Related
So I have an Optimus G LS970, added a couple apps, but other than that it's pretty basic. I'm wanting to root this device and eventually add a custom rom on it perhaps, but I've very new to this and don't want to accidentally brick my device.
1) I've been looking for stable linux rooting methods, the only one I've found that looks promising is here, but it's 2 years old. Does anyone know anything about it's stability for android 4.1.2, kernel 3.4.0?
2) In order to transfer files (music, pictures, pdfs/ebooks) to/from my device it needs to be mounted, but I haven't been able to mount it for this (or any other) purpose at all. It shows up as connected (command "lsusb" shows "Bus 002 Device 028: ID 1004:631d LG Electronics, Inc.") but it won't mount. Will this be possible once rooted, or is there some other cause to this?
3) Once rooted, I want to get rid of some of the Preinstalled apps but I'm not sure which will lead to instability and which would be fine to remove, does anyone know where I can check this, or would I just need to list all the apps I don't want on my phone and have you all tell me on an app-by-app basis which is safe to remove?
4) Lastly, when it comes to using alternative app markets, I haven't had much luck. I was trying to test using alt stores with f-droid and nothing showed in the lists, so I don't know if that's a thing with f-droid or my device. Is there anything you need to do to use alt app stores aside from enabling it in the system settings, and installing the app store's .. app?
Thanks in advance!
JustAk said:
So I have an Optimus G LS970, added a couple apps, but other than that it's pretty basic. I'm wanting to root this device and eventually add a custom rom on it perhaps, but I've very new to this and don't want to accidentally brick my device.
1) I've been looking for stable linux rooting methods, the only one I've found that looks promising is here, but it's 2 years old. Does anyone know anything about it's stability for android 4.1.2, kernel 3.4.0?
2) In order to transfer files (music, pictures, pdfs/ebooks) to/from my device it needs to be mounted, but I haven't been able to mount it for this (or any other) purpose at all. It shows up as connected (command "lsusb" shows "Bus 002 Device 028: ID 1004:631d LG Electronics, Inc.") but it won't mount. Will this be possible once rooted, or is there some other cause to this?
3) Once rooted, I want to get rid of some of the Preinstalled apps but I'm not sure which will lead to instability and which would be fine to remove, does anyone know where I can check this, or would I just need to list all the apps I don't want on my phone and have you all tell me on an app-by-app basis which is safe to remove?
4) Lastly, when it comes to using alternative app markets, I haven't had much luck. I was trying to test using alt stores with f-droid and nothing showed in the lists, so I don't know if that's a thing with f-droid or my device. Is there anything you need to do to use alt app stores aside from enabling it in the system settings, and installing the app store's .. app?
Thanks in advance!
Click to expand...
Click to collapse
All of your questions are answered here. http://forum.xda-developers.com/showthread.php?t=2050582
And the FAQ.
1. See above
2. Install the LG drivers, link is in that OP, then tick MPT. That should transfer your files. If not, you may need to uninstall, then reinstall them.
3. DO NOT remove any apps unless you unlock! Info is in that link also.
4. I have no idea on that one.
Sent from my LG-LS970 using XDA Premium 4 mobile app
engine95 said:
All of your questions are answered here. http://forum.xda-developers.com/showthread.php?t=2050582
And the FAQ.
1. See above
2. Install the LG drivers, link is in that OP, then tick MPT. That should transfer your files. If not, you may need to uninstall, then reinstall them.
3. DO NOT remove any apps unless you unlock! Info is in that link also.
4. I have no idea on that one.
Sent from my LG-LS970 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
1) *EDIT* [Doesn't say anything about linux rooting, how am I supposed to install a windows drive on a linux system?] I overlooked the linux mention. Thanks! Can't find something. How/where do I find adb?
2) Ignore, see 1) [Again, how am I supposed to install the Windows driver in linux?]
3) Thanks for that. I didn't know the importance of unlocking the bootloader.
JustAk said:
1) *EDIT* [Doesn't say anything about linux rooting, how am I supposed to install a windows drive on a linux system?] I overlooked the linux mention. Thanks! Can't find something. How/where do I find adb?
2) Ignore, see 1) [Again, how am I supposed to install the Windows driver in linux?]
3) Thanks for that. I didn't know the importance of unlocking the bootloader.
Click to expand...
Click to collapse
Sorry bout that. Linux drivers are native, so they're anyway installed.
You use either fiddy629 root for Linux, or Framaroot.
Sent from my LG-LS970 using XDA Premium 4 mobile app
---------- Post added at 10:53 PM ---------- Previous post was at 10:51 PM ----------
Edit. You don't have to have ADB, but there's alot of info if you google it.
Sent from my LG-LS970 using XDA Premium 4 mobile app
engine95 said:
Sorry bout that. Linux drivers are native, so they're anyway installed.
You use either fiddy629 root for Linux, or Framaroot.
Sent from my LG-LS970 using XDA Premium 4 mobile app
---------- Post added at 10:53 PM ---------- Previous post was at 10:51 PM ----------
Edit. You don't have to have ADB, but there's alot of info if you google it.
