Engineering Mode (no longer working) - OnePlus 3 Questions & Answers

There is a special secret dial code for invoking an extended Engineering Mode on the Oneplus 3:
*#36446337#
This opens up the menue of this extended EM.
It worked. But I screwed it up, so I cannot invoke it any more
I know, shame on me and all that stuff, this was totally my fault, as I played around with the apk, copied (not moved) it to the Download folder and tried to install it like a normal app.
Did not work.
But now also invoking the original extended EM no longer works ([email protected]).
I'd like to kindly ask the real experts among you:
1. What is it I screwed up with my stupid attempts to install this apk?
2. Is there any way to restore the information the dialer needs for parsing this secret code - other than performing a factory reset?
Or which is the information that got lost or overwritten?
3. All files in
/system/app/EngineeringMode
/system/app/EngSpecialTest
appear to have been unaffected.
(But could anyone please share the proper contents of these two folders, in case the extended EM works properly for him?)
4. Is there any way of invoking the extended EM directly working around doing it with the secret dialer code given above? e.g. by modifying the apk - admittedly in a more sophisticated way I attempted ?
I hope my question comes in the proper forum, don't want to cross-post it.
Thanks in advance!

Please Post Files as attachment or Link...
Would you be kind enough to post these files or a link to them? Unsure, but suspect a permissions issue or incorrect location of said files. I think you can connect to computer (with debugging enabled, & allowing access & allowing the rsa prompt also). You will need a command line/terminal depending on your desktop /laptop os. . I would say that you can use adb devices, then adb shell and finally am then the package name. Not sure how to format the activity manager command. Mayb am start - n xxx or am start xxx. Perhaps forum or Google can help. I kno that typing just am from the adb shell will list all possible options.

Related

[primoc]method to gain your nv keys for backup

k guys, this thread is coming about after respectfully moving the discussion from kalaker's s-off thread.
i've been looking for a while about how to back up my nv keys for data, just in case anything happens to my one v. this is thanks to New Optimus (for steps 8-10) and jmztaylor, who informed me the open sesame door trick works. I AM NOT RESPONSIBLE FOR HOW SOME MAY USE THIS. open sesame door trick has the potential to screw your phone up if you dont do it right, or delete an nv item.
CDMA ONLY (i dont think gsm works the same way anyway)
YOU ARE NOT MODIFYING ANYTHING. All you are doing is backing up your AAA and HA keys. they are used to identify and register your device's data on the VM network. IF YOU MODIFY ANYTHING, ITS YOUR FAULT IF YOU SCREW IT UP.
step 1:
download and install qpst. im not linking to the file, you should be able to find it easily enough by googling it.
step 2:
open up qpst configuration, and let it sit in the background for a minute. install the htc diag drivers for one v from here: http://www.htc.com/www/support/
look for the one v, and download and install the HTC Sync program which will install all the drivers you need.
step 3:
close out of htc sync once its installed, its an annoying program anyway. connect your phone, make sure adb debugging is enabled in developer options in settings. open the dialer, type in ##3424# (##diag#) and a screen will come up that says on and off, with select at the bottom. click on, then select, and it will ask you for your msl code.
note: your msl code can be obtained by a app in market called MSL Reader, you need root for this. follow the prompts in the app, its easy enough to do.
step 4:
after entering your msl code and entering diag mode, go back into qpst configuration. click on "add new port" toward the bottom right, and make sure when the window opens "COMx- USB/QC Diagnostic" is selected and click ok. qpst configuration should now recognize your phone as SURF-MSM7830. if it doesnt, update your version of qpst.
step 5:
in qpst configuration, click on "Start Clients- EFS Explorer". make sure you put your msl in the box that says spc, and click ok. a please wait window will pop up, it will only take a few seconds.
from New Optimus's post: http://forum.xda-developers.com/showpost.php?p=29951978&postcount=796
8. Once the phone reads completely make a new directory named (open sesame door) without the parentheses and all lower case
9. After making the new folder locate abd.exe from the android sdk install folder and press: start, run and type cmd then press enter you will get a command prompt window that opens up navigate to the android sdk directory and type; adb reboot, the phone should then reboot if you’ve done as you were supposed to.
10. After the phone reboots read it again with QPST EFS Explorer which still should be opened, you will notice that the red no access circle has been removed from the nvm directory so expand it and go to the num directory,
Click to expand...
Click to collapse
(note: edited New Optimus's post to remove links to esn/meid changing which is frowned upon in the forums, also i already had the open sesame door folder created upon making the pictures.)
left click and drag 465, 466, 1192 and 1194 to your desktop.
keep 465,466, 1192 and 1194 in a safe spot, they are how you have data on your phone. if something happens to your HOV and those are gone, good luck getting data back.
Quick noob question, do these files get generated by the carrier when you activate the phone?
whoshotjr2006
Do AKEY, SSDA and SSDB files need to be saved? if so, where are the files?
reachforthesky said:
whoshotjr2006
I know the content of file 0 and 1943. Could you briefly describe the contents of these 4 files (465, 466, 1192 and 1194)? Which one is HA, AAA, SSDA and SSDB? Are there any more important NVM files need to be saved?
Click to expand...
Click to collapse
465^"Data Services Mobile IP General User Profile"^"Data*"
466^"Data Services Mobile IP Shared Secret User Profile"^"Data*"
1192 is the AAA secret
1194^"HDR Access Network Stream CHAP Authentication User ID"^"Data*"
The reference is here: http://forum.xda-developers.com/showthread.php?t=1954029
Got sooo excited when I saw this. Used to switch firmware's on my optimus v with the firmware of the optimus s, and use optimus s roms. Had all of my nv data and everything else backed up. Forgot you have to have be on an aosp rom for this to work because you need a port. -_- I don't have a stock backup and right now I'm tethering, so it'd take awhile to download a stock backup. Guess I'll have to wait a week or so.
nvm, I found a backup. I tried it out, and i got to the qpst efs explorer. I did the open sesame door, and it unlocked the nvs, but I only had a couple of the files from the list. I did not have 465 or 466. Also, I had an issue when I tried to recognize the phone. It did recognize the phone in diag mode with the port, but not as surfmsm7830. I have the most updated version of qpst.
I'll have to check what version I'm running of qpst, I know its close to the newest if not the newest. It wouldn't recognize my phone correctly until I had a new enough copy.
Also the first time I tried the open sesame door trick, I too had the limited nv items. I used the ruu to go back to stock, and once I did that the open sesame folder dir survived the ruu and unlocked the rest of the nv items.
Hope that helps.
Sent from my One V using xda app-developers app
What version of QPST are you using for this? I get an error "Online connection failure: Unspecified error" when trying to connect.
I think my phone isn't getting read properly by QPST because under phone it says "(unknown)" even though the other fields fill in correctly.
CDMA Workshop reads my phone no problem, but this thing no luck.
EDIT: Found an updated build and it displays the specified info under phone. Not sure what the lowest working version is, but v2.7 build 323 will not read it, build 366 will though.

