Related
Yesterday i brick my phone when try flash this beta TSS ROM in my X02T
http://forum.xda-developers.com/showthread.php?t=657694&page=3
Soo after fail i try with anothers ROMS too, like Mod-TG01TSS01.7z, Mod-TG01TSS02.7z (flash error, say invalid file), TG01TSS01.7z, TG01TSS02.7z (flash error, say invalid file), T01A_to_SP50_wm65.tsd, T01A_to_SP50_wm65-theduyet.enc and TG01WP-WM6.5-Orange-UK (flash error, say invalid file).
I still can use the SD downloader, i can flash "any" ROM whith pin method,
Before i brick my phone i make a RAW file of my phone and there is here:
http://cid-5bf4bd469b8aef18.skydrive.live.com/browse.aspx/X02T
txt is here:
------------------------------------------------------------------------------------
9.63M (0x9a0000) DSK1:
| 9.62M (0x99f000) Part00
423.00M (0x1a700000) DSK2:
| 1.62M (0x19f000) Part00
| 3.75M (0x3c0000) Part01
| 159.88M (0x9fe0000) Part02
| 257.75M (0x101c0000) Part03
7.42G (0x1daf80000) DSK3:
| 7.42G (0x1dab80000) Part00
STRG handles:
handle#0 8dda3d4a 7.42G (0x1dab80000)
handle#1 6e1e7b2e 257.75M (0x101c0000)
handle#2 ee1ed89e 159.88M (0x9fe0000)
handle#3 4e1ed87a 3.75M (0x3c0000)
handle#4 4e1ed832 1.62M (0x19f000)
handle#5 ee4ac72e 9.62M (0x99f000)
disk 8dda3d4a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6e1e7b2e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk ee1ed89e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4e1ed87a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4e1ed832
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk ee4ac72e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
------------------------------------------------------------------------------------
Please someone could help me Revive my phone !!!
Thanks alot
Toshiba make a new update for X02T, a small update i think with SMS, this file is X02T_from_SP00_to_01_000.tis, soo is TIS file, maybe this file have the key for revive my phone.
link is here:
http://toshibamobile.com/cgi-bin/softbank/x02t/update/uprom.cgi?sp=00
or
http://update.toshibamobile.com/update/x02t/sp00/X02T_from_SP00_to_01_000.tis
You flashed TG01TSS01.7z, don't you?
Your situation is the same as "xandetonetti".
Please the following Pin method.(from Orange in T01A case)
--------------------------------------------
This Pin method is short Pin 1 and Pin 2.
And, You can The power button pushed with the state maintained.
Then, Your T01A screen displays your ROM after five seconds.
--------------------------------------------
Did it work? If not, can you try as naxt.
We now know that the TSS Encryption Key of X02T is 44460046.
However, The Encryption of your device is tsw,
because you flashed tsw bootloader ROM into your X02T,
You can try the following ROM.
*Official Orange UK ROM
http://www.toshiba-europe.com/mobile/Images/TG01WP-WM6.5-Orange-UK.zip
[TG01WP_5005000176.tsw → TG01.tsw]
*Official docomo JP ROM (T01A_to_SP50_wm65.tsd is extracted by zip. )
http://update.toshibamobile.com/update/t01a/wm65/T01A_to_SP50_wm65.exe
--------------------------------------------------
tgtool -t01a -sp T01A_to_SP50_wm65.tsd os.nb.payload
tgtool -t01a -mp os.nb.payload T01A_to_SP50_wm65.tsd T01A_to_SP50_wm65.bin
--------------------------------------------------
You can download TSW TOOLS by cotulla from
this URL(http://cotulla.pp.ru/Misc.html), and
convert bin to tsw by this tool in TG01 mode.
[T01A_to_SP50_wm65.tsw → TG01.enc]
You can flash those ROM, maybe.
yamadori said:
You flashed TG01TSS01.7z, don't you?
Your situation is the same as "xandetonetti".
Please the following Pin method.(from Orange in T01A case)
--------------------------------------------
This Pin method is short Pin 1 and Pin 2.
And, You can The power button pushed with the state maintained.
