Disabling fingerprint gestures - Treble-Enabled Device Questions and Answers
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
DaarkZek said:
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
Click to expand...
Click to collapse
There is no such setting in "Phh settings" unfortunately
Here is a logcat of when I double tap the fingerprint scanner. It triggers the volume down for some reason.
If someone could figure out what is the cause, it would be great
f
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
phhusson said:
f
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
Click to expand...
Click to collapse
I havent had the issue after I updated the Nokia 7 Plus firmware to Pie November before installing any GSI. But I did the getevent command anyway, in case it helps
Output:
Code:
phhgsi_arm64_ab:/ # getevent
add device 1: /dev/input/event6
name: "sdm660-snd-card-b2n Button Jack"
add device 2: /dev/input/event5
name: "sdm660-snd-card-b2n Headset Jack"
could not get driver version for /dev/input/mice, Not a typewriter
add device 3: /dev/input/event2
name: "goodix_fp"
add device 4: /dev/input/event4
name: "gpio-keys"
add device 5: /dev/input/event3
name: "hallsensor"
add device 6: /dev/input/event1
name: "fts_ts"
add device 7: /dev/input/event0
name: "qpnp_pon"
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
I first tapped the fingerprint scanner, then swipped the scanner from left to right, then right to left, down to up, up to down and then double tapped it
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
best way to check is compare between generic.kl present in system/user/keylayout with any of the generic.kl of your device with another ROM having no problem...
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
eremitein said:
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
Click to expand...
Click to collapse
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
eremitein said:
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
Click to expand...
Click to collapse
Perfect thanks mate.
Sent from my Phh-Treble vanilla using Tapatalk
Related
Android on Asus P527??
first of all, p527 is an omap 850 device of 200mhz i downloaded android for omap 850 devices from http://sourceforge.net/projects/wing-linux/ i installed wing-linux-0.4pre4-rootfs.cab in storage card next to have default.txt, i installed wing-linux-0.4pre4-elf.cab then i ran haret-0.5.2.exe. after few sec, the screen turned on white nd the device was hang up. m really anxious to start it on my p527... but just dont know how! i m posting all the txt files, generated or installed during the procedure... default.txt Code: set MTYPE 2372 set KERNEL "zImage" set INITRD "initramfs.cpio.gz" set CMDLINE "debug quiet psplash=false loglevel=7 init=/sbin/init console=tty0 video=omapfb:accel gsm-wizard.noreset=1 gsm-wizard.noload=1 4" log "earlylog.txt" bootlinux disdump.txt Code: HaRET(2)# pdump 0xfffec000 0x20 fffec000 | f8000089 010104ef 302eb93f fe700007 | ........?..0..p. fffec010 | ffffffd2 5c000000 fffffc00 fffffc19 | .......\........ HaRET(3)# pdump 0xfffee300 255 fffee300 | 00000000 00000000 00000000 00000000 | ................ fffee310 | 00000000 00000000 00000000 00000000 | ................ fffee320 | 00000000 00000000 00000000 00000000 | ................ fffee330 | 00000000 00000000 00000000 00000000 | ................ fffee340 | 00000000 00000000 00000000 00000000 | ................ fffee350 | 00000000 00000000 00000000 00000000 | ................ fffee360 | 00000000 00000000 00000000 00000000 | ................ fffee370 | 00000000 00000000 00000000 00000000 | ................ fffee380 | 00000000 00000000 00000000 00000000 | ................ fffee390 | 00000000 00000000 00000000 00000000 | ................ fffee3a0 | 00000000 00000000 00000000 00000000 | ................ fffee3b0 | 00000000 00000000 00000000 00000000 | ................ fffee3c0 | 0000a941 00000041 00002000 00000000 | A...A.... ...... fffee3d0 | 00002100 00000000 00000000 00000001 | .!.............. fffee3e0 | 00000010 00000001 00000000 00000000 | ................ fffee3f0 | 00000000 00000000 00006350 00000000 | ........Pc...... Cannot open script file \Storage Card\linux\default.txt Cannot open script file \Storage Card\linux\default.txt HaRET(1)# set MTYPE 2372 HaRET(2)# set KERNEL "zImage" HaRET(3)# set INITRD "initramfs.cpio.gz" HaRET(4)# set CMDLINE "debug quiet psplash=false loglevel=7 init=/sbin/init console=tty0 video=omapfb:accel gsm-wizard.noreset=1 gsm-wizard.noload=1 4" HaRET(5)# log "earlylog.txt" startup.txt Code: log "dispdump.txt" pdump 0xfffec000 0x20 pdump 0xfffee300 255 and earlylog.txt was like this.. Code: = *= ž: ›: ™8 “8 i doubt over default.txt with mtype for not booting up nd m abt to try with other devices' default.txt i know nothin abt porting or emulating android on winmo devices.. nd i hope to get response over here... pls comment
Nice initative, keep up the good work
this thred might be helpful http://forum.xda-developers.com/showthread.php?t=496692
Did you try haret, default.txt and everything android on the root of the storage card?
BenGman said: Did you try haret, default.txt and everything android on the root of the storage card? Click to expand... Click to collapse yes i tried. ofcourse on root of storage card. no good... it needs a kind of programming knowledge.
NFS module for Motorola defy froyo
I just finished building an nfs kernel module for my motorola defy from source. The module has dependencies to lockd.ko and sunrpc.ko, so you will need to load this prior to the nfs.ko. These modules were tested against Motorola Defy Stock ROM Froyo (Linux version 2.6.32.9-ga28fcc4) and they work just fine. You will require busybox's mount to mount nfs. I will write a more detailed howto shortly. have fun, tuxx
tuxx42 said: I just finished building an nfs kernel module for my motorola defy from source. The module has dependencies to lockd.ko and sunrpc.ko, so you will need to load this prior to the nfs.ko. These modules were tested against Motorola Defy Stock ROM Froyo (Linux version 2.6.32.9-ga28fcc4) and they work just fine. You will require busybox's mount to mount nfs. I will write a more detailed howto shortly. have fun, tuxx Click to expand... Click to collapse can you pls tell me how to use these file to get nfs working in my defy..
