As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Hey, I tried following this. But I have a few questions.
1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling.
2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz).
Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working?
Thanks
kamiyaa said:
Hey, I tried following this. But I have a few questions.
1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling.
2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz).
Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working?
Click to expand...
Click to collapse
Well, setting to Automatic shouldn't mask any bands enabled in rf_bc_config, at least not for any of the rf_bc_config settings that I examined. I don't have a T-Mobile SIM card, however, so I wasn't able to confirm that WCDMA Band IV was picked up when you set bit #25. If you set it to U.S. Mode, however, it will definitely get masked.
The one thing I would recommend, however, is to avoid using Preferred Roaming Lists (PRLs) in the Set Preferred Network Type setting.
For example, my instinct was to use LTE/UMTS auto (PRL), which should prefer 4G connections and fall back to 3G when unavailable. However, I've had consistently better luck getting 4G connections when I use the default LTE/TD-SCDMA/UMTS setting. On the AT&T Wireless network we'll never use TD-SCDMA, but PRLs seem to be causing problems and there's no plain LTE/UMTS option. The PRL indicates which bands, sub bands, and service provider identifiers will be scanned and in what priority order, and I just don't believe these are configured correctly on this phone for North America.
Hello,
Sorry to bother you, but may I ask a few stupid questions?
I don't know much about how this works, but I've got a Mi A2 and I've seen you managed to unlock band 28 for LTE in the Lite version, and that is the only band I'm missing in my country. Is this that hard to do, and possible in the regular A2 version? I need to unlock bootloader and root for this, right? If it's not difficult, I would appreaciate some instructions if you don't mind
Thanks!
Magendanz said:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
Click to expand...
Click to collapse
Well i have tried switching here to test different ones and now it looks i cant access internet anymore :'(
even if i have the 4G logo on my network, the traffic is like stopped, chrome or any app say i am not connected.
If anyone have any idea to get it back? Thanks in advance ( i use french 4G network, Bouygues Telecom)
Antho02 said:
If anyone have any idea to get it back?
Click to expand...
Click to collapse
Original values are posted above, which you can write back pretty easily with QXDM. Also, if you made a QPST backup (which I recommend), you can restore from that.
I tried this, but it killed vodafone UK LTE, also, what subscription do you use for dual sim?, thats got to mess things up if you dont tick it on dual sim phones??, because i didnt choose dual sim it only edited sim1, so if you know the subscription method could you please post.
Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English!
marcos1979 said:
Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English!
Click to expand...
Click to collapse
enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10
boe323 said:
enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10
Click to expand...
Click to collapse
Sorry to insist with these questions, it's my first time with Xiaomi. The steps I take are the following and I can not install the drivers (the devices do not appear in the Windows Device Manager) and I can not install QPST either:
* Enable USB debugging
* Activate USB Diag (*#*#717717#*#*)
* Connect the phone
Only "Android Composite ADB Interface" is observed in the Device Manager.
The installation of QPST is canceled before completion.
Is it necessary to enable root?
Is it necessary to unlock the bootloader?
Sorry, as I said it's my first time with Xiaomi, I come from Motorola. I need to enable band 28 to have better coverage here in Argentina because in my area it is very bad without that band.
Additional data:
Xiaomi Mi A2 Lite (M1805D1SG)
Build number: PKQ1.180917.001.V10.0.4.0.PDLMIXM
Windows 10 Pro x64 (1809)
Thanks and, again, sorry for my English (Google translator)
OK, I was able to make everything work !!!
I used "TOOL_ALL_IN_ONE_1.1.1.2" to install the ADB drivers and from there the other drivers were installed. Also, I used "QPST 2.7 Build 474" and "QXDM 0.3.12.714"
A new question: I need to only enable band 28 for LTE (the others are compatible with those used in my country), is it OK to only modify line 6828 (LTE_BC_CONFIG) to the value "687329509599"? Am I doing things right?
The tests I will do tomorrow in an area where there is bad coverage of band 4 and good band coverage 28.
Thank you!!!
im not sure, make a note of original values and do your own testing, post back with your findings.
boe323 said:
im not sure, make a note of original values and do your own testing, post back with your findings.
Click to expand...
Click to collapse
Edited:
I confirm that the band 28 is not enabled since it does not connect in the area of low coverage in band 4. I suspect that is because I could not modify the line 65633 (lte_band_pref) for the error nv status error received: command unrecognized.
please, I need help to modify that! Thank you!
thanks for your help.
the only thing I could not do is edit line 65633 lte_band_pref, it gives me read error (nv status error received: command unrecognized). what am I doing wrong?
Do I need to enable root? Do I need to unlock the bootloader?
Thanks!
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse
Hello, sorry for insisting. I was able to edit the item 06828 lte_bc_config and put it in 687329509599 (1010000000001000000010000000000011011111) (Bands 1-5, 7-8, 20, 28, 38, 40) but I still do not have coverage in band 28 although other phones do have in the Same location and with the same provider.
After enabling root and touching several things (Install Network Signal Guru -> Clear Forcings and I do not know if I have played anything else), I can read line 65633 lte_band_pref and it appears in 0x0000FFFFFFDF3FFF (111111111111111111111111110111110011111111111111) (Bands 1-14, 17-21 , 23-48) (?) So I assume that band 28 would be enabled. In Network Signal Guru I can see that band 28 is enabled but I still can not connect to it. Is there something I'm missing? Could it be a SIM problem? (I use a SIM that was cut to nanoSIM) Could someone unblock band 28 and connect to it?
Any help will be welcome!
Thank you!
PS: I was not sure whether to edit the previous post or create a new one. If I am doing wrong, please delete the previous one.
(Using Google Translator)
I'm having the same problem trying to get LTE Band 17 enabled for AT&T Wireless. I can read both lte_bc_config and lte_band_pref in QXDM to confirm that it *should* be enabled, but it's not picking up the nearby towers. That has me suspecting that this is due to lack of support in the power amplifier. When I look in Network Signal Guru it's not even listing Band 17, however, so there may be something else that we're missing.
I did just pick up another Mi A2 Lite, and so I've got test hardware (that isn't my primary phone) to investigate further.
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse
How did you enable band 28 ? Can you recommend any article on that kindly
Samuelah said:
How did you enable band 28 ? Can you recommend any article on that kindly
Click to expand...