Then, Your T01A screen displays your ROM after five seconds.
--------------------------------------------
Did it work? If not, can you try as naxt.
Click to expand...
Click to collapse
Thanks for you quick reply friend. i have 2 news!!
1 - The good news, is the short Pin 1 and 2 work!!! phone is alive again thanks very much friend..
2 - Bad news, my last try i flash the T01A ROM, soo my phone is DOCOMO now, but in english, and the TG01TSS01.7z dont flash anymore, say File is invalid!!!
I un7zip and rename for TG01.enc, after copy to PRG folder (this work in first time, but dont work more, maybe because i flash T01A for last)
But i need short the pin 1 and 2 any time when reset right? Soo how i can puth the SIM card, without revome the batery and Short pins 1 and 2?
1
I finaly able to insert the SIM card to phone after short pin 1 and 2, but now WM ask me for a Password for unlock my SIM? have you any idea what is this? or any way for flash the TG01TSS01.7z again?
2 - Bad news, my last try i flash the T01A ROM, soo my phone is DOCOMO now, but in english, and the TG01TSS01.7z dont flash anymore, say File is invalid!!!
Click to expand...
Click to collapse
Is the bootlogo of your X02T docomo?
If yes, the Encryption of your device is tsd,
You can flash tsd ROM and can not flash tss ROM.
You can try T01A_to_SP50_wm65-theduyet.tsd ROM.(rename to TG01.enc)
And, is the Pin method both Docomo and Orange ROMs necessary for
your X02T?
If yes, We can not do anything. Because we only have bootloder of
TG01 and T01A, not have X02T.
Sorry.
I finaly able to insert the SIM card to phone after short pin 1 and 2, but now WM ask me for a Password for unlock my SIM? have you any idea what is this? or any way for flash the TG01TSS01.7z again?
Click to expand...
Click to collapse
You must be use SoftBank SIM, or delete SIMUnlockP.exe in windows folder.
yamadori said:
Is the bootlogo of your X02T docomo?
If yes, the Encryption of your device is tsd,
You can flash tsd ROM and can not flash tss ROM.
You can try T01A_to_SP50_wm65-theduyet.tsd ROM.(rename to TG01.enc)
And, is the Pin method both Docomo and Orange ROMs necessary for
your X02T?
If yes, We can not do anything. Because we only have bootloder of
TG01 and T01A, not have X02T.
Sorry.
You must be use SoftBank SIM, or delete SIMUnlockP.exe in windows folder.
Click to expand...
Click to collapse
Yes the bootlogo is DOCOMO and the T01A ROM work good, but i only can flash ROM with .tsd, when i try with .enc say invalid file.
i will try delete this file for skip the password.
i cant find SIMUnlockP.exe in windows folder, have another way for evade the password?
With my Hermer i have a program called "Connection Setup" for easy config the phone, i just choise japan and Vodafone, you know where i can find this program or another like this?
and if my phone now is tsd Encryption, why o still need short pin? if i rename the TSS file for tsd i can turn she back to SoftBank?
Thanks very mush...
eekthecat said:
i cant find SIMUnlockP.exe in windows folder, have another way for evade the password?
With my Hermer i have a program called "Connection Setup" for easy config the phone, i just choise japan and Vodafone, you know where i can find this program or another like this?
and if my phone now is tsd Encryption, why o still need short pin? if i rename the TSS file for tsd i can turn she back to SoftBank?
Thanks very mush...
Click to expand...
Click to collapse
It seems that you have flashed a english rom on X02T sucessfully.
Congratulations!
i cant find SIMUnlockP.exe in windows folder, have another way for evade the password?
Click to expand...
Click to collapse
Your X02T can use only softbank SIM, because we do not find
the method of X02T SIM unlock as well as T01A.
and if my phone now is tsd Encryption, why o still need short pin? if i rename the TSS file for tsd i can turn she back to SoftBank?
Click to expand...
Click to collapse
No. The bootloader of X02T is not the same as T01A it.
There is no ROM of X02T bootloader yet. Therefore, method of PIN(1&2) is needed in ROM of T01A and TG01 bootloader.