run the following commands: ./adb push nfs.ko sunrpc.ko lockd.ko /sdcard ./adb shell su cd /sdcard insmod lockd.ko insmod sunrpc.ko insmod nfs.ko Click to expand... Click to collapse then use busybox's mount command to mount nfs as you would on any other linux
Hi, tuxx42 said: These modules were tested against Motorola Defy Stock ROM Froyo (Linux version 2.6.32.9-ga28fcc4) and they work just fine. tuxx Click to expand... Click to collapse big thanks for building these . I am having a problem loading them on my defy running on this froyo kernel with cyanogenmod 7. To verify that we are talking about the same files: Code: [email protected]:~/tmp$ wget 'http://forum.xda-developers.com/attachment.php?attachmentid=625029&d=1308059056' -O nfs.zip --2011-07-17 10:47:37-- http://forum.xda-developers.com/attachment.php?attachmentid=625029&d=1308059056 Resolving forum.xda-developers.com... 50.23.231.72 Connecting to forum.xda-developers.com|50.23.231.72|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 122327 (119K) [application/zip] Saving to: `nfs.zip' 100%[===================================================================================>] 122,327 54.4K/s in 2.2s 2011-07-17 10:47:39 (54.4 KB/s) - `nfs.zip' saved [122327/122327] [email protected]:~/tmp$ md5sum nfs.zip 1af24766fa7fa43c014675c3744b1b28 nfs.zip [email protected]:~/tmp$ unzip nfs.zip Archive: nfs.zip creating: nfs/ inflating: nfs/lockd.ko inflating: nfs/nfs.ko inflating: nfs/sunrpc.ko [email protected]:~/tmp$ cd nfs [email protected]:~/tmp/nfs$ md5sum * 20ba7c5a6b407347b0d58375894c63ba lockd.ko 8a4576594dd865f88d705f5fd6ce84e9 nfs.ko 84fd57a86e5778e3f72d15cedd167091 sunrpc.ko [email protected]:~/tmp/nfs$ /sbin/modinfo * filename: lockd.ko license: GPL description: NFS file locking service version 0.5. author: Olaf Kirch <[email protected]> depends: sunrpc uts_release: 2.6.32.9 vermagic: 2.6.32.9 preempt mod_unload ARMv7 parm: nsm_use_hostnames:bool parm: nlm_max_connections:uint filename: nfs.ko license: GPL author: Olaf Kirch <[email protected]> depends: sunrpc,lockd uts_release: 2.6.32.9 vermagic: 2.6.32.9 preempt mod_unload ARMv7 parm: cache_getent:Path to the client cache upcall program (string) parm: cache_getent_timeout:Timeout (in seconds) after which the cache upcall is assumed to have failed (ulong) parm: enable_ino64:bool filename: sunrpc.ko license: GPL depends: uts_release: 2.6.32.9 vermagic: 2.6.32.9 preempt mod_unload ARMv7 parm: min_resvport:portnr parm: max_resvport:portnr parm: tcp_slot_table_entries:slot_table_size parm: udp_slot_table_entries:slot_table_size Copying them to the phone: Code: [email protected]:~/tmp/nfs$ adb push nfs.ko /sdcard/nfs.ko 2182 KB/s (103348 bytes in 0.046s) [email protected]:~/tmp/nfs$ adb push lockd.ko /sdcard/lockd.ko 1752 KB/s (41696 bytes in 0.023s) [email protected]:~/tmp/nfs$ adb push sunrpc.ko /sdcard/sunrpc.ko 2226 KB/s (130152 bytes in 0.057s) Trying to load lockd: Code: [email protected]:~/tmp/nfs$ adb shell # cd /sdcard # insmod lockd.ko insmod: init_module 'lockd.ko' failed (Exec format error) # dmesg | tail -1 <4>[127361.915008] lockd: module has no symbols (stripped?) Kernel version matches: Code: # uname -r 2.6.32.9-ga28fcc4 # Since the kernel complains about lack of symbols, let's see them: Code: [email protected]:~/tmp/nfs$ objdump -t lockd.ko BFD: lockd.ko: warning: sh_link not set for section `.ARM.exidx' BFD: lockd.ko: warning: sh_link not set for section `.ARM.exidx.exit.text' BFD: lockd.ko: warning: sh_link not set for section `.ARM.exidx.init.text' lockd.ko: file format elf32-little SYMBOL TABLE: no symbols [email protected]:~/tmp/nfs$ Let's see what objdump has to say about tun.ko present on the device: Code: [email protected]:~/tmp/nfs$ adb pull /system/lib/modules/tun.ko 167 KB/s (16220 bytes in 0.094s) [email protected]:~/tmp/nfs$ objdump -t tun.ko tun.ko: file format elf32-little SYMBOL TABLE: 00000000 l d .text 00000000 .text 00000000 l d .init.text 00000000 .init.text 00000000 l d .rodata 00000000 .rodata 00000000 l d .rodata.str1.1 00000000 .rodata.str1.1 00000000 l d .data 00000000 .data 00000000 l d .bss 00000000 .bss 00000000 l F .text 00000024 tun_net_open 00000024 l F .text 00000024 tun_net_close 00000048 l F .text 00000004 tun_net_mclist 0000004c l F .text 00000028 tun_net_change_mtu 00000074 l F .text 0000002c tun_setup 00000568 l F .text 00000028 tun_free_netdev 000000a0 l F .text 00000008 tun_validate 000000a8 l F .text 0000003c tun_get_settings 000000e4 l F .text 00000008 tun_get_msglevel 000000ec l F .text 00000004 tun_set_msglevel 000000f0 l F .text 00000010 tun_get_link 00000100 l F .text 00000010 tun_get_rx_csum 00000110 l F .text 00000020 tun_set_rx_csum 000002e0 l F .text 000000dc tun_chr_fasync 000003bc l F .text 000000ec tun_chr_poll 000004a8 l F .text 000000c0 tun_chr_close 00000590 l F .text 00000060 tun_chr_open 000005f0 l F .text 00000078 tun_get_drvinfo 00000668 l F .text 0000000c tun_sock_destruct 00000674 l F .text 00000018 tun_show_group 0000068c l F .text 00000018 tun_show_owner 000006a4 l F .text 0000003c tun_show_flags 000006e0 l F .text 00000050 tun_net_uninit 00000730 l F .text 00000178 tun_net_xmit 00000a74 l F .text 0000007c tun_sock_write_space 00000af0 l F .text 000009c4 tun_chr_ioctl 000014b4 l F .text 00000434 tun_chr_aio_write 000018e8 l F .text 00000364 tun_chr_aio_read 00000000 l d .ARM.extab 00000000 .ARM.extab 00000000 l d .ARM.exidx 00000000 .ARM.exidx 00000000 l d .ARM.extab.init.text 00000000 .ARM.extab.init.text 00000000 l d .ARM.exidx.init.text 00000000 .ARM.exidx.init.text 00000000 l d .modinfo 00000000 .modinfo 00000000 l d .gnu.linkonce.this_module 00000000 .gnu.linkonce.this_module 00000000 l d .note.gnu.build-id 00000000 .note.gnu.build-id 00000000 l d .comment 00000000 .comment 00000000 l d .ARM.attributes 00000000 .ARM.attributes 00000000 *UND* 00000000 strcpy 00000000 *UND* 00000000 rtnl_unlock 00000000 *UND* 00000000 misc_deregister 00000000 *UND* 00000000 eth_mac_addr 00000000 *UND* 00000000 skb_put 00000000 *UND* 00000000 rtnl_is_locked 00000000 *UND* 00000000 skb_copy_datagram_from_iovec 00000000 g O .gnu.linkonce.this_module 00000144 __this_module 00000000 *UND* 00000000 __netif_schedule 00000000 *UND* 00000000 __aeabi_unwind_cpp_pr0 00000000 *UND* 00000000 skb_dequeue 00000000 *UND* 00000000 kill_fasync 00000000 *UND* 00000000 rtnl_link_register 00000130 g F .text 00000020 cleanup_module 00000000 *UND* 00000000 dev_alloc_name 00000000 *UND* 00000000 memcpy 00000000 *UND* 00000000 do_sync_write 00000000 *UND* 00000000 kfree 00000000 *UND* 00000000 add_wait_queue 00000000 *UND* 00000000 eth_validate_addr 00000000 *UND* 00000000 __wake_up 00000000 *UND* 00000000 bitrev32 00000000 *UND* 00000000 __dev_get_by_name 00000000 *UND* 00000000 ether_setup 00000000 *UND* 00000000 netdev_features_change 00000000 g F .init.text 0000008c init_module 00000000 *UND* 00000000 eth_type_trans 00000000 *UND* 00000000 local_bh_enable 00000000 *UND* 00000000 dump_stack 00000000 *UND* 00000000 do_sync_read 00000000 *UND* 00000000 kfree_skb 00000000 *UND* 00000000 schedule 00000000 *UND* 00000000 alloc_netdev_mq 00000000 *UND* 00000000 __put_user_4 00000000 *UND* 00000000 kmem_cache_alloc 00000000 *UND* 00000000 local_bh_disable 00000000 *UND* 00000000 capable 00000000 *UND* 00000000 skb_queue_tail 00000000 *UND* 00000000 unlock_kernel 00000000 *UND* 00000000 device_create_file 00000000 *UND* 00000000 rtnl_link_unregister 00000000 *UND* 00000000 preempt_schedule 00000000 *UND* 00000000 sk_free 00000000 *UND* 00000000 skb_copy_datagram_const_iovec 00000000 *UND* 00000000 crc32_le 00000000 *UND* 00000000 fasync_helper 00000000 *UND* 00000000 memcpy_toiovecend 00000000 *UND* 00000000 free_netdev 00000000 *UND* 00000000 lock_kernel 00000000 *UND* 00000000 printk 00000000 *UND* 00000000 sk_alloc 00000000 *UND* 00000000 dev_set_mac_address 00000000 *UND* 00000000 netif_rx_ni 00000000 *UND* 00000000 memset 00000000 *UND* 00000000 skb_queue_purge 00000000 *UND* 00000000 __memzero 00000000 *UND* 00000000 misc_register 00000000 *UND* 00000000 __f_setown 00000000 *UND* 00000000 default_wake_function 00000000 *UND* 00000000 __init_waitqueue_head 00000000 *UND* 00000000 jiffies 00000000 *UND* 00000000 sprintf 00000000 *UND* 00000000 skb_partial_csum_set 00000000 *UND* 00000000 memcpy_fromiovecend 00000000 *UND* 00000000 sock_alloc_send_pskb 00000000 *UND* 00000000 no_llseek 00000000 *UND* 00000000 rtnl_lock 00000000 *UND* 00000000 remove_wait_queue 00000000 *UND* 00000000 malloc_sizes 00000000 *UND* 00000000 get_random_bytes 00000000 *UND* 00000000 __wake_up_sync 00000000 *UND* 00000000 in_egroup_p 00000000 *UND* 00000000 __copy_to_user 00000000 *UND* 00000000 strchr 00000000 *UND* 00000000 unregister_netdevice 00000000 *UND* 00000000 __copy_from_user 00000000 *UND* 00000000 sock_init_data 00000000 *UND* 00000000 __kmalloc 00000000 *UND* 00000000 register_netdevice [email protected]:~/tmp/nfs$ Are you sure that these modules work properly on your device? Maybe you have stripped them after putting them on your phone and before uploading them here?
I have the same problem... Did you find the way to mount nfs shares on the defy?
[Q] For help in need of Korean version of the 4.12root, please do me a favor.
For help in need of Korean version of the 4.12root, please do me a favor.
all right,last time f160's rooting guide was found on cafe.naver.com,but i don't understand korean.
Can you post the link? Unlike F180, F160 has unlocked bootloader, so all you need is push binaries to obtain the root.
Tim4 said: Can you post the link? Unlike F180, F160 has unlocked bootloader, so all you need is push binaries to obtain the root. Click to expand... Click to collapse I don't know what is binary, can you help me to solve the root problem
Tim4 said: Can you post the link? Unlike F180, F160 has unlocked bootloader, so all you need is push binaries to obtain the root. Click to expand... Click to collapse Thanks for help. we are appreciated that if you can provide the rooting files
Tim4 said: Can you post the link? Unlike F180, F160 has unlocked bootloader, so all you need is push binaries to obtain the root. Click to expand... Click to collapse sorry,but you are wrong.f160's bl is locked.
My friend own F160 and he says its unlocked, not sure who is right, he says all you need is root and install custom recovery. Anyway, i found the F160 JB root on naver, and its not suitable for our device.
Tim4 said: My friend own F160 and he says its unlocked, not sure who is right, he says all you need is root and install custom recovery. Anyway, i found the F160 JB root on naver, and its not suitable for our device. Click to expand... Click to collapse i'm sure f160's bl is locked.and f160's tot(kdz unpack) file can be extracted.f160 root tool only can read .tot file.can't read .dz file. i wonder someone can change it?
Tim4 said: My friend own F160 and he says its unlocked, not sure who is right, he says all you need is root and install custom recovery. Anyway, i found the F160 JB root on naver, and its not suitable for our device. Click to expand... Click to collapse hello,can you read this article?it mentioned how to unpack the .dz file.if the .dz file can be extracted,i think the rest is easy. "처음 사이트를 열었던 의도와는 사뭇 다르게 부트로더라던가 부트로더 언락쪽에 관심을 가지게 되다보니 이제는 별것도 다 하게되네요. 옵2x 부트로더 락을 깬 내용을 xda에 올렸더니 부트로더 락이 걸린 옵티머스 4x에 대해서 부트로더락을 봐달라는 연락을 받았습니다. 옵티머스4x는 테그라3 AP를 사용하는데 옵2x와는 다르게 nvflash마져 SBK 락이 걸려있습니다. 옵2x는 nvflash의 SBK락이 걸려있지 않기때문에 부트로더 변조가 가능한 케이스지만 옵티머스 4x는 nvflash 자체를 아예 사용하지 못하도록 SBK락이 걸려있으므로 부트로더 락을 깨는게 초장부터 호락호락하지 않지요. 그러면 테그라3에 대한 락을 깨는것이 불가능하냐 하면 그렇지 않은 모양입니다. nvflash의 헛점을 이용해서 최근에 락을 깬 사례가 존재합니다 http://androidroot.mobi/2012/05/27/introducing-wheelie-nvflash-for-asus-transformer-tf101-b70/ ASUS Transformer TF101 B70 nvflash 락 깨기 nvflash에 보안구멍이 있던게 아니네요. 트랜스포머의 경우에 SBK가 유출되었고, 이를 통해서 nvflash를 사용가능하게 된 것입니다. 