Hello,
I am trying to unlock my sgs, that I bought in Croatia. It is locked to VIP carrier, but none of the metods described in the forums work for me.
I have copied my nv_data. bin file to my computer and extracted the unlock code from it with SGUX utility for windows by rbnet.it and marcopon. But when I reboot the phone with my SIM and enter the unlock code it says unsucsessful unlocking...
I also installed Sgs_Unlock.apk to my phone, witch gave me the same unlock code that doesent work.
Than I tryed to edit nv_data.bin file with hex editor, but it doesent seem to include an address 0x181468.
Thank you wery much!!!
Luka
Try using super one click.
Sent from my GT-I9000 using XDA App
Done
I´ve managed to unlock it with editing nv_data.bin file, that was slightly diferent that the one in this threathttp://forum.xda-developers.com/showthread.php?t=761045 .
Ehtoeh the phone was allready rooted with Super One Click so i could retrive the nv_data.bin file, but that doesent unlock it to other carriers.
This is how i did it:
Follow step 1. from the mentioned thread (retrive the nv_data.bin file).
Open the file with 010 Editor (trial version), go to view, linefeeds and set it to 8 bytes.
Go to mentioned adress (ctrl+g) and see the slightly different line ( ff 01 00 00 00 00 33 35)
Edit it to ff 00 00 00 00 00 33 35 and save.
Follow step 3. from the mentioned (How to unlock/unfreeze all SGS Models) thread, reboot and the phone was unlocked.
Oh i forgot it was running the 2.1 update1 Eclair when i unlocked it.
Luka
I've hosted the file nv_data without've managed to find the line you need to change. whether we could to help;
Let`s think,
Maybe the lock is located at some other address, you just have to find it.
As mentioned in this thread http://forum.xda-developers.com/showthread.php?t=761045 there are 5 different types of locks in 5 different bytes:
network lock, subset lock, sp lock, cp lock and data lock (don`t know if that`s true because i can find only four locks in my phone:network, subset, sp and cp but no data). The locks are defined with byte 00 for lock off and 01 for lock on.
Now enter *#7465625# to phone. It will display the locks and weather they are on or off. (see attachment)
You can now put together a string from the values that you get from the phone 00 for lock off and 01 for lock on.
It should begin with ff followed by the bytes you got from your phone, for example if you have active network lock and all other locks inactive you should have:
ff 01 00 00 00 00 xy xy
As you can see there are two other bytes xy, but we can live without knowing their values as they seem to be differ from phone to phone but they should allways be digits.
Now open your nv_data file with hex editor and search for the string you`ve put together without the last two bytes. You can get more than one result, but the right place is the one where the last two bytes will de digits.
Edit it to ff 00 00 00 00 00 xy xy to turn all the locks off.
I hope you`ll unlock your phone this way and let us know how it goes.
Luka
because I can not find the line you say ,can you find if there is to please;
Can you post a screencapture like i did so i can find that string.
like this ...i quote and the file...I found this address that is similar to saying that
try editing that one to ff 00 00 00 00 00 00 05, but be careful and have your nv_data backed up first cause this can brick your phone.
Iment a screencapture from your phone.
Luka
ok I did the treatment. I just want to tell me exactly, step by step how to switch back to back in mobile
Did you edit your nv_data.bin file and now the phone doesent work?
If so you have to restore your backup like this:
1. Copy the file from the backup (nv_data.bin) to your sdcard.
2. In ADB type the following commands one by one:
su
cp /sdcard/nv_data.bin /efs/nv_data.bin
rm -rf /efs/nv_data.bin.md5 (OR)
busybox rm -rf /efs/nv_data.bin.md53. Reboot your phone.
4. Most probably, now your SIM will not work and you will not be able to login into your phone. Please don’t be panic. We are with you
5. Pop off the SIM.
6. Boot your smartphone.
7. Run the below commands through ADB:
su
busybox chown 1001:1001 /efs/nv_data.bin or
chown 1001:1001 /efs/nv_data.bin
8. Your phone should be OK now.
There is a whole thread on this topic on this forum http://forum.xda-developers.com/showthread.php?t=859914
thnaks for the reply, unfortunately i did not meant that.
i would like to explain me, how you can insert in the sd memory card the nv_data (edit) that i have already processed. In order to sumarize, i would like to know the orders.
Sorry, I didn´t understand you.
