Better Mobile App

[ROM][Hybrid][8.24.12]Paranoid-Android v1.0 ~TeamNightmare~

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is an ongoing developer project to make way for a modification that will entirely transform your device, but retain the aesthetics and the experience of your phone. I know you've seen tablet mode roms before, they change two lines in your build.prop file which you could easily edit yourself in seconds and maybe throw a keyboard in there to make it work better. It's a start, but this ain't enough. This thing has potential, but it is wasted the moment you try to stuff a full blown tablet into your poor phone. Yet we all know our high res phones can very well handle more than silly 1-column layouts. So the magic must be in between somewhere, a place that Google must have overlooked and left blank. Yes, this rom strives to drop your device into tablet mode, but it won't stop there, it will reshape and redefine ICS to make it all a useful addition and not just a cute novelty. we're calling it: Hybrid Mode, best of both worlds.
Click to expand...
Click to collapse
-Download (in changelog)
- Wipe /system, /cache, and ,data
- Flash
- Reboot
- Enjoy! $$$
Click to expand...
Click to collapse
- Set the font size to 'Large'
- Go into the navigation bar settings, hold your phone in landscape, change the button quantity to 5, then back to 3. (Buttons shouldn't be crammed together anymore).
- Check "Auto Hide" in Settings, System, Statusbar, to finally get Fullscreen (or Hold power button, and press "Toggle StatusBar")
- Launcher Settings: margins: SMALL (If youre using Apex / Nova), show permanent searchbar: YES, Grid: 5x4, resize all widgets: YES, Wallpaper scrolling: OFF
Click to expand...
Click to collapse
- Same as cm9...
- "About Phone" force closes
Click to expand...
Click to collapse
Code:
v1.0- [URL="http://d-h.st/YsI"]Download[/URL]
[LIST]
[*]First Build!
[/LIST]
- CM9 Team, for their code.
- ParanoidAndroid team for the tweaks and Hybrid mode.
- The TeamNightmare team
- Anyone who I've missed, please pm me.
Click to expand...
Click to collapse

oh boy, another task set for me this weekend! thanks!

Screenshots plz!

S1D3winder016 said:
Screenshots plz!
Click to expand...
Click to collapse
getting there lol

ziggy46 said:
getting there lol
Click to expand...
Click to collapse
K thanks! Is this Sense, AOSP, etc.?
---------- Post added at 03:02 PM ---------- Previous post was at 03:01 PM ----------
Wow, this looks like a tablet!

lol my friend just showed me this rom on his s3. decided to check our(amaze) dev section. boom here it is XD

S1D3winder016 said:
K thanks! Is this Sense, AOSP, etc.?
Click to expand...
Click to collapse
this is an aosp rom, but different. its similar to cm9 but with tablet mode and hybrid mode.

xilande said:
lol my friend just showed me this rom on his s3. decided to check our(amaze) dev section. boom here it is XD
Click to expand...
Click to collapse
how convenient lol

Check it out in a bit, gotta make a backup of my current ROM! I've notice there has been a lot of new stuff recently! I like it! Keep up the great work!

Link is up!

EDIT: nvm, i found my answer

theinitial21 said:
I'm assuming everything works such as, data and gps? because you dont have a known issue section.
Click to expand...
Click to collapse
data should work. (just like speedrom cm9)

Oh boy! The thought of not changing my build prop DPI has me drooling. I may give this a shot over the weekend, thanks!

Ziggy your AWESOME! I'm excited for this one!

ziggy46 said:
data should work. (just like speedrom cm9)
Click to expand...
Click to collapse
data is still broken, it comes off and on even if i conttect directly to my carriers proxy

crazysohc said:
data is still broken, it comes off and on even if i conttect directly to my carriers proxy
Click to expand...
Click to collapse
can you get me a logcat of the radio?
adb logcat -b radio > log.txt
or
adb logcat -b radio
also, this is a KANG from the sensation. therefore data may not work until someone here can build it from source. but we'll try to get it working.

