Related
Guys,
my OP3 is bootloader unlocked, rooted and encryption switched off.
Standard system was OOS 3.1.2. I installed the update to 3.2.1 via TWRP zip and found some bugs, so I decided to use the [ROM] [6.0.1] Unofficial CyanogenMod 13
from Grarak. Did a full wipe installed and all is ok. Now comes the strange thing:
I wanted to restore the original backup and it worked. When I rebooted, the system asks me for the SIM card sim and then the system says:
"for the new start of the device you need to enter the pin"
The ony pin I ever used for the card and not knowingly for the device doesn't work.
Neitehr 0000 nor 1234 works. Which means I can't restore the nand backup.
Does anyone have an idea what this behaviour is and how to work around?
That is normal before doing a Nandroid u have to delete the pin, there exist a way around it deleting ur pin keys in trwp, its listed on this site somewhere
Bradl79 said:
That is normal before doing a Nandroid u have to delete the pin, there exist a way around it deleting ur pin keys in trwp, its listed on this site somewhere
Click to expand...
Click to collapse
found the thread. but unfortunately didn't find the corresponding workaround. can you remember where this was?
OK found it in the OnePlus 3 Forum.
This works:
HOW TO FIX
------------------------
Simply boot into TWRP and enter your PIN (if you've set one) to decrypt the stroage. If you don't have TWRP (for whatever reason) you can do so via ADB too but ONLY if you've connected your phone to your PC beforehand and also accepted it's fingerprint on the phone itself.
Delete (or rename) the following files inside /data/system (note that probably not all of them exist for you, simply delete those you can find):
password.key
pattern.key
locksettings.db-wal
locksettings.db-shm
locksettings.db
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Go into Settings > Security and set your preferred unlock method again, Android will ask you if you want to set a boot-time code too. Select whatever you want here, it's a nice security addition but can be annoying sometimes.
Enjoy your phone again!
ihobahobby said:
found the thread. but unfortunately didn't find the corresponding workaround. can you remember where this was?
OK found it in the OnePlus 3 Forum.
This works:
HOW TO FIX
------------------------
Simply boot into TWRP and enter your PIN (if you've set one) to decrypt the stroage. If you don't have TWRP (for whatever reason) you can do so via ADB too but ONLY if you've connected your phone to your PC beforehand and also accepted it's fingerprint on the phone itself.
Delete (or rename) the following files inside /data/system (note that probably not all of them exist for you, simply delete those you can find):
password.key
pattern.key
locksettings.db-wal
locksettings.db-shm
locksettings.db
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Go into Settings > Security and set your preferred unlock method again, Android will ask you if you want to set a boot-time code too. Select whatever you want here, it's a nice security addition but can be annoying sometimes.
Enjoy your phone again!
Click to expand...
Click to collapse
Thanks for sharing I wasn't aware and had to wipe my phone twice.
ihobahobby said:
found the thread. but unfortunately didn't find the corresponding workaround. can you remember where this was?
OK found it in the OnePlus 3 Forum.
This works:
HOW TO FIX
------------------------
Simply boot into TWRP and enter your PIN (if you've set one) to decrypt the stroage. If you don't have TWRP (for whatever reason) you can do so via ADB too but ONLY if you've connected your phone to your PC beforehand and also accepted it's fingerprint on the phone itself.
Delete (or rename) the following files inside /data/system (note that probably not all of them exist for you, simply delete those you can find):
password.key
pattern.key
locksettings.db-wal
locksettings.db-shm
locksettings.db
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Go into Settings > Security and set your preferred unlock method again, Android will ask you if you want to set a boot-time code too. Select whatever you want here, it's a nice security addition but can be annoying sometimes.
Enjoy your phone again!
Click to expand...
Click to collapse
Where in twrp do I have to enter the pincode ? After I choose to restore ? Is that all or do have to delete the files also when I have twrp ?
magnum73 said:
Where in twrp do I have to enter the pincode ? After I choose to restore ? Is that all or do have to delete the files also when I have twrp ?
Click to expand...
Click to collapse
Good question. I did also look for the pin entry, but haven't found. Was also not necessary maybe because I had switched off encyption earlier. I just deleted the namend files (which were for me only the locksetting files).
After that rebooted to system and everything works fine. Once you did that, better create a new backup without the fingerprint installed and you're safe next time.
Can u back it up and then do a restore from ur nandroid and restore files, I use multi fingerprints and have my gf on there also I hate resetting things up
I know this is what I need to do. I just can't find these files anywhere. Guess I have to start from scratch.
?
ihobahobby said:
found the thread. but unfortunately didn't find the corresponding workaround. can you remember where this was?
OK found it in the OnePlus 3 Forum.