So you need to push nv_data.bin file that you have edited back to your phone.
you need to follow the instructions from this thread http://forum.xda-developers.com/showthread.php?t=761045
First copy your nv_data.bin file to root of your sdcard and then use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands:
su
rm /efs/nv_data.bin
rm /efs/nv_data.bin.md5
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
reboot
Post if it worked.
Luka
i can not, look the foto
This happened to me allso, try rooting your phone with superoneclick (ignore message device seem to be rooted) just before entering adb. If that still doesen`t work try with terminal emulator.
Well we made it and unlock it!
The procedure followed was about as I said it.
1. Follow step 1. from the mentioned thread (retrive the nv_data.bin file).
2.Open the file with 010 Editor (trial version), go to view, linefeeds and set it to 8 bytes.
3.Go to mentioned adress (ctrl+g) and see the slightly different line ( ff 01 00 00 00 00 33 35) may be different numbers from device to device
4.Edit it to ff 00 00 00 00 00 33 35 and save.
5.Follow step 3. from the mentioned (How to unlock/unfreeze all SGS Models) thread, reboot and the phone was unlocked.
When I did the procedure I had a mobile unroot!
Nice to hear you`ve managed to unlock it, I knew you`ll do it soon or later
If it`s unrooted now, you can just root it again, but i don`t know why this happened.
All i would like to know is at wich address the lock was located as your nv_data.bin file didn`t have the address mentioned in the first post. It could help other people to unlock their phones.
Luka
Well you do it again root, I changed my kernel and Rom are all ok!
The address for nv_data.bin is of the form FF 01 00 00 00 00 xx xx to me was
FF 01 00 00 00 00 00 05.
Related
Hi all,
I tried dumping my ROM the same way I did when dumping my Kaiser ROM, but I can't get it to work. This is what I do/get:
C:\Diamond\itsutilsbin-20080313
>pdocread.exe -l
210.75M (0xd2c0000) DSK1:
| 3.12M (0x31f000) Part00
| 4.38M (0x460000) Part01
| 117.13M (0x7520000) Part02
| 86.13M (0x5620000) Part03
3.75G (0xf0000000) DSK7:
| 3.75G (0xf0000000) PART00
STRG handles:
handle 2689b706 3.75G (0xf0000000)
handle 67cabf16 86.13M (0x5620000)
handle a7db27be117.13M (0x7520000)
handle a7db279a 4.38M (0x460000)
handle 47db2752 3.12M (0x31f000)
disk 2689b706
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 67cabf16
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a7db27be
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk a7db279a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 47db2752
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\Diamond\itsutilsbin-20080313
>pdocread -w -d DSK1 -b 0x800 -p Part00 0 0x31f000 Part00.raw
CopyTFFSToFile(0x0, 0x31f000, Part00.raw)
ERROR: ITReadDisk: outbuf==NULL
- device is not ready for use.
When I hook up my Kaiser, all goes perfect. Any idea on how to solve this?
I use Windows XP
The device is a Dutch one. If I manage to dump the RAW files, I will upload them here so someone can reconstruct them. Then we would have a stoch Dutch ROM. At the moment I lack the time and knowledge to do the reconstructing.
Thanks in advance!
HKLM\Security\Policies\Policies
valuename '00001001' was set to dword:2, change it to dword:1
Try it my friend
Thanks, but that reg setting came preloaded, so there was no need to change it. I did check that setting before trying to dump.
Other ideas?
you need to unlock your spl! is your spl locked ... you cant use the command to read out the rom. on htc trinity you have a discription to send a password to the spl to enable some commands.
the easiest way is ... to check all command you can use! if you get a error your spl is locked!
if its locked ... you need hardspl!! possible the first hardspl version isnt full patched and the importend commands are block ... but fix are avaliable!
i havent a htc diamond, to give you a 100% correct answer!
PS i am a big fan of Dr. Strange Love!
NetrunnerAT said:
you need to unlock your spl! is your spl locked ... you cant use the command to read out the rom. on htc trinity you have a discription to send a password to the spl to enable some commands.
the easiest way is ... to check all command you can use! if you get a error your spl is locked!
if its locked ... you need hardspl!! possible the first hardspl version isnt full patched and the importend commands are block ... but fix are avaliable!
i havent a htc diamond, to give you a 100% correct answer!
PS i am a big fan of Dr. Strange Love!
Click to expand...
Click to collapse
the SPL doesnt have to be unlocked to read from the NAND.
Dr. Strangelove said:
Thanks, but that reg setting came preloaded, so there was no need to change it. I did check that setting before trying to dump.
Other ideas?
