Hello,
I am playing around with QPST RF NV Manager.
Whenever I do a change to an NV item, and write it back to the phone, the application does not complain or anything. But when I read the NV items back from the phone, it shows me the original value (my change is not there).
I tried working with QPST Service Programming, and it has the same problem.
Also I tried QPST software download to back up the NV items. Using xxd I converted the backup to hex file, did my changes in the hex, using xxd converted the manipulated hex back to binary format, Then I restored the NV items on the phone using the manipulated backup and it again does not have any effect.
FYI, I also played around with EFS Professional 2.072 and the changes also does not take place!.
Is there any setting somewhere that I need to change to make the changes for sure to be written into the phone?
BTW, when I put the phone in download mode (this was not when I was working with QPST stuff) I noticed that a grey text says: "Write protection: Enable". I wonder if this has any relationship to QPST problem!?!?!
Setup Environment:
Galaxy S4 T-Mobile Version.
4.2.2 Stock (Rooted) and sim unlocked.
Under QPST I see the correct port which detect the phone (under phone column I see a code and (0) )
Any hint will be appreciated.
Thanks
Did you find a solution to this?
Related
I have hit a hard wall trying to rewrite 2 NV items when in diagnostic mode. Any ericsson cdma gurus might be able to provide some guidance? I belive I am going to need to scan memory for all entries associated with the values I need to change and then rewrite them but when I do this I get a reboot and no output. I have been able to rewrite the entire phone with all values and settings I need except these last 2 items. I have been working with CDMA workshop, qdxm, qpst and DFS.
PM ok
k guys, this thread is coming about after respectfully moving the discussion from kalaker's s-off thread.
i've been looking for a while about how to back up my nv keys for data, just in case anything happens to my one v. this is thanks to New Optimus (for steps 8-10) and jmztaylor, who informed me the open sesame door trick works. I AM NOT RESPONSIBLE FOR HOW SOME MAY USE THIS. open sesame door trick has the potential to screw your phone up if you dont do it right, or delete an nv item.
CDMA ONLY (i dont think gsm works the same way anyway)
YOU ARE NOT MODIFYING ANYTHING. All you are doing is backing up your AAA and HA keys. they are used to identify and register your device's data on the VM network. IF YOU MODIFY ANYTHING, ITS YOUR FAULT IF YOU SCREW IT UP.
step 1:
download and install qpst. im not linking to the file, you should be able to find it easily enough by googling it.
step 2:
open up qpst configuration, and let it sit in the background for a minute. install the htc diag drivers for one v from here: http://www.htc.com/www/support/
look for the one v, and download and install the HTC Sync program which will install all the drivers you need.
step 3:
close out of htc sync once its installed, its an annoying program anyway. connect your phone, make sure adb debugging is enabled in developer options in settings. open the dialer, type in ##3424# (##diag#) and a screen will come up that says on and off, with select at the bottom. click on, then select, and it will ask you for your msl code.
note: your msl code can be obtained by a app in market called MSL Reader, you need root for this. follow the prompts in the app, its easy enough to do.
step 4:
after entering your msl code and entering diag mode, go back into qpst configuration. click on "add new port" toward the bottom right, and make sure when the window opens "COMx- USB/QC Diagnostic" is selected and click ok. qpst configuration should now recognize your phone as SURF-MSM7830. if it doesnt, update your version of qpst.
step 5:
in qpst configuration, click on "Start Clients- EFS Explorer". make sure you put your msl in the box that says spc, and click ok. a please wait window will pop up, it will only take a few seconds.
from New Optimus's post: http://forum.xda-developers.com/showpost.php?p=29951978&postcount=796
8. Once the phone reads completely make a new directory named (open sesame door) without the parentheses and all lower case
9. After making the new folder locate abd.exe from the android sdk install folder and press: start, run and type cmd then press enter you will get a command prompt window that opens up navigate to the android sdk directory and type; adb reboot, the phone should then reboot if you’ve done as you were supposed to.
10. After the phone reboots read it again with QPST EFS Explorer which still should be opened, you will notice that the red no access circle has been removed from the nvm directory so expand it and go to the num directory,
Click to expand...