다만 최신의 nvflash의 경우 프로토콜이 바뀌어 이 부분을 파혜쳐서 결국 nvflash를 쓸 수 있게 되었다는 것입니다. 아무튼 옵티머스 4x 기기도 없지만 궁금해서 ^^;; 한번 살펴보았습니다. 우선 kdz파일을 찾아보았고 손쉽게 구할 수 있었습니다. http://csmg.lgmobile.com:9002/swdata/WEBSW/LGP880/ANEUBK/V10A_00/V10A_00.kdz 그런데 이 kdz 파일을 LGExtract로 풀어보면 *.dz 확장자를 가진 파일만 덜렁 나옵니다. 어라? 이것은 안드로원때 kdz파일 압축을 풀면 나오던 그 파일 형식인 것으로 생각되었습니다. dzextract라는 알려진 툴이 있기때문에 그것으로 풀어보려 했지만 실패. 파일 형식이 조금 다른 형태이더군요. 그러나 dz 파일 형식이라는 점이 바로 힌트가 됩니다. 변형된 dz파일일 것으로 생각되어서 dz 파일의 형식에 관한 문서를 검색해봤습니다. 얼핏 dz 파일은 zlib 혹은 gzip으로 압축된 형식이라는 사실을 알고있었기 때문이죠. 검색해보니 다음과 같은 링크가 나옵니다 http://www.frenchcoder.com/dzextract-lg-dz-file-format-and-extract-tool-lg-ks20/ 구 dz 파일은 제 기억대로 gzip 형식으로 압축이 되어 있는 형태입니다. 이 형식과 거의 다르지 않을 것이라는 가정에서 dz 파일을 xxd / hexdump로 살펴보았습니다. (사실은 문서 찾아보지 않고 먼저 xxd로 덤프했었습니다 gzip 혹은 zlib인 것을 확인하기 위해 문서를 검색했습니다) 0000200: 3012 9578 4346 4700 0000 0000 0000 0000 0..xCFG......... 0000210: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000220: 0000 0000 666c 6173 682e 6366 6700 0000 ....flash.cfg... 0000230: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000240: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000250: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000260: 0000 0000 8211 0000 f002 0000 7f00 c935 ...............5 0000270: ae4b 5a54 8a31 cffc 8148 2ef9 0000 0000 .KZT.1...H...... 0000280: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000290: 0000 0000 0000 0000 0000 0000 0000 0000 ................ ... (생략) 0000400: 7801 d597 db6b db30 14c6 dff5 5718 f4bc x....k.0....W... 0000410: 20c9 3765 1058 2e6d 1f96 b661 69c7 a014 .7e.X.m...ai... 0000420: e338 6ad0 ea4b 66bb a5d9 5fbf 23d9 d4da .8j..Kf..._.#... 0000430: 6cc6 7271 6079 b3f9 1ce9 e7ef e8f8 3b0f l.rq`y........;. 0000440: 6bf1 2a23 f188 cadd 568c 8a75 9244 48a6 k.*#....V..u.DH. 0000450: 4519 a691 18d9 083d 6cc3 bc94 a5cc d247 E......=l......G 0000460: 9486 8918 4da6 7748 ae47 ac7a 6095 6565 ....M.wH.G.z`.ee 0000470: 1065 e993 dc04 65b8 8a05 0ae3 388b 42f5 .e....e.....8.B. 0000480: 40b0 cd62 19ed 4685 f8f1 22d2 5286 317a @..b..F...".R.1z 0000490: 92b1 2876 4529 9240 afb7 0a0b 19a1 42fe ..(vE)[email protected] 위와 같이 그럴듯한 파일 이름이 보입니다. flash.cfg가 파일 이름인 것이고, 0x400 주소부터 아마도 gzip 데이터일 것으로 추측되었습니다. 그래서 이 부분을 잘라서 압축을 풀려고 시도하였습니다. 7801로 시작하는 부분은 바로 zlib 레벨 1로 압축되어있는 것입니다. 여기에 gzip의 헤더가 빠져있는 것으로 보이므로 다음과 같이 gzip 헤더를 붙이고 압축을 기본 유닉스 유틸로 풀 수 있습니다. printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" |cat - flash.cfg.raw |gzip -dc >flash.cfg 빙고!! 압축이 풀려버립니다. 그리고 flash.cfg는 예상대로 정상적으로 압축이 풀린 다음과 같은 내용이 들어있습니다. [device] type=sdmmc instance=3 [partition] name=BCT id=2 type=boot_config_table allocation_policy=sequential filesystem_type=basic size=3145728 file_system_attribute=0 partition_attribute=0 allocation_attribute=8 percent_reserved=0 ... (생략) flash.cfg의 md5sum은 다음과 같습니다. 7f00c935ae4b5a548a31cffc81482ef9 flash.cfg 위의 dz 서브파일 헤더 부분의 파란색 값과 완전히 일치합니다. 녹색은 파일의 크기이며, 노랑색은 압축된 파일의 크기이고, 이 값도 모두 일치합니다. bct 및 bootloader.bin도 차례대로 압축을 풀어보았습니다. 확인할 길은 없지만 모두 정상적으로 압축이 풀렸을 것으로 생각됩니다. http://forum.xda-developers.com/showthread.php?t=1960422 xda에는 자세한 내용은 생략하고 포스팅했습니다~ 첨부파일 dzextract.exe는 binoffset.c파일의 소스를 변형하여서 만든 dz extractor입니다. 사용법은 dzectract.exe my.dz LNX > boot.gz # 파티션 이름을 지정하면 해당 파티션을 추출합니다. zcat boot.gz > boot.img # 압축은 zcat으로 풀 수 있습니다. 그냥 압축을 풀면 오류가 나니 주의하시길. [출처] 옵티머스 4x kdz 파일 분석 (dz 압축풀기 실행파일 추가) (Android Hackers) |작성자 영구땡칠"
Ok ill translate it, but im in middle of the Code Geass (Im really slow, i know) so you need to wait i end the last season.
I very much hope that there will be root on 4.1.2. (for f180l)
Tim4 said: Ok ill translate it, but im in middle of the Code Geass (Im really slow, i know) so you need to wait i end the last season. Click to expand... Click to collapse thank you.
Ok, im taking a little rest from anime, so checked the link. He says KDZ of Optimus 4X contains .dz file, and if you try to extract it with DZextract, it will fail. But, the structure still pretty same with old .dz files, so he just did few changes and its worked. Hah, and most interesting thing, he already posted it on xda: http://forum.xda-developers.com/showthread.php?t=1960422
Tim4 said: Ok, im taking a little rest from anime, so checked the link. He says KDZ of Optimus 4X contains .dz file, and if you try to extract it with DZextract, it will fail. But, the structure still pretty same with old .dz files, so he just did few changes and its worked. Hah, and most interesting thing, he already posted it on xda: http://forum.xda-developers.com/showthread.php?t=1960422 Click to expand... Click to collapse interesting.thanks for your translation,so,we can extract the .dz file?
Question about the boot security of this device
Things have become more and more unclear for me regarding the nature of the boot process of many smartphones. Sometimes people misinterpret what I'm asking. Sometimes people only have vague knowledge of a particular smartphone's hardware-based restrictions or if it has any to begin with. In light of this, I will try to phrase this post as clearly as I can. I remember reading that the bootloader from the Nexus 4 was able to work on the LG Optimus G, allowing arbitrary kernels to be loaded. I cannot remember if it was in an article by someone reporting on the hack or in a post by the developer of the hack. It was never specified if it was the first-stage bootloader. Assuming that it was the first-stage bootloader, then this would lead me to believe that the boot ROM, the immutable mask ROM that is part of most processors used in smartphones, on the LG Optimus G will load arbitrary (i.e., unsigned or signed with different private key) code. In other words, it leads me to believe that I can modify the LG Optimus G's official bootloader and it would not be rejected (at least by the processor). Is this the case with the LG G4? Is the first-stage bootloader verified by the phone's processor on startup? Does anyone know the configuration of the fuses on the processor that it uses (assuming it has any)?