Click to expand...
Click to collapse
do a search around for EnableRAPI.cab that will help you with procread
Thanks already for the input.
I installed EnableRAPI.cab, but no effect.
I tried installing HardSPL, but my device has these details:
R: 0.93.25.NS26
G: 52.26.25.09H
D: 1.35.00.00
So no HardSPL for me yet + Radio from HELL (damn)
Still, I recently dumped a Pharos, which was certainly not equipped with HardSPL. So I guess walshieau has a point.
I will try bootloader commands now, see what that gives...
Dr. Strangelove said:
Thanks already for the input.
I installed EnableRAPI.cab, but no effect.
I tried installing HardSPL, but my device has these details:
R: 0.93.25.NS26
G: 52.26.25.09H
D: 1.35.00.00
So no HardSPL for me yet + Radio from HELL (damn)
Still, I recently dumped a Pharos, which was certainly not equipped with HardSPL. So I guess walshieau has a point.
I will try bootloader commands now, see what that gives...
Click to expand...
Click to collapse
connect to mtty and type this
password BsaD5SeoA
Click to expand...
Click to collapse
walshieau said:
connect to mtty and type this...
Click to expand...
Click to collapse
OK, command entered. Something else first or do I try to dump again now?
NOTE: this is my first time using mtty and the device is not mine (my father's, I own a Kaiser). So please make sure you provide me enough info so I don't f*ck up.
Dr. Strangelove said:
OK, command entered. Something else first or do I try to dump again now?
Click to expand...
Click to collapse
try a simple task 32
This is what I got:
No card inserted
SD read fail!
Level = FF
Dr. Strangelove said:
This is what I got:
No card inserted
SD read fail!
Level = FF
Click to expand...
Click to collapse
means the password command didnt work
It seems my incompetence got the upper hand...
First time I opened MTTY I directly entered the password command (see first pic). Result: error
Second time I first hit enter. Then the CMD> appeared and only then I entered the password and task 32 command. No errors no more, but also no output. Normal?
Anyways, dumping is still no go...
Dr. Strangelove said:
It seems my incompetence got the upper hand...
First time I opened MTTY I directly entered the password command (see first pic). Result: error
Second time I first hit enter. Then the CMD> appeared and only then I entered the password and task 32 command. No errors no more, but also no output. Normal?
Anyways, dumping is still no go...
Click to expand...
Click to collapse
well it looks like the second one accepted the password, now type set 16 0
this just resets the reboot flag in the NAND if there was a bad flash of an NBH file.
Well, I don't know what the problem is this time, but I can't get the phone/mtty to accept the password. Since I closes the second session, I had to reconnect, so far with no results.
I'm afraid that if I don't dump it tomorrow morning, I will have to wait 2 weeks before I can try again.
Anyway, thanks again for the suppport
Hi,
some thoughts of me. I don't know if it would help.
- try another older/newer version of itsutils.
You can find it here: itsutils
-can you try the -h switch ?
read this
- maybe my way to dump the Comet ROM can explain how to use it.
link
post #3 and 6
scorpio16v said:
Hi,
some thoughts of me. I don't know if it would help.
- try another older/newer version of itsutils.
You can find it here: itsutils
-can you try the -h switch ?
read this
- maybe my way to dump the Comet ROM can explain how to use it.
link
post #3 and 6
Click to expand...
Click to collapse
Thanks, but nothing worked.
I updated itsutils, but it didn't help.
I read through the thread, wiki, Mio forum, tried all the commands with my own parameters => no go.
Other than the usual error message, I sometimes get this error: "A device attached to the system is not functioning."
Again, dumping my Kaiser is no problem.
Too bad I couldn't dump it. I will try again dumping the RAW files in 2 weeks, since my father is going abroad for two weeks.
Thanks all for your time and effort. See you in two weeks.
Guys!
Don't make things harder than they are. I have succesfully dumped a Diamond device earlier. Watch closely:
210.75M (0xd2c0000) DSK1:
| 3.12M (0x31f000) Part00
| 4.38M (0x460000) Part01
| 117.13M (0x7520000) Part02
| 86.13M (0x5620000) Part03
3.75G (0xf0000000) DSK7:
| 3.75G (0xf0000000) PART00
The disk name is not DSK1, but DSK1:! So, the correct command would be:
pdocread -w -d DSK1: -b 0x800 -p Part00 0 0x31f000 Part00.raw
Now start dumping
OMG...