Click to collapse
I followed the steps in my OP exactly (and there are links there to my sources), but was unable to test band 28 & 41 because my service provider doesn't use them. I just know that they now show as enabled in Network Signal Guru.
B28 unlocked
Its worked for me I have tested 700 mhz ( B28 ) is unlocked
add carrier aggregation lte-a 4g+
If you want lte-a in mi a2 lite for frequency added (support 2*2 carrier aggregation only ( 2*frequency )) so Its Enable LTE Advanced I have found guide for mi a1 but its work for this devices too here :https://forum.xda-developers.com/mi-a1/how-to/guide-enable-4g-lte-carrier-aggregation-t3894282
good modding :good:
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse
Related
Hello there,
I recently bought a cheap SPV M2000 from a friend when he upgraded his phone, im on vodaphone (UK) and i used to have an XDA II which i unlocked using the unlock software from here. However on this phone when i put my sim in, it had no service, which i thought was fine... I then went to change the options to see if it was already unlocked and it kept saying "The phone is unavailable, please try again in 15 seconds" or something along those lines.
I then thought maybe i need to unlock it, so i downloaded the software and tried to unlock it and got the following error message:
xdadev_all_unlock started
device=PH20B
key found
ril ioctl 0xc2: 00000000
simlock answer: %SIMLOCK= 04
0
current lock status: 04
security answer:
000
security answer2:
at%LISTNETWORKCODE answer: 0
at%LISTNETSUBCODE answer: 0
at%LISTSPCODE answer: 0
at%LISTCORPORATECODE answer: 0
at%LISTSIMCODE answer: 0
at%LISTIMSIRANGECODE answer: 0
at%CLEARNETWORKCODE answer:
at%CLEARNETSUBCODE answer:
at%CLEARSPCODE answer: 0
0
at%CLEARCORPORATECODE answer:
at%CLEARSIMCODE answer:
at%CLEARIMSIRANGECODE answer:
removing lock 04
htclock answer:
simlock answer:
invalid sim lock answer
xdadev_all_unlock started
device=PH20B
key found
ril ioctl 0xc2: 00000000
simlock answer:
invalid sim lock answer
error getting current lock status
xdadev_all_unlock failed
ril ioctl 0xc2: 00000000
ril ioctl 0xc6: 00000000
xdadev_all_unlock done
ril ioctl 0xc2: 00000000
ril ioctl 0xc6: 00000000
Any help would be great!
Well sorry to waste anyones time, for some reason it still worked and now my phone works... just had to reset it...
Could you tell me how to do reset of this phone?
first of all, p527 is an omap 850 device of 200mhz
i downloaded android for omap 850 devices from http://sourceforge.net/projects/wing-linux/
i installed wing-linux-0.4pre4-rootfs.cab in storage card
next to have default.txt, i installed wing-linux-0.4pre4-elf.cab
then i ran haret-0.5.2.exe. after few sec, the screen turned on white nd the device was hang up. m really anxious to start it on my p527... but just dont know how!
i m posting all the txt files, generated or installed during the procedure...
default.txt
Code:
set MTYPE 2372
set KERNEL "zImage"
set INITRD "initramfs.cpio.gz"
set CMDLINE "debug quiet psplash=false loglevel=7 init=/sbin/init console=tty0 video=omapfb:accel gsm-wizard.noreset=1 gsm-wizard.noload=1 4"
log "earlylog.txt"
bootlinux
disdump.txt
Code:
HaRET(2)# pdump 0xfffec000 0x20
fffec000 | f8000089 010104ef 302eb93f fe700007 | ........?..0..p.
fffec010 | ffffffd2 5c000000 fffffc00 fffffc19 | .......\........
HaRET(3)# pdump 0xfffee300 255
fffee300 | 00000000 00000000 00000000 00000000 | ................
fffee310 | 00000000 00000000 00000000 00000000 | ................
fffee320 | 00000000 00000000 00000000 00000000 | ................
fffee330 | 00000000 00000000 00000000 00000000 | ................
fffee340 | 00000000 00000000 00000000 00000000 | ................
fffee350 | 00000000 00000000 00000000 00000000 | ................
fffee360 | 00000000 00000000 00000000 00000000 | ................
fffee370 | 00000000 00000000 00000000 00000000 | ................
fffee380 | 00000000 00000000 00000000 00000000 | ................
fffee390 | 00000000 00000000 00000000 00000000 | ................
fffee3a0 | 00000000 00000000 00000000 00000000 | ................
fffee3b0 | 00000000 00000000 00000000 00000000 | ................
fffee3c0 | 0000a941 00000041 00002000 00000000 | A...A.... ......
fffee3d0 | 00002100 00000000 00000000 00000001 | .!..............
fffee3e0 | 00000010 00000001 00000000 00000000 | ................
fffee3f0 | 00000000 00000000 00006350 00000000 | ........Pc......
Cannot open script file
\Storage Card\linux\default.txt
Cannot open script file
\Storage Card\linux\default.txt
HaRET(1)# set MTYPE 2372
HaRET(2)# set KERNEL "zImage"
HaRET(3)# set INITRD "initramfs.cpio.gz"
HaRET(4)# set CMDLINE "debug quiet psplash=false loglevel=7 init=/sbin/init console=tty0 video=omapfb:accel gsm-wizard.noreset=1 gsm-wizard.noload=1 4"
HaRET(5)# log "earlylog.txt"
startup.txt
Code:
log "dispdump.txt"
pdump 0xfffec000 0x20
pdump 0xfffee300 255
and earlylog.txt was like this..
Code:
= *= ž: ›: ™8 “8
i doubt over default.txt with mtype for not booting up nd m abt to try with other devices' default.txt
i know nothin abt porting or emulating android on winmo devices.. nd i hope to get response over here...
pls comment
Nice initative, keep up the good work
this thred might be helpful
http://forum.xda-developers.com/showthread.php?t=496692
Did you try haret, default.txt and everything android on the root of the storage card?
BenGman said:
Did you try haret, default.txt and everything android on the root of the storage card?
Click to expand...
Click to collapse
yes i tried. ofcourse on root of storage card. no good... it needs a kind of programming knowledge.
Hello people,
Are there any tools for viewing and editing the amss.bin?
HEX Editor...