Anyone?
I thing same you If we are may be flash bootloader H815 or G4 tmobile , my devices will unlock bootloader easy
Anyone at all?
Hello Master Melab. I myself have almost zero Android dev knowledge but digging through this stuff as well. I learned some from http://newandroidbook.com/Articles/aboot.html The boot process is like this: -> BootROM+SBL+radios->android bootloader -> kernel image + zRam (something like initramfs) -> init (services, shell, that zygote crap, dalvik/art vm, etc) Reason I am trying to pick it up is learn more in the hopes that someway we can unlock the bootloader of the LG G4 whatever version. Am running on an LG G4 H815 TWN (Taiwan carrier-free) and LG does not want to generate unlock.bin for me. I found the root method via patching and flashing back modified bootimage, dumped in busybox started. You are into crypto from your sig? Below is the dump (hex) from the aboot of my H815 TWN - v10e Lollipop. I just see random hex that is so making me rage... yep numbers make me angry See if you can find any patterns/logic to this madness - so much fluff(guessing part of it is the signed stuff) in the beginning and right at the end, the ARM eaXXX instructions start (real beginning of the boot binary). [email protected]:/mnt/shell/emulated/0 # dd if=/dev/block/platform/f9824900.sdhci/by-name/aboot of=./aboot.img < 4096+0 records in 4096+0 records out 2097152 bytes transferred in 0.110 secs (19065018 bytes/sec) Click to expand... Click to collapse [email protected]:/mnt/shell/emulated/0 # od -A d -t x4 aboot.img |head -n 260 < 0000000 464c457f 00010101 00000000 00000000 0000016 00280002 00000001 0f900000 00000034 0000032 00000000 05000002 00200034 00280004 0000048 00000000 00000000 00000000 00000000 0000064 00000000 000000b4 00000000 07000000 0000080 00000000 00000000 00001000 0f976000 0000096 0f976000 000019a8 00002000 02200000 0000112 00001000 70000001 0007d808 0f975808 0000128 0f975808 00000020 00000020 00000004 0000144 00000004 00000001 00008000 0f900000 0000160 0f900000 00088de4 0009b488 00000007 0000176 00008000 00000000 00000000 00000000 0000192 00000000 00000000 00000000 00000000 * 0004096 00000000 00000003 00000000 0f976028 0004112 00001980 00000080 0f9760a8 00000100 0004128 0f9761a8 00001800 4dce3793 7d266b40 0004144 779a699b 8408c755 a7477930 07c072f1 0004160 ebc41fe2 9b9ecd06 00000000 00000000 0004176 00000000 00000000 00000000 00000000 0004192 00000000 00000000 26539b59 96228a1c 0004208 da200345 56d38638 3f7dd8fa 185f3113 0004224 d47b92fe ba05c846 ac538614 a03aaad3 0004240 e30c7d84 2203ad28 c7eea155 e3c724e4 0004256 619b56c6 45f8c1d9 a35ca403 03030704 0004272 1fc48d64 63d1aed7 f7a34348 77a65a8d 0004288 dabf1ea9 30501706 4e7d9ec0 dc8c205b 0004304 5e4b1fff ebb9ceff ff3664a5 b7cc3348 0004320 bb2ff543 6946392b b3bf5170 627fe97e 0004336 90fdb1f0 f6e029c3 3d588648 da6e01f8 0004352 d4b58268 4c12b41f 69a1b72b eaead5b2 0004368 f8aef7a1 4213aa6f ac0e89af 39ff4939 0004384 504df1e5 6cdf6e8f a3238cb5 27508741 0004400 cb6a46ce 863f72c6 dbab25c8 caeca06f 0004416 0a722955 b389ba04 20065795 30bbaf1b 0004432 d9a41c68 613e6846 d145c6e3 5818663b 0004448 86b855ef 005d289f e459cb53 3b6bca4a 0004464 8eea151e 73c3a904 33d1c525 406304b4 0004480 4e999179 8ee19a57 d25f5c68 55705e28 0004496 637f41b6 bab91985 c0215212 d9648784 0004512 51048ec6 62c361e9 12058230 fa038230 0004528 010203a0 0d030202 0d302f95 862a0906 0004544 0df78648 050b0101 81813000 19301b31 0004560 04550306 4c121303 61204547 73657474 0004576 69746174 43206e6f 30233141 55030621 0004592 1a130b04 656e6547 206c6172 2045474c 0004608 65747461 74617473 206e6f69 0c314143 0004624 03060a30 130a0455 45474c03 10301231 0004640 04550306 47091307 434d5545 4e4f4548 0004656 0c300e31 04550306 53051308 4c554f45 0004672 09300b31 04550306 4b021306 171e3052 0004688 3135310d 30373131 34343232 0d175a32 0004704 31313533 32303331 32343432 0182305a 0004720 30163150 55030614 0d130304 6f61687a 0004736 676e6566 6e61792e 30203167 5503061e 0004752 17130b04 656e6547 206c6172 2045474c 0004768 65747461 74617473 316e6f69 060a300c 0004784 0a045503 474c0313 30123145 55030610 0004800 09130704 4d554547 4f454843 300e314e 0004816 5503060c 05130804 554f4553 300b314c 0004832 55030609 02130604 1731524b 03061530 0004848 130b0455 2037300e 31303030 41485320 0004864 31363532 06173019 0b045503 3630100c 0004880 30303020 4f4d2030 5f4c4544 1c314449 0004896 03061a30 0c0b0455 20353013 30303030 0004912 38613030 5f575320 455a4953 15301731 0004928 04550306 300e0c0b 30302034 4f203133 0004944 495f4d45 30223144 55030620 19130b04 0004960 30203330 30303030 30303030 30303030 0004976 20323030 55424544 30223147 55030620 0004992 190c0b04 30203230 39363930 30314530 0005008 30313330 20303030 495f5748 30223144 0005024 55030620 190c0b04 30203130 30303030 0005040 30303030 30303030 20393030 495f5753 0005056 01823044 060d3022 48862a09 010df786 0005072 00050101 0f018203 01823000 0182020a 0005088 558b0001 c1184fa0 30084f74 d5170a05 0005104 f8f21578 85020ac7 8af5b59e 1651faa1 0005120 48ff1748 1eed55ba c575a0b4 3c3bb75c 0005136 6eddee82 b262b501 30925fc9 0cb77313 0005152 ec539932 cf2b71be a1399ac6 b6caa2ab 0005168 40d27314 98d03cf5 7826f5e6 99433bd1 0005184 97cfeb2b 5fe4f6ae 9c451d52 d80d2784 0005200 fa01108e cab53257 22b71266 e1411ce4 0005216 5ce1e123 c74de085 6d35d211 294229e3 0005232 256e3d8e 79ac9c96 d605aa75 90ef863e 0005248 0ec6dca2 fd13780e 15ce6859 329779a2 0005264 d381577d 2aa0bd4f 081eeb14 5ef564f9 0005280 4df2d097 11c9fa31 bb6b9106 f41200fc 0005296 3dc0ec81 820cc0f5 1c327c89 9a82592f 0005312 da220951 0668fbdd 7e4f0b36 2c866b7c 0005328 7ff4e576 bf0d8849 66aa6e81 7cea79b8 0005344 0302e91b a3010001 8130c081 9c8130bd 0005360 1d550306 94810423 80918130 f2b79f14 0005376 89e9d921 58da1681 169dec47 aac73b73 0005392 a476a1b1 31723074 06123014 03045503 0005408 474c0b13 4f522045 4320544f 301b3141 0005424 55030619 12130b04 656e6547 206c6172 0005440 