recover after broken screen, modify default.prop to disable secure USB debug?

Dropped my S3 today, and now the screen doesn't respond to touch. The display also only works partially. This is the excuse I needed to get an S5, but I'd like to pull data off this S3 for the transition. Honestly I'm not even sure there's anything important on there that isn't already backed to the cloud one way or another. But I'd like to poke around to be sure, use Titanium backup for at least a few apps in particular.
So I found this nice utility: http://forum.xda-developers.com/showthread.php?t=2786395 to allow me to control the device and see the screen via adb. Problem is that while USB debugging is enabled, I have to confirm the RSA fingerprint of my PC on the device itself... which I can't do because the digitizer on the phone is broken. Some searching suggests using a USB OTG to connect a mouse to blindly try to hit the RSA confirmation button. Either it doesn't work, or the cable I hacked together didn't cut it. I couldn't get off of the keyguard screen. Ordered a premade OTG adapter, but if that still fails I may have to find another way in.
From what I've read, I can disable the RSA check by setting ro.adb.secure=0 in default.prop, but that file would need to be replaced on the boot ramdisk. Making a custom boot image isn't something I've done. I found this article about it, "HOWTO: Unpack, Edit, and Re-Pack Boot Images". Following that article, should my boot.img come from extracting the L710VPUDNJ2_L710SPRDNJ2_L710VPUDNJ2_HOME.tar.md5 file? And then once I've recompiled boot.img with the modified default.prop, what is the proper method for flashing that boot.img? Do I need to use odin?
The device has stock NJ2+root and Philz Touch recovery. The display and hardware keys work well enough that I can navigate recovery and initiate anything in there, and I can get to an adb shell while the device is booted in recovery.
So two questions...
1) am I on the right track to make and flash a custom boot.img?
2) is this all pointless? would I be better served to simply use recovery to copy down a backup image and extract anything I may need from that? That main data I'm concerned about is keys/etc for 2-factor apps like google authenticator and battle.net.
EDIT: As far as getting in, I couldn't figure out how to make that app work properly for controlling the phone. It could show me the screen, but apparently not send touch input.
BUT, the solution to bypassing secure adb was easy. Since I had a custom recovery and could get adb shell while booted in recovery, I could shell in, mount data, and push my local adbkey.pub to /data/misc/adb/adb_keys. VMLite VNC Server was the easiest way I found to access the system remotely, since I could push the app install from the play store on the web and then use the companion desktop app to launch the server on my phone via adb.

