javascript/blowfishhtmlencryption.php

* http://sladex.org/blowfish.js/

On Wednesday, 30 December 2020 at 20:49:51 UTC Mg wrote:

Is there a way to encrypt an app with a password?

[yair...@gmail.com]

So there is a working rooting method? 

Iv order'd 5 units of the 8000 and also from the 6300

I want to dump their firmware and do some stuff with them. 

ב-יום שני, 21 בדצמבר 2020 בשעה 20:00:36 UTC+2, Luxferre כתב/ה:

[Muhammad Arslan]

Hello there, I just bought Nokia 6300 4G, set it up and when I tried to install WhatsApp on it from the store, the store installs it and I can open it "only once" from the store. It disappears from the apps menu so it is inaccessible from anywhere. I was wondering if anyone else has the same issue or any solution to that. Please help!

[yair...@gmail.com]

Hey Guys

Im happy to tell you guys that iv succeded on dumping all nokia 8000 partitions without root

by decrypting the bootloader and dumping the mmcblk0 section

if it can help some people in their research DM me

ב-יום שני, 21 בדצמבר 2020 בשעה 20:00:36 UTC+2, Luxferre כתב/ה:

Meanwhile, ADB shell turns out to be directly working in 8000's recovery (under limited non-root user, of course) and the whole recovery seems to be the same as in 6300 4G. Which not only means that production update keys are the same, but also that command prompt and all getprop fields in this recovery ADB shell are saying "Nokia 6300 4G". ROFL.

[Luxferre]

Thanks,

From Yair's dumps, IMEI storage format in 6300/8000 became clear. The IMEI numbers are stored in a raw partition called rf_nv, under the addresses 0x88 and 0x108 for SIM1 and SIM2 respectively (and you can find the IEMI (IMEI backwards) signature at 0x80). They are represented in Qualcomm's standard format: prepend 80a to IMEI, split into pairs and invert each pair to get the written bytes. In theory, it's enough to alter these blocks in rf_nv partition and then erase modemst1 and modemst2 to apply the IMEI change.

P.S. Looks like Wallace Toolbox and libWallace will have to be completely rewritten for 6300/8000 devices once they are rooted.

[perry]

how to use navigator.engmodeExtension.setPropertyValue("call","")  to start a call ?