Related
Just to share a successful restoration of a damaged /efs partition on a i9300 without any backup. Maybe this will help someone save their phone or avoid having to send it in for repair. This appears to be the usual advice when the efs partition is damaged and you don't have a backup. You're fsck'ed. However, you might get lucky, like I did. Read on.
The story: I was running the phone with a custom built cm-10.1 and playing Candy Crush when the battery died. After that the phone wouldn't boot. After booting into recovery it appeared /efs wouldn't mount. That puts the phone in a boot loop. Desperation...
The key to the provided solution is that eventhough your parition is damaged, the relevant data (nv_data.bin) may still exist.
Here's what I did. Not all steps may be necessary, but this is what happened to work for me. The steps I think are crucial are highlighted.
!!!AS USUAL, TRY ANY OF THIS AT YOUR OWN RISK!!! In any case, only do this when your efs partition is damaged and won't mount, not when only files in it are missing or something else.
1. Create an image of /dev/block/mmcblk0p3. mmcblk0p3 is the device file for the partition that is mounted as /efs
I did this by logging into the phone while it is in recovery with adb:
Code:
linux# adb root
linux# adb shell
phone# dd if=/dev/block/mmcblk0p3 of=/data/efs.img
phone# exit
linux# adb pull /data/efs.img .
You now have an image of the efs partition. To verify that it is indeed broken, I did a filecheck on the image:
Code:
linux# losetup /dev/loop0 efs.img
linux# fsck /dev/loop0
That gave an "Invalid Superblock" message. The partition is indeed b0rked. No (obvious) way to rescue the filesystem.
2. I still didn't know what to do so I flashed a stock ROM (G4) using Odin. Still boot looping. Since I wasn't sure the partition table wasn't damaged and the efs partition was lost anyway, I decided to check "Repartition", which is generally discouraged, using a pit file downloaded from the forum.
3. I re-rooted using CF-Root. This time using Heimdal from linux. Stock didn't fix things and you need root to access the partitions.
4. Format the efs! It's unusable and I made a backup, so in recovery:
Code:
linux# adb root
linux# adb shell
phone# mke2fs /dev/block/mmcblk0p3
Reboot the phone and voila! A booting phone, but obviously without serial number and a default IMEI. And some screen came up which I think means I was in factory mode. The data in the /efs partition has been rebuilt with a set of default files.
5. I edited some files in /efs/FactoryApp
Code:
linux# adb root
linux# adb shell
phone# cd /efs/FactoryApp
phone# echo -n ON > factorymode
phone# echo -n ON > keystr
phone# echo -n <xxxxxxx> > serial_no
Where <xxxxxxx> is your serial number, found under the battery. Not sure if this did anything useful, but the serial number no longer indicated 0000000 after that.
6. I flashed cm-10.1 again from recovery, because I was experimenting with EFSPro, which requires busybox on the phone. EFSPro doesn't do much for you in this case. So I don't think this is important.
7. Try to recreate an nv_data.bin from the damaged partition! In order to do this I pulled the rebuilt default nv_data.bin from the phone and compared it to efs.img created in step 1.
Code:
linux# adb root
linux# adb pull /efs/nv_data.bin .
linux# xxd nv_data.bin > nv_data.hex
linux# xxd efs.img > efs.hex
Now inspecting the nv_data.hex, it started out like:
Code:
0000000: cccc cccc cccc cccc cccc cccc cccc cccc ................
0000010: cccc cccc cccc cccc cccc cccc cccc cccc ................
0000020: 4d21 5317 00a0 a2f7 1435 5799 529d 129b M!S......5W.R...
0000030: 48bd ca0e 6249 1367 37a5 96c3 39da 19ea H...bI.g7...9...
0000040: 0000 0000 e000 0000 0200 7400 6c00 0000 ..........t.l...
0000050: 0000 0000 0000 8130 0100 0000 0000 0000 .......0........
0000060: ffff ffff ffff ffff ffff ffff ffff ffff ................
0000070: ffff ffff 0200 0000 333a 3476 2020 2020 ........3:4v
0000080: 5350 3632 3630 5f4d 305f 4d4f 4445 4d5f SP6260_M0_MODEM_
0000090: 3033 2e31 3332 375f 4442 3133 3037 3032 03.1327_DB130702
00000a0: 2032 3031 332d 4a75 6c2d 3136 2032 303a 2013-Jul-16 20:
00000b0: 3035 3a33 3020 0a20 2020 2050 4442 5f4e 05:30 . PDB_N
00000c0: 4f54 5f41 5641 494c 4142 4c45 200a 0000 OT_AVAILABLE ...