Rooting the LG Exalt LTE from Verizon (LG VN220) - Request for Advice

TL.DR; Trying to root new Verizon Android flip-phone with Marshmallow 6.0.1, ARMv7. Firmware version: VN22010B. Seems to to be locked down.
Click to expand...
Click to collapse
I'm trying to root the LG Exalt LTE, or LG VN220, from Verizon. Initially, I've attempted the common rooting kits, such as KingoRoot as well as the tools described around XDA. However all failed. I suspect the cause to be the restrictive permissions of /data/local/tmp, which prevents execution of binaries. I believe any kit using this location will likely fail to achieve anything.
As such, I've been looking to achieve the same using manual techniques. The first step, as in most rooting activity is to put the device into USB debugging mode. To do this on the VN220, first compose ##7764726220. When asked for a service code, use 000000 to access a special menu. Select the Developer Options > USB Debugging and select On. There is an additional menu below named Select USB configuration, from which you can select Media Transfer Protocol or RNDIS among other options.
With that done, you can verify that you can now communicate with the device via ADB. To do so, download the Minimal ADB and Fastboot bundle. While I was successful in querying the device with ADB with
Code:
adb devices
Trying to use fastboot simply outputs "< waiting for device >" indefinitively. It is also possible to open a shell using ADB, however attempting ADB with root will fail. I don't think this is caused by having wrong drivers, as all the other tools could detect the phone (see below), but rather a permission issue.
From there, I've try to boot in different modes, which are accessible by turning off the phone, and then powering up the device while holding the Volume Down button. This will boot into a white screen with some options, including the "Safe Mode" option which I attempted. The second mode is the "Firmware Upgrade" mode which is accessible by again, powering down the phone and powering it up again, but this time holding the Volume Up for 3 seconds.
Attempting to run the following fails:
Code:
fastboot oem unlock
That being said, I later found out that LG does provides a legitimate way to unlock the bootloader via their LG developer portal. Unfortunately the VN220 is not in the list of supported devices, nor does the procedure given applies to this phone. Additionally, it requires the device ID which fails also since it requires fastboot:
Code:
fastboot oem device-id
The other attempt I've tried is using the LG Mobile Support Too l and while it was useful to obtain the KDZ file from their website, it also failed to apply the update. LGUP didn't recognise the model. (Note that both requires the USB mode to be RNDIS to detect the phone)
Trying to run apps from the internal storage such as su or even using the chmod command only results in "Operation not permitted" messages. So even temporary root seems rather difficult.
At this point, I'd like to know if anyone has any advice on additional things I could try to root the phone, or even have temporary root.
Thanks in advance
@cyberrecce
Why?
First of all thank you, I've been looking for that service code to enable developer settings / adb since I discovered the phone secretly runs Android. But I don't see why we would need root, I've been using adb to side load apps since I can't get to a menu that allows it
jfn0802 said:
First of all thank you, I've been looking for that service code to enable developer settings / adb since I discovered the phone secretly runs Android. But I don't see why we would need root, I've been using adb to side load apps since I can't get to a menu that allows it
Click to expand...
Click to collapse
1. Why? To install a custom ROM.
2. Did you get any issue with certificates when side-loading apps? I keep getting INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES. Can't seem to find the "Install from Unknown Sources" option.
Same problem
InfectedPackets said:
1. Why? To install a custom ROM.
2. Did you get any issue with certificates when side-loading apps? I keep getting INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES. Can't seem to find the "Install from Unknown Sources" option.
Click to expand...
Click to collapse
i get the same error. did you find a solution? i would really appreciate it
InfectedPackets said:
1. Why? To install a custom ROM.
2. Did you get any issue with certificates when side-loading apps? I keep getting INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES. Can't seem to find the "Install from Unknown Sources" option.
Click to expand...
Click to collapse
MendilR said:
i get the same error. did you find a solution? i would really appreciate it
Click to expand...
Click to collapse
re: the certificate error for side loading apps...
Code:
adb shell settings put secure install_non_market_apps 1
turns off the unknown source block, but I'm still getting INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES
Could the apk itself I'm trying to use have a bad certificate? Or is there another solution?
InfectedPackets said:
I'm trying to root the LG Exalt LTE, or LG VN220, from Verizon. Initially, I've attempted the common rooting kits, such as KingoRoot as well as the tools described around XDA. However all failed. I suspect the cause to be the restrictive permissions of /data/local/tmp, which prevents execution of binaries. I believe any kit using this location will likely fail to achieve anything.
As such, I've been looking to achieve the same using manual techniques. The first step, as in most rooting activity is to put the device into USB debugging mode. To do this on the VN220, first compose ##7764726220. When asked for a service code, use 000000 to access a special menu. Select the Developer Options > USB Debugging and select On. There is an additional menu below named Select USB configuration, from which you can select Media Transfer Protocol or RNDIS among other options.
With that done, you can verify that you can now communicate with the device via ADB. To do so, download the Minimal ADB and Fastboot bundle. While I was successful in querying the device with ADB with
Code:
adb devices