Sent from my LG-LS970 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I tried fiddy619's thing here using the universal linux one. It asked me for ADB. Found that debian has "android-tools-adb" so I installed that, now there's this:
Code:
Using: /usr/bin/adb
Waiting for device... Connect your LGOG via USB in Charge Only Mode
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Device found
Beginning Root Process
Disconnect your phone from USB
Disable USB Debugging
Enable USB Debugging
Press enter to Continue
I can't tell if this is telling me to do these things, or if it's saying it already did them. Any idea?
JustAk said:
I tried fiddy619's thing here using the universal linux one. It asked me for ADB. Found that debian has "android-tools-adb" so I installed that, now there's this:
Code:
Using: /usr/bin/adb
Waiting for device... Connect your LGOG via USB in Charge Only Mode
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Device found
Beginning Root Process
Disconnect your phone from USB
Disable USB Debugging
Enable USB Debugging
Press enter to Continue
I can't tell if this is telling me to do these things, or if it's saying it already did them. Any idea?
Click to expand...
Click to collapse
Nevermind that, I got it working just fine. took o nly a couple seconds and it was done. Now I have "SuperSU" in my apps menu, so I'm guessing it worked.
JustAk said:
Nevermind that, I got it working just fine. took o nly a couple seconds and it was done. Now I have "SuperSU" in my apps menu, so I'm guessing it worked.
Click to expand...
Click to collapse
Awesome, glad to hear it worked! Which if you have SuperSU it should have. I too only use linux(Linux Mint specifically) and while most guides are made for Windows, things are usually easier from the linux terminal because we don't need to download drivers, android uses a modified linux kernel, etc. Welcome to the forums, glad to have you here! All the info you need is here and plenty of people will be glad to help(as engine has already demonstrated). As for the alternative app markets, Ive read plenty and tested a few but really, nothing comes close to the play store. On our phone Banks Gapps is the standard google apps package to install if you are flashing a custom rom. Just make sure you get the correct version of gapps for the version of android your rom is based on.
HPTesla said:
Awesome, glad to hear it worked! Which if you have SuperSU it should have. I too only use linux(Linux Mint specifically) and while most guides are made for Windows, things are usually easier from the linux terminal because we don't need to download drivers, android uses a modified linux kernel, etc. Welcome to the forums, glad to have you here! All the info you need is here and plenty of people will be glad to help(as engine has already demonstrated). As for the alternative app markets, Ive read plenty and tested a few but really, nothing comes close to the play store. On our phone Banks Gapps is the standard google apps package to install if you are flashing a custom rom. Just make sure you get the correct version of gapps for the version of android your rom is based on.
Click to expand...
Click to collapse
Ah. brilliant, thanks!
The only problem I'm now having is getting the phone to connect to my computer so I can transfer music or ebooks or whathaveyou to/from my device. I've gone through the arch wiki for android (even though I'm running debian) and this forum postt but I keep getting an error:
Code:
$ android-connect
Listing raw device(s)
Device 0 (VID=1004 and PID=61f9) is a LG Electronics Inc. V909 G-Slate.
Found 1 device(s):
LG Electronics Inc.: V909 G-Slate (1004:61f9) @ bus 2, dev 8
Attempting to connect device
PTP_ERROR_IO: failed to open session, trying again after resetting USB interface
LIBMTP libusb: Attempt to reset device
Android device detected, assigning default bug flags
Error 1: Get Storage information failed.
Error 2: PTP Layer error 02fe: get_handles_recursively(): could not get object handles.
Error 2: (Look this up in ptp.h for an explanation.)
Listing File Information on Device with name: (NULL)
LIBMTP_Get_Storage() failed:-1
I can start a separate thread regarding this issue, but if you have any insight, figured it couldn't hurt to ask real quick.
JustAk said:
Ah. brilliant, thanks!
The only problem I'm now having is getting the phone to connect to my computer so I can transfer music or ebooks or whathaveyou to/from my device. I've gone through the arch wiki for android (even though I'm running debian) and this forum postt but I keep getting an error:
Code:
$ android-connect
Listing raw device(s)
Device 0 (VID=1004 and PID=61f9) is a LG Electronics Inc. V909 G-Slate.
Found 1 device(s):
LG Electronics Inc.: V909 G-Slate (1004:61f9) @ bus 2, dev 8
Attempting to connect device
PTP_ERROR_IO: failed to open session, trying again after resetting USB interface
LIBMTP libusb: Attempt to reset device
Android device detected, assigning default bug flags
Error 1: Get Storage information failed.
Error 2: PTP Layer error 02fe: get_handles_recursively(): could not get object handles.
Error 2: (Look this up in ptp.h for an explanation.)
Listing File Information on Device with name: (NULL)
LIBMTP_Get_Storage() failed:-1
I can start a separate thread regarding this issue, but if you have any insight, figured it couldn't hurt to ask real quick.
Click to expand...
Click to collapse
This may or may not help, but when I've had issues with Linux hooking up I've had to format my SD. Something gets stuck in there that Linux just didn't like.
Sent from my LG-LS970 using XDA Premium 4 mobile app
JustAk said:
Ah. brilliant, thanks!
The only problem I'm now having is getting the phone to connect to my computer so I can transfer music or ebooks or whathaveyou to/from my device. I've gone through the arch wiki for android (even though I'm running debian) and this forum postt but I keep getting an error:
Code:
$ android-connect
Listing raw device(s)
Device 0 (VID=1004 and PID=61f9) is a LG Electronics Inc. V909 G-Slate.
