Hikari Calyx Tech 资源 How to remove Nokia 8 FRP Lock – World’s first ever

How to remove Nokia 8 FRP Lock – World’s first ever

In this article, I’ll show you how to remove FRP on Nokia 8 without using any flashing dongle, any box. The method I’m going to use its regardless of android security patch level, the only thing you need to do is enter emergency flash mode. World’s first ever.

To enter Recovery for factory reset if you want to try it out, here’s the method provided by HMD:
1. Power off your phone.
2. Press and hold Volume Up key and connect your phone to PC.
3. Waiting for Android robot on the ground displays along with NO COMMAND, release the Volume Up.
4. Press Volume Up while pressing power key to get Recovery menu.

I found if a bootloader designed for service purposes is downloaded to your phone, you can boot into EDL mode by using fastboot command directly. To do that, you also need to install OST LA and patch it. About how to patch OST LA and the download link of Nokia 8 OFW, read this article.


Choose the firmware, then click edit phone data, when “Boot FTM mode fail” prompts, now you’re able to enter EDL mode with service purposes bootloader.
Open command prompt or PowerShell at the installation directory of OST LA (For 64-bit OS, that’s C:\Program Files (x86)\OST LA), type this command:

.\fastboot-android oem reboot-edl

That will boot your phone to Emergency Download Mode.

Now, if you have Qualcomm emergency flash drivers installed, you will find a serial port displayed in Ports category in Device Manager, called “Qualcomm HS-USB QDLoader 9008” or “Qualcomm HS-USB Diagnostics 9008”. Or, if you have Windows Device Recovery Tool installed since you probably have a Windows Phone of HoloLens. To install required drivers, I recommended you to install Qualcomm emergency flash drivers from MiFlash, a flash tool provided by Xiaomi. The driver included has driver signature, so you needn’t to enter disable driver enforcement mode on 64-bit Windows.

After you update the driver to QDLoader, reboot your phone and reboot to EDL from Download mode again.

I noticed rawprogram0.xml included in the official firmware has a line written, that’s about FRP partition, but there’s no file defined, so normally it won’t be flashed normally. However, I made an empty file that has 512KB by HxD size called FRP.img which could erase the FRP partition.

And that’s how the trick works: Use QFIL included in latest QPST (At least Version 2.7.460) or latest MiFlash to flash them. You have to search for QPST 2.7.460 for yourself.

Download the latest MiFlash from here:

Download the FRP removal package I provided, then open QFIL.


In Configuration – FireHose Configuration, choose device type as UFS, then press OK.

Click “Flat Build”, pick the programmer to the firehose file.
Click “Load XML”, then pick rawprogram0.xml, then cancel for patch0.xml selection.

Now click download, an empty FRP.img will be flashed into your phone.
After the FRP.img downloaded, you can disconnect your phone, then press and hold Power Button for 10 seconds to reboot.

You can skip Wi-Fi connection right now, and the FRP is now removed.
That wraps up the whole guide of FRP removal for Nokia 8.

Now, this doesn’t involve any security update, so in theory, it works on any release of security update for Nokia 8, even Google couldn’t prevent from that.

If you found this article useful, please consider to donate me via PayPal: https://paypal.me/CalyxHikari

Leave a Reply

Related Post


该教程分为四个部分。 1、 Bootloader解锁 2、 刷入原厂固件 3、 Root的基本方法 4、 避开SafetyNet检测 为了方便完成整个教程,建议事先安装OST LA 6.0.4并准备好对应原厂固件以便应对任何可能的情况。因为Bootloader解锁会清空全部数据,操作之前请一定要备份。 第一部分:Bootloader解锁 1、 在解锁之前打开开发者选项,启动允许OEM解锁,必要的话可以顺带启动USB调试。 2、 记下手机本身的序列号。在关于手机——状态信息里可以看到。 3、 访问www.cmd5.com ,计算这个序列号的MD5校验值。这个校验值(32个字符)就是你的手机的解锁码。 4、 将手机重启进Bootloader模式。进入方法有点繁琐。 (1)关机。 (2)手机插上充电器的同时按住音量加和电源键,屏幕提示Release key to power off也不要放开。 (3)重新出现Powered by


注:本文并非教程!如果你想照着操作,请仔细考虑自己在做什么!本文不适合对Android研究毫无基础的人试验! 昨天我入手了一台诺基亚7当天就把bootloader解锁了。我当时还强调,没有去申请解锁码。这并非愚人节玩笑。 那么这是怎么做到的呢?大概讲一讲我的过程。 重新阐述一下我之前电报的动态,本次解锁利用了三个漏洞: 1、售后提权刷机命令(从Android 8.0 更新起提权命令发生变化,更加复杂) 2、原厂固件提取出来的维护用Bootloader 3、可以使用EDL线进入高通紧急下载模式 (从Android 8.0 更新起仅有原型机仍然能使用EDL线) 将以上三个漏洞综合起来利用,就得到了这样的结果。 只要满足条件,理论上讲这套方案也适用于运行 Android 7.1 的夏普 AQUOS S2、诺基亚 6 第二代、诺基亚 8。 第一部分:准备工作 首先,为了确保漏洞 1 和 3 能够被正常利用,请确保你的手机正在运行 Android 7.1