This works:
HOW TO FIX
------------------------
Simply boot into TWRP and enter your PIN (if you've set one) to decrypt the stroage. If you don't have TWRP (for whatever reason) you can do so via ADB too but ONLY if you've connected your phone to your PC beforehand and also accepted it's fingerprint on the phone itself.
Delete (or rename) the following files inside /data/system (note that probably not all of them exist for you, simply delete those you can find):
password.key
pattern.key
locksettings.db-wal
locksettings.db-shm
locksettings.db
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Go into Settings > Security and set your preferred unlock method again, Android will ask you if you want to set a boot-time code too. Select whatever you want here, it's a nice security addition but can be annoying sometimes.
Enjoy your phone again!
Click to expand...
Click to collapse
THANK YOU SO MUCH! I just got stuck between ROMs and used my nandroid backup but could not get past the lock screen.
Hello dev's! Unfortunately, in January, my brother passed away, and I have been tasked with trying to get into his phone and recover any important images really to pass along to his wife and daughter. Needless to say, I don't know his PIN code - and I am down to 2 guesses before the phone is wiped. So here I am.
Pardon my lack of technical language here but my brother did install Team Win Recovery Project 3.1.1-0 so I have been able to get to "recovery mode". Unfortunately, his partition is encrypted and I have been unable to guess that password either.
Because his drive is encrypted, I can't get into /data to remove any .key files. I have successfully been able to figure out how to sideload zip files via ADB that are supposed to bypass the PIN screen but I have had no luck. The google "find my phone" method is not working probably because the phone isn't connecting to a network.
I have read through an alpha security post about a malicious charger hack but I don't see where to download that tool.
So - does anyone know of any possible application or ZIP file I can sideload that will either help remove the decryption password or completely and successfully bypass the PIN?
Can I update TWRP to a newer version in hopes that the encryption is removed?
Any help is appreciated!
FWIW, my brother was on these forms as Colomonster - and I know that he loved tinkering with his phone daily.
There's no efficient way of breaking the data partition if it's encrypted, sorry.
Any old version of twrp might do the trick and then in /data/system folder delete these files ( if they are there )
password.key
pattern.key
locksettings.db
locksettings.db-shm
locksettings.db-wal
@catsruul I figured this would be the case but it does look like I get inifinite guesses, so there’s always that
@cpt.macp thanks for this tip! Can I downgrade via sideloading? I’ll have to look up a tutorial.. thanks!
You said any important photos correct?
https://support.google.com/accounts/troubleshooter/6357590?hl=en
I assume that your brother used Google Photos and any photos he took were most likely backed up to that. You can talk to Google about retrieving said data, you will need to prove things of course though. You will need to get a court order issued, that is if it is even approved, and everything else required should be on that page. Best of luck! Sorry to say but if the /data is encrypted you are pretty much screwed, although TWRP should decrypt in when it enters recovery so idk. That webpage is your best shot imo.
thanks @ZVNexus for the tip. I do have access to his Google account but because my brother was a super sleuth, he didn't have his images automatically upload to his photo drive. the photos that are there are few and from 2015
With access to his account, I do see his "activity", which I am not even sure he knew was being tracked (oh Google!) and I see that he used things like
Code:
Used com.android.gallery3d
and
Code:
Used org.cyanogenmod.snap
both of which look like photo apps.
you mentioned that TWRP should decrypt when I enter recovery.. what do you mean by that? if it is encrypted then it should always ask for a password right?
I wonder if this app is available anywhere for download and use.
HTML:
https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
Lonoshea said:
thanks @ZVNexus for the tip. I do have access to his Google account but because my brother was a super sleuth, he didn't have his images automatically upload to his photo drive. the photos that are there are few and from 2015
With access to his account, I do see his "activity", which I am not even sure he knew was being tracked (oh Google!) and I see that he used things like
Code:
Used com.android.gallery3d
and
Code:
Used org.cyanogenmod.snap
both of which look like photo apps.
you mentioned that TWRP should decrypt when I enter recovery.. what do you mean by that? if it is encrypted then it should always ask for a password right?
I wonder if this app is available anywhere for download and use.
HTML:
https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
Click to expand...
Click to collapse
I meant that even if the chip was encrypted TWRP should have let you touch the data partition. My phone is also encrypted but TWRP allows me to touch those partitions. Strange. Hopefully others can help.
Lonoshea said:
Hello dev's! Unfortunately, in January, my brother passed away, and I have been tasked with trying to get into his phone and recover any important images really to pass along to his wife and daughter. Needless to say, I don't know his PIN code - and I am down to 2 guesses before the phone is wiped. So here I am.
Pardon my lack of technical language here but my brother did install Team Win Recovery Project 3.1.1-0 so I have been able to get to "recovery mode". Unfortunately, his partition is encrypted and I have been unable to guess that password either.
