Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.
This is a REALLY interesting thread. We need more of these! I know that to unlock my good old Galaxy Gio, you had to pull the bml5 partition and look at it with a hex editor to find 8 digits surrounded by nonsense symbols. Unlocking this device is gonna be MUCH harder, but maybe we just need to look at one of the 5 partitions you mentioned with a hex editor? I have no need of unlocking my device, nor have I ever actually tried it, but I'd like to get involved in this. Tell me, what happens when you insert a foreign sim card into your Ace II X (then you power it on or reboot it)? Does a dialog pop up asking for a code?
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.
Szaby59 said:
For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.
Click to expand...
Click to collapse
angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.
angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
wrong thread dude..
---------- Post added at 08:59 PM ---------- Previous post was at 08:59 PM ----------
Codename13 said:
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.
Click to expand...
Click to collapse
they should read the entire thread first right?(first post) see how observent they are
Is this thread dead?
Codename13 said:
Is this thread dead?
Click to expand...
Click to collapse
I think so
---------- Post added at 09:21 PM ---------- Previous post was at 08:35 PM ----------
krazykipa said:
Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.
Click to expand...
Click to collapse
Can you post a zip file op your efs folder?
Thanks in advance.
Hello all,
Unfortunately at this point I have sold all the Ace 2X units I had previously. I wasn't really getting anywhere anyway and ended up buying a Z3X box. Thread can be closed, or feel free to continue in my absence. Good luck!
I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?
Codename13 said:
I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?
Click to expand...
Click to collapse
1- multiple phones with the same IMEI on the same network cause problems for all other (the only reason this can normally happen is your phone losing signal or crashing then reconnecting, so it's reasonable for the phone company to drop all other active links when it connects again)
2- on the U8500 Sonys, the role of CSPSA, EFS and some other firmware partitions is done by the "TA" partition. We know parts of it are signed (with different keys, some specific to the individual hardware) and changing them results in hard bricks... not terribly related to this phone, but the moral is that without knowledge about this undocumented binary sequence that is partition 9 (probably requiring a JTAG backup and trial and error) we common mortals can't afford to experiment blindly
Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.
krazykipa said:
Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.
Click to expand...
Click to collapse
Not sure how to help, but this is some serious looking stuff! I downloaded your attachment, extracted S7560M.pcapng and I converted it to S7560M.pcap using this guide. I then tried opening it and Ubuntu searched for a program that could open it. I got Wireshark and was able to open it. I'm guessing that's no such sort of hacking, right? Anyways, I'd like to help out. In the image you uploaded in that 7z archive, what is the unlock code? I want to scour the data in the Wireshark dump and see if I can find any correlations between the data in the image and the data in the dump. All I have to guess at this time is that all the code is hex, and it probably translates to decimal.
In the screenshot the unlock code is the NET lock code. The other numbers and * # are dialer codes (for unlocking direct from dialer without inserting a foreign SIM) but the actual code is 30385735.
If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?
imei
the unlock code is based on the imei..
somebody unlocked his phone based just on his imei and the name of his carrier over the internet..
Anas Karbila said:
If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?
Click to expand...
Click to collapse
I'll say this again, Partition 9 is unique to each phone. Another way of seeing it is: two people own the same car, when one person is driving the car, the other person can't drive the car, vice versa. You can't duplicate that car, because each numberplate is specific to one car.
Likewise, you can't copy partition 9 to another phone, because it would be the same as using the same numberplate on two different cars. The partition 9 includes the IMEI, if you will, the "numberplate" of the phone.
Mod Edit
Changing imei numbers is illegal.
Any such discussion is not allowed on XDA
Thread closed
malybru
Forum Moderator
Hello,
some discussions on android-hilfe.de about the Honor 7 modem partition and additionally Wanams App "Partitions Backup & Restore" brought me to the following issue:
The Honor 7 has a bunch of partitions and some partitions seem to be very device specific.
