Related
OK IMEI-CHECK charge £20 to unlock the phone, and I say fair enough. Why am I posting this? Did you know that their method is probably writing a NEW locking code using some other algorithm? If you run their software, it will inflate and write (about 4K of data if i remember correctly) in the part of the Radio ROM, where you only get access from the bootloader (memory address h'0' to h'10000'). Now here's the thing: I bet if I call T-mobile and ask for the unlocking code, it won't work in my phone, as these guys are actually modifying the Radio ROM without even telling you. Have you guys thought about insurance? For those who don't pay £9.99 or whatever extra cover, what if you pricey and precious pda goes bonkers? I think they should tell you *before* doing anything, about any possible problems.
Come on you guys, someone said he has compiled a few logs/imei numbers. Let's crack this thing, it has been done before for xda I and II, why can't we do it for IIs/IIi?
If that's the case, then I wonder what's in those .uif files they ask you to send back to them? Could it be a backup of the sections of the radio ROM that they're replacing?
Also, if they're writing a fixed set of data to the radio ROM, how come everyone seems to have different unlock codes? Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
-no1
Just had another thought - what if they're replacing code in the radio ROM with code from the Himalaya so that the unlock process then works in the same way as the Himalaya?
Has anyone tried using the xda2unlock tool after running the program from IMEI-Check??? I can't test this just now, so it's just a guess.
-no1
Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
Click to expand...
Click to collapse
Yes I believe that's what they actually do. I tried to run their utility with a debugger but it does not allow execution as long as a debugger is running, nice one IMEI-CHECK. However, I have done a full USB port logging when the utility runs and I found out that they write a new image between addresses 0 and 10000 of the radio rom, and that they also read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes.
Yesterday I discovered something odd...after running their application, and by inserting a different SIM card, the attempts counter for the unlocking code had a negative value of several millions. Now I suspect that by writing in adresses 0-10000, i think they replace the default unlocking utility which allows to enter the code.
Another idea I will try will be to run a debugger in the PDA (if I can find one) and see if I can capture the memory address with which it compares the input code.
Come on guys, especially you who did the unlocking utility for XDA II!! Give us some help here!!!!
Zouganelis,
That's excellent that you've been able to sniff the USB traffic. Keep up the investigations!
I wonder why they'd need to read sections of the ROM? If they're replacing the calculation algorithm section of the ROM with their own code, then they should already know how to calculate the unlock code - i.e. they shouldn't need the user to send them back the .uif file.
This makes me wonder if the code they are replacing is just a copy of the code from another device e.g. the Himalaya.
If they are replacing with code from the Himalaya then the unlock process may revert back to how it works on the Himalaya.
Has anyone been able to test this by running the xda2unlock tool for the Himalaya *after* running the IMEI-Check program?
Does anyone have the source code for xda2unlock by the way? I tried searching for it, but it doesn't seem to be available.
-no1
Another thing, does anyone know if it's possible to back up and restore this secret area of the radio ROM using the backup to SD method? I assume that when you dump your radio ROM to SD card it's not including this part of the ROM???
I want to be able to fully restore any bits that the IMEI-Check tool is changing, just in case.
-no1
Come on guys, anyone else trying to crack this thing? We need someone who knows how to disassamble/reverse engineer this log file. It can't be that hard! Also, I think the key to understanding what their little proggy does, is to manage to run a debugger when the unlock program runs. It has some mechanism of detecting a running debugger and it quits if you have a debugger running at the same time. I bet my MDA III that some experienced programmer can overcome this and fool their application? I am running out of ideas guys and I am really against paying these thieves 20 quid for nothing. They MUST have done this using the previous unlocking methods for XDA I and II. Does any1 know who did those unlockign utilities? These guys must help us!!!
Have you tried to run OllyDbg as a debugger tool to see what is happening? Your earlier findings were very interesting...let me study this and get back to you all...
One remark upfront though: I do not think they are modifying your Radio ROM....this would mean that if you upgrade/replace your current Radio ROM, you would be SIM-lock free...and I do not think that is the case...