Because his drive is encrypted, I can't get into /data to remove any .key files. I have successfully been able to figure out how to sideload zip files via ADB that are supposed to bypass the PIN screen but I have had no luck. The google "find my phone" method is not working probably because the phone isn't connecting to a network.
I have read through an alpha security post about a malicious charger hack but I don't see where to download that tool.
So - does anyone know of any possible application or ZIP file I can sideload that will either help remove the decryption password or completely and successfully bypass the PIN?
Can I update TWRP to a newer version in hopes that the encryption is removed?
Any help is appreciated!
Click to expand...
Click to collapse
I'm confused: if the partition is encrypted, you will generally be asked for a password during the boot process. If you're unable to enter the correct password (which AFAIK has unlimited tries), the phone simply won't boot. So you will never arrive at the lockscreen where you're supposed to enter the PIN (which offers a number of tries before wiping). With an encrypted partition, entering the recovery will prompt you for the same password you're supposed to enter during the boot process. Again, unlimited tries. As long as you're unable to do that the partitions will be 'invisible'. You can still wipe/partition them and that will remove the encryption as well as all of your data. But it seems the device you're working on works differently?
Either way: in order to gain access, you will need to either know the PIN directly (if the phone boots without a boot password) or gain access to the encrypted partition through TWRP, allowing you to remove the files responsible for the PIN lock. I'm sorry for your loss, but if it would work in any other way it simply wouldn't be secure for any Android user out there who is using encryption. Even google shouldn't be able to decrypt the phone, though it's theoretically possible they do have some kind of backdoor.
At this point, your best bet is probably trying to brute force the partition password. That would probably take a very long time, but I'm sure there's tools and organizations specializing in that sort of work.
:INTRO:
OK: here's the thread we are talking about and working on getting VoLTE & VoWiFi to work :good:. For now this is for the H930 Open EU variant only, it worked for two peoples incl. me, but I think this is applicable on other variants of V30, with respective edits (/OP, you'll read later), too. Maybe even to other phones? I don't know, LG is sth (=something) special This thread will rise with time I think, with different edits or ways to reach the goal: we want VoLTE/VoWiFi, sth, LG imho should've taken more care of...
I hope, my english is sufficient so everyone understands what's to do And, btw.: you should have "Allow OEM Unlock" switched off.
User @Krekos/CZ/ did help me in a special way: he zipped his modem config files I by accident deleted from my phone and uploaded them :good: Without them I would've not being able to complete this work, and therefore I wanted to say thanks again to him at this point (I think you can't hear this anymore, hm? ). He's btw. the second person for whom this worked, he's got VoLTE&VoWiFi now.
These files should work on other SD835 phones too, I link them here for archival. Eventually we can get a collection from every variant, this way we might be able to activate VoLTE etc. for a carrier on a phone which was not intended to being used with other operators. So a call to other variant users: can you please tar and upload these files to XDA? Procedere is:
Connect your phone via ADB and open a command prompt
type:
Code:
adb shell tar -czf /sdcard/mbn-files.tar.gz /firmware/image/modem_pr/mcfg/configs
Upload this file to your post here in this thread. I'll add it to the list then.
Links to modem cfg files (mcfg_sw.mbn):
H930 EU Open
US998 Open
These files need special permissions, of course... Otherwise it would be boring
The path (on a LG phone) for oreo firmware is as follows:
/firmware/image/modem_pr/mcfg/configs
For pie it's not /firmware/, but /vendor/firmware_mnt/: pls remember to change path in the following process accordingly when using pie.
Permissions are:
files 0440 system:system
folders 0550 system:system
Apply them via terminal emulator or adb:
Code:
cd /firmware/image/modem_pr/mcfg/configs
chown -R system:system * {apply to everything in this folder and subfolders correct user and group}
chmod -R 0550 * {apply to everything in this folder and subfolders permissions}
find . -type f -print0 | xargs -0 chmod 0440 {apply to files only (not directories) in every (sub)folder permissions}
:MAIN PART:
Prerequisites:
- H930 (or variant, later)
- rooted
- File Manager with root privileges
- eventually a decent editor of your choice
- and a little bit knowledge about giving permissions and changing owners/groups, if needed
I won't give help about e.g. files not editable because of problems with filemanagers or root, do the search work for infos and parameters you need, or anything else, sry You have to prepare and maybe investigate some time to find some infos. You have to know, that this can lead to a brick, if you're doing weird stuff
Let's begin with backing up your complete ROM via TWRP, incl. efs, data and all you need. Backup your OP partition too:
Code:
dd if=/dev/block/bootdevice/by-name/OP of=/sdcard/OP.img
It's about 344mb in size and can be restored in recovery or ROM, adb or terminal emulator:
Code:
(adb shell) dd if=/sdcard/OP.img of=/dev/block/bootdevice/by-name/OP
Then gather some infos, for now it looks we only need MNC and MCC, which identifies your operator. Maybe it later turns out that you need parts of your IMSI too. You'll find it in LG's hiddenmenu:
*#546368#*930#
Field Test => SIM Info
You can check, if the IMS Settings are available already. If yes, then there's a high chance you don't need the "some more config" part.