2045474c 746f6f72 0c316163 03060a30 0005456 130a0455 45474c03 10301231 04550306 0005472 47091307 434d5545 4e4f4548 0c300e31 0005488 04550306 53051308 4c554f45 09300b31 0005504 04550306 4b021306 05018252 03060c30 0005520 01131d55 0204ff01 0e300030 1d550306 0005536 ff01010f 02030404 0d30f004 862a0906 0005552 0df78648 050b0101 01820300 f3340001 0005568 60064bb4 1c6f6f85 a7348105 f155462d 0005584 0ba8a8be e0b64772 bcf8c135 a6f147e8 0005600 79b22b66 2a9ade5a b1ae9aff b6fc0b9b 0005616 2f843340 decfa200 b3e0313e 2cec5820 0005632 7b1c3dfa f2102bfb b00499a4 4bfd8c07 0005648 11844799 7f9a16fc 3b4bbaed 76fd2436 0005664 df2a0168 adfb34c2 a8824431 dadabbbb 0005680 52025923 2fa251bd 2d44a13b 996a3824 0005696 81ba7f76 808c8a8a eb0dd21a 110c49e4 0005712 dcade241 db412d59 541bc959 0227ce08 0005728 81dbed2e ba88015b c5cb5195 1e802308 0005744 5fb54a4f d36a2bfa 1c4f88da d86cf99f 0005760 154f7a65 3db33d80 6bd19fde 04806598 0005776 af1cd4b7 25873324 809a4abf b45c7306 0005792 dd1ad455 59625cf6 53434f4c 7e990137 0005808 2bdd1d16 83629435 9dd634aa 82304cc3 0005824 82305304 03a03b03 02020102 0d300501 0005840 862a0906 0df78648 050b0101 31723000 0005856 06123014 03045503 474c0b13 4f522045 0005872 4320544f 301b3141 55030619 12130b04 0005888 656e6547 206c6172 2045474c 746f6f72 0005904 0c316163 03060a30 130a0455 45474c03 0005920 10301231 04550306 47091307 434d5545 0005936 4e4f4548 0c300e31 04550306 53051308 0005952 4c554f45 09300b31 04550306 4b021306 0005968 171e3052 3034310d 30303339 34363230 0005984 0d175a30 39303433 30303532 30343632 0006000 8181305a 19301b31 04550306 4c121303 0006016 61204547 73657474 69746174 43206e6f 0006032 30233141 55030621 1a130b04 656e6547 0006048 206c6172 2045474c 65747461 74617473 0006064 206e6f69 0c314143 03060a30 130a0455 0006080 45474c03 10301231 04550306 47091307 0006096 434d5545 4e4f4548 0c300e31 04550306 0006112 53051308 4c554f45 09300b31 04550306 0006128 4b021306 01823052 060d3020 48862a09 0006144 010df786 00050101 0d018203 01823000 0006160 01820208 b5bc0001 74fc08d7 f29875a8 0006176 68944d14 8ee10453 48b29679 d715b100 0006192 7f51d49e 46bd5da2 be1faa16 b28677fb 0006208 d179bd23 67f1d599 fdef4a5a e18dd04c 0006224 483ef50b 25bb4f5d 052b8d88 65f4adcf 0006240 5e8f7535 4cda563c 648db91c b2eb9704 0006256 a3dd3121 c11f5771 2d5be4bf 3fa08747 0006272 5194b92e c4ffb4e1 5b747270 a5c87aff 0006288 941b985d f4c9a03d 9398c233 f8654a14 0006304 c5109d2a 493c1b7a ba202f25 bba102c1 0006320 d3d32105 c02d0b9b 337789dd 83e44f35 0006336 9e47120a 91d13f9c 0c25fb88 cb8d5fef 0006352 596b4681 d32da104 05832736 60f42f7a 0006368 4dbc2836 658cb765 8c151dce 275c51af 0006384 9a4c505e 71d1ed9c c11a89eb 75e4d97d 0006400 639b4b6f 5d327d2d de2e53b1 f12a014a 0006416 b4d5eed7 01026714 e581a303 30e28130 0006432 03069c81 04231d55 81309481 8e148091 0006448 073d1095 26fe008b e58a027f b40c77b8 0006464 a13ad8f3 3074a476 30143172 55030612 0006480 0b130304 2045474c 544f4f52 31414320 0006496 0619301b 0b045503 65471213 6172656e 0006512 474c206c 6f722045 6163746f 0a300c31 0006528 04550306 4c03130a 12314547 03061030 0006544 13070455 55454709 4548434d 0e314e4f 0006560 03060c30 13080455 4f455305 0b314c55 0006576 03060930 13060455 82524b02 1d300101 0006592 1d550306 0416040e f2b79f14 89e9d921 0006608 58da1681 169dec47 aac73b73 061230b1 0006624 131d5503 04ff0101 01063008 0102ff01 0006640 060e3000 0f1d5503 04ff0101 01020304 0006656 060d3006 48862a09 010df786 00050b01 0006672 01018203 40be6f00 de48db62 a3df9124 0006688 89482f95 02ccd954 efbb9ae4 93ec32c7 0006704 82a24da2 8aef539f f608d9af 190482d4 0006720 e3ff7116 b6d76d4c 2cdedf8e 283c021f 0006736 5101fbbe 0ed0fa5c 62c4d961 917b3b36 0006752 85c94bb3 787333bc 33404b52 7254d4de 0006768 82f3b85c 6fbdb650 fbbe5fde 17e6dcb8 0006784 1ea87112 6bbb8a76 17a8ed71 61d282e4 0006800 cc15cbe9 4068898f 5c9f06b1 54087ba0 0006816 c00d4831 dcaa301d 6ae47eba c461ae74 0006832 94611f1c dc04b3e8 20244494 215f6ae5 0006848 4136c8e2 0f68bf98 d3159751 cf2b3221 0006864 3429f70e 3a9dc421 f05f3a0e 732b386c 0006880 6bfbb8bf 99960e63 94f92a7b d3779c9f 0006896 24eb3497 2d5d3650 a54e06b2 e1c6a02b 0006912 a6843448 7eeff94f 85f77cbf 4be4eec7 0006928 57be20f1 03823083 0282309f 0203a087 0006944 01020201 060d3001 48862a09 010df786 0006960 00050b01 14317230 03061230 13030455 0006976 45474c0b 4f4f5220 41432054 19301b31 0006992 04550306 4712130b 72656e65 4c206c61 0007008 72204547 63746f6f 300c3161 5503060a 0007024 03130a04 3145474c 06103012 07045503 0007040 45470913 48434d55 314e4f45 060c300e 0007056 08045503 45530513 314c554f 0609300b 0007072 06045503 524b0213 0d171e30 39303431 0007088 30303033 30343632 330d175a 32393034 0007104 32303035 5a303436 14317230 03061230 0007120 13030455 45474c0b 4f4f5220 41432054 0007136 19301b31 04550306 4712130b 72656e65 0007152 4c206c61 72204547 63746f6f 300c3161 0007168 5503060a 03130a04 3145474c 06103012 0007184 07045503 45470913 48434d55 314e4f45 0007200 060c300e 08045503 45530513 314c554f 0007216 0609300b 06045503 524b0213 20018230 0007232 09060d30 8648862a 01010df7 03000501 0007248 000d0182 08018230 01018202 2605bb00 0007264 ee06e780 1e971259 8b4e1d5d 9038c5e4 0007280 0a659df6 64717568 a994bd1c e6a55f97 0007296 af195474 1257c9d1 b3e61d85 98ed97da 0007312 3ebe3ef6 014c0ef2 064731a7 97e4eff9 0007328 39a752eb 12308d75 0de2dca2 9b9bf248 0007344 498cd73e 975645d9 f7031836 8d6ea152 0007360 cb19ef5a e8e61a52 8286c83c 2c71aab1 0007376 f0cf1af6 51ef50bc 0e16d787 5b43df5f 0007392 5394eb0e 06ff63e6 5fc782f2 ea5fde02 0007408 ab908825 cb163af7 0e4a2c3f 7d783b67 0007424 cf710260 6e0d3593 70c80613 91dca12f 0007440 c0b54006 b21be68f 21732ee2 64bd5a2a 0007456 c31cdfe5 38ddd6d4 9d61b67b 5a36af47 0007472 59f7811e c77174f4 166a409a 0ae07886 0007488 9d63962b c74e4bdc 20a8e7ea 0fcfa949 0007504 aebd5a5a e5bea090 989c6d6b 03010221 0007520 403042a3 03061d30 040e1d55 8e140416 0007536 073d1095 26fe008b e58a027f b40c77b8 0007552 303ad8f3 5503060f 0101131d 300504ff 