I then searched for "MODEM" in efs.hex and found several similar entries. So for the next step, you might have to try a few times. I found one at address 0600000:
Code:
0600080: 5350 3632 3630 5f4d 305f 4d4f 4445 4d5f SP6260_M0_MODEM_
0600090: 3033 2e31 3234 315f 4442 3132 3130 3038 03.1241_DB121008
06000a0: 2032 3031 322d 4e6f 762d 3136 2031 343a 2012-Nov-16 14:
06000b0: 3030 3a34 3920 0a20 2020 2050 4442 5f4e 00:49 . PDB_N
06000c0: 4f54 5f41 5641 494c 4142 4c45 200a 0000 OT_AVAILABLE ...
I then extracted a block of data with the size of nv_data.bin from efs.img starting at this address:
Code:
linux# dd if=efs.img of=new_nv_data.bin skip=12288 count=4096
"skip" indicates the offset (0x0600000) and "count" the filesize (0x0200000). I now had a recreated old nv_data.bin.
8. Put the recreated nv_data.bin on the phone and delete backups.
Code:
linux# adb root
linux# adb shell
phone# cd /efs
phone# rm nv_data.bin
phone# rm .nv_data.bak
phone# rm .nv_core.bak
phone# adb push new_nv_data.bin /efs/nv_data.bin
I rebooted the phone and miracle oh miracle. I had my original IMEI back! Not sure if the phone is in optimal condition, but I can make calls and I have mobile data.
Hope any of this may be of any help to anyone. It took me quite a while to figure things out !!
If this works, you have made an excellent work and i think this has to be stickied :sly:
Inviato dal mio GT-I9300 utilizzando Tapatalk
Well done fella, good work!
Sent from my GT-I9300 using xda premium
Hi SlashV,
Very interesting approach of one of the most frequent issues for I9300!
My case is as follows: I have recovered IMEI with more common methods: kTool,and..
- in 4.3 ROM's my IMEI and serial are ok ... and I have network ,but
- in CM11 or OMNI 4.4 my IMEI is correct but the serial number is wrong !
(and therefore I have no network)
Could you suggest, please, a way to read and/or repair the Serial number in CM11 ?!
( using Terminal Emulator would be also possible?)
Thanks in advance!
serial number in cm
stefan.slavici said:
Hi SlashV,
Very interesting approach of one of the most frequent issues for I9300!
Click to expand...
Click to collapse
Thanks.
stefan.slavici said:
My case is as follows: I have recovered IMEI with more common methods: kTool,and..
- in 4.3 ROM's my IMEI and serial are ok ... and I have network ,but
- in CM11 or OMNI 4.4 my IMEI is correct but the serial number is wrong !
(and therefore I have no network)
Could you suggest, please, a way to read and/or repair the Serial number in CM11 ?!
( using Terminal Emulator would be also possible?)
Thanks in advance!
Click to expand...
Click to collapse
I think my serial number got restored by step 5 of what I did even before I restored my original nv_data.bin, so you might try that. It's easy from the terminal and I'm fairly sure it won't hurt. Make a backup of you efs first!
However, I am somewhat surprised by your issue. How can the serial number change? I did notice CM shows a different serial for me than is on the sticker, so maybe I have the same issue, or CM just shows a different representation of the same number. Anyway, I have no network issues because of it. Maybe your network issues have to do with something else than the serial no?
SlashV said:
Thanks.
I think my serial number got restored by step 5 of what I did even before I restored my original nv_data.bin, so you might try that. It's easy from the terminal and I'm fairly sure it won't hurt. Make a backup of you efs first!
However, I am somewhat surprised by your issue. How can the serial number change? I did notice CM shows a different serial for me than is on the sticker, so maybe I have the same issue, or CM just shows a different representation of the same number. Anyway, I have no network issues because of it. Maybe your network issues have to do with something else than the serial no?
Click to expand...
Click to collapse
no! the serial number changed when i flashed CM11 but no network problem. and then it is back to the previous serial number when i flashed s4 evolution rom!
OMG
You are a genius
This Thread should be moved to General
Glad that the op got his imei & serial back, also that he's posted such detailed instructions (although I think a couple of them won't be necessary for most). For the majority of those who arrive at xda, after breaking their phone by flashing random things they didn't understand it will read like diy brain surgery.
Best option, as always, is to backup the efs -unfortunately it's usually far too late by the time they get to xda.
Sent from my GT-I9300 using Tapatalk
I also had a similar problem. I had IMEI but not valid serial (000000). I solved temporaly using Ariza Patch. But if I can restore the serial using your method.... then I MUST BUY YOU A BEER MY FRIEND!
Some news. In my case I have a correct IMEI but a wrong serial (000000). Resulting in a no network conenctivity.
I've tried modifing the efs.img directly by hand and adding the serial to the serial_no file (it's in plain text). Then I restored using ktool. And nothing. It still says 0000000.
So. Then I tried over adb as you did. echo -n <serial> > serial_no. The operation went succesfully but when I rebooted my phone it still shows 000000.
So I'm guessing (as excepted) these things have protection against tampered serials/imei. Maybe a hash somewhere... But I'm not willing to reverse engineer that (I don't even have the knowledge!).
So....I don't know how you did it. But that step alone doesn't restore the serial number.