Write it down and have it prepared. Now the editing session begins
First we will load our modem config for our operator. The corresponding script somehow seems broken as it should do its work with files in /data/shared folder, which isn't.
These configs can give some extra parameters and contain infos about your operator / SIM provider etc.: Open your filemanager (and/or maybe editor, if isn't integrated in fm) and open the file "/firmware/image/modem_pr/mcfg/configs/mcfg_sw/mbn_sw.txt". Here find the path for your provider. O2 Germany would be "mcfg_sw/generic_/joan_glo/eu/o2d/o2d/germany/mcfg_sw.mbn". Append these = the complete path for your config file.
Code:
/firmware/image/modem_pr/mcfg/configs/mcfg_sw/generic_/joan_glo/eu/o2d/o2d/germany
Copy your op config path, you need this for one of the following edits.
Now navigate to the folder "/data/property". There should be three files we need. If they are not there, create them with root:root, 0600 and following content pls:
persist.radio.buffet_mbn_file => the long path you copied before
persist.radio.buffet_enable => enable
persist.radio.sw_mbn_update => 1
Otherwise just edit and save them afterwards. Perform a reboot and then check in hiddenmenu => Field Test = MCFG Buffet, if this file is loaded. Should
Some more config is needed. We now need the before told MNC and MCC and maybe the IMSI. We need to point your ROM in the right direction (modem itself is done): localizing it and giving the exact operator infos. Have a check of following files and a look, if they are configured already correctly for your operator, or you have to edit them.
/OP/client_id.xml:
Is your MNC & MCC inside? If not, copy and paste an example line, edit this one so it suits both.
/OP/OPEN_EU/config/carrier_code.xml:
Same as above, but a little more complicated. Explanation with an example line:
Code:
<profile carrier="O2D" suffix="O2D" carrier_code_fast="" carrier_code_late="TLF" country="DE" mcc="262" mnc="07" mvno_type="imsi" mvno_match_data="26207200xxxxxxx" />
"Profile carrier": you find this in the long path to your .mbn file you copied before O2D is O2 Germany, edit this to fit your sim provider.
"suffix": same
"mvno_match_data": this is part of your IMSI. When your provider is already listed, compare the five numbers after your operatorcode: 26207200xx. This all together has to be the same as the first ten numbers of your IMSI. If not, edit it. This is one of the reasons for VoLTE chaos on O2D, but that's another story.
/OP/OPEN_EU/config/com.lge.ims.rcs.xml
Same as above: copy and paste a line of simoperator section and edit with your operator details. "prefix" is your country calling code.
/OP/OPEN_EU/config/featureset.xml:
Change every item which is "false" to "true"
/OP/OPEN_EU/config/vo_config.xml:
Most likely you need to create an entry for your operator with mnc and mcc. do this and change both variables to "1":
Code:
<info mcc="262" mnc="07"><!-- O2D (you can write anything here or leave it, it's commented out)-->
<prop
support_volte="1"
support_vt="1"
/>
</info>
[b][i]Maybe[/i][/b] for some rare cases this is the only edit you need to do to get VoLTE & VoWiFi running :D
Reboot now, then continue. If sth in custom.prop or build.prop is edited the wrong way, this can cause bootloops, so you don't have to do the beforedone work again. And: when something in general went wrong in /OP directories edits, you can dd your OP partition back.
/OP/OPEN_EU/cust.prop (they're all case sensitive):
ro.lge.capp_cupss.rootdir=/OP/OPEN_EU
ro.build.target_operator=OPEN
ro.build.target_country=EU
ro.build.target_region=EU
ro.product.locale.region=your region, e.g. "DE" for Germany
ro.product.locale.language=your language, e.g. "de" for Germany
ro.lge.cupssgroup=GLOBAL-COM
ro.lge.opensw=EUR-XX
ro.lge.radio_mcfg=1
persist.lg.ims.volte_open=1
Reboot.
/system/build.prop:
ro.product.locale: change to match your language
ro.lge.capp_cupss.rootdir=/OP
ro.lge.capp_cupss.op.dir=/OP
Reboot again .
