Unleash the power of Windows Phone

Latest News


There is a new method for flashing Nokia Lumia 800 devices. This seems to work on all devices. It allows you to flash custom unlocked ROM's. But be aware: This is for Experts only!! It requires you to disassemble the phone, solder connection points and you need extra hardware for this!

I need to state that I am no hardware expert. So use this information at your own risk!! I am not responsible for any damage caused directly or indirectly from using this information.

Normally, to get directly into the hardware of a phone, a technique called JTAG is used. To do this you need to connect hardware to connection-points on the mainboard of a phone and allows you to hook directly into the CPU of the phone. The technique that is uncovered now looks similar, but it is different. It seems that the Nokia Lumia 800 has connection-points that provide a serial-interface (similar to UART), which allows direct access to the NAND of the phone. This bypasses the Image-Update-mechanism, which does additional signature/certificate checks.

With direct access to the NAND, it is possible to flash custom ROM's. It is also possible to flash another OSBL partition. The earliest batch of Nokia Lumia 800 and 710 devices, were shipped with stock Qualcomm bootloaders. Those Qualcomm bootloaders also provide direct access to the NAND of the phone. So those phones could be flashed with custom ROM's. And the partitions could also be dumped on the PC. So it is possible to get the unlocked Qualcomm bootloader from the phone. Later batches of these phones were shipped with a bootloader that was customized by Nokia. This OSBL is known as Nokia DLOAD. Direct access to NAND was removed. And the unlocked Qualcomm bootloader that was dumped could not be loaded onto those phones, because you would need to load it using the Image-Updater, which does certificate checks. For Nokia Lumia 710 a signed package from the Qualcomm bootloader was found on the Nokia servers. This allows Nokia Lumia 710 users to downgrade their Lumia to the old Qualcomm bootloader and get access to NAND for flashing custom ROM's. The new technique, that is now uncovered, also allows to write back the dumped Qualcomm bootloader. Once that is done, the device is open for custom ROM flashing, even without the need to for extra hardware and disassembling the phone. That way, you need to disassemble the phone only once, and you'll be able to flash the phone as often as you like. However, you have to watch out for Zune updates. These updates can contain updated Nokia DLOAD partitions. So a Zune update can cause your phone to relock!

First you need to buy a device that can connect the serial interface to your PC. You need an Advance Turbo Flasher (ATF Box) for that. More info here:

Then you need to make a connector-cable according to this mapping:

And you need to get to the mainboard of your phone:

Then you need to connect the cable to the connection-points on the mainboard of the phone. You may need to solder the cable temporarily to the mainboard-connection-points!

Again, this is for experts only!! Especially because you need to solder on the mainboard of the phone. And those connection-points were not meant to be soldered on!

Many thanks to:

For people who don't want to risk all this, I can only say, that I'm still very actively searching for exploits to unlock Windows Phone 7 and especially Nokia Lumia devices. I've done A LOT of research over the last months. And although it is fruitless so far, I'm still working on some angles that I have hopes for that it will succeed in the end.