ziggy46 said:
can you get me a logcat of the radio?
adb logcat -b radio > log.txt
or
adb logcat -b radio
also, this is a KANG from the sensation. therefore data may not work until someone here can build it from source. but we'll try to get it working.
Click to expand...
Click to collapse
yea bro just give me a few minutes as i just started restoring my backup, so ill flash it again and get you the log cat as soon as i can
---------- Post added at 05:46 PM ---------- Previous post was at 05:23 PM ----------
D/QC-QMI ( 166): 01 11 00 00 03 01 00 FC 00 20 00 05 00 10 02 00
D/QC-QMI ( 166): 3F 00
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 47 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [47]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
QMI_NAS_GET_SIGNAL_STRENGTH(0x20)]; MSG TX ID: [252]; CTL: [Response]
D/QC-QMI ( 166): 01 2E 00 80 03 01 02 FC 00 20 00 22 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00 01 02 00 9C 05 11 04 00 01 00 64 05
D/QC-QMI ( 166): 12 04 00 01 00 15 05 15 05 00 01 00 FF 00 05
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=81
D/QC-QMI ( 156): qmi_client 9c: Received 81 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 32
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_fetch_signal_strength_observati
ons: qcril_qmi_nas_request_signal_strength entered IF UTIL_RES = SUCCESS 127
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 47 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 47 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 13 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [13]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
<unknow NAS message id>(0x4f)]; MSG TX ID: [253]; CTL: [Request]
D/QC-QMI ( 166): 01 0C 00 00 03 01 00 FD 00 4F 00 00 00
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 26 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [26]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
<unknow NAS message id>(0x4f)]; MSG TX ID: [253]; CTL: [Response]
D/QC-QMI ( 166): 01 19 00 80 03 01 02 FD 00 4F 00 0D 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00 13 03 00 64 15 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=60
D/QC-QMI ( 156): qmi_client 9c: Received 60 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 79
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_fetch_signal_strength_observati
ons: qcril_qmi_nas_fetch_signal_strength_observations completed 0, 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_propagate_known_signal_strength
_ind: .. subfetch sig strength info 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: qcri
l_qmi_nas_dump_sign_strength_report entered
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: ..GW
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: .. s
ignalStrength 7, bitErrorRate 255
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: ..CD
MA
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: .. d
bm -1, ecio -1
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: ..EV
DO
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: .. d
bm -1, ecio -1, signalNoiseRatio -1
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: ..AT
T
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: .. d
bm 100, ecno 21
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: ..LT
E
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: .. s
ignalStrength 99, rsrp -1, rsrq -1, snr: -1
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_dump_sign_strength_report: qcri
l_qmi_nas_dump_sign_strength_report completed
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_propagate_known_signal_strength
_ind: .. conf res 0
D/RILC ( 156): qmi_ril(0/156): qcril_send_unsol_response: UI <--- RIL_UNSOL_
SIGNAL_STRENGTH (1009) --- RIL [RID 0, Len 56, (null)]
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_propagate_known_signal_strength
_ind: qcril_qmi_nas_propagate_known_signal_strength_ind completed 0
I/RILC ( 156): qmi_ril(0/156): qcril_process_event: Exit qcril_process_event
() : <Unknown event> ?, err_no 0
D/RILC ( 156): qmi_ril(0/156): qcril_event_main: qcril_event_main(): Waiting
...
D/RILJ ( 775): [0245]> SCREEN_STATE: false
D/RILC ( 156): qmi_ril(0/156): onRequest: UI --- RIL_REQUEST_SCREEN_STATE (6
1) ---> RIL [RID 0, token id 245, data len 4]
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_request_screen_state: qcril_qmi
_nas_request_screen_state entered
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: q
cril_qmi_extend_print_power_statistics_9k entered
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 47 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 47 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 13 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [13]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x9)]; MSG TX ID: [55]; CTL: [Request]
D/QC-QMI ( 166): 01 0C 00 00 E4 01 00 37 00 09 00 00 00
D/GSM ( 775): [GsmDCT] onReceive: action=android.intent.action.SCREEN_OFF
D/GSM ( 775): [GsmDCT] stopNetStatPoll
D/GSM ( 775): [GsmDCT] overall state is CONNECTING
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 316 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [316]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x9)]; MSG TX ID: [55]; CTL: [Response]
D/QC-QMI ( 166): 01 3B 01 80 E4 01 02 37 00 09 00 2F 01 02 04 00
D/QC-QMI ( 166): 00 00 00 00 20 04 00 38 00 00 00 1F 04 00 C5 01
D/QC-QMI ( 166): 00 00 1E 04 00 62 04 00 00 1D 04 00 DC 82 0A 00
D/QC-QMI ( 166): 1C 04 00 56 02 00 00 1B 04 00 DB 22 00 00 1A 18
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 00 26 1A 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 19 70 00 1E 01 00 00
D/QC-QMI ( 166): 00 00 00 00 12 27 00 00 00 00 00 00 00 00 00 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 4E 44 01 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 03 23 00 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 5B 7A 01 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 F5 30 00 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 2E 09 00 00
D/QC-QMI ( 166): 00 00 00 00 00 00 00 00 00 00 00 00 18 08 00 6A
D/QC-QMI ( 166): 23 02 00 00 00 00 00 17 04 00 B7 41 00 00 16 04
D/QC-QMI ( 166): 00 20 00 00 00 15 04 00 62 0F 00 00 14 04 00 40
D/QC-QMI ( 166): 9A 0A 00 13 04 00 5F 02 00 00 12 04 00 8D 07 02
D/QC-QMI ( 166): 00 11 38 00 F3 00 00 00 91 05 00 00 00 00 00 00
D/QC-QMI ( 166): 00 00 00 00 A2 95 01 00 00 00 00 00 54 33 00 00
D/QC-QMI ( 166): 00 00 00 00 07 AF 01 00 00 00 00 00 71 2C 00 00
D/QC-QMI ( 166): 00 00 00 00 AC 08 00 00 00 00 00 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=350
D/QC-QMI ( 156): qmi_client 9c: Received 350 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 9
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]Q6_clients=243,1425,0,0,103842,0,13140,0,110343,0,11377,0,2220,0
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]Q6_try_PC=133005
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]Q6_PC_cnt=607,694848
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]ARM9_clients=0,0,0,6694,0,0
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]ARM9_try_XO=8923
D/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: [
PM]ARM9_XO_cnt=598,688860
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_extend_print_power_statistics_9k: q
cril_qmi_extend_print_power_statistics_9k complete, result=0, error=0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_display_status:
qcril_qmi_ssdsrv_request_set_display_status entered
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 51 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 51 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 17 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [17]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x0)]; MSG TX ID: [56]; CTL: [Request]
D/QC-QMI ( 166): 01 10 00 00 E4 01 00 38 00 00 00 04 00 01 01 00
D/QC-QMI ( 166): 00
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 20 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [20]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x0)]; MSG TX ID: [56]; CTL: [Response]
D/QC-QMI ( 166): 01 13 00 80 E4 01 02 38 00 00 00 07 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=54
D/QC-QMI ( 156): qmi_client 9c: Received 54 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_display_status:
qcril_qmi_ssdsrv_request_set_display_status completed 0, 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_enable_networking_indications:
qcril_qmi_util_enable_networking_indications, param 0
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 91 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 91 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 57 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [57]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
QMI_NAS_SET_EVENT_REPORT(0x2)]; MSG TX ID: [254]; CTL: [Request]
D/QC-QMI ( 166): 01 38 00 00 03 01 00 FE 00 02 00 2C 00 10 04 00
D/QC-QMI ( 166): 00 02 FF 00 11 01 00 00 12 01 00 00 13 02 00 00
D/QC-QMI ( 166): 05 14 02 00 00 04 15 02 00 00 01 16 02 00 00 03
D/QC-QMI ( 166): 17 01 00 00 18 02 00 00 02
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 20 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [20]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
QMI_NAS_SET_EVENT_REPORT(0x2)]; MSG TX ID: [254]; CTL: [Response]
D/QC-QMI ( 166): 01 13 00 80 03 01 02 FE 00 02 00 07 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=54
D/QC-QMI ( 156): qmi_client 9c: Received 54 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 2
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_enable_networking_indications:
qcril_qmi_util_enable_networking_indications requested nas event report 0, 0
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 67 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 67 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 33 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [33]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
QMI_NAS_INDICATION_REGISTER(0x3)]; MSG TX ID: [255]; CTL: [Request]
D/QC-QMI ( 166): 01 20 00 00 03 01 00 FF 00 03 00 14 00 10 01 00
D/QC-QMI ( 166): 00 13 01 00 00 14 01 00 00 17 01 00 01 18 01 00
D/QC-QMI ( 166): 00
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 20 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [20]
D/QC-QMI ( 166): MSG Service Type: [QMI_NAS_SERVICE(0x3)]; MSG QMI MSG TYPE: [
QMI_NAS_INDICATION_REGISTER(0x3)]; MSG TX ID: [255]; CTL: [Response]
D/QC-QMI ( 166): 01 13 00 80 03 01 02 FF 00 03 00 07 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=54
D/QC-QMI ( 156): qmi_client 9c: Received 54 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 3
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_enable_networking_indications:
qcril_qmi_util_enable_networking_indications requested nas indication reports 0
, 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_enable_networking_indications:
qcril_qmi_util_enable_networking_indications completed with 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_request_screen_state: Enable Ga
rbage Filter
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_gf_timer: qcril_
qmi_ssdsrv_request_set_gf_timer entered
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 51 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 51 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 17 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [17]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x5)]; MSG TX ID: [57]; CTL: [Request]
D/QC-QMI ( 166): 01 10 00 00 E4 01 00 39 00 05 00 04 00 01 01 00
D/QC-QMI ( 166): 02
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 20 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [20]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x5)]; MSG TX ID: [57]; CTL: [Response]
D/QC-QMI ( 166): 01 13 00 80 E4 01 02 39 00 05 00 07 00 02 04 00
D/QC-QMI ( 166): 01 00 1A 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=54
D/QC-QMI ( 156): qmi_client 9c: Received 54 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 5
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_gf_timer: qcril_
qmi_ssdsrv_request_set_gf_timer completed 0, 0
I/RILC ( 156): qmi_ril(0/156): fd_ballots: AP 0 votes to enable fast dormanc
y!
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_fast_dormancy_en
able: qcril_qmi_ssdsrv_request_set_fast_dormancy_enable entered
D/QC-QMI ( 156): Setting the api flag to : 1
D/QC-QMI ( 156): qmi_client 9c: sending 51 bytes on fd = 21
D/QC-QMI ( 166): qmuxd: RX 51 bytes on fd=20 from qmux_client_id=9c
D/QC-QMI ( 166): qmi_qmux: TX/RX - TX 17 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [17]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x2)]; MSG TX ID: [58]; CTL: [Request]
D/QC-QMI ( 166): 01 10 00 00 E4 01 00 3A 00 02 00 04 00 01 01 00
D/QC-QMI ( 166): 01
D/QC-QMI ( 166): qmi_qmux: TX/RX - RX 20 bytes on conn_id=8
D/QC-QMI ( 166): MSG Length: [20]
D/QC-QMI ( 166): MSG Service Type: [QMI_SSDSRV_SERVICE(0xe4)]; MSG QMI MSG TYP
E: [<unknow message id>(0x2)]; MSG TX ID: [58]; CTL: [Response]
D/QC-QMI ( 166): 01 13 00 80 E4 01 02 3A 00 02 00 07 00 02 04 00
D/QC-QMI ( 166): 00 00 00 00
D/QC-QMI ( 166): qmuxd: TX message on fd=20, to clientID = 9c, len=54
D/QC-QMI ( 156): qmi_client 9c: Received 54 bytes on fd = 21
D/QC-QMI ( 156): API Flag .............. 1
D/QC-QMI ( 156): Message ID ............... 2
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_util_convert_qmi_response_codes_to_
ril_result_ex: qcril_qmi_util_convert_qmi_response_codes_to_ril_result_ex ctx ch
eck 0
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_ssdsrv_request_set_fast_dormancy_en
able: qcril_qmi_ssdsrv_request_set_fast_dormancy_enable completed 0, 0
I/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: >>>>>
> LOCK QCRIL_DATA MUTEX 403308ac
I/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: LOCK
QCRIL_DATA MUTEX 403308ac result=0
D/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: Switc
h ON/OFF dormancy indications on all active interfaces
I/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: <<<<<
< UNLOCK QCRIL_DATA MUTEX 403308ac
I/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: UNLOC
K QCRIL_DATA MUTEX 403308ac result=0
I/RILC ( 156): qmi_ril(0/156): qcril_data_toggle_dormancy_indications: qcril
_data_toggle_dormancy_indications: EXIT with SUCCESS
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_request_screen_state: .. data d
ormancy req 1, 0
I/RILC ( 156): qmi_ril(0/156): qcril_reqlist_find: [RID 0] Not found ReqList
entry : token id 245
D/RILC ( 156): qmi_ril(0/156): qcril_send_request_response: UI <--- RIL_REQU
EST_SCREEN_STATE (61) Complete --- RIL [RID 0, Token 245, Success, Len 0 ]
I/RILC ( 156): qmi_ril(0/156): qcril_qmi_nas_request_screen_state: qcril_qmi
_nas_request_screen_state complete with 0
D/RILJ ( 775): [0245]< SCREEN_STATE
sorry for it being so long
---------- Post added at 06:15 PM ---------- Previous post was at 05:46 PM ----------
ziggy46 said:
can you get me a logcat of the radio?
adb logcat -b radio > log.txt
or
adb logcat -b radio
also, this is a KANG from the sensation. therefore data may not work until someone here can build it from source. but we'll try to get it working.
Click to expand...
Click to collapse
let me know if you need another log