Looking into Wanams App (s. attachments) several partitions are marked with a yellow background as "IMEI / EFS related". Because of that I am assuming that device specific informations like IMEI, serial nummber, mac addresses for WLAN and Bluetooth etc. are stored on one or more of those special partitions (I think that the time to burn such informations on EPROMs is gone, isn't it?).
That's leading to my question: Can somebody tell me which device specific information is stored on what partition?
I think that this aspect is very important for those who want to create their own Custom ROM because it would be very "stupid" if you provide a ROM that changes one of those partitions and later on you have to recognize that all affected devices have (for example) the same IMEI.
Thank you in advance and best regards
m_esser
Curious ... this forum has thousands of users and has a community with an extremely high knowledge level ... but nobody can answer my questions?
I'm not a developer, but I've tried to REPIT my partitaions to get more space on phone.
Hope this post below helps:
https://github.com/Lanchon/REPIT/issues/28
jerryhou85 said:
I'm not a developer, but I've tried to REPIT my partitaions to get more space on phone.
Hope this post below helps:
https://github.com/Lanchon/REPIT/issues/28
Click to expand...
Click to collapse
Thank you very much for the above mentioned link ... very intersting but unfortunately I didn't find what I am searching for. The thread you mentioned is more focussed on partition sizes etc and not on the content (what is stored where on the very Huawei specific partitions? ).
Best regards
m_esser
That's worth something searching for.
But isn't the IMEI hardcoded to the motherboard only?
I bricked my previous device, and they changed the MOBO, and upon receiving it I checked IMEI and it was changed, but the device was same, I had a dent as mark on the back.
DigiGoon said:
That's worth something searching for.
But isn't the IMEI hardcoded to the motherboard only?
Click to expand...
Click to collapse
Depending on the perspective what "hardcoded" means the answer can be Yes and No .
If there is a dedicated chip on the motherboard (like it was in the early PC days on ethernet cards) that would surprise me because this approach would be very "old fashioned" ... the days of EEPROMs are definitively gone.
Thus I am assuming that the IMEI and other informations are stored in flash memory and further I assume that the manufacturer takes one of the undescriped partitions for this purpose ... only a guess but for me very likely because additional chips or elements would only lead to higher costs.
But currently it looks like we will never know ...
Best regards
m_esser
m_esser said:
Depending on the perspective what "hardcoded" means the answer can be Yes and No .
If there is a dedicated chip on the motherboard (like it was in the early PC days on ethernet cards) that would surprise me because this approach would be very "old fashioned" ... the days of EEPROMs are definitively gone.
Thus I am assuming that the IMEI and other informations are stored in flash memory and further I assume that the manufacturer takes one of the undescriped partitions for this purpose ... only a guess but for me very likely because additional chips or elements would only lead to higher costs.
But currently it looks like we will never know ...
Best regards
m_esser
Click to expand...
Click to collapse
It may not be a chip, but a small flash storage somewhere on the board, which stores the IMEI and stuff, if not then why the IMEI changes when the motherboard changes.
Or maybe a hidden partition.
But then again, who knows.
Thanks
Hi guys,
I'm still owning an old i9300 and would like to flash CM14.1 to it (already have the same model running CM14).
This particular device is.. well kind of soft bricked - I think. I'm running out of ideas.
It shows the developer IMEI 00049... and no valid serial #
Not a single howto/patched kernel/app is solving this. I searched not only the xda-developers forum but all parts of g**gle I can handle the language
What I tried already:
- Installed the stock FW with ODIN (even after a full wipe of the internal eMMC partitions with CM13 as root )
- Downgraded to 4.0.4 ICS (and in this step I was able to re-create the serial # by manually patching nv_data and .nv_data)
- Removed /efs with mke2fs and let the device re-create it (it re-creates all the necessary files including nv_data.bin etc.) - without showing the IMEI
- Built a serial cable to talk to the modem (nice - but no solution for my problem)
- Maybe my biggest mistake: Tried (by accident) to restore an entire OS from a similar phone - INCLUDING /efs - to this phone. After that step my phone displayed a while the wrong serial #
My questions are:
- If I delete all the partitions of the internal eMMC (dd if=/dev/zero of=/dev/block/mmcblk0 - DON'T TRY THIS AT HOME). From *where* is /efs re-created? Where exactly is serial รค and IMEI stored?
