NvFlash (Modified)

Send and launch fusee exploit binary over usb, using python script.

./fusee-launcher/fusee-launcher.py ./payload/uart_payload_n7.bin

Send and launch custom bootloader binary over usb, using modified NvFlash to bypass security checks.

./utils/nvflash_v1.13.87205_miniloader_patched --setbct --bct ./bct/surface_rt_bct.BIN --configfile ./utils/flash.cfg --bl ./<your>.bin --go

(Experimental) Loading a bootloader binary and executing at specific memory address by adding --setentry 0x80808000 0x80808000 before --bl. 0x80808000 for example, is the memory address for the factory UEFI SPI-Flash bootloader. The factory bootloader binary is obtained by using the decryption script with the relevant SBK and dump of the SPI-Flash memory.

./utils/nvflash_v1.13.87205_miniloader_patched --setbct --bct ./bct/surface_rt_bct.BIN --configfile ./utils/flash.cfg --setentry 0x80808000 0x80808000 --bl ./<decrypted factory uefi>.bin --go

PreviousBCT Table NextBoot Linux

Last updated 2 years ago