---------- Post added at 02:45 PM ---------- Previous post was at 01:56 PM ----------
So I decided to took my investigation a little further.
I had an efs back up so I reproduced all your steps but only on linux.
The offsets of my nv_data.bin are the same as yours. I extracted my new_nv_data.bin from my efs.img (using dd). Then I compared the nv_data.bin extracted mounting the efs.img. They are the same. Not a single bit difference.
I guess it was expected. I just wanted to make sure there wasn't anything wrong with my efs backup.
So. This method really works if you lost you efs partition (corrupted). But In my case (efs not corrupted, IMEI ok, serial 0000), it didn't help.
I bet there's a solution floating around. But there's also a business behind this (all those boxes). So, I don't know if I will be ever be available to fix this by myself.
I'm starting to think that maybe the trick is to format efs (having a backup of course). But I don't know. I'm not that brave haha.
Changing the serial_no file does nothing. That doesn't work for sure. I've tried one more time using root browser and it didn't change from 00000.
Everything is inside nv_data.bin I think. Even the serial. But I guess nobody will tell me here how to correct that so I have network connectivity again without patching.
Anyway, I don't know why so secretive about all this info. I mean, all the boxes out there let you change you IMEI. I bet all the burglers out there already know how to do it. The only ones that still don't know how to do it are the honest people haha. Kind of ironic.
Because it's illegal and gets you five years. Follow the guides on how to restore your efs backup. Discussing imei changing will get the thread locked.
If you don't have backup then pay for a repair.
Sent from my GT-I9300 using Tapatalk
boomboomer said:
Because it's illegal and gets you five years. Follow the guides on how to restore your efs backup. Discussing imei changing will get the thread locked.
If you don't have backup then pay for a repair.
Sent from my GT-I9300 using Tapatalk
Click to expand...
Click to collapse
In my case my phone came like this. I can't return it because I bought it abroad.
I have a backup of my efs. I did restored it. But serial is still 0000. IMEI is FINE. I don't want to change IMEI. Just fix my EFS to have a proper serial. Only way of having connectivity back is ariza patch. But I would love to return my phone to factory state. That is not illegal.
Always wonder how the repair shops are able to restore. Still OP post is informational.
hyperorb said:
Always wonder how the repair shops are able to restore. Still OP post is informational.
Click to expand...
Click to collapse
Yes. Maybe formatting the EFS is the key. Because the phone will regerate a dummy one without errors. And then restore the files individually insted of the whole partition.
But... that's is just a guess. And I'm not willing to try it either. I will start worrying when Samsung releases a decent 4.3 version of the stock firmware. Until then I will stay on 4.1.2 with Ariza Patch.
Boxes
hyperorb said:
Always wonder how the repair shops are able to restore. Still OP post is informational.
Click to expand...
Click to collapse
I think they use tools like the SmartSamBox. I contacted the manufacturer and they claim that you can restore imei and serial with it. A box like that isn't even that expensive. I considered buying one before I tried my final "I must get lucky" shot described in this thread.
lost serial
Gonzakpo said:
I'm starting to think that maybe the trick is to format efs (having a backup of course). But I don't know. I'm not that brave haha.
Click to expand...
Click to collapse
If you dumped an image of it, it can't really hurt you imho.
Gonzakpo said:
Changing the serial_no file does nothing. That doesn't work for sure. I've tried one more time using root browser and it didn't change from 00000.
Everything is inside nv_data.bin I think. Even the serial. But I guess nobody will tell me here how to correct that so I have network connectivity again without patching.
Click to expand...
Click to collapse
Yeah, everything is in nv_data.bin. It's a pity I am not a 100% sure, but I really think I got the serial back though before restoring my original nv_data.bin. Changing the serial_no file now, doesn't do anything, like you say, but I added it to an /efs that was created from scratch after a format. Like you, I am a bit reluctant to try and reformat it again, just to see if that would work, but maybe I will. It won't help you though, because starting out with an /efs from scratch is not an option for you. You won't have an imei in that case.
Gonzakpo said:
Anyway, I don't know why so secretive about all this info. I mean, all the boxes out there let you change you IMEI. I bet all the burglers out there already know how to do it. The only ones that still don't know how to do it are the honest people haha. Kind of ironic.
Click to expand...
Click to collapse
Welcome to the World my Friend
Formatting /efs in fact results in automatic regeneration of file structure, just with a null (but still valid) data. By replacing important files with a working backup you can actually revive your phone, as long as you have valid core files.
Anyway, hats off for the solution. May help someone .
You could also try to mke2fs -n /dev/loop0 (with mounted efs.img), and then read superblocks and restore them with e2fsck -b block_number /dev/loop0.
Wow. Thank you for the answers. For a moment I though I was talking alone hahaha
Well. I made the jump and formatted the efs to see what happens. I was on stock 4.1.2 (the old EFS one == I9300XXELLC_I9300XEFELL1_I9300XXELKB)
Surprisingly, after a reboot the EFS wasn't restored for a dummy one. It was empty. I even tried a wipe from the recovery and it didn't work either.