You've got to be kidding me... I know I'm capable of a lot of stupidity, but this time I took it a whole new level... If NoThrills is right (he probably is), then I'm sorry for wasting everybody's time.
Whatever. Tonight I will try to dump the ROM again. hopefully it will be successful, and I will see together with NoThrills on how to reconstruct the ROM. He has kindly offered his assistance, for which I would like to thank him publicly.
See you tonight.
Dr. Strangelove said:
OMG...
You've got to be kidding me... I know I'm capable of a lot of stupidity, but this time I took it a whole new level... If NoThrills is right (he probably is), I'm sorry for wasting everybody's time.
Whatever. Tonight I will try to dump the ROM again. hopefully it will be successful, and I will see together with NoThrills on how to reconstruct the ROM. He has kindly offered his assistance, for which I would like to thank him publicly.
See you tonight.
Click to expand...
Click to collapse
It fooled me too There is one thing more, I could dump the Part00 with the command line as provide a few posts up, but not the OS part. I had to use the -h (handle parameter) instead of -p Part00 hope that helps..
Hi there,
I got my hands on a phone that appears to be a copycat of the HTC Diamond 2. It’s running WM6.5. There is no volume button on it so they have some other trick to get into the boot loader. In order to flash it, the vendor is using a simple process:
1. Put a Loader.bin and Flash.bin file on the SD Card.
2. Turn on the phone while holding the “hang-up” and “back” buttons.
3. The boot loader then kicks in and installs the new ROM.
What I’m trying to figure out is what is the file format for Flash.bin and how can to recreate it myself? Basically I’d like to be able to take an nbh from an official ROM file and convert it to that Flash.bin thing.
Using an HEX editor, I see that the first part of Flash.bin looks very similar to an OS partition that can be extracted from an nbh file (e.g. using NBHExtract) but one difference is that the header of Flash.bin starts with a few more bytes B0B0FF etc.:
B 0 B 0 F F …
42 30 42 30 46 46 0A 00 0C 0C 00 00 8A 90 06 00 0C 0C 00 00 02 02 00 2C 53 4E
I’ve uploaded both Loader.bin and Flash.bin here if you want to look further.
http://rapidshare.com/files/328271954/FLASH.zip
http://rapidshare.com/files/328259421/LOADER.BIN
Any tips greatly appreciated.
Thanks,
Bob
cm7 mac address fix
i rooted my kindle fire and my dads kindle fire and put cm7 on both
then when we both tried to get on wifi it didnt work after looking into it we found out that we both had the same ip address and also the same mac address
here is a quick quide for changing your mac address
original credit goes to jfb9301 over here
I AM NOT LIABLE IF YOU MESS SOMETHING UP
PROCEED AT YOUR OWN RISK
you need
root explorer
hexeditor
connect your fire
cmd.exe nav to your adb folder
> adb shell
> su
> wlan_cu -b
> / w p 1 l 2 f 2
> / t b v 21
> / t b t 1 0 0 0 0 0 0 0
> / q
now ctrl-C
exit cmd
now on kindle open root explorer
navigate to data/misc/wifi
copy nvs_map.bin
navigate to sdcard and paste
just for safety paste another copy and rename add .bak
" nvs_map.bin.bak "
now open the nvs_map.bin that is in the sdcard with hexeditor
edit the first line
for the mac address 08:00:28:12:34:56
0000: 01 6d 54 56 34 12 28 01 71 54 00 08 00 00
so for 11:22:33:44:55:66
0000: 01 6d 54 66 55 44 33 01 71 54 22 11 00 00
save the file
now in root explorer copy nvs_map.bin from the sdcard and paste it into data/misc/wifi
long press on the file and set permissions to RW- RW- RW-
now reboot
open up wifi settings> menu>advanced and double check your new mac address
credit to jfb9301
good luck!
saving for later
Already posted
SEE HERE
Also, someone in the thread posted an easier fix:
Download the attached .zip. Extract it. Copy the file to /system/bin/. Reboot.
tkalli said:
Already posted
SEE HERE
Click to expand...
Click to collapse
You mean already posted as in the OP pointed out it was posted there? He was just putting it in the dev section since that is where most people would search for it and where the original thread poster wanted to put it, but couldnt...
Hello All,
I have searched the forums but can find no solution specifically for this phone, so here I am.