By the way,
I will pass you this ROM, because your device bootloader is docomo.
http://www.mediafire.com/?qmznk0ygzxj
This ROM might be able to use "X02T_from_SP00_to_01_000.tis", or not.
Please enjoy it.
Thanks very much friend, but i think the file is corrupted, i try download 3 times, and get a error when try un7zip. Could you upload the ROM again plz
Thanks very much friend, but i think the file is corrupted, i try download 3 times, and get a error when try un7zip. Could you upload the ROM again plz
Click to expand...
Click to collapse
Please delete Cash and do download again.
And, please do unzip by this tool http://www.7-zip.org/.
I can not upload it because I can't use Broadband today.
yamadori said:
Please delete Cash and do download again.
And, please do unzip by this tool http://www.7-zip.org/.
I can not upload it because I can't use Broadband today.
Click to expand...
Click to collapse
Cash is deleted, i try with another with IE, firefox and Freedownload manager, also use 7zip for unzip, but the file is realy corrupted.
Don't worry if you cant upload again today, i will wait thanks alot.
upload again.
http://www.mediafire.com/?rwnm2wzjrnj
yamadori said:
upload again.
http://www.mediafire.com/?rwnm2wzjrnj
Click to expand...
Click to collapse
Thanks for upload friend, now work fine, but i cant flash this ROM. SD Downloader say : File Open Error!!!
I copy to prg folder, and try with .enc and .tsd, but both get the same error.
I still can flash ROM's like " [ROM][ENG] 6.5.5 (23563)+Sense 2.5(2011) v0.012.2 (26/04/10) Radio 5005.1600.05" but my SIM Card is SoftBank and i think the ROM Radio another, because i cant connect with SoftBank services.
OBS: I use the Convetion too for convert TG01 rom to T01A ROM
Now i able to flash you ROM, just rename the file for TG01WP_00.tsd, this is with Docome bootlogo, with my SoftBank Japanese Windows, but my i still can't use my SIM Softbank, windows report a SIM error and the Windows power off after seconds.
If i start the phone without my SoftBank SIM, widows work fine (in japanese, and with DOCOMO bootlogo) but if i start with SIM card, windows report something about SIMUnlockP and dont connect, after secs power off.
If i can only flash ROMS with TSD, is because my bootloader is Docomo now right? this make my phone only work with DOCOMO SIM'S?
hi,eecat, I have the same problem as you. I flashed a chinese rom to x02t, with pin 1 and 2 shorted method, I can boot the phone, otherwise, green light sparkle once then off. after the Chinese wm65 started, I inserted the softbank sim card, no signal. I am wondering have you solved that problem or do you have any idea to flash back to official softbank rom that I can use softbank sim card as normal? your Prompt reply will be highly appriciated.
Hallo, I found source code (tocparser) and compiled it and got it a try, but I found more than from what I expected! Tool is abble to dump and write from/to low level things in Xperia phone! Here is tool and simple info about what I tested and what I found.
Warning:
I am not responsible for everything related to using this tool! You can try but on your own risk!!! You can hard brick your device using this tool!!! I tested only "read only mode" and never tried to write to low level memory, so you using this tool on your own risk!
Usage:
Usage:
tocparser [-h] [-dD devicename] [-l] [-gG partition] [-rw partition:filename
or
tocparser -p partition -f filename
-h Print this help.
-d devicename Open device as read-only (default).
-D devicename Open device as read-write.
-l List all partition and image entries.
-g partition Get information for image inside partition.
-G partition Get information for partition.
-r partition:filename Read content of partition into file.
-w partition:filename Write content of file into partition.
-p partition -f filename Write content of file into partition.
By default tocparser will open /dev/block/mmcblk0 as read-only.
If -p and -f are used then /dev/block/mmcblk0 will be opened as read-write.
Click to expand...