Found 1 device(s):
LG Electronics Inc.: V909 G-Slate (1004:61f9) @ bus 2, dev 8
Attempting to connect device
PTP_ERROR_IO: failed to open session, trying again after resetting USB interface
LIBMTP libusb: Attempt to reset device
Android device detected, assigning default bug flags
Error 1: Get Storage information failed.
Error 2: PTP Layer error 02fe: get_handles_recursively(): could not get object handles.
Error 2: (Look this up in ptp.h for an explanation.)
Listing File Information on Device with name: (NULL)
LIBMTP_Get_Storage() failed:-1
I can start a separate thread regarding this issue, but if you have any insight, figured it couldn't hurt to ask real quick.
Click to expand...
Click to collapse
Are you doing this with the phone turned on and booted into the os? It gives you a PTP error first, make sure the phone is in MTP. At the bottom you also have a LIBMTP error tho. I don't have much experience with debian but from what I understand it is extremely stable but the downside is that it can be a bit out of date at times. Ubuntu and all ubuntu derivatives had a major mtp flaw awhile back but it has since been fixed. Im not sure if it has been fixed in debian. Yes ubuntu is based off of debian, but just like linux mint will add things to the ubuntu base, ubuntu will do the same to the debian base. So LIBMTP MAY be out of date, Im not sure. I know that I have no problem seeing my phone from either the terminal or file browser. Check this out and see if it helps any.
If not you may have to follow engine's advice and format the sd.
EDIT: Also this might work, it is for linux mint but adding the repository and installing it should work on debian(I think) since they all use .deb files. Before ubuntu officially supported mtp by default this was the most popular work around.
HPTesla said:
Are you doing this with the phone turned on and booted into the os? It gives you a PTP error first, make sure the phone is in MTP. At the bottom you also have a LIBMTP error tho. I don't have much experience with debian but from what I understand it is extremely stable but the downside is that it can be a bit out of date at times. Ubuntu and all ubuntu derivatives had a major mtp flaw awhile back but it has since been fixed. Im not sure if it has been fixed in debian. Yes ubuntu is based off of debian, but just like linux mint will add things to the ubuntu base, ubuntu will do the same to the debian base. So LIBMTP MAY be out of date, Im not sure. I know that I have no problem seeing my phone from either the terminal or file browser. Check this out and see if it helps any.
If not you may have to follow engine's advice and format the sd.
EDIT: Also this might work, it is for linux mint but adding the repository and installing it should work on debian(I think) since they all use .deb files. Before ubuntu officially supported mtp by default this was the most popular work around.
Click to expand...
Click to collapse
The first thing you linked to (steneteg.org or somesuch) was another avenue I went down trying to solve this, but alas it resulted with much the same problems. The second link to the linuxmint forums looked very promising, the only problem with it is the ppa has been dropped by webupd8 so it no longer is available (404s).
I have just discovered earlier today that adb push/pull works for getting things onto/off of my device, but I can't use adb to mount the device to allow it to be seen with a filemanager (thunar in this case). So, that's progress I think.
EDIT : I just saw mention somewhere of androidair, have yyou any experience with this app's reliability/security?
JustAk said:
The first thing you linked to (steneteg.org or somesuch) was another avenue I went down trying to solve this, but alas it resulted with much the same problems. The second link to the linuxmint forums looked very promising, the only problem with it is the ppa has been dropped by webupd8 so it no longer is available (404s).
I have just discovered earlier today that adb push/pull works for getting things onto/off of my device, but I can't use adb to mount the device to allow it to be seen with a filemanager (thunar in this case). So, that's progress I think.
EDIT : I just saw mention somewhere of androidair, have yyou any experience with this app's reliability/security?
Click to expand...
Click to collapse
You can try searching for other places where go-mptfs is located, other ppas where it still might be. The ubuntu forums also has this as a possible solution. I haven't used androidair but I have moved files over wifi using the sshdroid app and an ssh server on my pc with great success. If you have any experience with ssh that could be a possible solution although it is obviously slower than usb. But ssh in general is a simple and great tool, also pretty secure since you are simply connected to your home wifi - as long as your wifi is secure you should be fine.
On my pc I believe its openssh that I use - plenty of tutorials out there for that - and here is the link to sshdroid in the play store. Hope this helps!
EDIT: I will also be at work until 2p.m. EST so may not be able to reply back until then - don't worry, I will as soon as I get home if you have any other issues.
I know that it was foolish of me to not fully research this set of commands I have copied the before and after of tit all from the command line. I was attempting to mess around with my phone with QPST. I know, I can REALLY REALLY make things hideous if I don't tread carefully with QPST, but I am willing to take the risk in order to learn, even if I do get burned because my phone bursts into flames.