IDA...
Brain.
Best Regards
adfree said:
HEX Editor...
IDA...
Brain.
Best Regards
Click to expand...
Click to collapse
with revskill i got this with amss.bin
#define UNLOADED_FILE 1
#include <idc.idc>
static main() {
MakeName(0x00079B70, "Memcmp");
MakeName(0x00062160, "Memcpy");
MakeName(0x0022E924, "Memcpy");
MakeName(0x0006216B, "Memcpy_Generic");
MakeName(0x0022E92F, "Memcpy_Generic");
MakeName(0x000621D0, "__rt_udiv");
MakeName(0x00079F8C, "__rt_udiv");
MakeName(0x00062334, "strlen");
MakeName(0x0007A2C4, "strlen");
MakeName(0x00070DB2, "diag_sp");
MakeName(0x00062298, "strcmp");
MakeName(0x0007A1D8, "strcmp");
MakeName(0x0007A360, "strncpy");
MakeName(0x00072502, "diag_pkt");
MakeName(0x00062F00, "__rt_div0");
MakeName(0x0007D324, "__rt_div0");
MakeName(0x00062F10, "__32__rt_raise");
MakeName(0x0007F1F8, "__32__rt_raise");
MakeName(0x00ACC3A8, "rex_int_lock_32");
MakeName(0x00072330, "subsys_getid");
MakeName(0x0007A548, "vsprintf");
MakeName(0x00062004, "MemClr");
MakeName(0x0022E7C8, "MemClr");
MakeName(0x000725CC, "diag_subsystem");
MakeName(0x0006EC72, "diag_hdlr");
MakeName(0x000726D2, "diag_hdlr");
MakeName(0x00083D86, "diag_hdlr");
MakeName(0x00085432, "diag_hdlr");
}
What about it ?
@Tigrouzen, no segment found at 0x00079B70 etc
amss it's regular elf with a bunch of segments
Code:
Name : LOAD
Start : 0x001E7000
End : 0x001EE000
Length: 0x00007000
----------------------
Name : LOAD
Start : 0x001F0000
End : 0x001F1000
Length: 0x00001000
----------------------
Name : LOAD
Start : 0x001F2000
End : 0x005D8000
Length: 0x003E6000
----------------------
Name : LOAD
Start : 0x005D8000
End : 0x00CDB000
Length: 0x00703000
----------------------
Name : LOAD
Start : 0x00CDB000
End : 0x00D11000
Length: 0x00036000
----------------------
Name : LOAD
Start : 0x00D11000
End : 0x00DAF000
Length: 0x0009E000
----------------------
Name : LOAD
Start : 0x00DAF000
End : 0x00DB9000
Length: 0x0000A000
----------------------
Name : LOAD
Start : 0x00DB9000
End : 0x00E9B000
Length: 0x000E2000
----------------------
Name : LOAD
Start : 0x00E9C000
End : 0x01BF9000
Length: 0x00D5D000
----------------------
Name : LOAD
Start : 0x01BF9000
End : 0x01D05000
Length: 0x0010C000
----------------------
Name : LOAD
Start : 0x01FF0000
End : 0x01FF006C
Length: 0x0000006C
----------------------
Name : LOAD
Start : 0xB0000000
End : 0xB0010CE7
Length: 0x00010CE7
----------------------
Name : LOAD
Start : 0xB0040000
End : 0xB0057000
Length: 0x00017000
----------------------
Name : LOAD
Start : 0xB0100000
End : 0xB0107207
Length: 0x00007207
----------------------
Name : LOAD
Start : 0xB0140000
End : 0xB01401B8
Length: 0x000001B8
----------------------
Name : LOAD
Start : 0xB0200000
End : 0xB0208CF3
Length: 0x00008CF3
----------------------
Name : LOAD
Start : 0xB0240000
End : 0xB024028C
Length: 0x0000028C
----------------------
Name : LOAD
Start : 0xB0400000
End : 0xB040DBE8
Length: 0x0000DBE8
----------------------
Name : LOAD
Start : 0xB0600000
End : 0xB0602000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xB0602000
End : 0xB0604000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xF0000000
End : 0xF001F878
Length: 0x0001F878
----------------------
Name : LOAD
Start : 0xF0020000
End : 0xF0026000
Length: 0x00006000
load amss.bin with TriX, dump decoded stage (elf format) and analyze with disassembler (e.g. IDA)
Ok guys i extract certificate from Amss S8530 XEJL2, bootloader segments full info fsbl sbl...