here is the rest i think

crazysohc said:
here is the rest i think
Click to expand...
Click to collapse
did you try going into the settings and manually selecting the apn like people had to do on speedrom? i honestly dont see anything wrong in that logcat

ziggy46 said:
did you try going into the settings and manually selecting the apn like people had to do on speedrom? i honestly dont see anything wrong in that logcat
Click to expand...
Click to collapse
yes i did all that i even added proxy port direct to t-mobile and still no data for me :/
---------- Post added at 07:23 PM ---------- Previous post was at 07:08 PM ----------
all i see in the log text is edge:2 css not supported
and with hsdpa

Sony Xperia GO property root for 6.0.B.3.184 + CWM recovery v5.5.0.4

Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong kernel base and wrong initrd base address and cause big battery drain so I generated proper boot image with right base adress and with included all 3 files inside (kernel, ramdisk and elf.3) like stock, unsecured and in SIN format + my version of the CWM recovery! Here is tutorial how to propertly root your Xperia Go!
Before you going to install this "pack" you need to unlock your bootloader!
After unlocking bootloader procedure for installing boot image and root tools is:
install boot image:
fastboot flash boot kernel.sin
install root tools:
adb remount
adb push su /system/xbin/
adb push busybox /system/xbin/
adb install Superuser.apk
adb shell
cd /system/xbin
chmod 6755 su
chmod 6755 busybox
/system/xbin/busybox --install -s /system/xbin/
Than you are done! Just last step you need to do:
establish internet connection on your phone
go to aplications
run superuser
under superuser menu click to "tap to ckeck for updates" (see picture http://img52.imageshack.us/img52/2097/screenshot201209151603.png) and update your super user... make sure to give and "remember" permision for superuser app!
Done! Enjoy!
Kernel source:
I have no source! I used prebuilt stock kernel from firmware 6.0.B.3.184CE
Tip and tricks for my CWM version:
Did you know about our CWM that you can change menu and text colors, backgrounds? Yes you can do it by puting menu.txt into ramdisk /res/images folder by writing to menu.txt for example:
122,122,122,255,255,255
First 3 numbers is rgb color for menu and seccond 3 numbers is rgb color for text !!!
Here is some creative skins done to my HTC HD2 recovery by mlkjuggalo:
http://forum.xda-developers.com/attachment.php?attachmentid=873816&d=1327602621
http://forum.xda-developers.com/attachment.php?attachmentid=918464&d=1330133568
http://forum.xda-developers.com/attachment.php?attachmentid=919565&d=1330197024
http://forum.xda-developers.com/attachment.php?attachmentid=920011&d=1330223710
http://forum.xda-developers.com/attachment.php?attachmentid=922328&d=1330363561
http://forum.xda-developers.com/attachment.php?attachmentid=922789&d=1330384481
http://forum.xda-developers.com/attachment.php?attachmentid=923476&d=1330430278
http://forum.xda-developers.com/attachment.php?attachmentid=925079&d=1330523453
http://forum.xda-developers.com/attachment.php?attachmentid=925252&d=1330533287
http://forum.xda-developers.com/attachment.php?attachmentid=925800&d=1330560509
I will integrate tool in sony menu for "one click" skins modification soon! Let me know if you want these option!
Credits:
full credits to author of the Clockworkmod Recovery
LeTama for great sin2raw tool
every other who helped and tested our recovery
Please read this Simple diference between Gingerbread and ICS boot+CWM
Download V6:
http://d-h.st/aPJ

New version for 6.0.B.3.184 is out.. Clockwork Recovery included!
Play with recovery on your own risk... I am not responsible if you lose your data!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
21.Sep.2012:
Changelog:
added my own modified version of the Clockwork Recovery
Recovery:
adb fixed - you need to restart adb trought menu and wait 30 sec until adb is reinited
battery indicator (icon) in real time
leds indicator in real time
button backlight enabled
you can mount internal sd card
you can mount external sd card
you can backup/restore from/to internal sd card
you can backup/restore from/to external sd card
23.Sep.2012:
Changelog:
Recovery:
new menu and tool (Big thanks Letama for great tool!!!) -> my modification to his tool is: backported to arm, backported to recovery, created easy sin to tar packer. This recovery tool is for easilly "in one click" repacking upcoming ICS firmwares! Just place your system.sin into internal sd card, reboot to recovery, under menu click to sony tools, and you will get your system.sin unpacked to system.tar... enjoy!
removed adb fix, now adbd is auto enabled on boot... (you just need to wait ~30 seconds until adb and mass storage mode is inited!)
27.Oct.2012:
Changelog:
Recovery V2:
all features backported from my ICS bassed CWM but only not kernel and not touch, all other features is the same like in ICS CWM!
30.Oct.2012:
Changelog:
Recovery V3:
forgot to include patch for assert board detection in updater-script, it's fixed now!
31.Oct.2012:
Changelog:
Recovery V5 (final version, no supporting anymore, sorry):
init.d support (you need to create init.d folder in /system/etc !)
Please do not create mirored links!

Thank you. can you tell me what rom work whit go whit this? Are you tryed Cyanogenmod or any other mod ?

kala123 said:
Thank you. can you tell me what rom work whit go whit this? Are you tryed Cyanogenmod or any other mod ?
Click to expand...
Click to collapse
This is for ST27i_6.0.B.3.184_CE.ftf ...other rooms I not tried! Curently I waiting oficial ICS from Sony so than I will play with CM source ... I spent whole day to get this CWM full working so enjoy! If something missing please let me know! Comming features soon!

Thanks. The GO should get an own forum here.
Sola, p, u, got but the sxgo not.

New recovery is out...see changelog in seccond post! You can easilly unpack an ICS system.sin (encrypted ext4 image) and convert it to tar archive + log file about files,folders,uids,gids permissions that was in these image, so you can easilly create recovery compatible zip for flashing trought recovery. Enjoy!
P.S. Moderators, please give us dedicated forum space for Xperia Go like all other 2012 Xperia models... thank you!!!

What you think about this CM9 sources?
https://github.com/CyanogenMod/sony-kernel-u8500
https://github.com/CyanogenMod/android_device_sony_nypon
https://github.com/CyanogenMod/android_device_sony_montblanc-common
...I think these sources will be good start point for our Xperia Go ?