0007568 ff010103 03060e30 010f1d55 0404ff01 0007584 06010203 09060d30 8648862a 01010df7 0007600 0300050b 00010182 395b3a11 da9b813e 0007616 31a9dbcc dbc66acd 24a29f40 41f48985 0007632 d30142ab 2fff3448 08aed94e ef8cb36a 0007648 d138c6d6 2f02ba8a efd83412 58647be8 0007664 0007c5df bc121004 f04384fa 2cca9764 0007680 1b2af619 e70d9c38 bbdd76de b36c98dc 0007696 bb40525a 8684bdf7 9df44bb0 1bfc7020 0007712 129ac6a7 2b4256c0 9eaba15c e1539232 0007728 3ceea60b 900624d7 14858ccd eaf33c35 0007744 aa7a6e38 3b4bc7fb d45b8d31 b9d4bc13 0007760 0e682b52 4f41a202 88394c0c e2069441 0007776 94e8f75e 2b17870a 21f8994f b1d06147 0007792 a64bd28e 19d44612 3326915c 235aec64 0007808 fdd4733b 7eb2b20b 1b711d41 44b6c621 0007824 5c7bf273 c84fb52a 6eee87d8 f61f4430 0007840 b55a8208 815bbec1 59b7c0fa d2d28a60 0007856 5b405c82 0ff491f6 ffffffff ffffffff 0007872 ffffffff ffffffff ffffffff ffffffff * 0010656 ffffffff ffffffff 00000000 00000000 0010672 00000000 00000000 00000000 00000000 * 0032768 ea000006 ea00a463 ea00a469 ea00a46f 0032784 ea00a475 ea00a47b ea00a47b ea00a492 0032800 ee110f10 e3c00a0b e3c00005 e3c00002 0032816 e3800020 ee010f10 e1a0000f e2400040 0032832 e59f1020 e1500001 0a000009 e59f2018 Click to expand... Click to collapse
I wanna know if its possible to steal the lg signature and sign our own modified kernals and roms and recovery images. How does flashfire manage to flash exposed and. I have high expectations for flash fire in the development of g4. Like g3 used flasify
29y6145 said: I thing same you If we are may be flash bootloader H815 or G4 tmobile , my devices will unlock bootloader easy Click to expand... Click to collapse Really? This cannot be done on a PC?
Anyone? Bueller?
I dont know the exact order of boot. But i know the bootloader does have q fuses which are blown. And the bootloader partition is encrypted 256bit keys. Even if i could flash a 815 loader. lg the the key to unlock it no one else can unlock them
Unlocking bands for NA usage
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need: Enable Diagnostics Mode: *#*#717717#*#* Info Menu: *#*#4636#*#* From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States. For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values: Code: ID Desc Category Original Value Modified Value 01877 rf_bc_config CDMA 562950035735424 562950069289856 06828 lte_bc_config LTE 687195291871 1787696847071 65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF ID Desc Category Original Value U.S. Automatic Cleared 00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF 00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF 02954 band_pref_32_63 System 131072 0 252116992 4294967295 For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic). Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support. Code: rf_bc_config (64-bit): 562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X) 562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified) band_pref (64-bit): 131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode) 252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic) So, we're just looking at unlocking the following RF band for T-Mobile support: #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz) On LTE we're getting a bit more aggressive: Code: lte_bc_config (64-bit, of which 44 bits relevant): Bands Active: 687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original) 1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x) 1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel) 1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2) 1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified) 1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual) My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S. Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Hey, I tried following this. But I have a few questions. 1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling. 2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz). Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working? Thanks
kamiyaa said: Hey, I tried following this. But I have a few questions. 1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling. 2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz). Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working? Click to expand... Click to collapse Well, setting to Automatic shouldn't mask any bands enabled in rf_bc_config, at least not for any of the rf_bc_config settings that I examined. I don't have a T-Mobile SIM card, however, so I wasn't able to confirm that WCDMA Band IV was picked up when you set bit #25. If you set it to U.S. Mode, however, it will definitely get masked.
The one thing I would recommend, however, is to avoid using Preferred Roaming Lists (PRLs) in the Set Preferred Network Type setting. For example, my instinct was to use LTE/UMTS auto (PRL), which should prefer 4G connections and fall back to 3G when unavailable. However, I've had consistently better luck getting 4G connections when I use the default LTE/TD-SCDMA/UMTS setting. On the AT&T Wireless network we'll never use TD-SCDMA, but PRLs seem to be causing problems and there's no plain LTE/UMTS option. The PRL indicates which bands, sub bands, and service provider identifiers will be scanned and in what priority order, and I just don't believe these are configured correctly on this phone for North America.
Hello, Sorry to bother you, but may I ask a few stupid questions? I don't know much about how this works, but I've got a Mi A2 and I've seen you managed to unlock band 28 for LTE in the Lite version, and that is the only band I'm missing in my country. Is this that hard to do, and possible in the regular A2 version? I need to unlock bootloader and root for this, right? If it's not difficult, I would appreaciate some instructions if you don't mind Thanks!