- Is there a chance to bring this device back to live? I really want to bring this device to a repair shop, but the repair shop in my village does not even know what /efs or UART is - they are replacing just glasses and stuff
And: No, I don't have an /efs backup of this phone....
Have you tried flashing via kies?.
Yes you did brick it by cross flashing another devices identity.
If the device is an international btu you can try flashing the stock rom twice with a factory reset in between. If no joy then try kies again. The phone has lost who it is. You have to get it to remember.
The stock btu rom: https://drive.google.com/file/d/0B4vTiHTBB629OVlvY0pkcXN4ak0/view?usp=drivesdk
Beamed in by telepathy.
Hello shivadow,
shivadow said:
Have you tried flashing via kies?.
Click to expand...
Click to collapse
Yes - *plenty* of times (like 20..30) to rest the device to a defined state after a non-working [patched modem|EFS-repair|differnent firmware|...]
shivadow said:
The stock btu rom: [...]
Click to expand...
Click to collapse
Thanks a lot - but even this firmware does not help (I tried this - oh, before Christmas holidays, I think)
In the meantime I have learned a lot about the EFS folder:
- Never, ever restore a foreign EFS folder - it will not work
- Manually fiddling around with the nv_data bin is hard work (although I'm now able to switch the serial number back to the one printed under the battery)
- The device is fixable, but most probably not without a box - just because the necessary information is not freely available. With a free trial of a software I was able to reset the IMEI to a fake one and all of sudden I had network and was able to make calls
- With some AT+MSLSECUR/AT+IMEITEST stuff I'm not able to set the IMEI - it seems some certificate is missing (maybe the protection from Samsung for modifying the IMEI?). I was always stuck in the last step: actually write/set the IMEI does not work.
I think tomorrow I will bring the device to a repair shop in a larger town (they will have the knowledge I hope) and then I will compare broken EFS/fixed EFS (i.e. nv_data.bin) to learn even more.
So, you flashed another devices nvram and didn't have a backup of your own?.
Beamed in by telepathy.
shivadow said:
So, you flashed another devices nvram and didn't have a backup of your own?.
Click to expand...
Click to collapse
Exactly - it restored by mistake the backup to the wrong device. So not even parts of the original EFS folder - not even one single bit - is available. (Of course, the EFS folder of the wrong device is also not working...)
Looks like the phone will need to be repaired by a cell shop.
Hi guys,
the people in a repair shop were able to restore the original IMEI although undelete/forensics in an ext4 FS is not what I do every day it looks like:
- "they" replaced the nv_data.bin with another one (maybe some "empty" one?)
- the IMEI is definitely properly integrated (*#0011# menu is telling "IMEI CERTI: PASS and AT+MSLSECUR is now requesting a proper certificate)
Now I will start some investigation with the two (well, three) different versions of nv_data.bin
I'm still wondering *where* an i9300 is storing the identity after i.e. an eMMC replacement..
Has somebody particular informations of the RPMB area of the eMMC? Maybe I'm going to JTAG that device to find out...
Hello my freindes
i rooted my sm-c7000 and after download a custom rom it stuck on logo so i back to stuck rom but when i go to recovery mode it said "E:failed to mount /efs (Invalid argument)" and after search on google i found that i should flash esp by odin
so i need the EFS for C7000ZH please
+------------------------+
Thanks in advance
Best regards
@misyo.nour
EFS isn't a file but is a partition on your Android device that stores all the important data associated with your phone. For instance, these data include the IMEI number, Mac address of Wireless devices, important files of internet and product code, etc. Hence the EFS partition holds data to a specific phone, isn't generic, will say can't simply get transferred from one phone to another one.
jwoegerbauer said:
@misyo.nour
EFS isn't a file but is a partition on your Android device that stores all the important data associated with your phone. For instance, these data include the IMEI number, Mac address of Wireless devices, important files of internet and product code, etc. Hence the EFS partition holds data to a specific phone, isn't generic, will say can't simply get transferred from one phone to another one.