No battery improvement
munjeni said:
Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong defined memory offset for unpacking to memory and cause big battery drain
Click to expand...
Click to collapse
Hello munjeni,
I have installed this kernel and monitored its battery consumption, but I'm afraid I cannot confirm your positive findings. Battery drain* is exactly as with other kernels, for instance Krachlatte's one here (which also includes additional perks like more governors and iptables support):
http://forum.xda-developers.com/showthread.php?t=1839865
So the battery drain you've experienced with other kernels might be unrelated to any wrongly defined memory offsets.
* This means that after disabling a lot of Sony and Google bloatware, battery life is satisfactory (around 3 to 4 days with very light use). The only flaky component seems to be WiFi - when it is on, battery consumption is inconsistent (which is OK so far and known to happen). Trouble is that even after disabling WiFi, its processes sometimes (not always) seem to remain active, generating lots of kernel wakelocks and eating into battery life. This behaviour unfortunately persists with this kernel too.
Nonetheless it's a good thing if you've managed to correct an error that has been made by devs who provided previous kernels. Thanks for your work!
Lebenita

Ok, but I tried two versions but all had that battery drain so I analysed stock kernel by disasembling him and found these things was wrong in custom boot images... So right command for generating boot image is:
python mkelf.py -o kernel.elf [email protected]00008000 [email protected],ramdisk
than you need to hex edit generated boot image:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 7F 45 4C 46 01 01 01 61 00 00 00 00 00 00 00 00 .ELF...a........
00000010 02 00 28 00 01 00 00 00 00 80 00 00 34 00 00 00 ..(......€..4...
00000020 00 00 00 00 00 00 00 00 34 00 20 00 [COLOR="Red"]02[/COLOR] 00 00 00 ........4. .....
0x02 mean 2 parts so to include third part (elf.3) you need to change 0x02 to 0x03
than you need to inject elf.3 by hex editing and implementing these elf.3 between 0x70 and 0x4d0 offset, final kernel.elf looks like:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 7F 45 4C 46 01 01 01 61 00 00 00 00 00 00 00 00 .ELF...a........
00000010 02 00 28 00 01 00 00 00 00 80 00 00 34 00 00 00 ..(......€..4...
00000020 00 00 00 00 00 00 00 00 34 00 20 00 [COLOR="Red"]03[/COLOR] 00 00 00 ........4. .....
00000030 00 00 00 00 01 00 00 00 00 10 00 00 00 80 00 00 .............€..
00000040 00 80 00 00 D4 D8 3A 00 D4 D8 3A 00 00 00 00 00 .€..ÔŘ:.ÔŘ:.....
00000050 00 00 00 00 01 00 00 00 D4 E8 3A 00 00 00 00 01 ........Ôč:.....
00000060 00 00 00 01 CB 58 23 00 CB 58 23 00 00 00 00 80 ....ËX#.ËX#....€
00000070 [COLOR="Red"]00 00 00 00 53 49 4E 21 94 00 00 00 00 00 00 00 ....SIN!”.......
00000080 00 00 00 00 30 04 00 00 30 04 00 00 04 00 00 00 ....0...0.......
00000090 04 00 00 00 02 00 00 00 04 2D 01 00 00 00 00 00 .........-......
000000A0 00 00 52 00 00 00 00 00 00 00 94 20 F1 77 14 10 ..R.......” ńw..
000000B0 CF 4B CB EE F8 6C 64 9C F3 CC B3 8D 6C 24 C1 D6 ĎKËîřldśóĚłŤl$ÁÖ
000000C0 6B 6F 68 B2 9B 23 A4 3B CF C1 52 39 00 00 04 C4 koh˛›#¤;ĎÁR9...Ä
000000D0 00 49 84 EC 20 D9 C4 BB 73 4F EF C1 32 58 AF 09 .I„ě ŮÄ»sOďÁ2XŻ.
000000E0 7F 35 E4 A1 3B 5A 24 AA ED 25 0E AD 1C 00 FA D9 .5äˇ;Z$Şí%.*..úŮ
000000F0 63 CB 77 9F 09 00 00 03 C8 00 01 02 C1 02 BF 30 cËwź....Č...Á.ż0
00000100 82 02 BB 30 82 01 A3 A0 03 02 01 02 02 01 02 30 ‚.»0‚.Ł .......0
00000110 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 17 ...*†H†÷......0.
00000120 31 15 30 13 06 03 55 04 03 14 0C 53 31 5F 52 6F 1.0...U....S1_Ro
00000130 6F 74 5F 33 30 36 35 30 1E 17 0D 31 31 31 31 31 ot_30650...11111
00000140 38 31 33 33 39 33 33 5A 17 0D 33 31 31 31 32 30 8133933Z..311120
00000150 31 33 33 39 33 33 5A 30 10 31 0E 30 0C 06 03 55 133933Z0.1.0...U
00000160 04 03 14 05 53 31 5F 53 57 30 82 01 22 30 0D 06 ....S1_SW0‚."0..
00000170 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F .*†H†÷.......‚..
00000180 00 30 82 01 0A 02 82 01 01 00 B4 2A 22 EE 88 E3 .0‚...‚...´*"î.ă
00000190 29 19 99 6E B8 2E 7D F5 5D 79 70 1C 80 1C 0E B7 ).™n¸.}ő]yp.€..·
000001A0 42 45 E8 23 45 9D 66 45 6E 88 50 B6 11 DF 6C 55 BEč#EťfEn.P¶.ßlU
000001B0 73 29 F3 E1 32 03 0F F0 92 EE F3 3D 0B 82 5D 51 s)óá2..đ’îó=.‚]Q
000001C0 5C 9D 8E 61 35 42 B7 EE FF 5B AB 70 B8 36 1A A9 \ťŽa5B·î˙[«p¸6.©
000001D0 55 42 B8 9C 9B EE CB 33 5D 7F FC BA 3E CA 8D 0B UB¸ś›îË3].üş>ĘŤ.
000001E0 A6 60 8D 81 82 B7 53 AD 91 66 5B 70 B7 B0 AE 12 ¦`Ť.‚·S*‘f[p·°®.
000001F0 FC A8 EC C1 34 58 7F 23 22 50 57 84 E4 81 C9 A0 ü¨ěÁ4X.#"PW„ä.É
00000200 0B 30 D9 F0 18 73 57 6B AC 64 51 61 DA 2E 55 48 .0Ůđ.sWk¬dQaÚ.UH
00000210 2C 0F A3 85 28 B1 01 D3 0E 1B DA C6 29 40 77 8A ,.Ł…(±.Ó..ÚĆ)@wŠ
00000220 36 0E 50 8F 48 1E F4 3D 73 60 14 52 C7 A6 73 56 6.PŹH.ô=s`.RǦsV
00000230 78 56 58 E8 2F B0 12 76 20 FD C3 E7 D3 A6 E5 5B xVXč/°.v ýĂçÓ¦ĺ[
00000240 2B 84 1F 9C 9C E1 1D 9F 3A 58 07 BA C2 96 08 97 +„.śśá.ź:X.şÂ–.—
00000250 00 54 76 7F A3 1B AE 33 6A FE BF 58 CC 3A E0 23 .Tv.Ł.®3jţżXĚ:ŕ#
00000260 B0 C2 C0 8E 42 D7 AF A5 56 D9 66 23 A4 B1 2B C7 °ÂŔŽBׯĄVŮf#¤±+Ç
00000270 BF 44 FA 91 37 A8 24 09 E8 0F 65 6B 8C 50 DB CC żDú‘7¨$.č.ekŚPŰĚ
00000280 0F B4 A5 F6 83 DB 5A 26 FF 6F 02 03 01 00 01 A3 .´Ąö.ŰZ&˙o.....Ł
00000290 19 30 17 30 0A 06 03 55 04 05 04 03 02 01 01 30 .0.0...U.......0
000002A0 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 ...U....0.0...*†
000002B0 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 A5 C7 H†÷.......‚...ĄÇ
000002C0 B1 A5 30 75 EA 27 57 DB 23 55 34 1C E9 1A 50 BD ±Ą0uę'WŰ#U4.é.P˝
000002D0 64 B0 53 9F 86 BC 72 C5 89 9F 5F DD 1A C0 4C ED d°Sź†Ľrʼnź_Ý.ŔLí
000002E0 81 A7 B3 9C D8 89 F7 0A 7C 26 7E F6 67 8E F1 C0 .§łśŘ‰÷.|&~ögŽńŔ
000002F0 E9 A0 63 0E 42 32 F9 C6 FF C2 4B 4C 93 7E 4A 27 é c.B2ůĆ˙ÂKL“~J'
00000300 EF 5B CF 22 04 B8 31 28 C5 B7 73 5E 36 BC D0 A3 ď[Ď".¸1(Ĺ·s^6ĽĐŁ
00000310 CB 53 C2 D8 88 5B 7F 78 1B E6 B2 F5 9B 9B 25 9E ËSÂŘ.[.x.ć˛ő››%ž
00000320 F5 93 B5 92 13 44 D5 C0 30 7D B7 4B 4A 00 4E CB ő“µ’.DŐŔ0}·KJ.NË
00000330 12 4A 91 AE 79 F1 64 64 51 8A D7 A3 89 5A AC AC .J‘®yńddQŠ×Ł‰Z¬¬
00000340 BD EC 82 62 7B 26 48 AB FC 54 CB EC D0 8D C9 E2 ˝ě‚b{&H«üTËěĐŤÉâ
00000350 A5 D0 FF 9A ED E0 36 5F 71 25 E5 6D 3B 65 ED D9 ĄĐ˙šíŕ6_q%ĺm;eíŮ
00000360 35 FB D8 94 E6 DD 14 C8 DA 97 08 C7 B7 93 2F EC 5űŘ”ćÝ.ČÚ—.Ç·“/ě
00000370 C4 8C DA 30 59 68 14 8B EF DA E0 34 5C E1 24 41 ÄŚÚ0Yh.‹ďÚŕ4\á$A
00000380 3A 40 7C 51 60 C3 6B B6 A3 F4 DE 39 D3 D4 F5 60 :@|Q`Ăk¶ŁôŢ9ÓÔő`
00000390 C9 EB 09 64 36 5E 12 71 ED 6C C0 53 BF 58 28 8E Éë.d6^.qílŔSżX(Ž
000003A0 16 D5 68 24 1C 48 F8 A9 11 FF C6 0A 41 3A 02 23 .Őh$.Hř©.˙Ć.A:.#
000003B0 37 A9 E7 9F C5 61 2E B5 49 D3 B4 B5 73 A9 02 01 7©çźĹa.µIÓ´µs©..
000003C0 00 51 0B DB 77 B1 72 81 F9 B4 04 74 EE DE 1C 32 .Q.Űw±r.ů´.tîŢ.2
000003D0 CD 98 22 05 27 35 83 0D 50 61 B3 34 3A 04 AB CF Í.".'5..Pał4:.«Ď
000003E0 25 CD 25 76 86 A9 4F EA AA D6 5A 83 3A 77 09 9B %Í%v†©OęŞÖZ.:w.›
000003F0 F7 D0 E5 27 28 83 20 4A A1 DD 88 E4 3C 69 12 CE ÷Đĺ'(. JˇÝ.ä<i.Î
00000400 1E C1 69 24 92 C7 91 C9 2F 12 56 98 B4 05 4A B2 .Ái$’Ç‘É/.V.´.J˛
00000410 38 E0 9A C2 EC ED 4C CB F6 9C 53 F7 4E 3F D0 F6 8ŕšÂěíLËöśS÷N?Đö
00000420 CB EF D2 7C B1 C8 A3 AC B1 5D 65 DA AE 8E 50 15 ËďŇ|±ČŁ¬±]eÚ®ŽP.
00000430 31 13 7C 78 56 5C 3E FC 3F 3D ED EF 12 24 20 A4 1.|xV\>ü?=íď.$ ¤
00000440 FF C6 76 21 D7 03 D7 85 5A EE 0D 53 D7 CD 0A 02 ˙Ćv!×.×…Zî.S×Í..
00000450 E7 0A F0 8D DB CC 58 8B 51 CD 85 A2 18 A3 90 D2 ç.đŤŰĚX‹QÍ…˘.Ł.Ň
00000460 5F 93 7A 71 81 B0 14 C5 B5 B4 77 CC BD D8 65 F2 _“zq.°.ŵ´wĚ˝Řeň
00000470 4C B8 4E D7 ED FA 01 C4 C2 D1 39 5D 95 D1 26 C5 L¸N×íú.ÄÂŃ9]•Ń&Ĺ
00000480 4E EB 22 48 03 BE 05 42 F6 48 46 8D E9 85 D6 1A Në"H.ľ.BöHFŤé…Ö.
00000490 12 0B E6 8B 33 85 7B CD F2 AA 6E 5E 21 84 27 12 ..ć‹3…{ÍňŞn^!„'.
000004A0 4F F3 F7 55 FE 4F 33 1D BE C2 15 61 D7 F5 00 E0 Oó÷UţO3.ľÂ.a×ő.ŕ
000004B0 D6 8B 55 61 6B AA B6 C8 7D 23 4F 73 05 92 3C 6F Ö‹Uak޶Č}#Os.’<o
000004C0 AD D2 F1 06 11 8B 00 00 00 00 00 00 00 00 00 00 *Ňń..‹..........[/COLOR]
000004D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Than you can hex compare stock kernel.elf and generated kernel.elf and you can see its ~the_same
And finaly revert these elf to sin by command:
./bin2sin kernel.elf 030000002200000000D0000000800000