Any who here is the output from my commandline which I ran because using *#0808# and switching to either RNDIS+DM+MODEM or DM+MODEM+ADB didn't make my phone visible for QPST. And I also tried while in recovery, download mode, and all the other settings in the *#0808# menu, plus variations of the menu and then booting into recovery, normal boot, and download mode. All to no avail, then in frustration I tried the following and it's gotten to the point I can't see my phone via adb anymore. So could someone please give me the undo set of commands for typing into my phones terminal as I can't type them via my computer due to adb not seeing it anymore? Thanks
C:\Users\xxxxx>adb devices
List of devices attached
0123456789ABCDEF device
C:\Users\xxxxx>adb shell
$ echo MODEM USB > /sys/class/sec/switch/usb_sel
echo MODEM USB > /sys/class/sec/switch/usb_sel
cannot create /sys/class/sec/switch/usb_sel: permission denied
$ su
su
# echo MODEM USB > /sys/class/sec/switch/usb_sel
C:\Users\xxxxx>adb shell
error: device not found
Oh!, and if anyone can explain either what the commands did or better yet where I can go read about such commands and what they do that would be great too. Thanks
Not sure how relevant this is or if it will help you but this man seems to be in kinda the same boat, why don't you take a look at this thread particularly post #2 http://forum.slimroms.net/topic/2008-broken-usbuart-path-causing-loss-of-adb/
Sent from my Nexus 7 2013 using Tapatalk
crazymonkey05 said:
Not sure how relevant this is or if it will help you but this man seems to be in kinda the same boat, why don't you take a look at this thread particularly post #2 http://forum.slimroms.net/topic/2008-broken-usbuart-path-causing-loss-of-adb/
Sent from my Nexus 7 2013 using Tapatalk
Click to expand...
Click to collapse
Thank you for the link I haven't tried anything based on the information yet, actually haven't read it all yet. Very complex stuff just lets me know how far I have to go. Odd thing is that I now for some reason have ADB working again. I did a factory reset recently and the other day I reinstalled/refreshed my computer. My computer was infected by a bunch of viruses and malware the phone was just sluggish and I had way more apps I wanted rid of than to keep. Anyway, I don't know if the virus on my system had anything to do with the malfunction or if it was the command I used but for now it is back to working.
I was working on a friends HTC Desire and was having a hell of a time getting fastboot commands to work. I got hboot USB working but when giving a command it would generate a "device connected toi USB has malfunctioned" also the USB ports would shut off untill reboot too intermittantly and even my wifi three or four days ago became disabled and I reset the adapter fine for 5mins then it went a level deeper and deeper till I reinstalled the driver. That being said it is more likely that it was the virus and or the person messing with my system that was causing all the grief. They even triggered email alerts on a couple of my accounts that passwords were input wrong 5 times in a row and that some security settings were being changed. Hopefully I have dealt with that if not I'll have to wait till they get bored. Sorry if that was a little off topic it sort of conencts to my recent problems.
I've tried everything to my knowledge including doing multiple google searches but I can't figure this out. I recently switched to Linux Mint 19 from Ubuntu 18.10 and I'm having issues getting my device to properly work using ADB. I have created the proper rules (to my knowledge) in /etc/udev/rules.d/51-android.rules and also added vendor id in ~/.android/adb_usb.ini. The main issue I seem to be having here is that after I revoke USB debugging authorizations from developer settings, I do not get the pop up on my device to allow authorization. I've tried restarts of my phone and PC but it still shows as unauthorized when typing adb devices. Any help would be appreciated. Also, just noticed I was missing some spaces in 51-android.rules I fixed but that did not fix it.
Triscuit said:
I've tried everything to my knowledge including doing multiple google searches but I can't figure this out. I recently switched to Linux Mint 19 from Ubuntu 18.10 and I'm having issues getting my device to properly work using ADB. I have created the proper rules (to my knowledge) in /etc/udev/rules.d/51-android.rules and also added vendor id in ~/.android/adb_usb.ini. The main issue I seem to be having here is that after I revoke USB debugging authorizations from developer settings, I do not get the pop up on my device to allow authorization. I've tried restarts of my phone and PC but it still shows as unauthorized when typing adb devices. Any help would be appreciated. Also, just noticed I was missing some spaces in 51-android.rules I fixed but that did not fix it.
Click to expand...
Click to collapse
Try this
sudo apt-get install android-tools-adb
sudo apt-get install android-tools-fastboot
If after that you type adb devices and you don't see your serial number type
echo 0x2717 >> ~/.android/adb_usb.ini
Just something I googled...
Tulsadiver said:
Try this
sudo apt-get install android-tools-adb
sudo apt-get install android-tools-fastboot
If after that you type adb devices and you don't see your serial number type
echo 0x2717 >> ~/.android/adb_usb.ini
Just something I googled...
Click to expand...
Click to collapse
The first two commands are to install adb and fastboot, which I've done. The third command is to add a new product id in adb_usb.ini which I got "permission denied" so I entered it manually for ****s and giggles but it didn't help. Thank you though!
I was finally able to get the device to authorize, I did a few things but I'm not sure which one corrected the problem, first. I deleted the adbkey file from /home/.android folder, I also changed permissions of the folder to rw-rw-rw and finally I hit "Revoke USB debugging authorizations" under development settings WHILE the phone was plugged into the computer. Every other time I had done it after unplugging the device. Not sure which one worked but it did, now I can get back to flashing again!