Click to collapse
I got dumped some infos:
tocparser -l
Printing TOC at 20000
Offset Size Flags Align LoadAddr ID
0x00000200 0x0000556c 0xffffffff 0xffffffff 0xffffffff "ISSW"
0x00017e00 0x00008150 0xffffffff 0xffffffff 0xffffffff "BKP_PRCMU_1"
0x0000576c 0x00021854 0xffffffff 0xffffffff 0xffffffff "X-LOADER"
0x00046fc0 0x00006408 0xffffffff 0xffffffff 0xffffffff "BKP_MINIT_1"
0x00100000 0x00008150 0xffffffff 0xffffffff 0xffffffff "PWR_MGT"
0x00108150 0x00007eb0 0xffffffff 0xffffffff 0xffffffff "MEM_INIT"
Click to expand...
Click to collapse
Got dumped these partitions to the internal sdcard by using command:
~ # tocparser -r ISSW:/mnt/sdcard/ISSW
tocparser -r ISSW:/mnt/sdcard/ISSW
~ # tocparser -r BKP_PRCMU_1:/mnt/sdcard/BKP_PRCMU_1
tocparser -r BKP_PRCMU_1:/mnt/sdcard/BKP_PRCMU_1
~ # tocparser -r X-LOADER:/mnt/sdcard/X-LOADER
tocparser -r X-LOADER:/mnt/sdcard/X-LOADER
~ # tocparser -r BKP_MINIT_1:/mnt/sdcard/BKP_MINIT_1
tocparser -r BKP_MINIT_1:/mnt/sdcard/BKP_MINIT_1
~ # tocparser -r PWR_MGT:/mnt/sdcard/PWR_MGT
tocparser -r PWR_MGT:/mnt/sdcard/PWR_MGT
~ # tocparser -r MEM_INIT:/mnt/sdcard/MEM_INIT
tocparser -r MEM_INIT:/mnt/sdcard/MEM_INIT
Click to expand...
Click to collapse
Hope this tool will be usefull for example reverse enginering first stage bootloader, maybe secu flag... etc!?? Enjoy in reverse enginering!
Source code is in: snowball-android-staging-20120201.tar.gz
munjeni arrived with a new tool...... thanks for this...... hope this will help some devs.....
R: Tool for low level flashing !
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
mirhl said:
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
Click to expand...
Click to collapse
Lol, No
Sent from my LT22i using Tapatalk 2
Anyone know how to decompile this?
Men what is this file needed to? what will he change? I ask for the response and I apologise for my English
XperianPro said:
Anyone know how to decompile this?
Click to expand...
Click to collapse
Decompile? Why you need to decompile that when you can see source code on http://igloocommunity.org/support/Android_Getting_started_with_GB
mirhl said:
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
Click to expand...
Click to collapse
Good question! If you have ideas than for example you can reguest dump from users with locked bootloader and post it here so some one get it compare... etc!
kamileoo92 said:
Men what is this file needed to? what will he change? I ask for the response and I apologise for my English
Click to expand...
Click to collapse
If you not understand what this tool is than do not try! If you try that without knownledge than there is 90% possibility for hard bricking your phone!
munjeni said:
Decompile? Why you need to decompile that when you can see source code on http://igloocommunity.org/support/Android_Getting_started_with_GB
Click to expand...
Click to collapse
I meant files from phones memory.
For me can somebody answer?
I got some decompiled but I an unable to decompile x-loader still not know what is loading offset! But I am sure something must be interesting there! Its first stage bootloader, but where is seccond stage? Is it u-boot or... ?
munjeni said:
I got some decompiled but I an unable to decompile x-loader still not know what is loading offset! But I am sure something must be interesting there! Its first stage bootloader, but where is seccond stage? Is it u-boot or... ?
Click to expand...
Click to collapse
Im not sure but I think first one loads hardware and second one while second one checks is everything signed.
Not sure but I think its something like this.
want to find where is fastboot and dump all fastboot functions...etc, allso want to try something with dedicating recovery, allso secu flag...etc... have no time now for trying, but I have idea, want to lock my bootloader and research for secu flag!
In x-loader there is something like:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00012690 00 00 00 00 52 44 48 53 50 01 00 01 02 00 00 00 ....RDHSP.......
000126A0 01 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ................