Awhile back AT&T offered a minor update, (not KitKat), for my LG e980. No problem, updated just fine. I have never flashed this phone and it is not rooted, but my IMEI # is now 0 and I don't know why? With the upgrade to KitKat coming out, I won't be able to get it with my IMEI # gone. This was a new phone out of the box and I did nothing to the phone other than that small upgrade. I don't want to get a replacement because of all the stuff I have on this phone. Is there anyway to reset, recover, or restore my missing IMEI #? I'm running Androud 4.1.2. Software V e98010p. Any help or a point to the right forum to fix this will be greatly appreciated. Thank you.
Go to Menu --> General--> Backup & Reset--> Factory data reset. This should fix the problem. If it doesn't, bring the phone back for a replacement.
Knvsmom said:
Hello All,
I have searched the forums but can find no solution specifically for this phone, so here I am.
Awhile back AT&T offered a minor update, (not KitKat), for my LG e980. No problem, updated just fine. I have never flashed this phone and it is not rooted, but my IMEI # is now 0 and I don't know why? With the upgrade to KitKat coming out, I won't be able to get it with my IMEI # gone. This was a new phone out of the box and I did nothing to the phone other than that small upgrade. I don't want to get a replacement because of all the stuff I have on this phone. Is there anyway to reset, recover, or restore my missing IMEI #? I'm running Androud 4.1.2. Software V e98010p. Any help or a point to the right forum to fix this will be greatly appreciated. Thank you.
Click to expand...
Click to collapse
No way to reset if you didn't back up anything
Sent from my LG-E980 using XDA Premium 4 mobile app
Factory reset makes the phone like it was when he left AT&T or recieved in the mail. Doesn't need a backup.
Sent from my LG-E980 using Tapatalk
Hmmm... it's my understanding that a reset will not fix this as it has to with the EFS which could be corrupted.... I went through this on my last phone and a reset did not work nor did going back to stock... my phone was toast...the only is to restore from an EFS back up which sounds like he didn't do or take it in and have it fixed... as for losing everything on the phone just copy everything over to your ext sd ...
Sent from my LG-E980 using XDA Free mobile app
Lg optimus g pro iemi repair
Knvsmom said:
Hello All,
I have searched the forums but can find no solution specifically for this phone, so here I am.
Awhile back AT&T offered a minor update, (not KitKat), for my LG e980. No problem, updated just fine. I have never flashed this phone and it is not rooted, but my IMEI # is now 0 and I don't know why? With the upgrade to KitKat coming out, I won't be able to get it with my IMEI # gone. This was a new phone out of the box and I did nothing to the phone other than that small upgrade. I don't want to get a replacement because of all the stuff I have on this phone. Is there anyway to reset, recover, or restore my missing IMEI #? I'm running Androud 4.1.2. Software V e98010p. Any help or a point to the right forum to fix this will be greatly appreciated. Thank you.
Click to expand...
Click to collapse
I had same problem n i reset my imei within 1 hour by below method This mathod is for lg optimis g but ALSO WORK FOR
LG OPTIMUS G PRO E980 AT&T
Here is the link
http://forum.xda-developers.com/showthread.php?t=1942417
The following instructions are to be used to repair your G2X/P999 phone's IMEI number if it has been changed to all zeros which can happen due to a bad flash. Your phone's actual IMEI number is printed on the box your phone came in and it is on a sticker located under the battery.
1) Download QPST
http://hosting.ecap-droid.com/Droid/...pub=bxfo8sfkv6
2) Install QPST and pin it to the Start Menu
3) Download LG Drivers
4) Install LG Drivers
5) In the phone’s Settings -> Applications -> Development -> enable USB debugging
6) Access the phone's hidden menu using the phone keypad (dialer), enter: 3845#*980#
7) In Port Setting enable CP USB (do not enable Retain ...) then press: OK ( SKIP THIS STAP )
8) Plug your phone into the USB port and wait a few seconds until the USB drivers install.
9) Access the LGE Mobile USB Modem driver through Control Panel -> Device Manager -> LGE Mobile USB Modem -> Advanced -> Advanced Port Settings
10) Click on the box next to “Append to Log” so that a checkmark is in that box.