Sent from my Pixel 2 XL using XDA Labs
I had to go back in time to find this.. but this was how I originally was able to get things going in Ubuntu... It's very dated but I'm sure some of this may work?
https://forum.xda-developers.com/showpost.php?p=39144762&postcount=2
jbarcus81 said:
I had to go back in time to find this.. but this was how I originally was able to get things going in Ubuntu... It's very dated but I'm sure some of this may work?
https://forum.xda-developers.com/showpost.php?p=39144762&postcount=2
Click to expand...
Click to collapse
Yep I honestly think my problem was that I was unplugging my device before revoking authorizations..... Silly me haha
Sent from my Pixel 2 XL using XDA Labs
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
devmihkel said:
For good or for bad NOT everything appears correct, except the running 17.x version... As of now neither the "commercial jailbreak" supports new versions (well yes they were using exactly the same file to start with Also 16.51.x or newer appears to be no go: uconnect-8-4-8-4an-update
EDIT: haven't got 17.09.07 to try, but on 17.11.07 manifest.lua has changed and the last block/ search keyword is "ota_update" instead. Otherwise all the same, image valid after the edit and script.sh gets fired - at least on 16.33.29 that is @HanJ67 Did you actually try to mount installer.iso after the edit and checked /etc/manifest.lua for the end result before?
Click to expand...
Click to collapse
devmihkel said:
Yeah, 2nd attempt is much better as last lua block is correctly terminated and your script might actually run, but unfortunately no successful 17.x runs have been reported so far SWF scripts are not involved in update/jail-breaking run, these ones become relevant only once you are in (and need to enable some app or wifi or navi features etc). Afaik 17.x blocks ethernet dongle usage as well, but let's see if even the USB driver/link gets activated at all?
Click to expand...
Click to collapse
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Do You have an idea how to connect by USB2LAN adapter to uConnect ?
Do You know if there is an UART pins on the mainboard ?
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
Hello, any news about it?
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
sofro1988 said:
Hello, any news about it?
Click to expand...
Click to collapse
I have not had had much time to work on this.
I actually had an idea last week that brought me back to this. I plan to use a custom flash drive to present an unmodified ISO for verification, then swap nand to an identical image that has been he's edited to enable usb Ethernet and add a custom key for ssh access.
I thought to stack a NAND on top of the original on a is flash drive, then breakout the Chip Enable pin to a switch. I've seen this done for with guys modifying game consoles to be able to run modified firmware.
Once the 2nd NAND is in place I will restore an image of the original nand containing the unmodified update, then hex edit the required portions to allow access after updating.
If this method works, I should be able to pass the verification with the original nand chip, then switch it (hopefully there's a big enough window to do this by hand) then present the modified nand before it begins the flash procedure.
Hopefully someone more intimately familiar with the update scripts can verify I'm not missing anything in the process
Tajadela said:
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
Click to expand...
Click to collapse
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
thanks for answer.
I saw an ssh key with the hex editor, but I would like to see exactly what you have replaced.
if it's not too much trouble, it would be interesting to see with some screenshots the changes you've made.
So we could work on two fronts. The idea of the double nand is good, but not very simple to make ...
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
SquithyX said:
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
Click to expand...
Click to collapse
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
martinbogo1 said:
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
Click to expand...
Click to collapse
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
sofro1988 said:
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
I managed to connect with the cisco adapter (usb / ethernet), but I don't know the root password. is the problem at the moment insurmountable ..
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
martinbogo1 said:
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
Click to expand...
Click to collapse
I connected in telnet on a uconnect 6.5 with firmware 15.xx.xx. You can connect to Uconnect with static IP it brings up if no DHCP is offered is: 192.168.6.1
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
after rsa key replaced, do you have recalculate the checksum of UPD file?
have you replaced the first 64 bytes of the file?
thanks
@itsJRod, isn't it that you would like to explain the procedure to replace the RSA key in the swdl file? thank you
Hello,
have you made any progress? I am a bit lost. I put the EU uconnect MY15 to US dodge charger MY16 and Perf Pages were working fine even on 16.16.13, although after upgrade to 17.x (17.46.0.1 right now) I am meeting the problem of expired subscription (which is not possible to have on EU radio).
I am considering basically three solutions:
a) going back to US radio, but modify the language pack/nav/FM frequencies (it is doable, but I do not know how, although I can pay for it relatively less than time invested)
b) downgrade to 16.16.13 - I have no clue how to do it, I tried to put swdl.upd with swdl.iso as and installer.iso with no luck of course.
c) take xlets from KIM2/ of 16.16.13 to KIM23 of 17.46.0.1 secondary.iso - this is probably preferred way but I do not know how to make it to pass ISO validation.
Of course root on uconnect is extremely nice to have but I will be fully satisfied with Perf Pages working again.
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
djmjr77 said:
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
Click to expand...
Click to collapse
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
I created an account just to reply to this and All I have to say is you're literally an absolute life saver. I've been working on this every day for two weeks now, trying every trick people said, trying every USB, every format, every version and nothing ever worked from me. Uconnect support was absolutely no help and it was a lot of back-and-forth finger pointing and no you need to reach out to this person between them and the dealership. Dealership tried to charge me for a Proxy Alignment when I asked to just update my damn radio stuck in this loop.