Also i can dump complete NAND and find segment and algorith for RC1 too
This is appscompressed.bin algorythme
0x01ca7750 RIPEMD128+160+MD4
0x01ca7750 SEAL+MD4 key
appcomp hash :
SHA1 : EB55C6690ACAF40BB2F845313F58BFE9C3BC529D
SHA224 : AAC3E2B65CC9F33BB7EDDA3DEB541CA9E8919422CC179B4D2B49F39BAE008F00
SHA256 : 580D3DB21E41A9FE588AE544266040FABA8AF044E739971E77F2B1272323D0B6
SHA256-HTC : A44BC029D7F952750003D9695ED7B464E446D34EEF5BD9665487E4C2BF81F669
MD4 : B3BD8310FF2C4C05E2044FD491814792
MD5 : 7220779D1094C5F7789094DC75BA4E9E
CRC16 (0x1189) : F4EA
CRC30 (Block: 0x1000, Page: 0x200) : 0BD214AA
CRC30 (Block: 0x2000, Page: 0x400) : 0A28A17A
CRC32 (0xEDB88320) : 313F4EF2
CRC32 (0x04C11DB7) : 90B01704
CRC32 HTC (0xEDB88320) : B55B60A7
ECC Reed Solomon (parity 10) : 43702DA1FDAC4DB2023B
ECC BCH Micron 3 byte : 818144
ECC Hamming Toshiba (8 bit - 0x200 bytes) : C00FC3
ECC Hamming (8 bit - 0x200 bytes) : FF3CF3
ECC Hamming (16 bit - 0x200 bytes) : 3FCFFC
Amss algo :
0x0007fce0 CRC-16 norm
0x0007fee0 CRC-16 inv
0x0007f8e0 CRC-30
0x0007eb50 CRC30 Function
0x00b66194 CRC-32
0x00b66394 CRC32 Function
0x000800e0 CRC-32 Xilinx
0x0007eb58 CRC32 Xilinx Function
0x000800e4 CRC32 Xilinx Function
0x00c3c490 DES RAW Spbox
0x00c39381 RSA PKCS SHA1/RIPEND Digest
0x00c39390 MD2 S
0x00463548 SHA2 table
0x008fcc88 SHA2 table
0x00b6eb14 ZDeflate
0x0041a28c SHA1+MD4+MD5 init
0x008fcb08 SHA1+MD4+MD5 init
0x00c3d7f8 SHA1+MD4+MD5 init
0x0041a29c SHA1+MD4+MD5 key1
0x008fcb18 SHA1+MD4+MD5 key1
0x00c3d808 SHA1+MD4+MD5 key1
0x001a9844 SHA1+MD4+MD5 key2
0x0041ac1c SHA1+MD4+MD5 key2
0x008fcb1c SHA1+MD4+MD5 key2
0x001a9848 SHA1+MD4+MD5 key3
0x0041ac20 SHA1+MD4+MD5 key3
0x008fcb20 SHA1+MD4+MD5 key3
0x00463648 SHA2 init table
0x008fcd88 SHA2 init table
0x00c3d80c SHA2 init table
0x0046364c SHA2 init table
0x008fcd8c SHA2 init table
0x00c3d810 SHA2 init table
0x00419980 RIPEMD128+160+MD4
0x008fcaf8 RIPEMD128+160+MD4
0x00bdcca0 RIPEMD128+160+MD4
0x001a9844 MD5
0x0041ac1c MD5
0x008fcb1c MD5
0x00419980 SEAL+MD4 key
0x008fcaf8 SEAL+MD4 key
0x00bdcca0 SEAL+MD4 key
0x004fc7af HTC PUBLIC KEY
E9079DBB2452104990982132470BA20B7C795D1B4690B718B62FCD38D71D4E458FAF320374B89D5236C79BD57D2BA2D3508A4A605B0D48CB8CA5478BFE4D7D32AB0AE072BC367A9615F002D5023A617B422FEC1EF8DAD772D75E9C4F06EF624B864699A3F080D1B8E192B921D159852B2DC798F752B4F1FA529FF123D9963F73
0x00708134 Sober 128
0x00c3cd90 Sober 128 SBox
Possible algos little endian: 45
0x00315f6c AES te
Possible algos big endian: 1
Amss hash :
SHA1 : C59C5785E823E5E1CA9BE05DB6F55F8C8AC1BBA3
SHA224 : 5F50CED13C1204068E443919706B53D866271DAB1CFB5A9CB07A953CAE008F00
SHA256 : D86C7634FE07806D3B87701EC7F72F25DAAFAC7C40CA1D370C1ABA5840C091C0
SHA256-HTC : 120F70AECE78B8DCF69DCD79F020AB00AE17572123BA21274D6F6EE280774A09
MD4 : 7703DF5B1074392D4B91ECA23BAC9D92
MD5 : 22197F8AAD6A2CB4394E1B4E63EB843C
CRC16 (0x1189) : FAC5
CRC30 (Block: 0x1000, Page: 0x200) : 311AE4C7
CRC30 (Block: 0x2000, Page: 0x400) : 295DFC29
CRC32 (0xEDB88320) : 8DB21A34
CRC32 (0x04C11DB7) : 7B94B6A4
CRC32 HTC (0xEDB88320) : 08450BBC
ECC Reed Solomon (parity 10) : A04D69B134A126F3FD15
ECC BCH Micron 3 byte : 000000
ECC Hamming Toshiba (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (16 bit - 0x200 bytes) : FFFFFF
Amms certificat :
https://rapidshare.com/files/3061245812/1.cer
Well, the main idea was ..., to get some tools with which the amss.bin for bada v1.2 and v2 can be modified to work for the American/Australian version of the wave. Looks like there are some hardware differences and this file is containing information needed for the RF module.
Looks like there are some hardware differences and this file is containing information needed for the RF module
Click to expand...
Click to collapse
No idea if Hardware differences, but I'm pretty sure there are different Config/Calibration data...
Check out NV items... AMSS + NV items = Qualcomm related part...
http://www.samsunguniverse.com/forum/s8500-can-work-with-qualcomm-tools-t199.html
You could take an look on FCC documents for maybe Hardware check...
Best Regards
I think gambal refers to UMTS bands, Europe is different than in America.
UMTS bands in America are 850 - 1900
UMTS bands in Europe are 2100
bada 1.2 and above only works with Euro bands (these updates hasn't oficially released in America), so as we know the file "amss.bin" contains the parameters that define which bands to work, would be good to try to edit the information to compile a new "amss.bin" to work with American bands ..
Many Americans would be happy!
...would be good to try to edit the information to compile a new "amss.bin" to work with American bands ...
Click to expand...
Click to collapse
But you are really sure that not NV items differ?
Maybe easier to compare NV items...
Best Regards
You mean to compare amss NV items from a 1.0 American firmware and another 1.2 European firmware?
I was import to a .Qcn file a list of NV items of my mobile (bada 1.0 american), i will compare with another one of 1.2.
It's posible to create more NV items if is necesary?
sorry for double post.
i've compared NV items of my phone, first with a 1.0 american firmware then with a 1.2 European firmware..
EDIT: thought that there were no differences because the file size was identical, but looking more attentively i find some, i will continue researching,
You tried QPST or which Tool?
And are sure there are no differences?
I have 2x S8500... with QPST difference 10 NV items + one S8500 has 10 more
Content not checked... too lazy at this time.
Best Regards
Edit 1.
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Click to expand...
Click to collapse
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 319
Click to expand...
Click to collapse
And these are only the "official" NV items... and not the hidden one...
Example...
Code:
NV item: [B]2608[/B] [NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I], index 0
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 0: 12 3d fc ff 9c 3c fc ff 26 3c fc ff b0 3b fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 1: 34 3b fc ff af 3a fc ff 2a 3a fc ff a6 39 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 2: 22 39 fc ff 9f 38 fc ff 0c 38 fc ff 65 37 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 3: be 36 fc ff 18 36 fc ff 73 35 fc ff ce 34 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 4: 2a 34 fc ff 87 33 fc ff e5 32 fc ff 43 32 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 5: a2 31 fc ff 01 31 fc ff 61 30 fc ff c2 2f fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 6: 23 2f fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 7: 85 2e fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
sorry for my english, I mean to say that i find some differences..
between 2 firmwares, I find 40 differents NV items using "RF NV items Manager" program.