OK, some initial observations:
1. Lousy software...hard to use for novices...why have the phone enter BL mode automatically (using enterBL.exe)...I think we can do better!
2. Since the phone must be in BL mode, I do think it extracts some info from the radio ROM, but the SIM-Lock could also reside in the Extended ROM, since this is usually customized by the provider?
3. Interesting to see that the same proggie and procedure is used for all XDA-X models
4. Can anyone post a file (output of the proggie) of what they have mailed these folks, as an example?
5. I was always under the impression that the SIM-Lock resides in the SIM itself, so this is a software workaround? What happens if you upgrade your ROMs...you need to go through this process again? Does anyone have experience with this?
Thanks, and let's get this thing cracked!
HappyGoat,
My understanding is that SIM lock is implemented by the phone itself rather than the SIM card.
In the case of our HTC devices, there seems to be a small area of the radio ROM that does not get written to (even when you upgrade your ROM). This area is where the SIM lock is located, and probably other information such as your IMEI number.
This is probably why your IMEI and SIM lock information never get replaced when you upgrade your ROMs. I seem to remember that an older version of the xda2unlock tool was able to change your IMEI number but it got pulled for legal reasons.
When I unlocked my Himalaya, it stayed unlocked even after later upgrading the ROMs, so the state of the SIM lock is being stored somewhere. It can't be on the SIM because what if you change your SIM after you unlock it? The phone would need to be able to read your old SIM to check if the phone is locked!
Zouganelis,
Have you got any idea if it's possible to back up the areas of the radio ROM you mentioned to SD card? Like the current SD card backup method, but getting ALL of it?
-no1
Happygoat and no1,
i am pretty sure they write to the radio ROM some data they inflate from their "unlocking" executable file. How do I know this? Well, when I put a different SIM into my XDA IIs, after I enter the pin code, the simlock application comes up (simlock.exe under \windows\) which checks for the correct unlocking code. Now usually, you have 3 attempts available to do this, before the phone locks and says "contact customer services" or whatever. After I run their application, the counter had a value of -2billion or something, making it impossible to lock it. Interestingly enough, the memory adresses to which they WRITE, are between 0 and 10000. Is it a coincidence the simlock.exe application is 10.5kB? I don't think so!! i think they write their own simlock application to reset the counter, and then they read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes. The simlock code MUST be here!! i will post the log from the USB port sniffing tomorrow, as I don't have these files right now. It's pretty obvious to see how the bootloader works. Anyone with past experience especially with CE based devices will be able to figure out how to read these last two chunks of the radio rom.
Here's a link with some interesting files, RED has posted in the past:
http://www.pgwest.com/phone-files/
Username: xda
Passwrod: blueangel
I do agree with no1 regarding the simlock, I think this is exactly the way it works.
no1, I don't know how to do any backup to the SD card, but if you really know what you are doing in the bootloader, try reading from the memory addresses I mentioned earlier.
Keep it up guys, i think we know what their software does, we now need to find out how to read properly the output log.
Regards,
Zouga
Hi zouganelis and no1,
Thanks for the explanations and comments...all makes sense to me now, excellent.
Zouganelis, thanks for the website...that is the stuff I was looking for, cheers!
I do indeed think we are close...will report back later.
So... if they need the .uif file AND the IMEI number, could it just be a case of using the IMEI code to decrypt the contents of the .uif file? In other words the IMEI code is the decryption key??? But what kind of encryption are they using?
I think they used simple XORing in the past for encrypting the radio, OS, and extended ROMs, but this changed slightly for the Blueangel. I wonder if they used a similar method?
-no1
Interesting thought...and a simple one...which explains they can turn around a request so quickly...
You might be correct...the IMEI could bear the encrypted code for simlock or not. Nowadays, encryption standards are:
DES
MD5
SHA
DES is relatively easy to "crack", SHA being the hardest...they are one-way encryptions, which mean they can not be reversed. The only way to get a match is to try...I have numerous proggies for this and will explore this option...