I have a 2015 Jeep Cherokee 8.4AN VP4 NA Head Unit 68238619AJ. I was updating from 17.11.07 to 18.45.01 and got stuck at the step 11 1% and would get a failed sierra wireless every time and then got in that "bolo update failed" loop..Well to fix it just now all I did was download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in the previous comment and quick format to FAT32 on a 16GB Micro Center USB extracted the files from 16.33.29 to the USB with 7ZIP, plugged in like normal and BOOM it ran the first step restarted and I had a working radio again showing update 18.45.01.
(So i'm assuming you don't have to do the S Byte thing I didn't even mess with it I just used the 16.33.29 to bypass step 11 since that version only has 14 steps and 18.45.01 was already preloaded from attempting before. My navigation still is the wrong address but I don't care about all that just thankful to have my radio back before my wife killed me for trying to update it by myself. )
I hope this helps someone else one day because it took some deep research and hours on hours of forum hoping to finally find the solution. <3
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
Do you have another link to download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe files? I am trying to help a friend of mine they way this helped me. Thank you again for this!
Preface
With this guide I can officially deprecate the other guide I wrote, as we will no longer have to hack together a solution by loading profiles for other carriers. Meaning, that this should just work provided an mbn exists for your carrier - doesn't matter from which device. This has been reported to work on TMO in the US, which did not work with my other method.
Prerequsities
* You must have working DIAG mode. See my other thread for more information on how to set that up.
Downloads
* AsusVoLTE v1.0.1
* EfsTools 0.10 modded 1.2
* EFS items
* Xiaomi Mi 9T MBNs (optional)
Step 1 - setting props
Install the AsusVoLTE app from above, make sure to upgrade if you already have it installed. Run the app and press the Enable VoLTE button; this should set some properties on the device to force-enable VoLTE after we have also done the other steps below. If you already enable VoLTE using my old method you can safely skip this step.
If you prefer to not use the app, simply run this in an adb shell:
Code:
setprop persist.vendor.dbg.ims_volte_enable 1
setprop persist.vendor.dbg.volte_avail_ovr 1
setprop persist.vendor.dbg.vt_avail_ovr 1
setprop persist.vendor.dbg.wfc_avail_ovr 1
If you are unable to set those properties for whatever reason, like if you have returned to stock after flashing the mbn and no longer have root, there is another possibility to force VoLTE/VoWiFi; There's a secret code you can use to force-enable it, but unfortunately it does not survive a reboot (not sure why ASUS didn't make it persistent).
Enter this in the dialler:
Code:
*#*#3642623344#*#*
The number will clear itself, and you shouldn't see any output if it succeeded.
When you have done this, go to (System) Settings -> Mobile network and toggle Mobile data off then on again. You should hopefully see the VoWiFi or VoLTE icon in the status bar now, but like I said above you will have to redo this if you reboot the phone - so if you can, please use the properties method instead.
Step 2 - making sure it works
Before we begin, make sure you close down QPST, otherwise EfsTools will error out because there can not be two clients connected at once.
Unzip EfsTools from above, open up a cmd window and cd to the directory where you extracted it. Depending on how you connect to diag you will need to modify EfsTools.exe.config - if you're connecting via USB you most likely won't have to do anything as it will find the port automatically, unless you have more than one port, in which case you can simply change port from Auto to the COM port of the phone (for example COM13).
If you are connected via wifi you will need to change port to 2500 (or whatever port you used in the AsusVoLTE app) and remote to true. So the efstool line should look something like this:
Code:
<efstool port="2500" remote="true" baudrate="38400" password="FFFFFFFFFFFFFFFF" spc="000000"/>
You can test the connection by running this in the cmd window:
Code:
EfsTools.exe efsInfo
This should report back some info if everything is working. If not, try rebooting the device and redo the bits from the DIAG guide.
Step 3 - disabling mcfg
Extract efs.zip from above to the same directory as EfsTools.exe, and make sure the mcfg_autoselect_by_uim file is there. Now simply run this in the cmd window, one line at a time:
Code:
EfsTools.exe writeFile -i mcfg_autoselect_by_uim -o /nv/item_files/mcfg/mcfg_autoselect_by_uim
EfsTools.exe writeFile -i mcfg_autoselect_by_uim -o /nv/item_files/mcfg/mcfg_autoselect_by_uim -s 1
If everything worked you should see no error messages.
Step 4 - writing mbn
If you are using the Xiaomi Mi 9T mbns zip from above, move it to the EfsTools directory and extract it. Now we simply need to find the mbn for your carrier.
The mbn directory structure is generally laid out like this: <region>/<carrier>/commerci/<country>/mcfg_sw.mbn. For example, the one for my carrier is eu/h3g/commerci/se/mcfg_sw.mbn. Copy the mcfg_sw.mbn file to the same directory as the EfsTools.exe, then go to the cmd window you opened and type this:
Code:
EfsTools.exe uploadDirectory -i mcfg_sw.mbn -o / -v
To get it working on the second SIM slot you will also have to run this:
Code:
EfsTools.exe uploadDirectory -i mcfg_sw.mbn -o / -s 1
If it has worked you should see a bunch of output, but no errors. Try rebooting now, and hopefully after it has booted you will have fully functional VoLTE and VoWiFi.
Source code:
AsusVoLTE - Github
EfsTools - Github
Let me know if this works for you, or if you have any questions.