Example:
European 1.2 Firm:
Code:
NV item: 5059 [NV_WCDMA_2100_TX_LIN_MASTER_0_ENH_I], index 0
NV item: 5061 [NV_WCDMA_900_TX_PDM_LIN_0_ENH_I], index 0
American 1.0 Firm:
Code:
NV item: 5064 [NV_WCDMA_1900_TX_PDM_LIN_0_ENH_I], index 0
NV item: 5060 [NV_WCDMA_800_TX_PDM_LIN_0_ENH_I], index 0
(it's look like these items manage the umts network)
This are 2 items of 40 that I find.. So, I imported all 40 1.0 American Firmware Nv Items to the 1.2 Euro Firmwared Phone, (using previous modified .QCN file) then, i restart the device, but nothing happen, still no find UMTS network... But i want believe that we are close to find the solution
If I use PSAS to Display the new added NV items, these appear as "inactive item" and those already on the phone appears lile "bad parameter"
not know what else I can try...
Even if NV items count is different. Dump of NV area will be always the same in size. Area in oneNAND reserved for NV data is constant, and in most it's just empty space, filled with zeros.
Is it possible to dump whole NV items list using QPST? Can you guys do that and send dumps to me?
If not please search for following NV items and send me values you get (if you get any)
Int id 556
Int id 5
Int id 7
Int id 1403
String id 254
String id 387
String id 388
String id 256
String id 197
I want to prove some theory just taken from Bada kernel and need few different values to compare. These should contain Timezone, Locale and SimBlock settings. (If these NV items are even available)
Please send me PMs with dumps if you get any. Thanks in advance.
Tell me when you are ready "amms.bin" to "bada 2.0" so I can put it on my phone. I'm from Argentina. Thank you very much!
Rebellos said:
Int id 556
Int id 5
Int id 7
Int id 1403
Click to expand...
Click to collapse
With "PSAS" display "Inactive Item", and with "RV NV item manager" i don't these id's..
@adfree
Hey, if I wrote in phone (with "RV NV item manager") some NV items, is not take any effect... does exist another step to "activate" these items or some? maybe in Stune have to add any parameter? or maybe the "QPST Service program" tool..
I have fear of breaking the handset really... I just wan't to calibrate the UMTS bands, need these:
WCDMA_II_PCS_1900
WCDMA_V_850
http://forum.xda-developers.com/showpost.php?p=12436452&postcount=1
Other way to access NV items.
Now you can backup with sTune for instance... folders:
Code:
[B]NV
nvm[/B]
EXTREME Caution!
Some IDs are protected... so you can maybe write/activate, but not easily remove change = brick...
Best Regards
a little question..
there is a firmware of S8530 which has bada 1.2 and 850/900/2100Mhz 3g bands capable... there are firmwares prepared for Brazil and Australia.
it's posible to flash that amss.bin in a S8500 with bada 1.2?
I tried this, but the bootloader says "error erase amms"
amss.bin in a S8500 with bada 1.2?
Click to expand...
Click to collapse
If I remember correct, then yes...
Maybe not all combinations...
BUT check Multiloader ... adresses are different...
So you have to edit...
Later more.
Maybe give Link to this S8530 Firmware, so I can take an look or try for you...
Best Regards
Things have become more and more unclear for me regarding the nature of the boot process of many smartphones. Sometimes people misinterpret what I'm asking. Sometimes people only have vague knowledge of a particular smartphone's hardware-based restrictions or if it has any to begin with. In light of this, I will try to phrase this post as clearly as I can.
I remember reading that the bootloader from the Nexus 4 was able to work on the LG Optimus G, allowing arbitrary kernels to be loaded. I cannot remember if it was in an article by someone reporting on the hack or in a post by the developer of the hack. It was never specified if it was the first-stage bootloader. Assuming that it was the first-stage bootloader, then this would lead me to believe that the boot ROM, the immutable mask ROM that is part of most processors used in smartphones, on the LG Optimus G will load arbitrary (i.e., unsigned or signed with different private key) code. In other words, it leads me to believe that I can modify the LG Optimus G's official bootloader and it would not be rejected (at least by the processor).
Is this the case with the LG G4? Is the first-stage bootloader verified by the phone's processor on startup? Does anyone know the configuration of the fuses on the processor that it uses (assuming it has any)?
Anyone?
I thing same you
If we are may be flash bootloader H815 or G4 tmobile , my devices will unlock bootloader easy
Anyone at all?
Hello Master Melab.
I myself have almost zero Android dev knowledge but digging through this stuff as well. I learned some from http://newandroidbook.com/Articles/aboot.html
The boot process is like this: -> BootROM+SBL+radios->android bootloader -> kernel image + zRam (something like initramfs) -> init (services, shell, that zygote crap, dalvik/art vm, etc)
Reason I am trying to pick it up is learn more in the hopes that someway we can unlock the bootloader of the LG G4 whatever version.
Am running on an LG G4 H815 TWN (Taiwan carrier-free) and LG does not want to generate unlock.bin for me.
I found the root method via patching and flashing back modified bootimage, dumped in busybox started.
You are into crypto from your sig?
Below is the dump (hex) from the aboot of my H815 TWN - v10e Lollipop.
I just see random hex that is so making me rage... yep numbers make me angry
See if you can find any patterns/logic to this madness - so much fluff(guessing part of it is the signed stuff) in the beginning and right at the end, the ARM eaXXX instructions start (real beginning of the boot binary).
[email protected]:/mnt/shell/emulated/0 # dd if=/dev/block/platform/f9824900.sdhci/by-name/aboot of=./aboot.img <
4096+0 records in
4096+0 records out
2097152 bytes transferred in 0.110 secs (19065018 bytes/sec)
Click to expand...