Then I freaked out (haha) and restored my EFS backup and everything was back to normal.
Conclusion. 4.1.2 is no good for this method? Maybe I should try with stock 4.0.4?
SlashV, what firmware do you refere when you say "G4". Latest Android 4.1.2 (mg4 modem)?
I hope I can reproduce your method. So we can at least help the community with a more tested solution.
SlashV said:
Just to share a successful restoration of a damaged /efs partition on a i9300 without any backup. Maybe this will help someone save their phone or avoid having to send it in for repair. This appears to be the usual advice when the efs partition is damaged and you don't have a backup. You're fsck'ed. However, you might get lucky, like I did. Read on.
The story: I was running the phone with a custom built cm-10.1 and playing Candy Crush when the battery died. After that the phone wouldn't boot. After booting into recovery it appeared /efs wouldn't mount. That puts the phone in a boot loop. Desperation...
The key to the provided solution is that eventhough your parition is damaged, the relevant data (nv_data.bin) may still exist.
Here's what I did. Not all steps may be necessary, but this is what happened to work for me. The steps I think are crucial are highlighted.
!!!AS USUAL, TRY ANY OF THIS AT YOUR OWN RISK!!! In any case, only do this when your efs partition is damaged and won't mount, not when only files in it are missing or something else.
1. Create an image of /dev/block/mmcblk0p3. mmcblk0p3 is the device file for the partition that is mounted as /efs
I did this by logging into the phone while it is in recovery with adb:
Code:
linux# adb root
linux# adb shell
phone# dd if=/dev/block/mmcblk0p3 of=/data/efs.img
phone# exit
linux# adb pull /data/efs.img .
You now have an image of the efs partition. To verify that it is indeed broken, I did a filecheck on the image:
Code:
linux# losetup /dev/loop0 efs.img
linux# fsck /dev/loop0
That gave an "Invalid Superblock" message. The partition is indeed b0rked. No (obvious) way to rescue the filesystem.
2. I still didn't know what to do so I flashed a stock ROM (G4) using Odin. Still boot looping. Since I wasn't sure the partition table wasn't damaged and the efs partition was lost anyway, I decided to check "Repartition", which is generally discouraged, using a pit file downloaded from the forum.
3. I re-rooted using CF-Root. This time using Heimdal from linux. Stock didn't fix things and you need root to access the partitions.
4. Format the efs! It's unusable and I made a backup, so in recovery:
Code:
linux# adb root
linux# adb shell
phone# mke2fs /dev/block/mmcblk0p3
Reboot the phone and voila! A booting phone, but obviously without serial number and a default IMEI. And some screen came up which I think means I was in factory mode. The data in the /efs partition has been rebuilt with a set of default files.
5. I edited some files in /efs/FactoryApp
Code:
linux# adb root
linux# adb shell
phone# cd /efs/FactoryApp
phone# echo -n ON > factorymode
phone# echo -n ON > keystr
phone# echo -n <xxxxxxx> > serial_no
Where <xxxxxxx> is your serial number, found under the battery. Not sure if this did anything useful, but the serial number no longer indicated 0000000 after that.
6. I flashed cm-10.1 again from recovery, because I was experimenting with EFSPro, which requires busybox on the phone. EFSPro doesn't do much for you in this case. So I don't think this is important.
7. Try to recreate an nv_data.bin from the damaged partition! In order to do this I pulled the rebuilt default nv_data.bin from the phone and compared it to efs.img created in step 1.
Code:
linux# adb root
linux# adb pull /efs/nv_data.bin .
linux# xxd nv_data.bin > nv_data.hex
linux# xxd efs.img > efs.hex
Now inspecting the nv_data.hex, it started out like:
Code:
0000000: cccc cccc cccc cccc cccc cccc cccc cccc ................
0000010: cccc cccc cccc cccc cccc cccc cccc cccc ................
0000020: 4d21 5317 00a0 a2f7 1435 5799 529d 129b M!S......5W.R...
0000030: 48bd ca0e 6249 1367 37a5 96c3 39da 19ea H...bI.g7...9...
0000040: 0000 0000 e000 0000 0200 7400 6c00 0000 ..........t.l...
0000050: 0000 0000 0000 8130 0100 0000 0000 0000 .......0........
0000060: ffff ffff ffff ffff ffff ffff ffff ffff ................
0000070: ffff ffff 0200 0000 333a 3476 2020 2020 ........3:4v
0000080: 5350 3632 3630 5f4d 305f 4d4f 4445 4d5f SP6260_M0_MODEM_
0000090: 3033 2e31 3332 375f 4442 3133 3037 3032 03.1327_DB130702
00000a0: 2032 3031 332d 4a75 6c2d 3136 2032 303a 2013-Jul-16 20:
00000b0: 3035 3a33 3020 0a20 2020 2050 4442 5f4e 05:30 . PDB_N
00000c0: 4f54 5f41 5641 494c 4142 4c45 200a 0000 OT_AVAILABLE ...