OK, did some more googling, found the following. There appear to be only 3 companies or people who can do this, which makes it even more interesting...
1. www.imei-check.com (UK)
- Download proggie
- Send them back the output and EMEI number
- Receive unlock code
2. Ebay guy (Canada): http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=43312&item=5763970199&rd=1&ssPageName=WDVW
- Sends you software
- You will run this software and it will generate a log file (data cable required).
- You'll need to email us this log file and we will send you the unlock code with instructions as soon as possible
Looks like same procedure as EMEI-CHECK
3. www.UnLockItNow.com (Company in Malta): http://www.unlockitnow.com/remote/unlock/by_cable/Pocket_PC/unlock/XDA_IIs_unlock.php
Not sure what process they use, but looks the same.
-----------------------------------------
Then I also came across this interesting story: http://www.modaco.com/index.php?showtopic=200968
This guy writes (edited):
I happend across an official O2 email address that I sent an (abbreviated) SIM unlock request, briefly stating why I needed my XDA IIs to be SIM unlocked, and providing my O2 account number and the handset IMEI number. 30 minutes later and I was emailed back an unlock code.
No ifs, no buts, no questions asked and no payment required.
I placed my Orange SIM card in the IIs, waited for it to boot, entered the code and was greeted with "Unlock Code Accepted." Both dialling out and receiving calls on my Orange account no problemo.
...
Bearing the above in mind, I'm not going to directly post the email address, but will gladly pass it on via PM.
Click to expand...
Click to collapse
The interesting part here is that he only had to give his EMEI number, nothing else...and received an unlock code.
If you take the official route of unlocking your phone through your network provider, all they need is your IMEI number because they can calculate your unlock code from that.
I'm not 100% certain how the process works, but I'm fairly sure the algorithm they use to generate the unlock code is different for each handset manufacturer. I think the network provider either has to send your IMEI to the handset manufacturer for them to calculate the unlock code, or possibly the provider is given a database of unlock codes for all the handsets they purchase. This might explain why it sometimes takes them a few days or weeks to get back to you with the unlock code.
So figuring out how they convert the IMEI number to the unlock code would be another way to attack the problem. Although, I think it would probably be very difficult to figure out what hashing algorithm they're using to generate the code. But if it can be done, then it would certainly make things a hell of a lot easier!
-no1
SH*TE I have been writing a post for about half an hour now explaining the files and as soon as I logged in it was lost. :evil: :evil: :evil: :evil: :evil:
Anyways, here we go again. I am posting the files I promised yesterday. The are three JPEGs which are handwritten notes from the first time I run their application, and a log file from the second time I run the application. Here's the thing: the first time, the software send a read command for the addresses 0-10000 of the radio rom (rrbmc x 0 10000) and store in the x variable. Then it probably compared the checksum with their data, and it didn't match, so they deleted this part of the rom (rerase 0 10000) and they written their own version of it stored in a vector called data (rw data 0 10000). So far so good.
The second time I run the software, it sent again the rrbmc command but this time it didn't erase or written anything, so I guess it does actually what I said before with the checksum.
Another important remark:
The first time I run the software, the software requested some information from the device (rinfo) and the xda replied:
BlueAngel B120 C6B23C704A59520150993080051FF87B
After it finished writing, it sent the same command once more and this time the xda replied:
BlueAngel B120 C6 BE3A709999541E509810802FD775B0
Now the second time I run the application, the rinfo command returned:
BlueAngel B120 C6BC3C70B329B2B1509980809FE49B11
Can these be some form of HEX encryption keys or something?
Happygoat maybe you could use them in your nice proggies?
Anyhow, I think this is all for now. The commands in the logs should be straight forward to understand, it's just the data part which needs real decoding of some sort.
Hope it helps, regards Zouga
Zouga,
Thanks alot for the info...and your patience!