Click to collapse
[email protected]:/mnt/shell/emulated/0 # od -A d -t x4 aboot.img |head -n 260 <
0000000 464c457f 00010101 00000000 00000000
0000016 00280002 00000001 0f900000 00000034
0000032 00000000 05000002 00200034 00280004
0000048 00000000 00000000 00000000 00000000
0000064 00000000 000000b4 00000000 07000000
0000080 00000000 00000000 00001000 0f976000
0000096 0f976000 000019a8 00002000 02200000
0000112 00001000 70000001 0007d808 0f975808
0000128 0f975808 00000020 00000020 00000004
0000144 00000004 00000001 00008000 0f900000
0000160 0f900000 00088de4 0009b488 00000007
0000176 00008000 00000000 00000000 00000000
0000192 00000000 00000000 00000000 00000000
*
0004096 00000000 00000003 00000000 0f976028
0004112 00001980 00000080 0f9760a8 00000100
0004128 0f9761a8 00001800 4dce3793 7d266b40
0004144 779a699b 8408c755 a7477930 07c072f1
0004160 ebc41fe2 9b9ecd06 00000000 00000000
0004176 00000000 00000000 00000000 00000000
0004192 00000000 00000000 26539b59 96228a1c
0004208 da200345 56d38638 3f7dd8fa 185f3113
0004224 d47b92fe ba05c846 ac538614 a03aaad3
0004240 e30c7d84 2203ad28 c7eea155 e3c724e4
0004256 619b56c6 45f8c1d9 a35ca403 03030704
0004272 1fc48d64 63d1aed7 f7a34348 77a65a8d
0004288 dabf1ea9 30501706 4e7d9ec0 dc8c205b
0004304 5e4b1fff ebb9ceff ff3664a5 b7cc3348
0004320 bb2ff543 6946392b b3bf5170 627fe97e
0004336 90fdb1f0 f6e029c3 3d588648 da6e01f8
0004352 d4b58268 4c12b41f 69a1b72b eaead5b2
0004368 f8aef7a1 4213aa6f ac0e89af 39ff4939
0004384 504df1e5 6cdf6e8f a3238cb5 27508741
0004400 cb6a46ce 863f72c6 dbab25c8 caeca06f
0004416 0a722955 b389ba04 20065795 30bbaf1b
0004432 d9a41c68 613e6846 d145c6e3 5818663b
0004448 86b855ef 005d289f e459cb53 3b6bca4a
0004464 8eea151e 73c3a904 33d1c525 406304b4
0004480 4e999179 8ee19a57 d25f5c68 55705e28
0004496 637f41b6 bab91985 c0215212 d9648784
0004512 51048ec6 62c361e9 12058230 fa038230
0004528 010203a0 0d030202 0d302f95 862a0906
0004544 0df78648 050b0101 81813000 19301b31
0004560 04550306 4c121303 61204547 73657474
0004576 69746174 43206e6f 30233141 55030621
0004592 1a130b04 656e6547 206c6172 2045474c
0004608 65747461 74617473 206e6f69 0c314143
0004624 03060a30 130a0455 45474c03 10301231
0004640 04550306 47091307 434d5545 4e4f4548
0004656 0c300e31 04550306 53051308 4c554f45
0004672 09300b31 04550306 4b021306 171e3052
0004688 3135310d 30373131 34343232 0d175a32
0004704 31313533 32303331 32343432 0182305a
0004720 30163150 55030614 0d130304 6f61687a
0004736 676e6566 6e61792e 30203167 5503061e
0004752 17130b04 656e6547 206c6172 2045474c
0004768 65747461 74617473 316e6f69 060a300c
0004784 0a045503 474c0313 30123145 55030610
0004800 09130704 4d554547 4f454843 300e314e
0004816 5503060c 05130804 554f4553 300b314c
0004832 55030609 02130604 1731524b 03061530
0004848 130b0455 2037300e 31303030 41485320
0004864 31363532 06173019 0b045503 3630100c
0004880 30303020 4f4d2030 5f4c4544 1c314449
0004896 03061a30 0c0b0455 20353013 30303030
0004912 38613030 5f575320 455a4953 15301731
0004928 04550306 300e0c0b 30302034 4f203133
0004944 495f4d45 30223144 55030620 19130b04
0004960 30203330 30303030 30303030 30303030
0004976 20323030 55424544 30223147 55030620
0004992 190c0b04 30203230 39363930 30314530
0005008 30313330 20303030 495f5748 30223144
0005024 55030620 190c0b04 30203130 30303030
0005040 30303030 30303030 20393030 495f5753
0005056 01823044 060d3022 48862a09 010df786
0005072 00050101 0f018203 01823000 0182020a
0005088 558b0001 c1184fa0 30084f74 d5170a05
0005104 f8f21578 85020ac7 8af5b59e 1651faa1
0005120 48ff1748 1eed55ba c575a0b4 3c3bb75c
0005136 6eddee82 b262b501 30925fc9 0cb77313
0005152 ec539932 cf2b71be a1399ac6 b6caa2ab
0005168 40d27314 98d03cf5 7826f5e6 99433bd1
0005184 97cfeb2b 5fe4f6ae 9c451d52 d80d2784
0005200 fa01108e cab53257 22b71266 e1411ce4
0005216 5ce1e123 c74de085 6d35d211 294229e3
0005232 256e3d8e 79ac9c96 d605aa75 90ef863e
0005248 0ec6dca2 fd13780e 15ce6859 329779a2
0005264 d381577d 2aa0bd4f 081eeb14 5ef564f9
0005280 4df2d097 11c9fa31 bb6b9106 f41200fc
0005296 3dc0ec81 820cc0f5 1c327c89 9a82592f
0005312 da220951 0668fbdd 7e4f0b36 2c866b7c
0005328 7ff4e576 bf0d8849 66aa6e81 7cea79b8
0005344 0302e91b a3010001 8130c081 9c8130bd
0005360 1d550306 94810423 80918130 f2b79f14
0005376 89e9d921 58da1681 169dec47 aac73b73
0005392 a476a1b1 31723074 06123014 03045503
0005408 474c0b13 4f522045 4320544f 301b3141
0005424 55030619 12130b04 656e6547 206c6172
0005440 2045474c 746f6f72 0c316163 03060a30
0005456 130a0455 45474c03 10301231 04550306
0005472 47091307 434d5545 4e4f4548 0c300e31
0005488 04550306 53051308 4c554f45 09300b31
0005504 04550306 4b021306 05018252 03060c30
0005520 01131d55 0204ff01 0e300030 1d550306
0005536 ff01010f 02030404 0d30f004 862a0906
0005552 0df78648 050b0101 01820300 f3340001