Trying to use fastboot simply outputs "< waiting for device >" indefinitively. It is also possible to open a shell using ADB, however attempting ADB with root will fail. I don't think this is caused by having wrong drivers, as all the other tools could detect the phone (see below), but rather a permission issue.
From there, I've try to boot in different modes, which are accessible by turning off the phone, and then powering up the device while holding the Volume Down button. This will boot into a white screen with some options, including the "Safe Mode" option which I attempted. The second mode is the "Firmware Upgrade" mode which is accessible by again, powering down the phone and powering it up again, but this time holding the Volume Up for 3 seconds.
Attempting to run the following fails:
Code:
fastboot oem unlock
That being said, I later found out that LG does provides a legitimate way to unlock the bootloader via their LG developer portal. Unfortunately the VN220 is not in the list of supported devices, nor does the procedure given applies to this phone. Additionally, it requires the device ID which fails also since it requires fastboot:
Code:
fastboot oem device-id
The other attempt I've tried is using the LG Mobile Support Too l and while it was useful to obtain the KDZ file from their website, it also failed to apply the update. LGUP didn't recognise the model. (Note that both requires the USB mode to be RNDIS to detect the phone)
Trying to run apps from the internal storage such as su or even using the chmod command only results in "Operation not permitted" messages. So even temporary root seems rather difficult.
At this point, I'd like to know if anyone has any advice on additional things I could try to root the phone, or even have temporary root.
Thanks in advance
@cyberrecce
Click to expand...
Click to collapse
Just curious - any success or updates. I can't seem to get past " INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES"
For installing apps I'm still not getting past INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES
I even tried pulling an apk from my LG G4 that successfully installed on that device and tried installing it on the Exalt, but same error.
The biggest reason I've seen for the INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES is apks that are signed poorly. When I check the apks I'm using for their signatures with the JDK it says one or more of their signatures lack a timestamp which can cause problems.
Also, downloading the apk from the Exalt's browser and trying to install from either
settings > phone settings > storage > phone > explore > downloads > open > install
or
tools > file manager > internal storage > downloads > open > install
has been coming up with "app not installed" after it tries to install the apk.
I'm not really giving up though, I just don't really know where to go from here.
effulgent.unicorn said:
For installing apps I'm still not getting past INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES
I even tried pulling an apk from my LG G4 that successfully installed on that device and tried installing it on the Exalt, but same error.
The biggest reason I've seen for the INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES is apks that are signed poorly. When I check the apks I'm using for their signatures with the JDK it says one or more of their signatures lack a timestamp which can cause problems.
Also, downloading the apk from the Exalt's browser and trying to install from either
settings > phone settings > storage > phone > explore > downloads > open > install
or
tools > file manager > internal storage > downloads > open > install
has been coming up with "app not installed" after it tries to install the apk.
I'm not really giving up though, I just don't really know where to go from here.
Click to expand...
Click to collapse
Any ideas on how to get past - "INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES"?
PAULC91316 said:
Any ideas on how to get past - "INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES"?
Click to expand...
Click to collapse
I'm still at the same place I was the other day when I posted this.
effulgent.unicorn said:
For installing apps I'm still not getting past INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES
I even tried pulling an apk from my LG G4 that successfully installed on that device and tried installing it on the Exalt, but same error.
The biggest reason I've seen for the INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES is apks that are signed poorly. When I check the apks I'm using for their signatures with the JDK it says one or more of their signatures lack a timestamp which can cause problems.
Also, downloading the apk from the Exalt's browser and trying to install from either
settings > phone settings > storage > phone > explore > downloads > open > install
or
tools > file manager > internal storage > downloads > open > install
has been coming up with "app not installed" after it tries to install the apk.
I'm not really giving up though, I just don't really know where to go from
here.
Click to expand...
Click to collapse
InfectedPackets said:
The other attempt I've tried is using the LG Mobile Support Too l and while it was useful to obtain the KDZ file from their website, it also failed to apply the update. LGUP didn't recognise the model. (Note that both requires the USB mode to be RNDIS to detect the phone)
Click to expand...
Click to collapse
Can you please share with us the KDZ file?
Thanks!
anyone?
You will need to:
- unlock it’s Bootloader. If the “fastboot oem unlock” command will not work (and I’m quite sure it will not, since we’re talking about a USA LG device), you can stop here and throw the phone out the window.
- if by some any miracle you will be able to unlock the bootloader, you have two ways of rooting it:
1. Using TWRP and a superuser zip file (magisk or the now Chinese owned supersu). The main problem with this is that you will need to compile TWRP yourself, since I doubt anyone will bother for such an obscure device.
2. Using a prerooted boot image. You will need the stock boot image, install the latest magisk manager, let it root it and then flash it via fastboot. This is particularly difficult because you will need to decrypt the kdz file (if any available) in order to get the boot.img