The files in the first post have been corrected whit battery drain issue?

Yes, its generated propertly!

Hi,
could you please tell me were exactly you see the battery drain with ALL Custom Kernels you are revering too?
You are the first to complain about battery drains with my kernel.....
further it would mean that the championswimmer Android Kernel Kitchen would be wrong, this would have a impact on Xperia U/P/Go when generating the elf files whit the mkelf script from Sony, this would imply that all Xperia phones have that battery drain you are talking about....
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
taken from here:
https://github.com/championswimmer/kernel-tools/blob/master/edit-kernel/elf/mk/P-gb
could you comment....?
and if there is really a battery drain issue why don't you get in touch with the makers of the Custom kernel, so that i would be able to fix it for all who are using this Custom Kernel?
many thanks, waiting for you feedback..
munjeni said:
Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong defined memory offset for unpacking to memory and cause big battery drain so I generated proper boot image with right memory offset for unpacking with included all 3 files inside (kernel, ramdisk and elf.3), unsecured and in SIN format + my version of the CWM recovery! Here is tutorial how to propertly root your Xperia Go!
Before you going to install this "pack" you need to unlock your bootloader!
After unlocking bootloader procedure for installing boot image and root tools is:
install boot image:
fastboot flash boot kernel.sin
install root tools:
adb remount
adb push su /system/xbin/
adb push busybox /system/xbin/
adb install Superuser.apk
adb shell
cd /system/xbin
chmod 6755 su
chmod 6755 busybox
/system/xbin/busybox --install -s /system/xbin/
Than you are done! Just last step you need to do:
establish internet connection on your phone
go to aplications
run superuser
under superuser menu click to "tap to ckeck for updates" (see picture http://img52.imageshack.us/img52/2097/screenshot201209151603.png) and update your super user... make sure to give and "remember" permision for superuser app!
Done! Enjoy!
Kernel source:
I have no source! I used prebuilt stock kernel from firmware 6.0.B.3.184CE
Click to expand...
Click to collapse

krachlatte said:
You are the first to complain about battery drains with my kernel.....
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
taken from here:
https://github.com/championswimmer/kernel-tools/blob/master/edit-kernel/elf/mk/P-gb
could you comment....?
Click to expand...
Click to collapse
I not complain sorry, thats my experience using your boot image... trust me!
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
is wrong! Right command is:
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
Read here tutorial how to pack propertly your boot image -> http://forum.xda-developers.com/showpost.php?p=31954337&postcount=9 if you not trusting me than realy sorry! Kernel base is not 0x00200000, kernel base is 0x8000... disasemble stock bootimage and you will see! And yes, his kernel kitchen is wrong! You can let him?
You can allso unpack stock kernel and repack it back using right command + my tutorial provided here and you will see in hex comparation thats the same, so its 100% right!