11) Click on: Query Modem
The window above “Query Modem” should fill up with (the following data is from my phone, your phone’s Revision may be and IMEI will be somewhat different):
“ATQ0V1E0 - OK
AT+GMM - 0
AT+FCLASS=? - +FCLASS: (0-1)
AT#CLS=? - COMMAND NOT SUPPORTED
AT+GCI? - COMMAND NOT SUPPORTED
AT+GCI=? - COMMAND NOT SUPPORTED
ATI1 - Manufacturer: QUALCOMM INCORPORATED
Model: 0
Revision: M6600A-SCAUTNZ-2.0.9720T 1 [MAR 11 2012 10:00:00] MP:TRULGE_08.09.02R_MDM
IMEI: 0127XXXXXXXXXXXXXXX (I’ve X’d out my IMEI for security reasons)
+GCAP: +CGSM,+DS,+ES
ETC…”
If that doesn’t happen, then the Port Setting has probably reverted back to “AP USB” and will need to be changed back to “CP USB” or the LG drivers didn't install fully or correctly or the computer's usb connection or the usb cable has a problem. Check the phone’s screen and see if the Port Setting is still at “CP USB”. If it’s not (back on “AP USB”) redo step 7. If the setting is still at "CP USB" then reinstall the LG drivers. If there's still a problem, it may be the computer's USB port or the USB cable.
12) Click on: View log
The phone’s current IMEI is listed in the information.
a) If the IMEI is the same as the original one, that means it hasn’t really changed from the original IMEI and it should be OK after the phone is reflashed with a .kdz update file. Flash the phone with a .kdz file by using the offline method.
b) If the IMEI is not the same as the original one, that means it needs to be changed back to the original one. If the IMEI has to be changed, continue from step 13 (the next step).
13) In the terminal port setting, get the LGE Mobile USB Modem COM Port number by accessing the USB driver through Control Panel -> Device Manager -> LGE Mobile USB Modem -> Advanced -> Advanced Port Settings -> COM Port Number
Write down the port number.
14) Close the LGE Mobile USB Modem Properties window.
15) Run QPST Configuration from QPST folder in the Start Menu
16) In QPST Configuration, click on: Ports tab
17) In Ports window, click on the Port which has the phone listed as FFA-QSC6295 (DEAD00D) with the USB Link
18) Write down the COM port number with USB Link. For example: COM44 = 44 It should match the COM Port Number you previously wrote down in step 13.
19) In QPST Configuration, click on: Phone tab
20) In Active Phones window, click on the phone listed as FFA-QSC6295 DEAD00D ZRF6500 with the same COM port as you wrote down previously
21) In the QPST Configuration menu, click on: Start Clients, and click on: Software Download
22) In QPST Software Download, click on the: Backup tab
23) A dialog box should appear with the same COM port number as you selected previously and there should be a name for the QCN File which has the ESN number in it (DEAD00D_1.qcn) and an SPC (Service Programming Code) number of 000000
24) If you want to, add information to the QCN File name to make it more explanatory. For example:
DEAD00D_1_BEFORE_IMEI_Fix.qcn
25) Browse to a location you want to save the QCN backup file to
26)Click on: Start
27) Run RF NV Manager from the QPST folder in the Start Menu
28) In the RF NV Manager menu, click on: Setting, and click on: Comport
29) In the Comport Configuration dialog box, click on the arrow in the selection window and select the port number you wrote down from step and click on: OK
30) In the RF NV Manager menu, click on: File, and click on: Read From Phone
31) The RF NV Manager window should fill up with the NV items from your phone
32) Click on item number: 550 NV_UE_IMEI_I
33) Next to the list of NV items, the IMEI number currently in your phone will appear as list of 9 boxes with numbers in it.
34) Above the IMEI number list, enable Hex so that a checkmark appears in the selection box
35) The IMEI number is listed in Hex in reverse order from the bottom up
36) Prepare your 15 digit IMEI number as in the following example but use your own IMEI number:
The example IMEI used is: 012766-00-012345-2
If you're lazy, download the IMEI Converter from http://www.sendspace.com/file/a3spfh and use it then jump to step 36.5
If you're not lazy, or the IMEI Converter download isn't working, here's how to do it manually.
36.1) Rewrite your IMEI number without dashes.
For example: 012766-00-012345-2 becomes 012766000123452
36.2) Rewrite your 15 digit IMEI so it's separated into a list of 8 groups, with the first number by itself and the rest in two number pairs.
For example: 012766000123452 becomes 0 12 76 60 00 12 34 52
36.3) Reverse the numbers in each pair.
For example: 0 12 76 60 00 12 34 52 becomes 0 21 67 06 00 21 43 25
36.4) Add 08 and a to the number.
For example: 0 21 67 06 00 21 43 25 becomes 08 0a 21 67 06 00 21 43 25
36.5) Rearrange the pairs of hex numbers into a vertical list so that the first pair on the left of the string of Hex numbers is at the top of the list and continue with each successive pair downwards.