I downloaded a program called USB Monitor, which supposedly logs all data transferred via the USB port...is that the proggie you used as well?
What I want to do is run the IMEI-CHECK program on my device a few times in a row..since it was never SIMLOCKED, I wonder what the output will be...and if they will be different.
I suggest other people run this software as well with a USB port logger, so we can compare logs, and perhaps figure out precisely what we need to do.
Regarding the encryption, I will have a look. I do not think that the data you gave me (C6BC3C70B329B2B1509980809FE49B11) is encrypted...looks like plain ol' HEX to me...will do some more research.
What I think would be the ultimate solution, is to develop an app that calculates the unlock code based upon IMEI number...easy to use, no workarounds, and something I understand: Encryption...
Yes, I am biased...but I am reading up on ass'y code right now to get my arms around this thing...so bare with me...
Hi HappyGoat,
It's good that finally you guys got interested in this! Yes it is the same piece of software I used to sniff the port, it would be interesting to see the output of your unlocked device. Could you please post it as soon as you have it? I hope we can crack this!!
Come on guys, don't just complain for the £20 charge, give us some help here!! We should all run the software and log the data to compare them, as HappyGoat suggested. Then we should all be HappyXdaUsers
Looking forward to some news,
Zouga
Zouga,
Can't download the zip file (bottom one) for some reason...reports that file can not be found...can you try again please?
Cheers,
HG
Hi,
I've got an issue trying to use some software on my Rose.
Using GW PDA Connect, its installs and synchronises ok the first time (provided I install the software unlocker available from orange developers). Subsequent attempts to run it asks me to reinstall the software. If I attempt to reinstall the application which resides on the smartphone I get the following error:
cesetup.dll
\\Windows\230\XCPCSyncSvr.exe: Error 2
A bit of googling and it basically boils down to the fact this is a Tier-3 security level problem. In order to change the security level I was going to try a registry hack but can't use any registry editor as its not digitally signed for the device.
Any help much appreciated - thanks in advance.
Hi
I have exactly the same problème between my HTC Touch HD (WM6) and GroupWise PDA Connect.
IBM post a solution, but for Lotus Notes :
http://www-01.ibm.com/support/docvi...475&loc=en_US&cs=UTF-8&lang=en&rss=ct465lotus
I don't how to adapt this to Groupwise.
I still search ...
I find a ... solution.
Each time you want to sync with PDA Connect, delete or rename the rep \Windows\230.
It's not a clean solution, but I find anything else.
sweet!
thanks fella, will give it a try.
zoomee said:
Hi,
I've got an issue trying to use some software on my Rose.
Using GW PDA Connect, its installs and synchronises ok the first time (provided I install the software unlocker available from orange developers). Subsequent attempts to run it asks me to reinstall the software. If I attempt to reinstall the application which resides on the smartphone I get the following error:
cesetup.dll
\\Windows\230\XCPCSyncSvr.exe: Error 2
A bit of googling and it basically boils down to the fact this is a Tier-3 security level problem. In order to change the security level I was going to try a registry hack but can't use any registry editor as its not digitally signed for the device.
Any help much appreciated - thanks in advance.
Click to expand...
Click to collapse
Have you tried this: http://forum.xda-developers.com/showthread.php?t=496425
This a small application I wrote to automatically retrieve the DeviceID on your PC without having to open the registry editor. It can also create the DeviceID.txt file with the id value stored. It's written in Java so it requires JRE to be installed (most of you already have this)
http://rapidshare.com/files/403680176/DeviceID.jar.html
Make sure you have Sony Ericsson Update Service installed otherwise the device id will not be created in the registry
UPDATE: App updated to show all Device Ids stored in the registry
still dont work for me
windows 7 x64
It's been downloaded too many times (10) for a Free Rapid Share account, it is no longer downloadable, you'll have to upload elsewhere
Balur said:
It's been downloaded too many times (10) for a Free Rapid Share account, it is no longer downloadable, you'll have to upload elsewhere
Click to expand...