0005568 60064bb4 1c6f6f85 a7348105 f155462d
0005584 0ba8a8be e0b64772 bcf8c135 a6f147e8
0005600 79b22b66 2a9ade5a b1ae9aff b6fc0b9b
0005616 2f843340 decfa200 b3e0313e 2cec5820
0005632 7b1c3dfa f2102bfb b00499a4 4bfd8c07
0005648 11844799 7f9a16fc 3b4bbaed 76fd2436
0005664 df2a0168 adfb34c2 a8824431 dadabbbb
0005680 52025923 2fa251bd 2d44a13b 996a3824
0005696 81ba7f76 808c8a8a eb0dd21a 110c49e4
0005712 dcade241 db412d59 541bc959 0227ce08
0005728 81dbed2e ba88015b c5cb5195 1e802308
0005744 5fb54a4f d36a2bfa 1c4f88da d86cf99f
0005760 154f7a65 3db33d80 6bd19fde 04806598
0005776 af1cd4b7 25873324 809a4abf b45c7306
0005792 dd1ad455 59625cf6 53434f4c 7e990137
0005808 2bdd1d16 83629435 9dd634aa 82304cc3
0005824 82305304 03a03b03 02020102 0d300501
0005840 862a0906 0df78648 050b0101 31723000
0005856 06123014 03045503 474c0b13 4f522045
0005872 4320544f 301b3141 55030619 12130b04
0005888 656e6547 206c6172 2045474c 746f6f72
0005904 0c316163 03060a30 130a0455 45474c03
0005920 10301231 04550306 47091307 434d5545
0005936 4e4f4548 0c300e31 04550306 53051308
0005952 4c554f45 09300b31 04550306 4b021306
0005968 171e3052 3034310d 30303339 34363230
0005984 0d175a30 39303433 30303532 30343632
0006000 8181305a 19301b31 04550306 4c121303
0006016 61204547 73657474 69746174 43206e6f
0006032 30233141 55030621 1a130b04 656e6547
0006048 206c6172 2045474c 65747461 74617473
0006064 206e6f69 0c314143 03060a30 130a0455
0006080 45474c03 10301231 04550306 47091307
0006096 434d5545 4e4f4548 0c300e31 04550306
0006112 53051308 4c554f45 09300b31 04550306
0006128 4b021306 01823052 060d3020 48862a09
0006144 010df786 00050101 0d018203 01823000
0006160 01820208 b5bc0001 74fc08d7 f29875a8
0006176 68944d14 8ee10453 48b29679 d715b100
0006192 7f51d49e 46bd5da2 be1faa16 b28677fb
0006208 d179bd23 67f1d599 fdef4a5a e18dd04c
0006224 483ef50b 25bb4f5d 052b8d88 65f4adcf
0006240 5e8f7535 4cda563c 648db91c b2eb9704
0006256 a3dd3121 c11f5771 2d5be4bf 3fa08747
0006272 5194b92e c4ffb4e1 5b747270 a5c87aff
0006288 941b985d f4c9a03d 9398c233 f8654a14
0006304 c5109d2a 493c1b7a ba202f25 bba102c1
0006320 d3d32105 c02d0b9b 337789dd 83e44f35
0006336 9e47120a 91d13f9c 0c25fb88 cb8d5fef
0006352 596b4681 d32da104 05832736 60f42f7a
0006368 4dbc2836 658cb765 8c151dce 275c51af
0006384 9a4c505e 71d1ed9c c11a89eb 75e4d97d
0006400 639b4b6f 5d327d2d de2e53b1 f12a014a
0006416 b4d5eed7 01026714 e581a303 30e28130
0006432 03069c81 04231d55 81309481 8e148091
0006448 073d1095 26fe008b e58a027f b40c77b8
0006464 a13ad8f3 3074a476 30143172 55030612
0006480 0b130304 2045474c 544f4f52 31414320
0006496 0619301b 0b045503 65471213 6172656e
0006512 474c206c 6f722045 6163746f 0a300c31
0006528 04550306 4c03130a 12314547 03061030
0006544 13070455 55454709 4548434d 0e314e4f
0006560 03060c30 13080455 4f455305 0b314c55
0006576 03060930 13060455 82524b02 1d300101
0006592 1d550306 0416040e f2b79f14 89e9d921
0006608 58da1681 169dec47 aac73b73 061230b1
0006624 131d5503 04ff0101 01063008 0102ff01
0006640 060e3000 0f1d5503 04ff0101 01020304
0006656 060d3006 48862a09 010df786 00050b01
0006672 01018203 40be6f00 de48db62 a3df9124
0006688 89482f95 02ccd954 efbb9ae4 93ec32c7
0006704 82a24da2 8aef539f f608d9af 190482d4
0006720 e3ff7116 b6d76d4c 2cdedf8e 283c021f
0006736 5101fbbe 0ed0fa5c 62c4d961 917b3b36
0006752 85c94bb3 787333bc 33404b52 7254d4de
0006768 82f3b85c 6fbdb650 fbbe5fde 17e6dcb8
0006784 1ea87112 6bbb8a76 17a8ed71 61d282e4
0006800 cc15cbe9 4068898f 5c9f06b1 54087ba0
0006816 c00d4831 dcaa301d 6ae47eba c461ae74
0006832 94611f1c dc04b3e8 20244494 215f6ae5
0006848 4136c8e2 0f68bf98 d3159751 cf2b3221
0006864 3429f70e 3a9dc421 f05f3a0e 732b386c
0006880 6bfbb8bf 99960e63 94f92a7b d3779c9f
0006896 24eb3497 2d5d3650 a54e06b2 e1c6a02b
0006912 a6843448 7eeff94f 85f77cbf 4be4eec7
0006928 57be20f1 03823083 0282309f 0203a087
0006944 01020201 060d3001 48862a09 010df786
0006960 00050b01 14317230 03061230 13030455
0006976 45474c0b 4f4f5220 41432054 19301b31
0006992 04550306 4712130b 72656e65 4c206c61
0007008 72204547 63746f6f 300c3161 5503060a
0007024 03130a04 3145474c 06103012 07045503
0007040 45470913 48434d55 314e4f45 060c300e
0007056 08045503 45530513 314c554f 0609300b
0007072 06045503 524b0213 0d171e30 39303431
0007088 30303033 30343632 330d175a 32393034
0007104 32303035 5a303436 14317230 03061230
0007120 13030455 45474c0b 4f4f5220 41432054
0007136 19301b31 04550306 4712130b 72656e65
0007152 4c206c61 72204547 63746f6f 300c3161
0007168 5503060a 03130a04 3145474c 06103012
0007184 07045503 45470913 48434d55 314e4f45
0007200 060c300e 08045503 45530513 314c554f
0007216 0609300b 06045503 524b0213 20018230
0007232 09060d30 8648862a 01010df7 03000501
0007248 000d0182 08018230 01018202 2605bb00
0007264 ee06e780 1e971259 8b4e1d5d 9038c5e4
0007280 0a659df6 64717568 a994bd1c e6a55f97