000126B0 00 80 00 00 00 00 00 00 FF FF FF FF FF FF FF FF .€......˙˙˙˙˙˙˙˙
But maybe there is for example 0x01 for secu flag or something... need to compare dump from loocked/unlocked bootloader...need to dump u-boot (if exist), need to dump radio... need to dump part of memory with contained fastboot... did you know where lies u-boot?
Great news
Enviado desde mi ST25a usando Tapatalk 2
Nice..will try it
Sent From Heaven ST25i
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Jaskaran498 said:
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Click to expand...
Click to collapse
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Lekensteyn said:
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Click to expand...
Click to collapse
Kk, thanks.
But what do i do if it does not start at all like u said (what i want is that it should at least be able start in recovery or download if possible).
Since its my first time messing with kernel, i am total n00b then
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Lekensteyn said:
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Click to expand...
Click to collapse
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Unless you do really stupid things like overwriting /dev/block/mmcblk0 or other partitions on http://cleanimport.xda/index.php?threads/2362743/, you will be safe.
Jaskaran498 said:
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Click to expand...
Click to collapse
Recovery has it's own kernel. It doesn't use the one you're modifying
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
In the spirit of the old TriangleAway here is how you can make the "FC N" disappear from your unlocked bootloader screen. The N is a number that gets bumped every time you "fastboot flash". This method requires a root shell, if you have busybox installed (e.g. from the Magisk module) it can done 100% on phone. Could help you out if you ever need warrantee service, or just don't like seeing the bootloader count how many times you've messed with the phone.
Code:
OnePlus7TProNR:/sdcard # dd if=/dev/block/by-name/param of=param.dd
2048+0 records in
2048+0 records out
1048576 bytes (1.0 M) copied, 0.017794 s, 56 M/s
# xxd -g 1 param.dd > param.xxd
Now use an editor (vim, nano, whatever) to look for this line in the file:
Code:
00003420: 00 00 00 00 01 00 00 00 01 00 00 00 17 00 00 00 ................
The flash counter is stored in the first non-zero bytes. Change them to zero like this:
Code:
00003420: 00 00 00 00 00 00 00 00 01 00 00 00 17 00 00 00 ................
Finally, flash the partition back, and voila, the "FC" line is gone from the bootloader. Note, these steps would have to be repeated every time you fastboot flash something.
Code:
OnePlus7TProNR:/sdcard # dd if=/dev/block/by-name/param of=param.dd
2048+0 records in
2048+0 records out
1048576 bytes (1.0 M) copied, 0.017794 s, 56 M/s
# xxd -r param.xxd > param-0.dd
# dd if=param-0.dd of=/dev/block/by-name/param
Wait....so does this get rid of the unlocked bootloader screen altogether?
lendawg said:
Wait....so does this get rid of the unlocked bootloader screen altogether?
Click to expand...
Click to collapse
No. Once you've used a "fastboot flash" command, you'll see a line on the bootloader/fastboot screen that says "FC 1".
If you fastboot flash something else, it increases to "FC 2" and so on. I think it persists even if you re-lock the bootloader as an indicator to the manufacturer and carrier that you've messed with your phone, and how many times.
This technique will make that counter go away, making it easier to re-lock the bootloader and make the phone appear unmodified, in case you ever need warrantee service.
There used to be a tool called "Triangle Away" that did something similar a few years ago, but it isn't supported anymore. But this technique does the same thing, you can read more about it here:
https://forum.xda-developers.com/galaxy-s2/orig-development/2014-01-15-triangleaway-v3-26-t1494114
This is just to remove the counter . Any warranty work will probably still be denied seeing you phone is on record as unlocked bootloader when you submit for the unlock.bin. And I'm sure the well I got the unlock.bin but never used it line will not work lol
Hello,
I was wondering if anyone has managed to get this working on the Realme GT as I wanted to look at the carrier policy for my phone, as i've edited the oneplus one successfully.
But was having issues on this one, doesn't seem to recognise the phone to connect to EFS.
Yes. I got it working (on c15 eu). I was testing the same method I used on my poco f3 and it works the same way.
I'm assuming you're rooted.