I then searched for "MODEM" in efs.hex and found several similar entries. So for the next step, you might have to try a few times. I found one at address 0600000:
Code:
0600080: 5350 3632 3630 5f4d 305f 4d4f 4445 4d5f SP6260_M0_MODEM_
0600090: 3033 2e31 3234 315f 4442 3132 3130 3038 03.1241_DB121008
06000a0: 2032 3031 322d 4e6f 762d 3136 2031 343a 2012-Nov-16 14:
06000b0: 3030 3a34 3920 0a20 2020 2050 4442 5f4e 00:49 . PDB_N
06000c0: 4f54 5f41 5641 494c 4142 4c45 200a 0000 OT_AVAILABLE ...
I then extracted a block of data with the size of nv_data.bin from efs.img starting at this address:
Code:
linux# dd if=efs.img of=new_nv_data.bin skip=12288 count=4096
"skip" indicates the offset (0x0600000) and "count" the filesize (0x0200000). I now had a recreated old nv_data.bin.
8. Put the recreated nv_data.bin on the phone and delete backups.
Code:
linux# adb root
linux# adb shell
phone# cd /efs
phone# rm nv_data.bin
phone# rm .nv_data.bak
phone# rm .nv_core.bak
phone# adb push new_nv_data.bin /efs/nv_data.bin
I rebooted the phone and miracle oh miracle. I had my original IMEI back! Not sure if the phone is in optimal condition, but I can make calls and I have mobile data.
Hope any of this may be of any help to anyone. It took me quite a while to figure things out !!
Click to expand...
Click to collapse
dont work on my galaxy s3
Hi I would like to ask for help-phone can not see both sim cards or the slot in slot 1 or 2 Well, I can not set the IMEI on your phone by going to settings by entering * # * # 3646633 # * # *. After entering the IMEI number and approval - displays to me, At the command is failed to send,,. Ioceana asked what to do and so I wrote back:
If there is no signal on your phone, it maybe Caused by IMEI or NV lost. You april check the IMEI Firstly, input * # 06 #, if the IMEI is lost or invalid, you have to re-write the IMEI. And you a small check NV to input * # 66 #, and press "SN", to see if NV is there, if it is blank That means you have to re-write the NV as well. (IMEI and NV maybe lost because of flashing ROM or factory reset)
maybe you should rewrite the NV
Re-write NV
When the write NV, please ensure code That the version corresponds to your phone model.
Write NV tool (including guidance)
give it a try.
Can somebody help me how to do it exactly?
Required :
- Driver Qualcomm for Windows
- QPST_2.7.422.zip
- Driver ADB Installer
- Modem Lenovo A6000/A6000+ include ADB fastboot
- Extrac Modem in drive C:\adb and open the folder
** Edit file qcn use HxD change IMEI and Convert IMEI
SIM 1
Sector 343 Offset 0002AE50 point 00-08
Change 08 8A 76 21 04 22 57 85 45 adjust to you IMEI-1
SIM 2
Sector 188 Offset 000178E0 point 00-08
Change 08 8A 76 21 04 22 57 85 26 adjust to you IMEI-2
** Step change IMEI :
1. Open Convert IMEI
2. Write you IMEI-1 and klik Convert
3. Open HxD
4. Press Ctrl + F write/copas 08 8A 76 21 04 22 57 85 45 Datatype Hex-values Direction All - Ok
5. Replace it with IMEI-1 numbers convert results
6. Write you IMEI-2 and klik Convert
7. Open HxD
8. Press Ctrl + F write/copas 08 8A 76 21 04 22 57 85 26 Datatype Hex-values Direction All - Ok
9. Replace it with IMEI-2 numbers convert results
10. Close HxD and save file qcn
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
** For those who use stock rom not need root can be directly executed steps :
1. Install driver qualcomm, qpst, adb installer
2. Open the folder C:\adb
3. Press and hold down the Shift + Right Click - Open command windows here
4. Sign in fastboot mode button (vol- & power) and type :
fastboot erase modem (enter)
fastboot erase modemst1 (enter)
fastboot erase modemst2 (enter)
fastboot flash modem NON-HLOS.bin (enter)
fastboot flash modem modemst1.bin (enter)
fastboot flash modem modemst2.bin (enter)
5. Turn off the phone remove the battery
6. Sign test mode button (vol+ & Power)
7. Open QPST software download
8. Tab Restore
9. Browse PORT Qualcomm Diag
10. If you already connect, browse file QCN
11. Select the edited file QCN use hex editor
12. Tick Allow phone/file ESN mismatch
13. Start (wait for the process)
14. Reboot phone
15. Check the IMEI
16. Check signal SIM-1 the WCDMA/LTE only
17. Finished :laugh:
** For those who use custom rom / are not able to enter the test mode must root stock rom steps:
1. Root
2. Open SuperSU settings default access to Grant
3. Turn off the phone
4. Proceed to step 1 to 5
5. Turn on the phone
6. Install Terminalemulator.apk
7. Open terminalemulator type su (enter)
8. Type setprop sys.usb.config diag, adb (enter)
9. Continue to restore files qcn step 7 to finish
Special thanks :
- Allah SWT.