Click to expand...
Click to collapse
is there any way to fix it so i can open wifi and blutooth ??
btw sim card working fine
Hello guys, first of all: thank you very much for your Forum; I'm learning a lot even if I remain a complete noob!
I'm trying to use LineageOS 17.1 (lineage-17.1-20210118-UNOFFICIAL-a3y17lte, recovery OrangeFox 11.01) on Galaxy A3 2017 (SM-A320FL), and I did something really stupid trying to make Link2App work.
I had problems to format properly the miniSD using Android's apps, and I could not remove the card from the phone (the slot's opening is damaged). So then I tried to format the card using ADB + BusyBox + fdisk, BUT I did it while I was distracted by other job's issues, and I didn't realize I was working on the internal SD instead of on the removable card (yes, complete idiot...).
Result: a brand new empty partition table in my phone, permanently stuck in Download mode (impossible even to power off it).
I tried to restore the phone using this procedure, but it failed midway. By the way, I could Odin-flash TWRP and then restore the partitions using the repartion script. Eventually, I fleshed my OrangeFox and LineageOS: the system is now perfectly working, but the phone doesn't recognize any more my SIM and IMEI (dialing: *#06#) is blank.
I had a Fox's "light" backup, but it didn't solve anything.
I'm still having the original box with the IMEI number on the label, but I didn't find a suitable procedure to use it.
Kies3: the SM-A320 phone seems too old to allow the Initialization procedure described here (yes, the phone was unplugged)
There are many apps promising miracles (for instance: ToolHero, MTK Engineering Mode, IMEI Generator Pro, EFT Dongle...); however, I tried some, and they seem to me just ****ty pieces of software, requiring the original system or dubious paid services.
Dialing codes* procedure (like Method 1 here). I cannot remove SIM or battery to complete the procedure. Besides, my phone doesn't react to the code; probably they are country or SIM specific...
Line command (terminal emulator or ADB): this seems to be the most promising method; however, the line
Code:
echo 'AT +EGMR=1,7,"MY_IMEI_NUMBER"'>/dev/pttycmd1
doesn't do anything on my device
IMEI generator: I tried to generate a new MP0B_001 file using this guide. The download link is broken, then I downloaded the files from another source, and I prefer to add to my system just the MPB_001, without flashing the "repair" tool. Besides, I don't have any /nvram folder in my $root/data/ directory... (the only IMEI related folder is in $root/eps/).
Any suggestion to solve this mess? Thank you very much!
Daniele
* EDIT: after typing *#*#197328640#*#* the phone window closes.
Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com
jwoegerbauer said:
Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com
Click to expand...
Click to collapse
Thank you very much for your answer! The 2-3 methods seem promising; however, I isolated the problem and solved it before receiving your message.
The problem: after messing with the partitions, I tried to restore my system, downloading the files via Freja. However, I select the wrong CSC, using my SIM provider code (TIM) instead of the generic code for Italy (ITV).
I noticed it exploring the light backup I had done in TWRP (only System partition): a CSC_version.txt was there, pointing to A320FLOXA9CTK1 (ITV version, while I restored using A320FLTIM8CTH1, TIM carrier version). ITV was also mentioned in the file $ROOT/eps/imei/mps_code.dat (dunno if this is relevant)
Solution: Odin + the right firmware did the trick. I had my IMEI back and the phone working, then I came back flashing TWRP, Orangefox and, eventually, LineageOS.
Everything is working now, and, of course, I backed up EPS partition (now).
Many thanks!
daniele