Even if by a greater miracle you will be able to get 1 or 2 working, there still is a huge chance that the fastboot flash command will be disabled.
Forget about solutions like king/kingoroot. Best case scenario they will fail. Worst case scenario they will softbrick the phone by gaining temporary root and then modifying /system. That will in turn trigger dm-verity which will cause the soft brick.
Forget about the scams like oneclickroot. Their so called techs will try the aforementioned and fail and you will waste your $40.
Sorry To deliver the bad news, but there’s no way out of it.
Thanks for taking your time, to help me.
I will check if I can unlock the bootloader.
Thanks alot
r3w1NNNd said:
You will need to:
- unlock it’s Bootloader. If the “fastboot oem unlock” command will not work (and I’m quite sure it will not, since we’re talking about a USA LG device), you can stop here and throw the phone out the window.
- if by some any miracle you will be able to unlock the bootloader, you have two ways of rooting it:
1. Using TWRP and a superuser zip file (magisk or the now Chinese owned supersu). The main problem with this is that you will need to compile TWRP yourself, since I doubt anyone will bother for such an obscure device.
2. Using a prerooted boot image. You will need the stock boot image, install the latest magisk manager, let it root it and then flash it via fastboot. This is particularly difficult because you will need to decrypt the kdz file (if any available) in order to get the boot.img
Even if by a greater miracle you will be able to get 1 or 2 working, there still is a huge chance that the fastboot flash command will be disabled.
Forget about solutions like king/kingoroot. Best case scenario they will fail. Worst case scenario they will softbrick the phone by gaining temporary root and then modifying /system. That will in turn trigger dm-verity which will cause the soft brick.
Forget about the scams like oneclickroot. Their so called techs will try the aforementioned and fail and you will waste your $40.
Sorry To deliver the bad news, but there’s no way out of it.
Click to expand...
Click to collapse
Any sage advice on the [INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES] issue when sideloading apps?
 @jfn0802 said they had success with sideloading, but haven't been online in ages, and none of the rest of us seem to have had the same success. Minimum, that's what I would like to accomplish.
[side note, has anyone switched from Verizon with this phone? I'm looking to, but I'm wondering a couple of things like, does verizon have the mobile hotspot function restricted from use on other carriers? & etc & just wondering how it's doing off-verizon for anyone.]
effulgent.unicorn said:
Any sage advice on the [INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES] issue when sideloading apps?
@jfn0802 said they had success with sideloading, but haven't been online in ages, and none of the rest of us seem to have had the same success. Minimum, that's what I would like to accomplish.
[side note, has anyone switched from Verizon with this phone? I'm looking to, but I'm wondering a couple of things like, does verizon have the mobile hotspot function restricted from use on other carriers? & etc & just wondering how it's doing off-verizon for anyone.]
Click to expand...
Click to collapse
my freinds are using it in Canada with videotron and everything works, without unlocking
Just to add a clue what to look at, I think these devices are from Verizon and they are blocking anonymous apps from being installed
GenTech Solution said:
Just to add a clue what to look at, I think these devices are from Verizon and they are blocking anonymous apps from being installed
Click to expand...
Click to collapse
Yes right, but how can I go around it?
Ps. I was able to uninstall apps (I removed my Verizon)
With adb shell, as the user 0, but with adb normal uninstall didn't work, but when I try to install with adb shell, it gave the same certificate erorr
GenTech Solution said:
Just to add a clue what to look at, I think these devices are from Verizon and they are blocking anonymous apps from being installed
Click to expand...
Click to collapse
Isn't that what turning on the "install from unknown sources" option should do? I still get the Install Parse Failed after switching it on with ADB.
@98jbsz I've tried to uninstall without success. What way did you do it? And does it just leave a blank space in the menu screen?
[Less on topic, sorry again, but has anyone seen the LG Wine LTE? http://www.lg.com/us/cell-phones/lg-UN220-lg-wine
It's strikingly similar to our friend the Exalt LTE here, but it seems less carrier branded/available at US Cellular, so I'm wondering if that would make a difference?
Major differences Wine LTE has more 4G bands (2/4/5/12/25) versus Exalt (4/5/13), which kind of has me kicking myself, because travel and 4G was one of the reasons I bought the Exalt. Both have quadband GSM and WCDMA, but interestingly the Wine also has CDMA.
Beyond that, there are some more smaller differences I scavenged from their LG pages, Exalt has more bluetooth profiles, supports more music formats, has more GPS capabilities, wifi calling, and 1 more ringtone. Wine has more supported video formats, and an FM radio.
I'm curious about what/if the Wine would have for sms messaging (I doubt it'd have Verizon's message+) and instead of my Verizon app...]
98jbsz said:
Yes right, but how can I go around it?
Ps. I was able to uninstall apps (I removed my Verizon)
With adb shell, as the user 0, but with adb normal uninstall didn't work, but when I try to install with adb shell, it gave the same certificate erorr
Click to expand...
Click to collapse
Alright, I also managed to uninstall my verizon and verizon's cloud app using
Code:
adb shell and the pm uninstall -k --user 0
But the Verizon apps folder on the menu screen remains, although it's empty. Any ideas on how to remove it?
Then I tried to install an apk using
Code:
pm install
and it came back with [INSTALL_FAILED_INVALID_URI] which...is a different than [INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES], but not better.
right, but when you first copy the APK to the phone, and then you install it, you will see the [INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES] error. still not a solution