0007296 af195474 1257c9d1 b3e61d85 98ed97da
0007312 3ebe3ef6 014c0ef2 064731a7 97e4eff9
0007328 39a752eb 12308d75 0de2dca2 9b9bf248
0007344 498cd73e 975645d9 f7031836 8d6ea152
0007360 cb19ef5a e8e61a52 8286c83c 2c71aab1
0007376 f0cf1af6 51ef50bc 0e16d787 5b43df5f
0007392 5394eb0e 06ff63e6 5fc782f2 ea5fde02
0007408 ab908825 cb163af7 0e4a2c3f 7d783b67
0007424 cf710260 6e0d3593 70c80613 91dca12f
0007440 c0b54006 b21be68f 21732ee2 64bd5a2a
0007456 c31cdfe5 38ddd6d4 9d61b67b 5a36af47
0007472 59f7811e c77174f4 166a409a 0ae07886
0007488 9d63962b c74e4bdc 20a8e7ea 0fcfa949
0007504 aebd5a5a e5bea090 989c6d6b 03010221
0007520 403042a3 03061d30 040e1d55 8e140416
0007536 073d1095 26fe008b e58a027f b40c77b8
0007552 303ad8f3 5503060f 0101131d 300504ff
0007568 ff010103 03060e30 010f1d55 0404ff01
0007584 06010203 09060d30 8648862a 01010df7
0007600 0300050b 00010182 395b3a11 da9b813e
0007616 31a9dbcc dbc66acd 24a29f40 41f48985
0007632 d30142ab 2fff3448 08aed94e ef8cb36a
0007648 d138c6d6 2f02ba8a efd83412 58647be8
0007664 0007c5df bc121004 f04384fa 2cca9764
0007680 1b2af619 e70d9c38 bbdd76de b36c98dc
0007696 bb40525a 8684bdf7 9df44bb0 1bfc7020
0007712 129ac6a7 2b4256c0 9eaba15c e1539232
0007728 3ceea60b 900624d7 14858ccd eaf33c35
0007744 aa7a6e38 3b4bc7fb d45b8d31 b9d4bc13
0007760 0e682b52 4f41a202 88394c0c e2069441
0007776 94e8f75e 2b17870a 21f8994f b1d06147
0007792 a64bd28e 19d44612 3326915c 235aec64
0007808 fdd4733b 7eb2b20b 1b711d41 44b6c621
0007824 5c7bf273 c84fb52a 6eee87d8 f61f4430
0007840 b55a8208 815bbec1 59b7c0fa d2d28a60
0007856 5b405c82 0ff491f6 ffffffff ffffffff
0007872 ffffffff ffffffff ffffffff ffffffff
*
0010656 ffffffff ffffffff 00000000 00000000
0010672 00000000 00000000 00000000 00000000
*
0032768 ea000006 ea00a463 ea00a469 ea00a46f
0032784 ea00a475 ea00a47b ea00a47b ea00a492
0032800 ee110f10 e3c00a0b e3c00005 e3c00002
0032816 e3800020 ee010f10 e1a0000f e2400040
0032832 e59f1020 e1500001 0a000009 e59f2018
Click to expand...
Click to collapse
I wanna know if its possible to steal the lg signature and sign our own modified kernals and roms and recovery images. How does flashfire manage to flash exposed and. I have high expectations for flash fire in the development of g4. Like g3 used flasify
29y6145 said:
I thing same you
If we are may be flash bootloader H815 or G4 tmobile , my devices will unlock bootloader easy
Click to expand...
Click to collapse
Really? This cannot be done on a PC?
Anyone? Bueller?
I dont know the exact order of boot. But i know the bootloader does have q fuses which are blown. And the bootloader partition is encrypted 256bit keys.
Even if i could flash a 815 loader. lg the the key to unlock it no one else can unlock them
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
DaarkZek said:
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
Click to expand...
Click to collapse
There is no such setting in "Phh settings" unfortunately
Here is a logcat of when I double tap the fingerprint scanner. It triggers the volume down for some reason.
If someone could figure out what is the cause, it would be great
f
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
phhusson said:
f
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
Click to expand...
Click to collapse
I havent had the issue after I updated the Nokia 7 Plus firmware to Pie November before installing any GSI. But I did the getevent command anyway, in case it helps
Output:
Code:
phhgsi_arm64_ab:/ # getevent
add device 1: /dev/input/event6
name: "sdm660-snd-card-b2n Button Jack"
add device 2: /dev/input/event5
name: "sdm660-snd-card-b2n Headset Jack"
could not get driver version for /dev/input/mice, Not a typewriter
add device 3: /dev/input/event2
name: "goodix_fp"
add device 4: /dev/input/event4
name: "gpio-keys"
add device 5: /dev/input/event3
name: "hallsensor"
add device 6: /dev/input/event1
name: "fts_ts"
add device 7: /dev/input/event0
name: "qpnp_pon"
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
I first tapped the fingerprint scanner, then swipped the scanner from left to right, then right to left, down to up, up to down and then double tapped it
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
best way to check is compare between generic.kl present in system/user/keylayout with any of the generic.kl of your device with another ROM having no problem...
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
eremitein said:
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
Click to expand...
Click to collapse
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
eremitein said:
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
Click to expand...
Click to collapse
Perfect thanks mate.
Sent from my Phh-Treble vanilla using Tapatalk