Click to collapse
(note: edited New Optimus's post to remove links to esn/meid changing which is frowned upon in the forums, also i already had the open sesame door folder created upon making the pictures.)
left click and drag 465, 466, 1192 and 1194 to your desktop.
keep 465,466, 1192 and 1194 in a safe spot, they are how you have data on your phone. if something happens to your HOV and those are gone, good luck getting data back.
Quick noob question, do these files get generated by the carrier when you activate the phone?
whoshotjr2006
Do AKEY, SSDA and SSDB files need to be saved? if so, where are the files?
reachforthesky said:
whoshotjr2006
I know the content of file 0 and 1943. Could you briefly describe the contents of these 4 files (465, 466, 1192 and 1194)? Which one is HA, AAA, SSDA and SSDB? Are there any more important NVM files need to be saved?
Click to expand...
Click to collapse
465^"Data Services Mobile IP General User Profile"^"Data*"
466^"Data Services Mobile IP Shared Secret User Profile"^"Data*"
1192 is the AAA secret
1194^"HDR Access Network Stream CHAP Authentication User ID"^"Data*"
The reference is here: http://forum.xda-developers.com/showthread.php?t=1954029
Got sooo excited when I saw this. Used to switch firmware's on my optimus v with the firmware of the optimus s, and use optimus s roms. Had all of my nv data and everything else backed up. Forgot you have to have be on an aosp rom for this to work because you need a port. -_- I don't have a stock backup and right now I'm tethering, so it'd take awhile to download a stock backup. Guess I'll have to wait a week or so.
nvm, I found a backup. I tried it out, and i got to the qpst efs explorer. I did the open sesame door, and it unlocked the nvs, but I only had a couple of the files from the list. I did not have 465 or 466. Also, I had an issue when I tried to recognize the phone. It did recognize the phone in diag mode with the port, but not as surfmsm7830. I have the most updated version of qpst.
I'll have to check what version I'm running of qpst, I know its close to the newest if not the newest. It wouldn't recognize my phone correctly until I had a new enough copy.
Also the first time I tried the open sesame door trick, I too had the limited nv items. I used the ruu to go back to stock, and once I did that the open sesame folder dir survived the ruu and unlocked the rest of the nv items.
Hope that helps.
Sent from my One V using xda app-developers app
What version of QPST are you using for this? I get an error "Online connection failure: Unspecified error" when trying to connect.
I think my phone isn't getting read properly by QPST because under phone it says "(unknown)" even though the other fields fill in correctly.
CDMA Workshop reads my phone no problem, but this thing no luck.
EDIT: Found an updated build and it displays the specified info under phone. Not sure what the lowest working version is, but v2.7 build 323 will not read it, build 366 will though.
I need a way to read my the HA/AAA Secret keys off my Sprint Galaxy S3..
I tried (DFS, CDMA WorkShop, QPST,QXDM, LGPNST) Non worked at reading the Keys.. they would read the other Info fine but not the HA/AAA.
I need to use my phone on Ting Mobile but I need to save the HA/AAA Keys first.
Thank you.
http://forum.xda-developers.com/showthread.php?p=48747260
gedster314 said:
Try logcat.
Put your phone in developer mode.
Connect to the computer
Run; adb logcat > log.txt
On your phone dial ##data#
Enter SPC/MSl
Select edit
Touch HA password (don't change it), exit it
Touch AAA password (don't change it), exit it.
ctrl c to kill adb
open log.txt and scroll through the long list for ha and aaa passwords.
I know kind of a pain to find but that's how I got them on my E4GT and Nexus S 4G.
Somewhere there is thread about doing this on XDA but at the moment I can not find it.
Click to expand...