:0UTR0:
The VoLTE and VoWiFi switches should be present now, a) in Phone Settings (both) and b) in Network Settings (VoLTE). We should now be able to hop into IMS Settings. You find it in LG's hiddenmenu => Field Test => IMS Setting.
First we let the IMS setting show an icon in statusbar, this way we don't need to dial the hiddenmenu code everytime we need the settings. A nice sideeffect: it shows if you're connected or not To do this tip on "Test" and activate "Show Icon". After that go back to the main screen and scroll down to "GPRI VoLTE/VoWiFi". Here you can activate VoLTE/ViLTE/VoWiFi/ViWiFi, depending on what your provider offers in your contract. Go back again to main screen, go into "Test" menu, then "Load Preset Configuration" => "Initialize configuration". Now you can do a reboot and press a thumb: maybe this was it and everything is up and running! Maybe...
For seeing if VoLTE is up you can check "Debug Screen" => "VoLTE Debug Screen" inside IMS setting.
You can also turn on VoLTE and VoWiFi indicators/symbols, which are then on the right side of your statusbar near the clock. In IMS settings: => "GPRI VoLTE/VoWiFi" => "Registration" => "VoLTE" => "Indicate VoLTE", and the same for VoWiFi. To be able to place a call in flight mode but with WiFi calling on, enable "Airplane Mode" in VoWiFi menu.
In case you experiment with IMS Setting and suddenly a com.android.phone (or other) fc occurs, you can boot into TWRP, mount data and delete the directory "/data/user_de/0/com.lge.ims" with its integrated filemanager.
K, you're done :cyclops: Pls give feedback how it went for you!
Wow. Thank you.
yeah, I hope it's written in a way everyone understands it atm it's more like a dev thread, it will be rewritten for newbies when everything is clear and fully pointed out
.. Uploaded stuff ..
Hi - thanks for this info. I'm trying to work with it, and added my files. + a few extras stuff> actually not really sure how to do this .... any help? ... Thanks I have a US998 phone.: but want to get the Canadian settings all working ; specifically for Freedom Mobile ( aka : Wind ) --- the files are from a saved backup ( dump ) {{ the uploaded files are from a backup of the H933 canada firmware dump }} ... I'm currently using the US998 kdz firmware on the phone ....
let's start with
- do you see "MCFG Buffet" in your hiddenmenu?
- can you list all the content (the main directories) in your /OP folder pls?
- does the firmware modem config folder exist and is your provider inside?
- and where does your ro.lge.cupssgroup point to? (adb shell getprop ro.lge.cupssgroup)
I don't know the specialities of other variants, especially the offered providers. I don't even know if this is possible and which files you uploaded to your phone. can you either list them or point to them with a link eventually?
OK thanks - I'll work on this some more tomorrow -- I don't know where the files I uploaded went to! > but I uploaded >Folders>>> Carrier Config, Modem_pr, qcril_database, vendor, wifi & build.prop. All files were dumped from a working Phone loaded with the Canadian .Kdz H933. ... > ok so I actually took all those files,and overwrote the files om my current phone setup which is US998 .Kdz -- didn't even crash the phone <<< Go figure. I just had to clear the cache and dalvik cache. VoLTE may be working, but my Carrier has a very limited VoLTE service... so I cant check right now. VoWifi is not working. Every setting and menu has it turned "on" but is no working. .... tomorrow I'll follow your instructions after I do a fresh install. of the .KDZ. ..... be well
be warned: this can be time consuming and causing headaches, too stock files would be the best to start with.
is it a native us998 phone? it's the one one can "frankensteining", isn't it? you've overwritten these files and partitions, when I understand you correctly?
you should get hands on following stock partition disk dumps and folders first (kdz won't help as all these files are preloaded and can't be flashed via kdz):
- canadian OP partition (the more important one) (canadian_OP.img <= example filename)
- US998 OP partition (for being able to revert back to stock and trying to get volte/vowifi running with only some edited files on stock us998 partitions, only a few added files or maybe folders from canadian OP partition and only the .mbn file for your provider, taken out of firmware modem config folder). this one shoukd be flashed and worked with.
- stock system image (kdz flash us998)
- clean unencrypted data partition (factory reset and then completely set up with your apps and settings, no db or ither files copied).
- you've got a backup of your stock efs partition?
try to keep your phone as clean as you can as this can only be of help about not being confused. are there gsm/(w)cdma/band differences between us998 and canadian 993?
this could go an interesting way let's see, maybe we get it is wifi calling enabled on your contract? I wasn't able to determine this out of your post.
there's the possibility to edit the thresholds when wifi calling aborts and switches to cell telephony or volte. it's located in /system/etc and inside a filename called "andsf_your_provider_code.xml", for o2 de it's named "andsf_26207.xml". I've set every threshold to -90, this way wifi calling is still working with only one or two bars wifi reception. otherwise it would abort just too early and switches to other telephony bands.