If so, while usb debugging and usb transfer files mode are on , use the commands:
adb shell
su
setprop sys.usb.config diag,diag_mdm,adb
This should create two new entries in device manager with a yellow icon (faulty driver). You now need to update the driver. The best way of explaining this is to link to a youtube video. It's in turkish and for the mi10t but it works for other phones. Here it is at the correct timestamp. But written in steps it's:
Right click on the device and update driver.
Browse my computer for drivers.
Pick from a list of available drivers from my computer.
Ports (COM and LPT)
"qualcomm incorporated" and "qualcomm hs-usb android diag 9022".
Do this for both entries. They should now both be named something like "qualcomm hs usb diag 9022 (COM6)" in the ports (COM & LTP) section in device manager (each has a different port number for me).
Anyway, after that, the phone shows up in qpst.
Good luck.
Awesome, will give that a go!
joebrit said:
Yes. I got it working (on c15 eu). I was testing the same method I used on my poco f3 and it works the same way.
I'm assuming you're rooted.
If so, while usb debugging and usb transfer files mode are on , use the commands:
adb shell
su
setprop sys.usb.config diag,diag_mdm,adb
This should create two new entries in device manager with a yellow icon (faulty driver). You now need to update the driver. The best way of explaining this is to link to a youtube video. It's in turkish and for the mi10t but it works for other phones. Here it is at the correct timestamp. But written in steps it's:
Right click on the device and update driver.
Browse my computer for drivers.
Pick from a list of available drivers from my computer.
Ports (COM and LPT)
"qualcomm incorporated" and "qualcomm hs-usb android diag 9022".
Do this for both entries. They should now both be named something like "qualcomm hs usb diag 9022 (COM6)" in the ports (COM & LTP) section in device manager (each has a different port number for me).
Anyway, after that, the phone shows up in qpst.
Good luck.
Click to expand...
Click to collapse
Worked perfectly. Thanks. Have you played about to unlock any bands?
unparalleled82 said:
Worked perfectly. Thanks. Have you played about to unlock any bands?
Click to expand...
Click to collapse
No. I haven't tried anything qpst wise with my gt yet. I'm not an expert but I thought you could only activate new bands if the hardware shipped with them enabled but there's an artificial carrier based policy/limitation that qpst could change. I think there's guides out there...
My interest was in locking my phone to a certain tower (pci) for better speeds. Unfortunately, I tried this on my poco f3 a while ago but it didn't work. I used these instructions.
I basically created a file in efs explorer (nv/item_files/modem/lte/rrc/csp/pci_lock)
with the pci hex code inside but it didn't have the right effect. I think that nv item might be outdated.
Yeah the only PCI band locking apps, I've seen are really expensive paid ones, so it can be done somehow.
Network signal guru does band locking and PCI locking on the paid version of the app.
Would be interested in knowing if you actually get it working.
unparalleled82 said:
Would be interested in knowing if you actually get it working.
Click to expand...
Click to collapse
Use the following at your own risk. Make a backup of your efs in qpst (start clients, software download, backup). Having said that, I've used this method successfully to lock the pci and earfcn. It relies on an nv item file:
/nv/item_files/modem/lte/rrc/efs/cell_restrict_opt_params
Navigate to:
/nv/item_files/modem/lte/rrc/efs/
If there is already a file called cell_restrict_opt_params you can make a backup and delete it as we will be replacing it.
Note down your desired earfcn and pci. I'll use earfcn = 500 and pci = 600 as an example.
Go to this hex converter and convert the earfcn and pci values (earfcn = 01F4 and pci = 0258).
Now create a hex file called cell_restrict_opt_params (you can use this program) in the following format:
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 F4 01 00 00 58 02 00 00 00 00 00 00
00 00 00 00
It should be 36 bytes. The 21st and 22nd byte should be the earfcn hex (backwards) with the 25th and 26th bytes being the pci hex (backwards). You can then transfer the file from your pc to the efs folder.
If you want to lock the earfcn only, it's the following format:
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 F4 01 00 00
F4 01 00 00
You will probably have to restart for the changes to take effect. Delete the file if you want to go back to the original state.
Good Luck.