Hallo,
I followed krachlattes root tutorial and have no battery drainage problem.
Greetings

I have 2 xperia go phones, and first I flashed kernel whit krachlatte tutorial. and batary dident last long. now I flashed munjeni kernel and my batary lives longer I can confirm. I have 2 xperia go phones, and it realy works!

olkawe said:
Hallo,
I followed krachlattes root tutorial and have no battery drainage problem.
Greetings
Click to expand...
Click to collapse
Well, charge your phone tonight to 90% for example, type this in your phone number #*#*4636*#*# ,go to battery menu, remebmer battery voltage in mV, than do not touch your phone untill morning, than use your phone and see battery voltage in mV? If battery voltage is the same like yesterday than all is ok, if not than there is battery drain! Than install boot image provided in my post and do the same tests and let me know diference! Again, I am not here to complain! I am here to help! I'm not here for competing with anyone, I am here to share my things with you! If this CWM recovery is usefull to all you than you guys can press thanks, if not than nothing. If you have some questions about recovery, if you found some tests, if you found some bugs... than please let me know! This thread is not for complaining, this thread is for all your experiences about my CWM recovery! Kernel is stock Sony kernel so kernel is not important at this moment, I need only your experience about CWM ! New features in recovery coming soon so I waiting more tests from you and your experience!
What tool you need in next recovery? Give me idea!

Hallo,
I can not confirm battery drain. Yesterday at 9pm 4094mV, this morning 6am 4096mV.
I don't know what this means to you and krachlatte.
Greetings

ok, maybe you have no battery drain but I can confirm I had battery drain and Kala123 had allso... I don't know why you have no battery drain or why Kala123 and me had... but please, this is not theme, please lets back to the recovery... thanks!

munjeni said:
ok, maybe you have no battery drain but I can confirm I had battery drain and Kala123 had allso... I don't know why you have no battery drain or why Kala123 and me had... but please, this is not theme, please lets back to the recovery... thanks!
Click to expand...
Click to collapse
I dont need to check any settings to confirm battery drain, i can see it in %, but tbh i think it is a problem with how the governor smartass v2 runs on the phone and not stock settings and governor.

munjeni said:
Kernel is stock Sony kernel so kernel is not important at this moment, I need only your experience about CWM !
Click to expand...
Click to collapse
I would love to give your CWM a go, but I'm afraid I need the features that Krachlatte's kernel provides over yours, particularly iptables support and (not a must, but nice to have) additional governors (smartass2).
So my first request would be to provide a possibility of installing your recovery without your kernel (if that's possible at all).
Thanks a bunch!
Lebenita

[Q] Strange bytes in the end of SM-G313HN boot images..

I discovered 256 mysterious bytes in the end of the SM-G313HN boot images. Any idea what those are? Checksums? They are always located 1341 bytes after the end of secondary bootloader and the last 128 bytes seem to be the same between different images and regions. The phone boots without them, but a red exclamation mark appears in the top left corner of the screen while booting. I tried to compare different checksums to see if I could find a match, but I did not find any. (MD5, SHA1, SHA256, SHA512) Tested the kernel, secondary bootloader and some variables from the images.
Hex views:
Scandinavian boot.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
05869568 CB C0 86 A6 EB A8 42 EE 63 27 D1 3E B0 EA D6 97 ËÀ†¦ë¨Bîc'Ñ>°êÖ—
05869584 71 BE AE 9C FA 74 47 7B 8B 0D 84 55 CC FA 1C D8 q¾®œútG{‹.„UÌú.Ø
05869600 AB D4 25 C6 93 8D 37 66 0A EB 3F 69 3C 94 2D 18 «Ô%Æ“.7f.ë?i<”-.
05869616 51 83 74 C0 BD 5B E7 A7 E4 F9 C4 A7 3B 03 C1 82 QƒtÀ½[ç§äùħ;.Á‚
05869632 3E 19 6C 9F 2B E0 A1 31 06 2B 34 90 9C A2 6D 88 >.lŸ+à¡1.+4.œ¢mˆ
05869648 53 AA C4 8D 2A BB DA 8D 5F 9B 51 1E E0 A1 00 4D SªÄ.*»Ú._›Q.à¡.M
05869664 43 C2 8C 28 6B 6A D6 DC D7 BB A7 81 0C 52 A0 16 CÂŒ(kjÖÜ×»§..R*.
05869680 59 83 3F 98 8F 0F 93 28 67 0E 64 63 44 F8 99 08 Yƒ?˜..“(g.dcDø™.
05869696 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
05869712 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
05869728 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
05869744 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
05869760 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
05869776 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
05869792 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
05869808 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
Scandinavian recovery.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
07094272 56 68 66 CF 0D 52 6B 8C 2F F7 6C 0F 63 32 1B 9D VhfÏ.RkŒ/÷l.c2..
07094288 A6 46 B9 FC 07 E1 09 66 D3 CB 6D D4 BF A2 B0 81 ¦F¹ü.á.fÓËmÔ¿¢°.
07094304 24 6C 4D E3 97 79 6C 64 CE 27 31 AD 0F CD 5E 33 $lMã—yldÎ'1..Í^3
07094320 0A 0A 38 E8 58 27 5A 04 05 0B 48 99 00 5A A4 B8 ..8èX'Z...H™.Z¤¸
07094336 AC 53 11 E8 16 A9 55 81 A4 0F B6 F3 DF 21 F1 78 ¬S.è.©U.¤.¶óß!ñx
07094352 C5 E0 DF 38 7F ED B5 7B C5 0B D7 27 50 85 9E 26 Åàß8.íµ{Å.×'P…ž&
07094368 4C 45 8F FA 4C 74 38 F2 76 0F 47 73 8E A8 66 85 LE.úLt8òv.GsŽ¨f…
07094384 65 D3 B6 07 CA 8B E3 B8 D6 90 6D 36 D5 AB 1F D4 eÓ¶.Ê‹ã¸Ö.m6Õ«.Ô
07094400 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
07094416 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
07094432 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
07094448 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
07094464 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
07094480 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
07094496 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
07094512 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
German boot.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
05865472 CA BE C5 61 D0 D3 C4 02 BE D7 99 02 63 DD 0D C3 ʾÅaÐÓÄ.¾×™.cÝ.Ã
05865488 CB 89 28 40 B1 68 E5 54 F5 A3 98 42 47 79 88 4C ˉ(@±håTõ£˜BGyˆL
05865504 1F 90 FC 48 5A 17 63 AB 1F D9 62 0A C4 70 31 6D ..üHZ.c«.Ùb.Äp1m
05865520 EF 07 F1 60 E2 CD 64 AC 15 92 41 3F 60 AB CC EA ï.ñ`âÍd¬.’A?`«Ìê
05865536 58 AF 08 ED DC 1E 25 04 94 19 FF 33 94 29 34 0A X¯.íÜ.%.”.ÿ3”)4.
05865552 A3 DF E6 8A 6D 6A 29 A5 0A 3A 55 10 12 52 45 8C £ßæŠmj)¥.:U..REŒ
05865568 36 C4 DB EE 21 F5 84 E1 31 83 C7 14 7C 92 1A 4F 6ÄÛî!õ„á1ƒÇ.|’.O
05865584 D2 99 FF 06 38 8B 8E 46 E4 EB DA 17 75 5E C4 65 Ò™ÿ.8‹ŽFäëÚ.u^Äe
05865600 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
05865616 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
05865632 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
05865648 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
05865664 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
05865680 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
05865696 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
05865712 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
German recovery.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
07090176 2A E6 B5 86 C2 95 C2 AA 6F C1 0A 8F 1A BD 19 3C *浆•ªoÁ...½.<
07090192 90 6F 6C 47 16 30 F4 F1 02 C7 20 1E 30 36 16 75 .olG.0ôñ.Ç .06.u
07090208 22 F3 DE 00 75 B3 57 F4 B1 36 2D 7E 32 30 CD 83 "óÞ.u³Wô±6-~20̓
07090224 1F B2 57 DB 42 76 C4 7F 2A E5 62 74 0A 22 63 F5 .²WÛBvÄ.*åbt."cõ
07090240 A5 87 4E AC EF A9 CC D0 60 64 49 0B 29 D7 66 6C ¥‡N¬ï©ÌÐ`dI.)×fl
07090256 D1 C0 F4 36 18 7F DC C3 28 A5 B1 84 F9 C0 B1 B9 ÑÀô6..ÜÃ(¥±„ùÀ±¹
07090272 3D C1 F0 77 57 38 F3 23 12 F0 DF 43 F5 59 2D 52 =ÁðwW8ó#.ðßCõY-R
07090288 CF B4 75 69 70 22 E9 E6 6F 3E DE 78 60 2B A0 84 Ï´uip"éæo>Þx`+*„
07090304 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
07090320 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
07090336 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
07090352 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
07090368 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
07090384 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
07090400 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
07090416 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé

mtk where is the modem or radio or baseband inside firmware? searching lock network

cant find modem part????
PRELOADER 0x0
MBR 0x600000
EBR1 0x680000
PRO_INFO 0x700000
NNVRAM 0xa00000
PROTECT_F 0xf00000
PROTECT_S 0x1900000
SECCFG 0x2300000
UBOOT 0x2320000
BOOTIMG 0x2380000
RECOVERY 0x2980000
SEC_RO 0x2f80000
MISC 0x2fc0000
LOGO 0x3040000
EBR2 0x3340000
CUSTPACK 0x33c0000
MOBILE_INFO 0x298c0000
EXPDB 0x2a0c0000
ANDROID 0x2aac0000
CACHE 0x534c0000
USRDATA 0x5c6c0000
OTP 0xffff0200
BMTPOOL 0xffff00a8

the kernel gzip magic bytes
ROM:000032E8 ; Attributes: bp-based frame
ROM:000032E8
ROM:000032E8 gzip_kernel_hearder ; CODE XREF: boot_uncompressing_linux_kernel+70p
ROM:000032E8 MOV R12, SP
ROM:000032EC STMFD SP!, {R3-R12,LR,PC}
ROM:000032F0 SUB R11, R12, #4
ROM:000032F4 LDR R4, =(dword_3E20B4 - 0x330C)
ROM:000032F8 SUBS R6, R2, #0
ROM:000032FC MOV R5, R0
ROM:00003300 MOV R7, R1
ROM:00003304 ADD R4, PC, R4 ; dword_3E20B4
ROM:00003308 MOV R10, R3
ROM:0000330C BEQ loc_3578
ROM:00003310 CMP R0, #0
ROM:00003314 MOVNE R9, R0
ROM:00003318 BEQ loc_351C
ROM:0000331C
ROM:0000331C loc_331C ; CODE XREF: gzip_kernel_hearder+2D0j
ROM:0000331C MOV R0, #0x30 ; '0'
ROM:00003320 BL sub_988
ROM:00003324 SUBS R8, R0, #0
ROM:00003328 BEQ loc_3544
ROM:0000332C MOV R0, #0x252C
ROM:00003330 BL sub_988
ROM:00003334 CMP R0, #0
ROM:00003338 STR R0, [R8,#0x20]
ROM:0000333C BEQ loc_3558
ROM:00003340 CMP R7, #0
ROM:00003344 BEQ loc_3508
ROM:00003348
ROM:00003348 loc_3348 ; CODE XREF: gzip_kernel_hearder+230j
ROM:00003348 CMP R7, #9
ROM:0000334C BGT loc_3414
ROM:00003350
ROM:00003350 loc_3350 ; CODE XREF: gzip_kernel_hearder+134j
ROM:00003350 ; gzip_kernel_hearder+140j ...
ROM:00003350 LDR R0, =(aNotAGzipFile - 0x3360)
ROM:00003354 MOV R6, #0xFFFFFFFF
ROM:00003358 ADD R0, PC, R0 ; "Not a gzip file"
ROM:0000335C BLX R10
ROM:00003360
ROM:00003360 loc_3360 ; CODE XREF: gzip_kernel_hearder+21Cj
ROM:00003360 ; gzip_kernel_hearder+2B4j
ROM:00003360 LDR R3, =0xC
ROM:00003364 LDR R3, [R4,R3]
ROM:00003368 LDR R2, [R3]
ROM:0000336C SUB R2, R2, #1
ROM:00003370 STR R2, [R3]
ROM:00003374 CMP R2, #0
ROM:00003378 BEQ loc_33B4
ROM:0000337C
ROM:0000337C loc_337C ; CODE XREF: gzip_kernel_hearder+28Cj
ROM:0000337C SUB R2, R2, #1
ROM:00003380 STR R2, [R3]
ROM:00003384 CMP R2, #0
ROM:00003388 BNE loc_33A4
ROM:0000338C LDR R3, =0x20
ROM:00003390 LDR R2, [R4,R3]
ROM:00003394 LDR R3, =4
ROM:00003398 LDR R2, [R2]
ROM:0000339C LDR R3, [R4,R3]
ROM:000033A0 STR R2, [R3]
ROM:000033A4
ROM:000033A4 loc_33A4 ; CODE XREF: gzip_kernel_hearder+A0j
ROM:000033A4 ; gzip_kernel_hearder+26Cj
ROM:000033A4 CMP R5, #0
ROM:000033A8 BEQ loc_33DC
ROM:000033AC
ROM:000033AC loc_33AC ; CODE XREF: gzip_kernel_hearder+F0j
ROM:000033AC ; gzip_kernel_hearder+10Cj ...
ROM:000033AC MOV R0, R6
ROM:000033B0 LDMFD SP, {R3-R11,SP,PC}
ROM:000033B4 ; ---------------------------------------------------------------------------
ROM:000033B4
ROM:000033B4 loc_33B4 ; CODE XREF: gzip_kernel_hearder+90j
ROM:000033B4 LDR R2, =0x20
ROM:000033B8 MOV R0, #0xFFFFFFFF
ROM:000033BC CMP R5, #0
ROM:000033C0 LDR R1, [R4,R2]
ROM:000033C4 LDR R2, =4
ROM:000033C8 LDR R2, [R4,R2]
ROM:000033CC STR R0, [R3]
ROM:000033D0 LDR R3, [R1]
ROM:000033D4 STR R3, [R2]
ROM:000033D8 BNE loc_33AC
ROM:000033DC
ROM:000033DC loc_33DC ; CODE XREF: gzip_kernel_hearder+C0j
ROM:000033DC LDR R3, =0xC
ROM:000033E0 LDR R2, [R4,R3]
ROM:000033E4 LDR R3, [R2]
ROM:000033E8 SUB R3, R3, #1
ROM:000033EC STR R3, [R2]
ROM:000033F0 CMP R3, #0
ROM:000033F4 BNE loc_33AC
ROM:000033F8 LDR R3, =0x20
ROM:000033FC LDR R2, [R4,R3]
ROM:00003400 LDR R3, =4
ROM:00003404 LDR R2, [R2]
ROM:00003408 LDR R3, [R4,R3]
ROM:0000340C STR R2, [R3]
ROM:00003410 B loc_33AC
ROM:00003414 ; ---------------------------------------------------------------------------
ROM:00003414
ROM:00003414 loc_3414 ; CODE XREF: gzip_kernel_hearder+64j
ROM:00003414 LDRB R3, [R9]
ROM:00003418 CMP R3, #0x1F ; bite 1f if another then error not a gzip file
ROM:0000341C BNE loc_3350
ROM:00003420 LDRB R3, [R9,#1]
ROM:00003424 CMP R3, #0x8B ; 'ï' ; if 1f and 8b is good signal but if not have this then not a gzip file
ROM:00003428 BNE loc_3350
ROM:0000342C LDRB R3, [R9,#2] ; another more byte for header 8 if not then error not a gzip file
ROM:00003430 CMP R3, #8
ROM:00003434 BNE loc_3350
ROM:00003438 ADD R3, R9, #0xA
ROM:0000343C SUB R7, R7, #0xA
ROM:00003440 STMIA R8, {R3,R7}
ROM:00003444 LDRB R3, [R9,#3]
ROM:00003448 TST R3, #8
ROM:0000344C BEQ loc_3474
ROM:00003450
ROM:00003450 loc_3450 ; CODE XREF: gzip_kernel_hearder+188j
ROM:00003450 CMP R7, #0
ROM:00003454 SUB R7, R7, #1
ROM:00003458 BEQ loc_358C
ROM:0000345C LDR R3, [R8]
ROM:00003460 STR R7, [R8,#4]
ROM:00003464 LDRB R2, [R3],#1
ROM:00003468 CMP R2, #0
ROM:0000346C STR R3, [R8]
ROM:00003470 BNE loc_3450
ROM:00003474
ROM:00003474 loc_3474 ; CODE XREF: gzip_kernel_hearder+164j
ROM:00003474 MOV R3, #0x7FFFFFFF
ROM:00003478 STR R6, [R8,#0xC]
ROM:0000347C STR R3, [R8,#0x10]
ROM:00003480 MOV R0, R8
ROM:00003484 MOV R1, #0xFFFFFFF1
ROM:00003488 BL sub_1820
ROM:0000348C LDR R2, [R8,#0x20]
ROM:00003490 MOV R3, #0
ROM:00003494 STR R3, [R2,#0x24]
ROM:00003498 LDR R2, [R8,#0x20]
ROM:0000349C STR R3, [R2,#0x30]
ROM:000034A0 SUBS R6, R0, #0
ROM:000034A4 BNE loc_34FC
ROM:000034A8
ROM:000034A8 loc_34A8 ; CODE XREF: gzip_kernel_hearder+200j
ROM:000034A8 LDR R3, [R8,#4]
ROM:000034AC MOV R1, #0x4000
ROM:000034B0 MOV R0, R9
ROM:000034B4 CMP R3, #0
ROM:000034B8 BNE loc_34D0
ROM:000034BC BL sub_A24
ROM:000034C0 CMP R0, #0
ROM:000034C4 BLT loc_35A0
ROM:000034C8 STR R9, [R8]
ROM:000034CC STR R0, [R8,#4]
ROM:000034D0
ROM:000034D0 loc_34D0 ; CODE XREF: gzip_kernel_hearder+1D0j
ROM:000034D0 MOV R0, R8
ROM:000034D4 MOV R1, #0
ROM:000034D8 BL sub_1894
ROM:000034DC CMP R0, #1
ROM:000034E0 BEQ loc_34FC
ROM:000034E4 CMP R0, #0
ROM:000034E8 BEQ loc_34A8
ROM:000034EC LDR R0, =(aUncompressionE - 0x34FC)
ROM:000034F0 MOV R6, #0xFFFFFFFF
ROM:000034F4 ADD R0, PC, R0 ; "uncompression error"
ROM:000034F8 BLX R10
ROM:000034FC
ROM:000034FC loc_34FC ; CODE XREF: gzip_kernel_hearder+1BCj
ROM:000034FC ; gzip_kernel_hearder+1F8j ...
ROM:000034FC MOV R0, R8
ROM:00003500 BL sub_304C
ROM:00003504 B loc_3360
ROM:00003508 ; ---------------------------------------------------------------------------
ROM:00003508
ROM:00003508 loc_3508 ; CODE XREF: gzip_kernel_hearder+5Cj
ROM:00003508 MOV R0, R9
ROM:0000350C MOV R1, #0x4000
ROM:00003510 BL sub_A24
ROM:00003514 MOV R7, R0
ROM:00003518 B loc_3348
ROM:0000351C ; ---------------------------------------------------------------------------
ROM:0000351C
ROM:0000351C loc_351C ; CODE XREF: gzip_kernel_hearder+30j
ROM:0000351C MOV R0, #0x4000
ROM:00003520 BL sub_988
ROM:00003524 SUBS R9, R0, #0
ROM:00003528 BNE loc_35B4
ROM:0000352C LDR R0, =(aOutOfMemoryWhi - 0x353C)
ROM:00003530 MOV R6, #0xFFFFFFFF
ROM:00003534 ADD R0, PC, R0 ; "Out of memory while allocating input bu"...
ROM:00003538 BLX R10
ROM:0000353C MOV R0, R6
ROM:00003540 LDMFD SP, {R3-R11,SP,PC}
ROM:00003544 ; ---------------------------------------------------------------------------
ROM:00003544
ROM:00003544 loc_3544 ; CODE XREF: gzip_kernel_hearder+40j
ROM:00003544 LDR R0, =(aOutOfMemoryW_0 - 0x3554)
ROM:00003548 MOV R6, #0xFFFFFFFF
ROM:0000354C ADD R0, PC, R0 ; "Out of memory while allocating z_stream"
ROM:00003550 BLX R10
ROM:00003554 B loc_33A4
ROM:00003558 ; ---------------------------------------------------------------------------
ROM:00003558
ROM:00003558 loc_3558 ; CODE XREF: gzip_kernel_hearder+54j
ROM:00003558 LDR R0, =(aOutOfMemoryW_1 - 0x3568)
ROM:0000355C MOV R6, #0xFFFFFFFF
ROM:00003560 ADD R0, PC, R0 ; "Out of memory while allocating workspac"...
ROM:00003564 BLX R10
ROM:00003568 LDR R3, =0xC
ROM:0000356C LDR R3, [R4,R3]
ROM:00003570 LDR R2, [R3]
ROM:00003574 B loc_337C
ROM:00003578 ; ---------------------------------------------------------------------------
ROM:00003578
ROM:00003578 loc_3578 ; CODE XREF: gzip_kernel_hearder+24j
ROM:00003578 LDR R0, =(aOutOfMemoryW_2 - 0x3588)
ROM:0000357C MOV R6, #0xFFFFFFFF
ROM:00003580 ADD R0, PC, R0 ; "Out of memory while allocating output b"...
ROM:00003584 BLX R3
ROM:00003588 B loc_33AC
ROM:0000358C ; ---------------------------------------------------------------------------
ROM:0000358C
ROM:0000358C loc_358C ; CODE XREF: gzip_kernel_hearder+170j
ROM:0000358C LDR R0, =(aHeaderError - 0x359C)
ROM:00003590 MOV R6, #0xFFFFFFFF
ROM:00003594 ADD R0, PC, R0 ; "header error"
ROM:00003598 BLX R10
ROM:0000359C B loc_3360
ROM:000035A0 ; ---------------------------------------------------------------------------
ROM:000035A0
ROM:000035A0 loc_35A0 ; CODE XREF: gzip_kernel_hearder+1DCj
ROM:000035A0 LDR R0, =(aReadError - 0x35B0)
ROM:000035A4 MOV R6, #0xFFFFFFFF
ROM:000035A8 ADD R0, PC, R0 ; "read error"
ROM:000035AC BLX R10
ROM:000035B0 B loc_34FC
ROM:000035B4 ; ---------------------------------------------------------------------------
ROM:000035B4
ROM:000035B4 loc_35B4 ; CODE XREF: gzip_kernel_hearder+240j
ROM:000035B4 MOV R7, R5
ROM:000035B8 B loc_331C
ok what can learn to this, mtk boot have kernel packed with something call gzip