- Carlos Spitzer
- fawazahmed0
- Robby Primarizal
- Hanif Nurul Huda
- Amri Gadroen
- All member (OFFICIAL INDONESIA) LENOVO A6000 INA
@zround - Just in case, you are feeling low due to no response from anyone. Brother, what you did was a much much needed thing, as many of the A6000 users are having IMEI problems on flashing custom ROMs. This thread is definitely a life saver for the guy having IMEI issue.
Sometimes, you don't get much appreciation from others in the beginning (has happened with me), but that doesn't mean you stop doing so.
So, all I wanna say is "thanks" and I really appreciate what you did.
:silly:
sasukay said:
@zround - Just in case, you are feeling low due to no response from anyone. Brother, what you did was a much much needed thing, as many of the A6000 users are having IMEI problems on flashing custom ROMs. This thread is definitely a life saver for the guy having IMEI issue.
Sometimes, you don't get much appreciation from others in the beginning (has happened with me), but that doesn't mean you stop doing so.
So, all I wanna say is "thanks" and I really appreciate what you did.
:silly:
Click to expand...
Click to collapse
@sasukay if there is no response means i think they managed to restore IMEI Lenovo A6000/+ in my way, :angel: i'm not proud of the appreciation and responses but can share and help others who seemed to me it was really fun.
let's drink a cup of coffee so as not to panic
zround said:
@sasukay if there is no response means i think they managed to restore IMEI Lenovo A6000/+ in my way, :angel: i'm not proud of the appreciation and responses but can share and help others who seemed to me it was really fun.
let's drink a cup of coffee so as not to panic
Click to expand...
Click to collapse
Hehhehhe.....I was just being dramatic... :silly:
hi sir,
i have lenovo a 6000.problem both imei null .when i try to write the qcn from ur guide.but in ur 9th step when i select the diag phone it shows no phone connected in qpst window.any solution please.
rajendrakumar said:
hi sir,
i have lenovo a 6000.problem both imei null .when i try to write the qcn from ur guide.but in ur 9th step when i select the diag phone it shows no phone connected in qpst window.any solution please.
Click to expand...
Click to collapse
if you use a stock rom then how to enable diag port android to turn off the device to unplug the battery and then press and hold the button (vol + & power) until the entrance test mode and plug the USB cable
or
by turning on the device (root) pairs terminalemulator.apk open to write:
su
setprop sys.usb.config diag, adb
restore qcn :good:
This saved my life thank you so much. Love from philippines bro
Unable to mount /modem
Bro.. ini udah ikutin sampe step 5, lalu pas gua nyalain malah stuck di logo booting. Coba clear cache via TWRP ada tulisan "Unable to mount /modem". Kira2 itu knp ya ? hehehe masih noob
waw steady
LYudhistira said:
Bro.. ini udah ikutin sampe step 5, lalu pas gua nyalain malah stuck di logo booting. Coba clear cache via TWRP ada tulisan "Unable to mount /modem". Kira2 itu knp ya ? hehehe masih noob
Click to expand...
Click to collapse
Step :
Masuk fastboot dan erase semua partisi, (boot, userdata, cache, system, modem, modemst1, modemst2)
Flash stock rom Lollipop via qfil qpst atau qualcomm downloader
Root
Masuk fastboot dan eksekusi
fastboot erase modem
fastboot erase modemst1
fastboot erase modemst2
fastboot flash modem NON-HLOS.bin
fastboot flash modem modemst1.bin
fastboot flash modem modemst2.bin
Restore qcn
Hello, my imei's are good but error in network (cannot connect to selected network ) after writing qcn (without editing ) only SIM 1 worked with network but sim 2 not working > but after editing with my imei's no network .. any suggestions i need booth sims to work!?
Sobaro said:
Hello, my imei's are good but error in network (cannot connect to selected network ) after writing qcn (without editing ) only SIM 1 worked with network but sim 2 not working > but after editing with my imei's no network .. any suggestions i need booth sims to work!?
Click to expand...