Unlock car multimedia system

I'm trying to find information about a multimedia system i have installed in my Skoda, the sticker on the device says CNT100, which is manufactured by CarNeTek (device page - https://www.carnetek.com.tw/products_detail/15.htm, not sure if they are the manufactures or just a reseller).
The company which sell and install it locally are not willing to share any information about the device, and of course are not willing to unlock it (to install applications from the play store, tweak configuration, etc.).
On the device there are 6 dip switches (which i couldn't figure out what they control), and no visible button (to get into recovery), i can get to the play store, and install applications - but as soon the installation is completed - they get uninstalled (there is a list of application that are not automatically uninstalled).
The launcher looks like a custom local version, there is no way to get into the settings page and the notification bar cannot be clicked (or dragged down), if i click multiple times on the menu - i get a dialog for some configuration, where i'm prompt for password (the dialog has a random number on it - which i suspect is used to generate correct password).
is anyone familiar with this device? or can suggest a way to unlock it?
(attached images of the device and the boot screen)
Hey mrtowel!
Trying to figure out that as well.
You said "if i click multiple times on the menu"
Where is this menu? possible to send a photo of that?
I'm talking about an Israeli version
Seems to be customized by [email protected]
sorry but i was wrong describing the way to get to the password dialog, on the home screen - there is a weather widget, showing the weather on the left side and the clock on the right side, multiple taps on the weather allows you to reboot the device, while multiple taps on the clock gets you to the password dialog.
I made some progress with the device - still working on getting it unlocked completely, let me know if you want more details.
mrtowel said:
Seems to be customized by [email protected]
sorry but i was wrong describing the way to get to the password dialog, on the home screen - there is a weather widget, showing the weather on the left side and the clock on the right side, multiple taps on the weather allows you to reboot the device, while multiple taps on the clock gets you to the password dialog.
I made some progress with the device - still working on getting it unlocked completely, let me know if you want more details.
Click to expand...
Click to collapse
Hey!
Just found that new to me. Pushed 6 times on the clock of the weather widget and got a prompt for the password. I receive a 9 digit number with that.
Also found that if you do the same on the temperature indication, you'll be prompt for device restart.
So that's a progress.
Anyways, I will be happy to hear from you, what progress you have made on this.
Will send you a PM.
Did someone have any success?
Hello, i have a Toyota corolla 2016 with "android multimedia" that have only 2 apps without google play or any apps, the startup screen is like yours.
i wan to unlock the system, someone know how to do that?
gtrs36 said:
Hello, i have a Toyota corolla 2016 with "android multimedia" that have only 2 apps without google play or any apps, the startup screen is like yours.
i wan to unlock the system, someone know how to do that?
Click to expand...
Click to collapse
try to get to app store (in case it is installed) through one of the installed apps using the 'rate us' option, you can also try and push a play store link through bluetooth, if it works - the android system will launch the play store app, and you'll be able to setup your account.
Once you get to the play store - download and install Googel app (https://play.google.com/store/apps/details?id=com.google.android.googlequicksearchbox&hl=en) this will let you ask google assistant to 'Open Display Settings' (in my case this option let me enable the drag down menu, where i could easily access the settings and other stuff).
hope that helps
?
Hey did you succeed?
please help
Hi
did any one of you had any success with getting into setting menu ?
i can get to google play...but as was posted before, everything i try to install immediately erase itself.....
does any one have the approved app list from ituran ?
i do believe that together we can crack this....
thanks
Thanks for the tips I've made it to download youtube! But how I can bypass the limit to install all apps from play store?
Also how can I cancel the restrictions of using apps during drive?
Thanks
Allon
Hey @mrtowel any change you can share some more details?
I tried connecting to the USB with my laptop to try doing some adb commands but it did not detect anything
I'm also wondering about the dip switch
and how to get the password bypass
Would really like to hear some more details if you can share please?
Just came here to see if can recall my steps from last time i played with the device (i kind of gave up, as it worked well with what there is, but recent update made it work really slow).
turns out there is a post on facebook (https://facebook.com/groups/gilcar/permalink/729881061134680/?comment_id=729883497801103), i'm going to try and build some utility to generate unlock codes (last time, i managed to get to an adb terminal, but i wasn't aware of the `pm hide` option to disable the installation blocker ****).
will post updates here if i get some progress
For anyone interested, attached the list of whitelisted apps. a jar to generate the code to enable tech mode and how i disabled the installation blocker
For the jar - you would need to get your device Wifi MAC address (see old post from 2019 on how to enable the navigation bar), which can be retrieved from the 'אודות' section. (run the jar by running 'java -jar codeGen_jar.jar 00:11:22:33:44:55' - replace the numbers with your device mac address)