US998 mbn-files
Thanks for the detailed info.
Not working for me. I managed to add my operator and enable IMS but can't figure out how to make IMS register. Might be because my operator is a little more retarded and uses IPv4 only. No idea where to set that policy, it isn't in IMS settings anymore on the V30.
sounds like setup session in IMS setting. go into gpri volte/vowifi setting and try enabling volte and vowifi only, then tap on "call" menu entry. choose "volte" and tip "use sip preconditions" there, use the same setting for "vowifi". check "subscription" in main menu and "IMPI" there: is there a connection adress inside? example:
your_imsi@ims.mncXXX.mccXXX.3gppnetwork.org
replace mnc and mcc with yours but add a zero at the first place of your mnc. for o2 de's mnc which is 07 it looks like
your_imsi@ims.mnc007.mcc262.3gppnetwork.org
then try test menu and restart ims process. or perform a reboot.
but you'll have to investigate more, for yourself. what's your exact provider and mnc mcc?
edit: can be you need an IMS apn for your provider. in it you can set the protocol versions. what's logcat telling?
Hi. Thanks for this. Is there any way that this can be applied to aosp ROMs?
Those mcfg files are found inside the modem partition and you can pull them out from any kdz.
Do you have an idea where this is located? (/nv/)
Edit: Also, added some picture showing volte working... when it's not (switching back to something else)
you're really sure about this? since I've flashed a kdz and a modem and unfortunately this didn't bring back these files on my phone maybe I did sth. wrong, this is really interesting now. thought they were on efs partition; but these nv files should be on efs. I'm not really sure about that, maybe someone other can finally confirm :good:. edit: I remember I've got carrier services installed, would be interesting if this makes a difference. I hardly believe but try it:
https://play.google.com/store/apps/details?id=com.google.android.ims
about aosp: there's much more needed, proprietary files and more config inside sources etc pp. I evtl. wanted to do compilings again in winter, I wanted to try this but I need additional ssd space before
Oh sh*t...
I guess I lost my efs partition then...
I tried a bunch of stuff from your first post... sadly, I don't have an /OP/ directory at all... and when I try to force the mcfg mbn (from my sdcard lol, cauz my carrier is not provided in the us998 modem)
Edited a bunch of stuff in my build.prop to make it look more like the canadian one.. but it still doesn't work (even lost the volte option now in the mobile setting menu..)
Also, I tried to flash my canadian modem files... sadly.. the phone boot but the modem doesn't initialize at all... (no wifi and no mobile network)
aye, sh¡t... and there's no efs backup from your phone done / available as it sounds. you lost your IMEI too??
can you check the directory
/dev/block/bootdevices/by-name
and see if there's an OP "file"? eventually only the script which mounts it is broken. if I remember correctly there was a thread about regathering the IMEI or at least fixing some stuff on efs. maybe this helps you, unfort. I don't know where it was, you have to search yourself.
k, sleeping now, it's hard for me these days after my shoulder operation... hopefully we get your phone back running! I'm optimistic flashing a efs backup and changing the imei back to your original one for example. don't know if this is possible, but how often did I think "sh¡t, now it's over, phone's bricked" and then a solution appears out of nothing. you should've seen my face in the moment volte came.up on my phone xD xD xD
see you later be optimistic!
Oh sorry! I still got my efs partition.. I thought it would get overwritten when doing the frankenstein method.. But I guess not.. Is there any way I can debug why the modem doesnt work at all when flashing the canadian one while using the us998 system?
there is but I don't have it in mind atm it's explained here at xda somewhere, logcat and dmesg is used for that :good: can be that it is bands related? so you have to unlock bands in your modem settings? edit: most likely not as wifi is dead too...
seadersn said:
sounds like setup session in IMS setting. go into gpri volte/vowifi setting and try enabling volte and vowifi only, then tap on "call" menu entry. choose "volte" and tip "use sip preconditions" there, use the same setting for "vowifi". check "subscription" in main menu and "IMPI" there: is there a connection adress inside? example:
your_imsi@ims.mncXXX.mccXXX.3gppnetwork.org
replace mnc and mcc with yours but add a zero at the first place of your mnc. for o2 de's mnc which is 07 it looks like
your_imsi@ims.mnc007.mcc262.3gppnetwork.org
then try test menu and restart ims process. or perform a reboot.
but you'll have to investigate more, for yourself. what's your exact provider and mnc mcc?
edit: can be you need an IMS apn for your provider. in it you can set the protocol versions. what's logcat telling?
Click to expand...
Click to collapse
I already tried to set IPMI with my data like [email protected] but IMS still don't register and the setting doesn't stick. it always reverts to a default like [email protected].