Click to collapse
------------------------------------------------------------------------
any help reading this? i have the log listed below. how do you convert the symbols for the aaa keys? what is it actually called and then what does it need to be converted to? thanks
I/Dataprofile_Edit( 943): MN_AAA_length :16
E/SharedPreferencesImpl( 943): Couldn't create directory for SharedPreferences file /data/data/com.android.hiddenmenu/shared_prefs/com.android.hiddenmenu_preferences.xml
I/Dataprofile_Edit( 943): aaa_pw:/￲4ルCᄄHᅧᄌpᄅᄅ
ハ3
---------------------------------------------------------------------------
update: I converted it using notepad++ from ascII to hex but it is returning to many characters? it gave me 2 - 32 character lines and 1- 5 character line
jdrogers84 said:
------------------------------------------------------------------------
any help reading this? i have the log listed below. how do you convert the symbols for the aaa keys? what is it actually called and then what does it need to be converted to? thanks
I/Dataprofile_Edit( 943): MN_AAA_length :16
E/SharedPreferencesImpl( 943): Couldn't create directory for SharedPreferences file /data/data/com.android.hiddenmenu/shared_prefs/com.android.hiddenmenu_preferences.xml
I/Dataprofile_Edit( 943): aaa_pw:/￲4ルCᄄHᅧᄌpᄅᄅ
ハ3
---------------------------------------------------------------------------
update: I converted it using notepad++ from ascII to hex but it is returning to many characters? it gave me 2 - 32 character lines and 1- 5 character line
Click to expand...
Click to collapse
Any luck?
I believe these keys are created and/or registered when the phone is initially paired with the account. Removing the phone/esn from the account and adding it back on will fix 3g/4g in the case of a board swap, but that doesn't really help your particular situation. I have swapped a motherboard successfully before this twice, without using the logcat method, but I can't for the life of me recall how. I'd prefer figuring out how to do it manually again, its bugging the crap out of me. That, and just for the sake of learning.
Edit: I got it. It's a pain in the ass now because of updates since then. I was just able to retrieve NV item 1192 using the EFS tab in DFS while running the LJ7 rom with the LG2 modem. NV reader will still say access denied, but once you read the EFS, the "nvm" folder isn't red and locked like it is on newer roms and modems. I remember the LJ7+LG2 combo was necessary to get the spc/msl a while back as well.
nvan7891 said:
Any luck?
I believe these keys are created and/or registered when the phone is initially paired with the account. Removing the phone/esn from the account and adding it back on will fix 3g/4g in the case of a board swap, but that doesn't really help your particular situation. I have swapped a motherboard successfully before this twice, without using the logcat method, but I can't for the life of me recall how. I'd prefer figuring out how to do it manually again, its bugging the crap out of me. That, and just for the sake of learning.
Edit: I got it. It's a pain in the ass now because of updates since then. I was just able to retrieve NV item 1192 using the EFS tab in DFS while running the LJ7 rom with the LG2 modem. NV reader will still say access denied, but once you read the EFS, the "nvm" folder isn't red and locked like it is on newer roms and modems. I remember the LJ7+LG2 combo was necessary to get the spc/msl a while back as well.
Click to expand...
Click to collapse
@nvan7891 Could you help me to get AAA/HA password? I'm stuck at 1xRTT and nv_item was block. I'n in full stock rom NJ2. I was not able to downgrade to other stock rom except NDC or ND8
Hi all,
I've been trying to get a used i317M to work on the Wind network. I tried several times to use the .qcn AWS unlock here with no success (only "Wind Away" network found). So I then tried to edit a NV text backup taken with the Qualcomm NV tools in Gaz's "EFS Professional" and write it back. Big mistake.
I'm now locked out of using any Qualcomm tools, the SPC isn't 000000 anymore apparently. "Wind Away" is still the only network I can see.
I've tried flashing radios (only Canadian i317M versions), and roms (like these root stocks). No improvement.
Using the CDMA Workshop free NV-items reader, I got another .txt dump (except for items secured by the new SPC). Comparing the two shows changes in many places across the NV settings. I can share the text files (minus IMEI) if it will help narrow down the problem.
So, what should I try now? I have:
Root
.qcn backup of NV-items
.txt backup of NV-items
TWRP recovery working
efs backup (taken after the NV screwup... yeah i know)
I don't have
SPC
MSL (typing getprop shows no MSL in the list)
an intact Knox flag
Any ideas?
This is just a guess but maybe reflashing the modems will help
Sent from my ATT Samsung Galaxy SIII using TapaTalk
EDIT: Already got help from someone here. Thanks! "Case is closed now".