Wifi must be enabled - before the next step
To get to the code, hit few clicks on the clock widget in the home screen would prompt you with a password (if the code generator matches your version of connect-it (if it isn't - see bypass admin mode workaround below), the codes would match), enter the unlock code (admin mode result from the codeGen output) and move to the apps section - you would see 'tech mode' application.
Wifi must be connected before the next step
On the tech mode application - you would have another code (tech mode result from the codeGen) enter it - and it would open a page to enable adb remote server (you must be connected to a wifi network to get it to work).
Connect to the adb using a remote shell from another device (or a laptop), to the specified IP on port 1917 (note that most mobile tethering options won't work due to networking limitations). If you don't have an accessible wifi network - see Wifi Workaround below
From adb, run the following:
to disable the application which blocks installations: pm hide com.ituran.installationblocker
Disable updates: pm hide com.ituran.systemupdateservice
Disable blocking applications while driving: pm hide com.ituran.driveusagemonitor
Tips:
While in admin mode, you can see all installed applications, and pin them to the start page of the home screen, recommend to pin Play Store app (as it is usually hidden)
Don't try to enable or enter 'Guest mode' (i tried it, and the device went into boot loop)
The codes generated are date sensitive, so either generate new ones if you won't use them in the same day, or change the device date.
Wifi Workaround : a workaround can be to install modified version of 'Remote ADB Shell' (attached) on the device, save it to your mobile phone, and push it to the device through bluetooth, this version is the same version as 'Remote ADB Shell' from the play store - only names 'Spotify' which will keep it installed on the device, after installation, run it and connect to 127.0.0.1 on port 1917 instead.
Bypass admin mode workaround : while Admin Mode enables you to view the hidden applications, in the above process, it mainly gives you the option to run the tech mode app. if the code for the admin mode isn't working for you, install 'Amaze file explorer' (attached - it was renamed to bypass the installation blocker) by pushing it through bluetooth.
You can find more details on this facebook post (not mine - but i used details from this thread to figure out how to disable the application from ADB)
Enjoy and drive safely.
mrtowel said:
For anyone interested, attached the list of whitelisted apps. a jar to generate the code to enable tech mode and how i disabled the installation blocker
For the jar - you would need to get your device Wifi MAC address (see old post from 2019 on how to enable the navigation bar), which can be retrieved from the 'אודות' section. (run the jar by running 'java -jar codeGen_jar.jar 00:11:22:33:44:55' - replace the numbers with your device mac address)
Wifi must be enabled - before the next step
To get to the code, hit few clicks on the clock widget in the home screen would prompt you with a password (if the code generator matches your version of connect-it (if it isn't - see bypass admin mode workaround below), the codes would match), enter the unlock code (admin mode result from the codeGen output) and move to the apps section - you would see 'tech mode' application.
Wifi must be connected before the next step
On the tech mode application - you would have another code (tech mode result from the codeGen) enter it - and it would open a page to enable adb remote server (you must be connected to a wifi network to get it to work).
Connect to the adb using a remote shell from another device (or a laptop), to the specified IP on port 1917 (note that most mobile tethering options won't work due to networking limitations). If you don't have an accessible wifi network - see Wifi Workaround below
From adb, run the following:
to disable the application which blocks installations: pm hide com.ituran.installationblocker
Disable updates: pm hide com.ituran.systemupdateservice
Disable blocking applications while driving: pm hide com.ituran.driveusagemonitor
Tips:
While in admin mode, you can see all installed applications, and pin them to the start page of the home screen, recommend to pin Play Store app (as it is usually hidden)
Don't try to enable or enter 'Guest mode' (i tried it, and the device went into boot loop)
The codes generated are date sensitive, so either generate new ones if you won't use them in the same day, or change the device date.
Wifi Workaround : a workaround can be to install modified version of 'Remote ADB Shell' (attached) on the device, save it to your mobile phone, and push it to the device through bluetooth, this version is the same version as 'Remote ADB Shell' from the play store - only names 'Spotify' which will keep it installed on the device, after installation, run it and connect to 127.0.0.1 on port 1917 instead.
Bypass admin mode workaround : while Admin Mode enables you to view the hidden applications, in the above process, it mainly gives you the option to run the tech mode app. if the code for the admin mode isn't working for you, install 'Amaze file explorer' (attached - it was renamed to bypass the installation blocker) by pushing it through bluetooth.
You can find more details on this facebook post (not mine - but i used details from this thread to figure out how to disable the application from ADB)
Enjoy and drive safely.
Click to expand...
Click to collapse
Does this method work with Hyundai, Mitsubishi, etc...?
Hi Mr.
mrtowel​do you have any videos explain the steps in post #13 I will be thankful if you provide me with for urgent case.
thank you dear for great job