I also created the ims APN but it doesn't help with anything.
I'm still digging but so far I have no clue what's going on.
hmm, did you try configuring sip telephony? for o2 germany the registration looks like
country code + phone number @ telefonica.de = (for germany) [email protected]. have a look at /data/user_de/0/com.lge.ims/shared_prefs/impu_list.xml
(user_de: I don't know if this is indicating the language the rom uses? so for an english language build it can look like user_en? I don't know...).
The twrp on my mix 2 does not show any files or folders in sdcard, instead it shows some unknown folders that should not exist ??
That's because you haven't entered the right phone security password (the password you use to unlock lockscreen), or maybe you haven't even entered none.
Hello dears.
I have been working for 5g volte vowifi since i bought the phone.
Also You know we have carrier settings files in /product/etc/carriersettings I edited one of them and now I need to replace with original one to try.
but this /product fs cannot be touched cannot be mounted R/W. But We have a option from Magisk. it is overlayfs for all R/O filesystem acting like real one.
Question is How we do this /product fs as overlayfs?
Here one guide we have but I did not excaly get it because I didnot work about building magisk models before.
https://topjohnwu.github.io/Magisk/guides.html
Also I find a module but When I try this I am getting Unzip error. (I already tried to zip again without upper folder )
GitHub - Magisk-Modules-Alt-Repo/magisk_overlayfs: Emulate read-write partition for read-only system partitions
Emulate read-write partition for read-only system partitions - GitHub - Magisk-Modules-Alt-Repo/magisk_overlayfs: Emulate read-write partition for read-only system partitions
github.com
I worked with for ex vodafone_tr.pb file I get parameters from att5g_us.pb( It has lots of parameters for 5g volte vowifi) And I add these information to my carrier file. But I have to push this file to product.
Thank you
You need to create a Magisk module. Best is to download an existing module, unzip it, then modify it, the re-zip it.
Under the directory of the Magisk module, create a subdir called 'system', create a subdir 'product' underneath and 'etc/carriersettings´ subdirs as well. Put your file in there. Re-zip the module. Use adb to push to phone and install the module with the Magisk app. Reboot phone.
Magisk will mount your (modified) file in /product/etc/carriersettings/...
Check if the file is there:
Code:
> adb shell
$ su
# cd /product/etc/carriersettings/...
# ls
Did you edit the confseq files? What exactly did you edit, they are binary blobs. I also believe they are signed in one way or another - however I do not know what happens if the phone fails to accept one. Does it fall back to a hardware level carrier policy? Does it only leave out the specific confseq that was tampered with? Does it stop the modem from booting up at all?
Theres the cfg.db file along with its cfg.sha2 signature file - that would be my first point of try for remapping and editing via magisk... no idea wether the sha2 signature matters and what happens if it doesnt match.
It is a simple sqlite database:
1) you can look at the confnames table to identify the sequences per carrier
2) refer to the confmap table to see which carrier_id from the previous table responds to the confman hash
3) there are a load of confman_* tables, each of which includes the list of confseq files from the confseq folder - these confseq files have their corresponding names in their file headers - LTE CA carrier policies, NRDC carrier policies, mobile network based carrier policies, they all get added together in a sequence and all of them share most of the confseq files (the carrier specific ones are the ones that differ)
so what you can try, is, assuming you're on a "unsupported network", refer to the wildcard profile - this has the carrier_id of 0, which uses confman_43f507494f63c42cbf1aba626685b29710cd90eb as its table - the 10th one in order corresponds to the wildcard.sim1 confseq file which you can try an replace with one from another carrier (I've made a list of them https://paste.ee/p/NVju0)
the hashes also change by every modem release
Here is the sequence for wildcard and Orange Spain as an example:
default.common
suclr_big_data_cc_num.common
lte_ca_common
lte_ca_0.common
lte_ca_1.common
endc_nr_ca_common.common
default.sim1
endc_nr_ca_common_manual.sim1
endc_nr_ca_common.sim1
wildcard.sim1
default.sim2
endc_nr_ca_common_manual.sim2
endc_nr_ca_common.sim2
wildcard.sim2
default.multislotdefault.common
suclr_big_data_cc_num.common
lte_ca_common
lte_ca_0.common
lte_ca_1.common
endc_nr_ca_common.common
eu_common.common
default.sim1
endc_nr_ca_common_manual.sim1
endc_nr_ca_common.sim1
eu_common.sim1
eu_nr_common.sim1
es_orange.sim1
default.sim2
endc_nr_ca_common_manual.sim2
endc_nr_ca_common.sim2
eu_common.sim2
eu_nr_common.sim2
es_orange.sim2
default.multislot
eu_common.multislot
es_orange.multislot
Edit: nvm, didnt read the footer of your post
tauio111 said:
Did you edit the confseq files? What exactly did you edit, they are binary blobs. I also believe they are signed in one way or another - however I do not know what happens if the phone fails to accept one. Does it fall back to a hardware level carrier policy? Does it only leave out the specific confseq that was tampered with? Does it stop the modem from booting up at all?