i found it
ok the modem or baseband for all mtk is inside system etc modem?

I finally found it
/etc/firmware/modem.img
/custpack/modem.img and BPLGUInfocustomApp
what is CATD?????

Possible new way of unlocking the bootloader

Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock

I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device

natinusala said:
I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device
Click to expand...
Click to collapse
Yes it is, great observation

If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md

mucha.k1994 said:
If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md
Click to expand...
Click to collapse
Very interesting
It seems to be far more things besides the 'sig.data' file

I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy. ?

mucha.k1994 said:
I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy.
Click to expand...
Click to collapse
I hope that we can find something, as you said the problem is that the "magic" happens on server side and even if we can create some program to handle the process like https://github.com/penn5 and https://github.com/GiorgioUghini did, Xiaomi can always update their side without anyone able to do anything

eseub said:
Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock
Click to expand...
Click to collapse
Can it skip the waiting period?

kouseralamin said:
Can it skip the waiting period?
Click to expand...
Click to collapse
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.

leledumbo said:
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.
Click to expand...
Click to collapse
This is still interesting to me. I will keep my eye on this project.

kouseralamin said:
This is still interesting to me. I will keep my eye on this project.
Click to expand...
Click to collapse
We could try a direct firehouse method

Hi. This is a wonderful discovery. Has there been any updates to this project recently?

if crack fastboot????
if error token then flash unlock oem

Here,a working version of the tool.
GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader)
A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader) - GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootload...
github.com
Binding time limit cannot be bypassed since it happens on the server-side.

To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.

Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
How exactly do I get it?

Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
how to do it ? can you explain ?

can i unlockit without adding mi account to the phone?