Click to collapse
new link posted
Hi !
As you can see I have more Strings in the registry ?
Whats your methot of determining which is the right one as they all show different DeviceID Strings ?
THX
pietropizzi said:
Hi !
As you can see I have more Strings in the registry ?
Whats your methot of determining which is the right one as they all show different DeviceID Strings ?
THX
Click to expand...
Click to collapse
I always get the first one, there is no way afaik to determine which one is getting used at any point. I can maybe change it so that it displays everything and lets u select the one you want to use
Well the point's not what I want to use, it more what's the right one at time of flashing. Is it save to delete those keys so the right one is rebuilt inn case of reconnecting the device ?
it's really not easy to find which one is being used at any point. i don't know if it's safe to delete them from the registry, although i would suspect that it is. just make sure you use the same usb port whenever you flash. that way you avoid overcomplications with this issue
THX for the info. I'd try to find out the right one.
In my case it was the second key found, not the first!
So this tool does not work for everyone.
This is my first post, so apologies if this is in the wrong place or has been asked before (I have searched and found some answers, but none of these worked)
Basically, last night whenever I tried to use an application on my HTC HD2 I was getting the following error message:
"The file xxx cannot be opened. Either it is not signed with a trusted certificate, or one if its components cannot be found. If the problem persists, try reinstalling or restoring this file."
In searching for the solution, a lot of people are saying that I need to edit the reistry. (Specifiaclly HKEY_LOCAL_MACHINE\Security\Policies\Policies DWord = 0000101a - Change value from 0 to 1)
I have tried downloading the recommended registry editors on the forums (Resco Explorer etc.) but am unable to install because the "program is from an unknown publisher." I click yes to get pass this initial message, like I always have done in the past, and the following is displayed:
Installation was unseccessful. The program or setting cannot be installed beacause it is not digitally signed with a trusted certificate."
I have also tried using a program recommended called CeRegistryEditor and using my PC via ActiveSync to edit the registry, but am getting an error message "Access Denied!".
Does anybody know any other way of editing the registry? Am I actually doing the right thing? Are there any security settings that I need to disable to allow CeReistryEditor to edit the registry?
This is really bugging me, I have only been without my apps for about 12 hours throughout the night but it is hard to live without them!! I REALLY don't want to perform a hard reset and will do anything to avoid this!
When I get this I just remove evertyhing to do with it on the phone and re download it (the cab file usually) and it seems to work.
thanks for your reply. I have tried this but when I try and reinstall I am getting the message: Installation was unseccessful. The program or setting cannot be installed beacause it is not digitally signed with a trusted certificate.
I think that the security settings have been changed, but I cant see how to change them with editing the registry which I am struggling to do
Can I ask what app you are trying to install? Or is it any app?
Multiple Apps that were running OK yesterday, but not today. I think it is all the apps that I have downloaded from Omarket.... Omarket isnt working either!
Hi,
Any luck on this. I m also facing similar issue after installing Android on my HD2.
I have the exact same issue after running Android from SD card. No application (non-stock ones) are working anymore. Like 3rd party certificates are being blocked or something...
For everyone with this problem, download Mobile Registry Editor and connect your phone to your PC via USB, then start the Editor and go to "HKEY_LOCAL_MACHINE\Security\Policies\Policies" and search for the DWord "0000101a" and change the decimal to "1", that will fix your problem. This problem happens to me if I "reboot" while in Android instead of turning the phone completely off and then back on.
Edit: Added link to download.
As a side note, I always did this to mine while running Windows Mobile, then booted Android after fixing the registry.
and when this is not possible
Hi,
i have the same issue after loading android from the sd-card.
But, i am not able to change the reg, access denied, also with ceregistry unlock tool.
So, what can i do?
regards
Nine
Niine said:
Hi,
i have the same issue after loading android from the sd-card.
But, i am not able to change the reg, access denied, also with ceregistry unlock tool.
So, what can i do?
regards
Nine
Click to expand...