Theres the cfg.db file along with its cfg.sha2 signature file - that would be my first point of try for remapping and editing via magisk... no idea wether the sha2 signature matters and what happens if it doesnt match.
It is a simple sqlite database:
1) you can look at the confnames table to identify the sequences per carrier
2) refer to the confmap table to see which carrier_id from the previous table responds to the confman hash
3) there are a load of confman_* tables, each of which includes the list of confseq files from the confseq folder - these confseq files have their corresponding names in their file headers - LTE CA carrier policies, NRDC carrier policies, mobile network based carrier policies, they all get added together in a sequence and all of them share most of the confseq files (the carrier specific ones are the ones that differ)
so what you can try, is, assuming you're on a "unsupported network", refer to the wildcard profile - this has the carrier_id of 0, which uses confman_43f507494f63c42cbf1aba626685b29710cd90eb as its table - the 10th one in order corresponds to the wildcard.sim1 confseq file which you can try an replace with one from another carrier (I've made a list of them https://paste.ee/p/NVju0)
the hashes also change by every modem release
Here is the sequence for wildcard and Orange Spain as an example:
default.common
suclr_big_data_cc_num.common
lte_ca_common
lte_ca_0.common
lte_ca_1.common
endc_nr_ca_common.common
default.sim1
endc_nr_ca_common_manual.sim1
endc_nr_ca_common.sim1
wildcard.sim1
default.sim2
endc_nr_ca_common_manual.sim2
endc_nr_ca_common.sim2
wildcard.sim2
default.multislotdefault.common
suclr_big_data_cc_num.common
lte_ca_common
lte_ca_0.common
lte_ca_1.common
endc_nr_ca_common.common
eu_common.common
default.sim1
endc_nr_ca_common_manual.sim1
endc_nr_ca_common.sim1
eu_common.sim1
eu_nr_common.sim1
es_orange.sim1
default.sim2
endc_nr_ca_common_manual.sim2
endc_nr_ca_common.sim2
eu_common.sim2
eu_nr_common.sim2
es_orange.sim2
default.multislot
eu_common.multislot
es_orange.multislot
Edit: nvm, didnt read the footer of your post
Click to expand...
Click to collapse
Woow you started middle of the book.
These carrierconfig part another story in the /vendor.
I didn't touch this confseq files because as you say these look like certificated. Also yes they are binary.
First /product/carriersettings section seems easy to touch for me.
Why I started this part you know some files coming in /data/user_de/0/com.android.phone/files when insert a sim card it's name like carrierconfig-com.google.android.carrier-899002....xml this is simple xml file that contains carrier parameters.
I started to try edit this file for a while. And Really ıf I change some thing wrong It directly affects the modem operation.
Seeing the same parameters in pb files in carriersettings, I thought I could edit them.
This is the story.
The next first I will try build a magisk module I will try to mount in hex base edited pb file
After that I will start to dig into these confseq binaries. Thank you for respond.
furkanosman said:
Why I started this part you know some files coming in /data/user_de/0/com.android.phone/files when insert a sim card it's name like carrierconfig-com.google.android.carrier-899002....xml this is simple xml file that contains carrier parameters.
I started to try edit this file for a while. And Really ıf I change some thing wrong It directly affects the modem operation.
Click to expand...
Click to collapse
I just copy and paste the xml values every time, its persistent until you enter a different sim or update android.
I think it would be more viable to make a magisk script that adds the part you want to the front of the xml instead of replacing the bp files.
furkanosman said:
Woow you started middle of the book.
These carrierconfig part another story in the /vendor.
I didn't touch this confseq files because as you say these look like certificated. Also yes they are binary.
First /product/carriersettings section seems easy to touch for me.
Why I started this part you know some files coming in /data/user_de/0/com.android.phone/files when insert a sim card it's name like carrierconfig-com.google.android.carrier-899002....xml this is simple xml file that contains carrier parameters.
I started to try edit this file for a while. And Really ıf I change some thing wrong It directly affects the modem operation.
Seeing the same parameters in pb files in carriersettings, I thought I could edit them.
This is the story.
The next first I will try build a magisk module I will try to mount in hex base edited pb file
After that I will start to dig into these confseq binaries. Thank you for respond.
Click to expand...
Click to collapse
Hi
Did u manage to work on the pb files in /product
I tried the cfg method but my ims registration isn't changing