Click to collapse
- That's because the modem partition problem,
- try
fastboot erase modem
fastboot erase modemst1
fastboot erase modemst2
fastboot flash modem NON-HLOS.bin
fastboot flash modem modemst1.bin
fastboot flash modem modemst2.bin
- after that restore qcn already in the edit imei previous,
if still not successful,
then delete all partitions (boot, splash, userdata, cache, system) via fastboot, and then flash a stock rom via qfil or qualcomm downloader continued upgrading to latest stock rom, then restore qcn.
thanx that worked for me , now i get the two sims to work like a charm but still second imei is showing null !! i have no problem as long as sims are working but it is good if some one give a reason! thanx in advance
wrongly restored efs,modem... partitions from a lenovo a6000+ to another a6000
wrongly restored efs,modem... partitions (using TWRP) from a lenovo a6000+ to another a6000
i have no backups of the corresponding partitions of this phone
now phone showing imei null and sim detection errors also ui getting unstable and services are unstable in stock rom (most times) when flashed using qualcomm downloader & bootloops in other some custom roms.
fastboot,recovery etc of the phone is perfectly working.
when i did writing the altered qcn (with corresponding imei) via qpst i got just errors.
can anyone help me troubleshoot this ??
https://drive.google.com/file/d/0BwFcGoIexiPed210VXdnY2xUYU0/view?usp=sharing
zround said:
Required :
- Driver Qualcomm for Windows
- QPST_2.7.422.zip
- Driver ADB Installer
- Modem Lenovo A6000/A6000+ include ADB fastboot
- Extrac Modem in drive C:\adb and open the folder
** Edit file qcn use HxD change IMEI and Convert IMEI
SIM 1
Sector 343 Offset 0002AE50 point 00-08
Change 08 8A 76 21 04 22 57 85 45 adjust to you IMEI-1
SIM 2
Sector 188 Offset 000178E0 point 00-08
Change 08 8A 76 21 04 22 57 85 26 adjust to you IMEI-2
** Step change IMEI :
1. Open Convert IMEI
2. Write you IMEI-1 and klik Convert
3. Open HxD
4. Press Ctrl + F write/copas 08 8A 76 21 04 22 57 85 45 Datatype Hex-values Direction All - Ok
5. Replace it with IMEI-1 numbers convert results
6. Write you IMEI-2 and klik Convert
7. Open HxD
8. Press Ctrl + F write/copas 08 8A 76 21 04 22 57 85 26 Datatype Hex-values Direction All - Ok
9. Replace it with IMEI-2 numbers convert results
10. Close HxD and save file qcn
** For those who use stock rom not need root can be directly executed steps :
1. Install driver qualcomm, qpst, adb installer
2. Open the folder C:\adb
3. Press and hold down the Shift + Right Click - Open command windows here
4. Sign in fastboot mode button (vol- & power) and type :
fastboot erase modem (enter)
fastboot erase modemst1 (enter)
fastboot erase modemst2 (enter)
fastboot flash modem NON-HLOS.bin (enter)
fastboot flash modem modemst1.bin (enter)
fastboot flash modem modemst2.bin (enter)
5. Turn off the phone remove the battery
6. Sign test mode button (vol+ & Power)
7. Open QPST software download
8. Tab Restore
9. Browse PORT Qualcomm Diag
10. If you already connect, browse file QCN
11. Select the edited file QCN use hex editor
12. Tick Allow phone/file ESN mismatch
13. Start (wait for the process)
14. Reboot phone
15. Check the IMEI
16. Check signal SIM-1 the WCDMA/LTE only
17. Finished :laugh:
** For those who use custom rom / are not able to enter the test mode must root stock rom steps:
1. Root
2. Open SuperSU settings default access to Grant
3. Turn off the phone
4. Proceed to step 1 to 5
5. Turn on the phone
6. Install Terminalemulator.apk
7. Open terminalemulator type su (enter)
8. Type setprop sys.usb.config diag, adb (enter)
9. Continue to restore files qcn step 7 to finish
Special thanks :
- Allah SWT.
- Carlos Spitzer
- fawazahmed0
- Robby Primarizal
- Hanif Nurul Huda
- Amri Gadroen
- All member (OFFICIAL INDONESIA) LENOVO A6000 INA
Click to expand...
Click to collapse
Using Window 10, I'm not able to perform 1s step) Shift + click anywhere in folder, I think driver is not supported
2) not able to install terminal emulator bcz unknown source blocked and not working .
I edited the QCN file but unable to move forward from first step,
What should I do,
No communiction device , no imei, no bluetootgh, no wifi.
Should I use windows 7? Also how to install terminal apk if unknown source is not getting enabled for security purpose? Can I perform these steps on MM custom roms?
zround said:
Step :
Masuk fastboot dan erase semua partisi, (boot, userdata, cache, system, modem, modemst1, modemst2)
Flash stock rom Lollipop via qfil qpst atau qualcomm downloader
Root
Masuk fastboot dan eksekusi
fastboot erase modem
fastboot erase modemst1
fastboot erase modemst2
fastboot flash modem NON-HLOS.bin
fastboot flash modem modemst1.bin
fastboot flash modem modemst2.bin
Restore qcn
Click to expand...
Click to collapse
Bro ganteng...
Abis ngikutin langkah tersebut di atas
Ane malah got Baseband: Unknown
Panik...
Trust flash page Downloaded yg Ada do ....kitkat_ROW.zip
baseband balik...