Spyware of Phone

Hello,
I'm hoping that someone here will be able to help to do one or more of the following things:
1) Complete data recovery of Samsung Galaxy S9 snapdragon
2) Bypass pattern lock
A partner against whom I have a restraining order purchased this phone for me and I have since become aware that there is software installed on it which I cannot access which is recording my location, communications, etc.
All I installed is Mxplorer, OS Monitor, and Logcat, all of which were recommended by users on these forums and which were Google Play verified. When I started going through what I could access and recording the logs, my phone went crazy and a bunch of root files began to delete themselves. Now it is locked by a pattern and I never set a pattern.
Is it possible for me to bypass this pattern without deleting all the data on the phone, or to backup all the data on the phone including root files even if I cannot download the phone itself?
Alternatively, is anyone aware of any organization that would help me to examine the phone, as I do not feel that I have the technological ability to do so myself?
Also, I understand that the best thing to do for my own security is to use a different phone and to reset the passwords for all the accts that were saved on that phone from a different device and I am already doing that but it is very important to me to identify and preserve the spyware that was installed on this phone in order to 1) ensure the continuation of the restraining order 2) know what information he has had access to and 3) share the information that I find with organizations that are involved in combatting the development/sale/use of this kind of stalkerware.
Thank you.
PS C:\Users\Genevieve\Desktop\platform-tools_r30.0.5-windows (1)\platform-tools> .\adb shell
starqlteue:/ $ cd /data/data/com.android.providers.settings/databases
/system/bin/sh: cd: /data/data/com.android.providers.settings/databases: Permission denied
2|starqlteue:/ $
2|starqlteue:/ $
This is what I'm coming up against when I try to bypass the screen lock using adb, just for reference.
Permission denied on that path is not unusual, some devices simply don't support accessing that path over ADB. To delete that path, USB debugging needs to have already been enabled in the device's developer options so you can delete the gesture.key file and regain access. I've had a similar fight with an older Android device, trying to retrieve photos from a phone with an unlock pattern the owner had forgotten.
In the end I managed to gain access to the filesystem, but I had to do it through recovery mode by flashing an alternative recovery image to the device which bricked it for normal use.
I'd be surprised if this other person managed to install commercial spyware/malware without rooting the device, which would also give you access to that path.
That sort of 0day vuln is either darknet for $$$ (at which point, just wipe the cache partition, reflash the stock firmware and start from scratch) or nation state actor complexity.

Categories

Resources