For example: 08 0a 21 67 06 00 21 43 25 becomes:
08
0a
21
67
06
00
21
43
25
36.6) Enter the pairs of hex numbers into the list of IMEI boxes starting from the top.
37) Click on: Write NV
38) After the IMEI is written to the phone, click on: File, in the menu and click on: Read From Phone
39) The NV Item data will be reread from the phone
40) Click on: NV item 550 NV_UE_IMEI_I which, when highlighted, should show the IMEI number.
41) Above the IMEI number list, enable Hex so that a checkmark appears in the selection box
42) The IMEI you previously entered in the boxes to the right of the NV item list should be there in HEX. The IMEI will be missing some leading zeros such as the 0 in 08 and 0a in the first two boxes and may also be missing in other boxes but that's nothing to worry about.
43) Write out the hex digits, adding the missing leading zero to each single hex digit and check it against the pairs of numbers in the list you entered. They should be the same.
44) If the IMEI is correct, you're done with fixing the IMEI
45) Make another NV backup as you did before but use a new file name such as:
DEAD00D_1_AFTER_IMEI_Fix.qcn
46) Exit all the programs you used, unplug the phone from the computer, reboot the phone and check the IMEI number
This is what the NV Item 550 where the IMEI number is located looks like as a block of memory:
00550 (0x0226) - OK
08 0A 21 67 06 00 21 43 25 00 00 00 00 00 00 00 | ..xx..xxxxx.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
call att they will prob send you a new one if its been less than a year since purchase they have to if not you may be able to talk them into it anyway if they cant fix the problem
sidmax10 said:
I had same problem n i reset my imei within 1 hour by below method This mathod is for lg optimis g but ALSO WORK FOR
LG OPTIMUS G PRO E980 AT&T
Here is the link
http://forum.xda-developers.com/showthread.php?t=1942417
The following instructions are to be used to repair your G2X/P999 phone's IMEI number if it has been changed to all zeros which can happen due to a bad flash. Your phone's actual IMEI number is printed on the box your phone came in and it is on a sticker located under the battery.
1) Download QPST
http://hosting.ecap-droid.com/Droid/...pub=bxfo8sfkv6
2) Install QPST and pin it to the Start Menu
3) Download LG Drivers
4) Install LG Drivers
5) In the phone’s Settings -> Applications -> Development -> enable USB debugging
6) Access the phone's hidden menu using the phone keypad (dialer), enter: 3845#*980#
7) In Port Setting enable CP USB (do not enable Retain ...) then press: OK ( SKIP THIS STAP )
8) Plug your phone into the USB port and wait a few seconds until the USB drivers install.
...............
Click to expand...
Click to collapse
Basically, the E980 does not have CP Modem under "Port Settings"
So i have redmi note 8 pro with chinese rom stable 12.5 .. the phone bootloader is locked , i tried to unlock the bootloader in normal way by bining an MI account but i am unable to bind mi account to device in developer settings BECAUSE ( the phone IMEI is changed) so its always gives an error of request timeout upon clicking bind account.. morever i tried evry vpn and other possible way to bind my account to unlock bootloader but unable to do it..
Can anyone help me out of this . Because i want to use global rom with google play which i cant do until unlocking bootloader.
I need any possible official or UNofficial way to unlock my redmi note 8 pro bootloader..
Your help would be appreciated. Thankyou
This error.. and it comes after 1-2 mins of clikcing "add device and account"
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
RahanCrau said:
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
Click to expand...
Click to collapse
can you please give me discord and guide me there. i am not so much pro in these.
i am waiting for help for soo many long time if you help me it will be really appreciated man please
RahanCrau said:
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
Click to expand...
Click to collapse
Bro, can you teach me on what basis did you give the hex values?
Is it that they are translated using tools such as HxD?
Are they device specific?
RahanCrau said:
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
Click to expand...
Click to collapse
seccfg is unreadable on MIUI 12.5.1 GLOBAL
RahanCrau said:
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
Click to expand...
Click to collapse
i am getting this error
josephmh said:
View attachment 5448767
i am getting this error
Click to expand...
Click to collapse
Use mtkclient. Google it, read and do.
Kirasu2080 said:
Use mtkclient. Google it, read and do.
Click to expand...
Click to collapse
Thnx dude.
Bootloader is unlocked but i can't access fastboot mode
I get this message :
The serial is not match fastboot_unlock_verify fail
josephmh said:
Thnx dude.