Regards
I cannot for the life of me get either method to work. Connected via USB. DIAG mode driver is loaded on COM1, even changed Baud rate on the COM port in device manager to 38400. USB method gives me "Critical Error: Bad Command" Remote method does not send any information but indefinitely runs. I'm really not sure what else to try. Im on the latest WW Firmware with Magisk root. Is there anything else I can check? Are you on the 8 GB Tencent version?
xbamaris1` said:
I cannot for the life of me get either method to work. Connected via USB. DIAG mode driver is loaded on COM1, even changed Baud rate on the COM port in device manager to 38400. USB method gives me "Critical Error: Bad Command" Remote method does not send any information but indefinitely runs. I'm really not sure what else to try. Im on the latest WW Firmware with Magisk root. Is there anything else I can check? Are you on the 8 GB Tencent version?
Click to expand...
Click to collapse
Is COM1 the only port available? What does it identify itself as in Device Manager? It should be a Qualcomm ... 902d device.
I'm on the tencent version, yeah, so it should be working for you as well.
HomerSp said:
Is COM1 the only port available? What does it identify itself as in Device Manager? It should be a Qualcomm ... 902d device.
I'm on the tencent version, yeah, so it should be working for you as well.
Click to expand...
Click to collapse
I changed it to that, I'm even trying this on a completely different computer to see. Now its on COM3 on the different system with that driver. I even recently did a full WW firmware flash and factory reset as well. So its pretty much completely stock other than Root and the Apps you made / modified.
Still, Critical error. Bad Command when running efsTools efsInfo
What version of the driver does it say for you?
Edit: When you're able to access efs, What does your sys.usb.state say? I have rndis,adb shown but sys.usb.config is set for rndis,diag,adb. Does your sys.usb.state have diag included?
Use serial port 'COM13'
Critical error. The requested resource is in use.
Use serial port 'COM13'
Critical error. The requested resource is in use.
Use serial port 'COM13'
Critical error. The requested resource is in use.
I keep getting the following error and I'm not sure what the cause may be. Is it possible that a video tutorial could be made to help out in beginning as I'm not sure what I'm doing wrong on my end.
Thank you so much for your work on this though! It is nothing short of amazing.
Does it matter which USB port we use on the device? I've tested both the bottom and the side and neither are working.
Cammarratta said:
Use serial port 'COM13'
Critical error. The requested resource is in use.
Use serial port 'COM13'
Critical error. The requested resource is in use.
Use serial port 'COM13'
Critical error. The requested resource is in use.
I keep getting the following error and I'm not sure what the cause may be. Is it possible that a video tutorial could be made to help out in beginning as I'm not sure what I'm doing wrong on my end.
Thank you so much for your work on this though! It is nothing short of amazing.
Does it matter which USB port we use on the device? I've tested both the bottom and the side and neither are working.
Click to expand...
Click to collapse
Make sure you dont have QPST server running. Its not required if using the tools. I ran into this issue and realized thats what it was that was using it.
How do I make sure the server is not running? I've rebooted and checked but I'm not seeing anything/indication of it doing so. Thank you in advance!
Cammarratta said:
How do I make sure the server is not running? I've rebooted and checked but I'm not seeing anything/indication of it doing so. Thank you in advance!
Click to expand...
Click to collapse
Open up QPST Configuration > at the top click Server > then Stop QPST Server. After that, see if efsTools give you anything. (efsTools efsInfo)
Hrmmm still not working on my end. Not sure what I'm doing wrong but I'll give it a rest for the time being.
My qserver keeps saying that it cannot find my USB or phone either. So I might be missing something. I'll Uninstall and try again though
Cammarratta said:
Hrmmm still not working on my end. Not sure what I'm doing wrong but I'll give it a rest for the time being.
My qserver keeps saying that it cannot find my USB or phone either. So I might be missing something. I'll Uninstall and try again though
Click to expand...
Click to collapse
What does it say for you? It won't find it if you turn it off. What is the COM port / driver that shows up in Device Manager
xbamaris1` said:
I changed it to that, I'm even trying this on a completely different computer to see. Now its on COM3 on the different system with that driver. I even recently did a full WW firmware flash and factory reset as well. So its pretty much completely stock other than Root and the Apps you made / modified.
Still, Critical error. Bad Command when running efsTools efsInfo
What version of the driver does it say for you?
Edit: When you're able to access efs, What does your sys.usb.state say? I have rndis,adb shown but sys.usb.config is set for rndis,diag,adb. Does your sys.usb.state have diag included?
Click to expand...
Click to collapse
Could you try this updated EfsTools: https://github.com/HomerSp/EfsTools...modded-1.1/EfsTools-0.10-modded-1.1-win32.zip Hopefully it should work for you.
sys.usb.state is supposed to say just rndis,adb - diag will only be listed in sys.usb.config.
HomerSp said:
Preface
With this guide I can officially deprecate the other guide I wrote, as we will no longer have to hack together a solution by loading profiles for other carriers. Meaning, that this should just work provided an mbn exists for your carrier - doesn't matter from which device. This has been reported to work on TMO in the US, which did not work with my other method.
Prerequsities
* You must have working DIAG mode. See my other thread for more information on how to set that up.