Click to collapse
Hi,
I also have the same issue after loading android from the sd-card. I have also re-installed the stock rom and the problem still persists. Im also unable to install any reg editors as keep getting the "not signed with a trusted certificate".
I read that a cooked rom may be a solution around this but I liked the set up I had and wanted to keep my original rom so any other suggestions would be appreciated.
Thanks
Lee
Exactly the same problem.
Non-stock programs not working after failed boot of android from SD card, and I'm unable to change any registry entries either. Practically I'm locked out of my phone, just the basic functions working. Any help would be greatly appreciated!
if forget where I originally found this link (its on xda some place)
http://www.internet-tools.co.uk/blog/wp-content/uploads/2008/11/sda_unlock.zip
but run this first and you no longer get the access denied when using the mobile registry editor , hope it helps.
I have the same problem, just remove the program that was not working, pull out your memory card , then delete the files in the sd card except the application installer, hard reset your phone, and remember to go to SETTINGS-UPDATES&FEEDBACK-ERROR REPORTING-DISABLE ERROR REPORTING, and turn off your phone, put in the memory card and turn your phone on and install the application one by one, the application installed will work as normal, Good Luck, remember to back up your data before hard reset
larrytango said:
if forget where I originally found this link (its on xda some place)
http://www.internet-tools.co.uk/blog/wp-content/uploads/2008/11/sda_unlock.zip
but run this first and you no longer get the access denied when using the mobile registry editor , hope it helps.
Click to expand...
Click to collapse
i tried this methode but unfortunately this message pops up all time:
"phone is not unlockable"
Main objective: Find any way to enabling application transfer from internal storage to external storage.
The device has 16 GB of internal memory, which is definitely not enough to use additional applications. It looks like the option to transfer apps from internal storage to external storage for this particular model is forbidden. This situation makes it practically impossible to use this device any longer. I have tried many ways to resolve the problem. Unfortunately i failed. Therefore, I am asking for help from specialists from this forum if there is any way to make it possible way to do this taking into consider the inability to obtain the code from the site, which I am writing about below.
What i have tried already:
Enabling programmer mode and therefore changing the option that is blocking transfer to external storage. Unfortunately switching is not possible in this case. Enabling this option automatically forces return to the previous state.
Installing applications that are supposed to enable such transfer. Most of them are crap and scam.
Attempting to upgrade system with a built-in option and with Hi Suite. There is no option to upgrade firmware or downgrade by using this options.
Attempting to upgrade system with Firmware Finder for Huawei. I don't think I can get anything more than just downloading the firmware using this app. The idea was to force the installation of a newer version of the operating system by forcing some changes in the built-in updater.
Root and open firmware attempts:
At first, I was looking for a way to gain root access with the app available (kingRoot, KingoRoot etc.). Neither of them worked
I tried to install custom recovery. I turned on usb debugging, disabled the OEM lock and I was able to set the connection to the device.
When I tried to upload a custom recovery I got a message saying that this method is forbidden.
I was looking for information about the problem and so I found out that the botlooader is locked and that I need a special key to unlock him.
Next I found information that it is possible to obtain this key using paid applications and I'm skeptical about them.
Another option was to try to get this code from the manufacturer. It turned out that it was actually possible, but for some time Huawei as a manufacturer no longer provides these codes, which was confirmed to me by a person employed on the HelpDesk hotline.
Device information
Device nameHUAWEI MediaPad T3 10ModelAGS-L09S/NHEKNU19103105947Product ID89046711External SD card:64 GB
System information
Android System Version7.0EMUI version5.1.3Compilation:AGS-L09C100B279
Have you tried this steps - https://www.droidguides.com/unlock-bootloader-install-twrp-recovery-huawei-mediapad-t3-10/
Also trying this, Tempted to just throw the device out the window, think next time I will stick with Samsung.
Viro251 said:
Main objective: Find any way to enabling application transfer from internal storage to external storage.