Hello everyone,
unfortunately I bricked my Find 7a while trying to expand the 3GB internal storage with Chinese partition layout. And I don't know where it went wrong. :crying:
I already tried the Unbrick tool (Sahara) and restoring the old partition layout several times. And the partition layout recovery worked, but ColorOS says my NV partition is still invalid. It seems this partition got damaged and now my IMEI is gone and I can't use my mobile network anymore.
And sadly I figured out that the normal TWRP doesn't even show the NV/EFS partition to back (only modified TWRP do), so I don't have an backup of those partitions.
One last change would be to take an backup of another phone, anonymizing it by overwriting the IMEI and kindly sending me the copy.
If someone is willing to do so, I'd be very happy so I can reanimate my Find 7 .
I attached a tutorial:
1. Needed software:
Qualcomm QPST Diag drivers
Qualcomm QPST Tool
IMEI converter
Any hex editor, e.g. HxD Editor
2. Start phone in Diag Mode:
-Enable Developer Settings and then "USB-Debugging" on your device
Install the drivers. They are already signed, so no need to disable Windows signature check.
To enable the Diag Port, either under
a) ColorOS:
-Call *#801# and enable "Engineer Mode Toggle"
b) ADB and root access:
ADB commands:
-adb shell (only when accessing the phone with ADB from pc, not necessary when using TWRP adb terminal)
-su
-setprop sys.usb.config diag,adb
Now in the in the device manager you should see a "Qualcomm/Oppo HS-USB MSM Diagnostics 276C (COM y)" device
3. Backup the IMEI/Baseband infos:
Again, we have 2 alternative ways:
a) QFIL
Open QFIL: C:\Program Files (x86)\Qualcomm\QPST\bin\QFIL.exe.
Did QFIL already automatically recognize the Diag Port in the first row?
From the top menu "Tools" choose the entry "QNC Backup Restore". Backup the QNC
b) QPST
Open QPST Configuration: C:\Program Files (x86)\Qualcomm\QPST\bin\QPSTConfig.exe.
Under the tab "Ports" there should be the COM port from the device manager above.
If not, try "Add New Port" and untick “Show Serial and USB/QC Diagnostic ports only” and choose the right COM port and click OK.
If this doesn't help and no device shows up, add the COM-Port manually by typing the following:
Port: COMy (replace x with the number of what the device manager is showing you for the "Qualcomm/Oppo HS-USB MSM Diagnostics 276C (COM y)"
Label: You are free to name this port what you want
Then in QPST Configuation open the top menu entry "Start Clients" and then "Software Download". Select the port of the device in diagnostic mode and press OK.
Choose the “Backup” option tab, click browse, choose your destination and name of your QCN backup, choose the "QPST NV Memory Files (.qcn)" as “Save as type”, NOT the first option as (.xqcn).
Click “Start” and wait for it to finish. This will back up all your phones NV Items and save them to the QCN Backup File.
5. Anonymizing your IMEI:
Open the .qcn file with HEX editor.
Search for your IMEI in HEX format. To do so, use the IMEI converter, enter your IMEI.
[For your own verifcation: An IMEI in HEX always starts with "08" followed by your first IMEI number and an "A". So if you have IMEI 123456789012345 the HEX format would be 08 1A 32 54 76 98 10 32 54.]
Now search for the converted HEX string (or better search for the first four characters 08xA only). Keep in mind to set the search type to "HEX values" not "Text" or anything else.
Replace all numbers after “08” with dummy numbers, so the result will e.g. be: 08 1A 22 33 44 55 66 77 88. Please copy your chosen dummy HEX IMEI, so I know what I am searching for to insert my IMEI then.
Save the file (as another copy, don't replace your original file in ase you will need it some day)
6. Share the anonymized file with me over PN
I thank all of you for your help! :victory:
Hello, I am new here and I would like to know if it is possible that you could share the file that happened to you since I have the same problem after partitioning my cell phone Beforehand thank you very much Sorry for my bad English
hi. had same problem with imei missing in my phone after hard bricking it and partition all mess up but now I done reparing the partition, some error come up says nv partition error. then I find out the imei is missing. please send me the dummy imei to my email. hope I can have my phone back.
- [email protected]