Downloads
* AsusVoLTE v1.0.1
* EfsTools 0.10 modded 1.1
* EFS items
* Xiaomi Mi 9T MBNs (optional)
Step 1 - setting props
Install the AsusVoLTE app from above, make sure to upgrade if you already have it installed. Run the app and press the Enable VoLTE button; this should set some properties on the device to force-enable VoLTE after we have also done the other steps below. If you already enable VoLTE using my old method you can safely skip this step.
Step 2 - making sure it works
Before we begin, make sure you close down QPST, otherwise EfsTools will error out because there can not be two clients connected at once.
Unzip EfsTools from above, open up a cmd window and cd to the directory where you extracted it. Depending on how you connect to diag you will need to modify EfsTools.exe.config - if you're connecting via USB you most likely won't have to do anything as it will find the port automatically, unless you have more than one port, in which case you can simply change port from Auto to the COM port of the phone (for example COM13).
If you are connected via wifi you will need to change port to 2500 (or whatever port you used in the AsusVoLTE app) and remote to true. So the efstool line should look something like this:
You can test the connection by running this in the cmd window:
This should report back some info if everything is working. If not, try rebooting the device and redo the bits from the DIAG guide.
Step 3 - disabling mcfg
Extract efs.zip from above to the same directory as EfsTools.exe, and make sure the mcfg_autoselect_by_uim file is there. Now simply run this in the cmd window, one line at a time:
If everything worked you should see no error messages.
Step 4 - writing mbn
If you are using the Xiaomi Mi 9T mbns zip from above, move it to the EfsTools directory and extract it. Now we simply need to find the mbn for your carrier.
The mbn directory structure is generally laid out like this: <region>/<carrier>/commerci/<country>/mcfg_sw.mbn. For example, the one for my carrier is eu/h3g/commerci/se/mcfg_sw.mbn. Copy the mcfg_sw.mbn file to the same directory as the EfsTools.exe, then go to the cmd window you opened and type this:
If it has worked you should see a bunch of output, but no errors. Try rebooting now, and hopefully after it has booted you will have fully functional VoLTE and VoWiFi.
Source code:
AsusVoLTE - Github
EfsTools - Github
Let me know if this works for you, or if you have any questions.
Regards
Click to expand...
Click to collapse
Absolutely genius, your work here is greatly appreciated everything is working perfectly VoLTE and VoWiFi with caller display
I used the EE mbn included in the Xiaomi Mi 9T MBNs provided , So for anyone on EE i can say it works without a problem.
Thank you :good:HomerSp
in device manager it shows up as
Qualcomm HS-USB Android DIAG 902D (COM13)
EDIT: It started working oddly enough. Which mi9 file would I flash for tmobile USA to test?
Thank you in advance for this!
Edit 2: got it working! Had to Uninstall, reinstall qpst, open up app and click enable DIAG, then stop the server in qstp and input the commands and it worked!
HomerSp said:
Could you try this updated EfsTools: https://github.com/HomerSp/EfsTools...modded-1.1/EfsTools-0.10-modded-1.1-win32.zip Hopefully it should work for you.
sys.usb.state is supposed to say just rndis,adb - diag will only be listed in sys.usb.config.
Click to expand...
Click to collapse
Thought so, just wanted to make sure.
https://imgur.com/a/WZvKteM is what I get. Is it possible to go back to an earlier RAW rom? I want to see if theres something in earlier ROMS that will make it work. I'm just at a loss. I'm not sure what I'm missing for this to work.
@HomerSp, thanks so much for all your efforts and skills - works a charm on ee UK using Mi9T MBN's
xbamaris1` said:
I cannot for the life of me get either method to work. Connected via USB. DIAG mode driver is loaded on COM1, even changed Baud rate on the COM port in device manager to 38400. USB method gives me "Critical Error: Bad Command" Remote method does not send any information but indefinitely runs. I'm really not sure what else to try. Im on the latest WW Firmware with Magisk root. Is there anything else I can check? Are you on the 8 GB Tencent version?
Click to expand...
Click to collapse
Same issue as you, i had it working at the start then it just stopped altogether. Hoping a next asus update could reset whatever i did to it and retry it again
Mine is getting stuck on "Use serial port 'COM5'" and nothing happens after that. Any recommendations how to make it work?
killerdvd said:
Mine is getting stuck on "Use serial port 'COM5'" and nothing happens after that. Any recommendations how to make it work?
Click to expand...
Click to collapse
I had to Uninstall qpst entirely, reinstall it. Then plug my phone in, open up the Asus volteapp and hit enable DIAG, my device then showed up in device manager, then I stopped the qpst server and it worked for me just fine. Using windows 10 with latest update.
Cammarratta said:
I had to Uninstall qpst entirely, reinstall it. Then plug my phone in, open up the Asus volteapp and hit enable DIAG, my device then showed up in device manager, then I stopped the qpst server and it worked for me just fine. Using windows 10 with latest update.
Click to expand...
Click to collapse
Thanks for the quick response. My device is already showing in device manager with COM 6. I never installed QPST since is not needed for USB connection. QPST is not even mention on OP.
I want to say the first part says that you need to have DIAG enabled.
Prerequsities
* You must have working DIAG mode. See my other thread for more information on how to set that up.
Click to expand...
Click to collapse
Which I think needed QPST installed. Unless I'm sadly mistaken, then please disregard!