The device has 16 GB of internal memory, which is definitely not enough to use additional applications. It looks like the option to transfer apps from internal storage to external storage for this particular model is forbidden. This situation makes it practically impossible to use this device any longer. I have tried many ways to resolve the problem. Unfortunately i failed. Therefore, I am asking for help from specialists from this forum if there is any way to make it possible way to do this taking into consider the inability to obtain the code from the site, which I am writing about below.
What i have tried already:
Enabling programmer mode and therefore changing the option that is blocking transfer to external storage. Unfortunately switching is not possible in this case. Enabling this option automatically forces return to the previous state.
Installing applications that are supposed to enable such transfer. Most of them are crap and scam.
Attempting to upgrade system with a built-in option and with Hi Suite. There is no option to upgrade firmware or downgrade by using this options.
Attempting to upgrade system with Firmware Finder for Huawei. I don't think I can get anything more than just downloading the firmware using this app. The idea was to force the installation of a newer version of the operating system by forcing some changes in the built-in updater.
Root and open firmware attempts:
At first, I was looking for a way to gain root access with the app available (kingRoot, KingoRoot etc.). Neither of them worked
I tried to install custom recovery. I turned on usb debugging, disabled the OEM lock and I was able to set the connection to the device.
When I tried to upload a custom recovery I got a message saying that this method is forbidden.
I was looking for information about the problem and so I found out that the botlooader is locked and that I need a special key to unlock him.
Next I found information that it is possible to obtain this key using paid applications and I'm skeptical about them.
Another option was to try to get this code from the manufacturer. It turned out that it was actually possible, but for some time Huawei as a manufacturer no longer provides these codes, which was confirmed to me by a person employed on the HelpDesk hotline.
Device information
Device nameHUAWEI MediaPad T3 10ModelAGS-L09S/NHEKNU19103105947Product ID89046711External SD card:64 GB
System information
Android System Version7.0EMUI version5.1.3Compilation:AGS-L09C100B279
Click to expand...
Click to collapse
Have you had any look so far?
Not possible without unlock the bootloader.
Im very angry with Huawei.
----Edit----
Unlock bootloader but pay 49$ with octoplus huawei tool, now tried install lineageOs
I unlocked for 4 Euro with HCU Client. I buy the credit on DC-Unlocker.
krisy0243 said:
I unlocked for 4 Euro with HCU Client. I buy the credit on DC-Unlocker.
Click to expand...
Click to collapse
Thanks for the tips I was able to unlock my AGS-W09 for 4 euro too (I would not have paid 40 euros for this device!).
I just lost several hours to understand and find the way to the "manufacter mode" on a tablet !
For those looking how to: launch the calc app and enter ()()2846579()()
an hidden menu will popup and you will be able to setup USB ports.
tuxfamily said:
Thanks for the tips I was able to unlock my AGS-W09 for 4 euro too (I would not have paid 40 euros for this device!).
I just lost several hours to understand and find the way to the "manufacter mode" on a tablet !
For those looking how to: launch the calc app and enter ()()2846579()()
an hidden menu will popup and you will be able to setup USB ports.
Click to expand...
Click to collapse
I launch the Calc app as you advised but nothing happened..! Pls help a brother..! How can I buy this 4euro bootloader tool..?
aobaro said:
I launch the Calc app as you advised but nothing happened..! Pls help a brother..! How can I buy this 4euro bootloader tool..?
Click to expand...
Click to collapse
Sorry, it wasn't mine, I don't have it anymore.
As I remember, It was the stock calc app, in landscape mode in order to have the "()" but that's all.
But the firmware is very important: it should be Android 7, and not the 8 (I don't remember the exact firmware version).
This said, I wasted my time rooting this tablet, it's pretty useless. Apart removing two stock apps and installing AdAway, I was not able to do much more. Unfortunately, there are no custom rom to give a new youth to device.
I got all the prerequisites, try to flash twrp in recovery but get the error: the partition table doesn't exist. Is there any solutions for this?