Magendanz said: Enable Diagnostics Mode: *#*#717717#*#* Info Menu: *#*#4636#*#* From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States. Click to expand... Click to collapse Well i have tried switching here to test different ones and now it looks i cant access internet anymore :'( even if i have the 4G logo on my network, the traffic is like stopped, chrome or any app say i am not connected. If anyone have any idea to get it back? Thanks in advance ( i use french 4G network, Bouygues Telecom)
Antho02 said: If anyone have any idea to get it back? Click to expand... Click to collapse Original values are posted above, which you can write back pretty easily with QXDM. Also, if you made a QPST backup (which I recommend), you can restore from that.
I tried this, but it killed vodafone UK LTE, also, what subscription do you use for dual sim?, thats got to mess things up if you dont tick it on dual sim phones??, because i didnt choose dual sim it only edited sim1, so if you know the subscription method could you please post.
Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English!
marcos1979 said: Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English! Click to expand... Click to collapse enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10
boe323 said: enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10 Click to expand... Click to collapse Sorry to insist with these questions, it's my first time with Xiaomi. The steps I take are the following and I can not install the drivers (the devices do not appear in the Windows Device Manager) and I can not install QPST either: * Enable USB debugging * Activate USB Diag (*#*#717717#*#*) * Connect the phone Only "Android Composite ADB Interface" is observed in the Device Manager. The installation of QPST is canceled before completion. Is it necessary to enable root? Is it necessary to unlock the bootloader? Sorry, as I said it's my first time with Xiaomi, I come from Motorola. I need to enable band 28 to have better coverage here in Argentina because in my area it is very bad without that band. Additional data: Xiaomi Mi A2 Lite (M1805D1SG) Build number: PKQ1.180917.001.V10.0.4.0.PDLMIXM Windows 10 Pro x64 (1809) Thanks and, again, sorry for my English (Google translator)
OK, I was able to make everything work !!! I used "TOOL_ALL_IN_ONE_1.1.1.2" to install the ADB drivers and from there the other drivers were installed. Also, I used "QPST 2.7 Build 474" and "QXDM 0.3.12.714" A new question: I need to only enable band 28 for LTE (the others are compatible with those used in my country), is it OK to only modify line 6828 (LTE_BC_CONFIG) to the value "687329509599"? Am I doing things right? The tests I will do tomorrow in an area where there is bad coverage of band 4 and good band coverage 28. Thank you!!!
im not sure, make a note of original values and do your own testing, post back with your findings.
boe323 said: im not sure, make a note of original values and do your own testing, post back with your findings. Click to expand... Click to collapse Edited: I confirm that the band 28 is not enabled since it does not connect in the area of low coverage in band 4. I suspect that is because I could not modify the line 65633 (lte_band_pref) for the error nv status error received: command unrecognized. please, I need help to modify that! Thank you! thanks for your help. the only thing I could not do is edit line 65633 lte_band_pref, it gives me read error (nv status error received: command unrecognized). what am I doing wrong? Do I need to enable root? Do I need to unlock the bootloader? Thanks!
Magendanz said: As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need: Enable Diagnostics Mode: *#*#717717#*#* Info Menu: *#*#4636#*#* From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States. For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values: Code: ID Desc Category Original Value Modified Value 01877 rf_bc_config CDMA 562950035735424 562950069289856 06828 lte_bc_config LTE 687195291871 1787696847071 65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF ID Desc Category Original Value U.S. Automatic Cleared 00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF 00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF 02954 band_pref_32_63 System 131072 0 252116992 4294967295 For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic). Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support. Code: rf_bc_config (64-bit): 562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X) 562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified) band_pref (64-bit): 131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode) 252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic) So, we're just looking at unlocking the following RF band for T-Mobile support: #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz) On LTE we're getting a bit more aggressive: Code: lte_bc_config (64-bit, of which 44 bits relevant): Bands Active: 687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original) 1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x) 1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel) 1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2) 1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified) 1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual) My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S. Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone? Click to expand... Click to collapse Hello, sorry for insisting. I was able to edit the item 06828 lte_bc_config and put it in 687329509599 (1010000000001000000010000000000011011111) (Bands 1-5, 7-8, 20, 28, 38, 40) but I still do not have coverage in band 28 although other phones do have in the Same location and with the same provider. After enabling root and touching several things (Install Network Signal Guru -> Clear Forcings and I do not know if I have played anything else), I can read line 65633 lte_band_pref and it appears in 0x0000FFFFFFDF3FFF (111111111111111111111111110111110011111111111111) (Bands 1-14, 17-21 , 23-48) (?) So I assume that band 28 would be enabled. In Network Signal Guru I can see that band 28 is enabled but I still can not connect to it. Is there something I'm missing? Could it be a SIM problem? (I use a SIM that was cut to nanoSIM) Could someone unblock band 28 and connect to it? Any help will be welcome! Thank you! PS: I was not sure whether to edit the previous post or create a new one. If I am doing wrong, please delete the previous one. (Using Google Translator)
I'm having the same problem trying to get LTE Band 17 enabled for AT&T Wireless. I can read both lte_bc_config and lte_band_pref in QXDM to confirm that it *should* be enabled, but it's not picking up the nearby towers. That has me suspecting that this is due to lack of support in the power amplifier. When I look in Network Signal Guru it's not even listing Band 17, however, so there may be something else that we're missing. I did just pick up another Mi A2 Lite, and so I've got test hardware (that isn't my primary phone) to investigate further.
Magendanz said: As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need: Enable Diagnostics Mode: *#*#717717#*#* Info Menu: *#*#4636#*#* From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States. For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values: For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic). Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support. So, we're just looking at unlocking the following RF band for T-Mobile support: #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz) On LTE we're getting a bit more aggressive: My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S. Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone? Click to expand... Click to collapse How did you enable band 28 ? Can you recommend any article on that kindly
Samuelah said: How did you enable band 28 ? Can you recommend any article on that kindly Click to expand... Click to collapse I followed the steps in my OP exactly (and there are links there to my sources), but was unable to test band 28 & 41 because my service provider doesn't use them. I just know that they now show as enabled in Network Signal Guru.
B28 unlocked Its worked for me I have tested 700 mhz ( B28 ) is unlocked
add carrier aggregation lte-a 4g+ If you want lte-a in mi a2 lite for frequency added (support 2*2 carrier aggregation only ( 2*frequency )) so Its Enable LTE Advanced I have found guide for mi a1 but its work for this devices too here :https://forum.xda-developers.com/mi-a1/how-to/guide-enable-4g-lte-carrier-aggregation-t3894282 good modding :good: Magendanz said: As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need: Enable Diagnostics Mode: *#*#717717#*#* Info Menu: *#*#4636#*#* From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States. For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values: Code: ID Desc Category Original Value Modified Value 01877 rf_bc_config CDMA 562950035735424 562950069289856 06828 lte_bc_config LTE 687195291871 1787696847071 65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF ID Desc Category Original Value U.S. Automatic Cleared 00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF 00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF 02954 band_pref_32_63 System 131072 0 252116992 4294967295 For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic). Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support. Code: rf_bc_config (64-bit): 562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X) 562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified) band_pref (64-bit): 131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original) 0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode) 252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic) So, we're just looking at unlocking the following RF band for T-Mobile support: #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz) On LTE we're getting a bit more aggressive: Code: lte_bc_config (64-bit, of which 44 bits relevant): Bands Active: 687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original) 1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x) 1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel) 1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2) 1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified) 1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual) My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S. Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone? Click to expand... Click to collapse