Bootloader is unlocked but i can't access fastboot mode
I get this message :
The serial is not match fastboot_unlock_verify fail
Click to expand...
Click to collapse
I didn't see anyone report that error until now (many tested).
Try again like this:
Join Telegram group and ask for help if not work.
josephmh said:
Thnx dude.
Bootloader is unlocked but i can't access fastboot mode
I get this message :
The serial is not match fastboot_unlock_verify fail
Click to expand...
Click to collapse
Almost EVERY smartphone manufacturer sets a Fastboot verification flag to verify if the Fastboot is really unlocked or not. As in the case of Redmi the bootloader unlock verification is done by the devinfo partition by verifying the flag. Since using the tool you just unlocked the bootloader, Fastboot can't be accessed. Just flash anything u want through SP Flash Tool. Or ask any kind human here for their devinfo and set the unlock flag yourself.
llxxVENOMxxll said:
Almost EVERY smartphone manufacturer sets a Fastboot verification flag to verify if the Fastboot is really unlocked or not. As in the case of Redmi the bootloader unlock verification is done by the devinfo partition by verifying the flag. Since using the tool you just unlocked the bootloader, Fastboot can't be accessed. Just flash anything u want through SP Flash Tool. Or ask any kind human here for their devinfo and set the unlock flag yourself.
Click to expand...
Click to collapse
Don't try this if your a noob and mess your phone.
llxxVENOMxxll said:
Don't try this if your a noob and mess your phone.
Click to expand...
Click to collapse
I was on android 11 i couldn't enter even recovery and i was having that dm-verity corruption, i downloaded the oldest firmware i can get which is android 10 nd flash it with sp flash tool now i can access recovery (colorOs recovery) nd i tried unofficial twrp recovery the phone can't boot to recovery until i reflashed the stock recovery by the way i have Oppo reno 3 cph2043 not redmi note 8
josephmh said:
I was on android 11 i couldn't enter even recovery and i was having that dm-verity corruption, i downloaded the oldest firmware i can get which is android 10 nd flash it with sp flash tool now i can access recovery (colorOs recovery) nd i tried unofficial twrp recovery the phone can't boot to recovery until i reflashed the stock recovery by the way i have Oppo reno 3 cph2043 not redmi note 8
Click to expand...
Click to collapse
The DM-Verity error is due to the unlock is not official. So it will happen. The device should normally boot after showing you the error for 5 seconds. If it doesn't then you're doomed.
llxxVENOMxxll said:
The DM-Verity error is due to the unlock is not official. So it will happen. The device should normally boot after showing you the error for 5 seconds. If it doesn't then you're doomed
Click to expand...
Click to collapse
As i said that error doesn't show on android 10 i downgraded the phone to colorOs7 which is android 10 not 11 but not i have fastboot_unlock_verify fail .. and when i go to developer options -> oem unlock it shows that bootloader is unlocked
Even my OPPO (A31 CPH2015) shows the same problem. We need to find a workaround or get rid of ColorOS forever.
Someone had that problem in Redmi note 8 pro also even official way. Some said press power 1 time whenever that dm-verity show (they just accept and live with it). Some used global one then clean flash China rom, patch vbmeta,... and it gone. Some flash random custom roms and it disappear. Hope these info can help you guys.
RahanCrau said:
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback" of the "seccfg" partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
Click to expand...
Click to collapse
Syed Abdul Sami said:
So i have redmi note 8 pro with chinese rom stable 12.5 .. the phone bootloader is locked , i tried to unlock the bootloader in normal way by bining an MI account but i am unable to bind mi account to device in developer settings BECAUSE ( the phone IMEI is changed) so its always gives an error of request timeout upon clicking bind account.. morever i tried evry vpn and other possible way to bind my account to unlock bootloader but unable to do it..
Can anyone help me out of this . Because i want to use global rom with google play which i cant do until unlocking bootloader.
I need any possible official or UNofficial way to unlock my redmi note 8 pro bootloader..
Your help would be appreciated. Thankyou
Click to expand...
Click to collapse
josephmh said:
Thnx dude.
Bootloader is unlocked but i can't access fastboot mode
I get this message :
The serial is not match fastboot_unlock_verify fail
Click to expand...
Click to collapse
josephmh: how you did it?? please help.
nijat1122 said:
josephmh: how you did it?? please help.
Click to expand...
Click to collapse
Use bypass-utility to enter BROM mode nd then unlock with mtkclient or mtkuniversal google it u'll find the how to use them