Imei Null
Trus Masukin imei pake program imei writter
Jadi
Normal
Tapi "tetep no service"
What's should I do ya Gan?
Any other method Kali Gan...
BTW... Makasih banyak udah menginspirasi
rifky said:
Bro ganteng...
Abis ngikutin langkah tersebut di atas
Ane malah got Baseband: Unknown
Panik...
Trust flash page Downloaded yg Ada do ....kitkat_ROW.zip
baseband balik...
Imei Null
Trus Masukin imei pake program imei writter
Jadi
Normal
Tapi "tetep no service"
What's should I do ya Gan?
Any other method Kali Gan...
BTW... Makasih banyak udah menginspirasi
Click to expand...
Click to collapse
Lollipop only om bosku, :laugh:
pankajy said:
Using Window 10, I'm not able to perform 1s step) Shift + click anywhere in folder, I think driver is not supported
2) not able to install terminal emulator bcz unknown source blocked and not working .
I edited the QCN file but unable to move forward from first step,
What should I do,
No communiction device , no imei, no bluetootgh, no wifi.
Should I use windows 7? Also how to install terminal apk if unknown source is not getting enabled for security purpose? Can I perform these steps on MM custom roms?
Click to expand...
Click to collapse
Try opening of adb cmd wear this in windows 10
- Flash stock rom lollipop
- Then follow these instructions
If you still can not, then tried to use windows 7 because I put windows 7 when executed
zround said:
Lollipop only om bosku, :laugh:
Click to expand...
Click to collapse
thanks...
AWALE PANCEN LOLLIPOP Gan
it is lollipop lho...
i decide to flash KITKAT because, the BaseBand Unknown show up after trying flash it back with lollipop Bro...
ngono lho
but finally it is back to lollipop again now, of course with All time "No Service" message
yesterday... i try to do all those wonderfull steps of yours again...
but alhamdulillaah... i have no luck... yet
actually... what is the lolllipop version of the phone should be to do those step you wrote
because i did it with my A6000 using the latest lollipop 5.0.2 / Kraft-A6000_S061_100727, is it matter? (singing Nothing Else Matters)
and would you please checkput my attachment please, did you see anything wrong there?
btw, where did you get those modem, modemst1, modemst2 & non-hlos bin files from? would you mind share it with us
always thanks in advanced
Sobaro said:
thanx that worked for me , now i get the two sims to work like a charm but still second imei is showing null !! i have no problem as long as sims are working but it is good if some one give a reason! thanx in advance
Click to expand...
Click to collapse
really? you did it?
so glad to know that :good:
congrat man
would you please tell me what version of firmware do you have?
mine is like in the attachment
Thanks in advance
I've bricked radio/modem in my ZUK Z2 pro by hidden settings and „Set GSM/UMTS band” to USA band (only choice)
I live in Europe. I am a quite advanced user, I always root every phone.
Android Google play offered me to install an app „hidden settings”. I did.
There was a select radio band option. I clicked it just to check. In old MTK phones in engineering mode there were a list, like this http://www.cellphonemic.com/image/cache/data/B9500-band-500x500.jpg
But in new ZUK Z2 pro with android 6 there was a choice of USA band (only choice).
Something like this
http://attach.en.miui.com/forum/201608/23/031335orzj1vxxar1vymvm.png.thumb.jpg
It affected only the first SIM slot. Now my first SIM cannot connect - cannot send/receive calls and cannot send SMS. Changing to 3G and 2G gives me a no service. Changing to 4G gives me connection but only data works, cannot call, cannot send a SMS.
Many people have this problem after „Set GSM/UMTS band” to USA band (only choice). This is not a ZUK Z2 problem but Android settings problem.
IT'S STUPID that it could be undone. In OLD android there were a list:
"Automatic", "EURO Band", "USA Band", "JAPAN Band", "AUS Band", "AUS2 Band"
Method:
start an adb shell
type:
am start -n com.android.settings/.BandMode
works.
In new android there is only one entry "USA band".
I know people tried many things.
“Factory reset but that didn't help.”
“I did factory reset and nothing, I installed the factory image and either. “
I did for instance:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1
Restart. No result.
It's very frustrating that the software will not allow me to reverse what he did.
Problem probably is here:
https://android.googlesource.com/pl....0_r26/src/com/android/settings/BandMode.java
Many people on many forums described this on many different phones and there is no solution.
One guy mentioned:
“Switch the phone to FLIGHT/AIRPLANE MODE (I did this by dragging down the top menu bar on my phone which is running a custom rom)
Press the menu key and SELECT RADIO BAND - you'll see the complete list of country bands - do NOT select a band yet....”
but it does NOT work for zuk z2 pro.
Zuk Z2 pro is no alone. One said: “Tks 4 ur guide !” but another “I try your trick,but not work in my device.”
One guy (Bitdomo's) made a custom rom for “nexus 5x” - instead of querying the baseband for available band modes just displays all six band modes. People were happy. “I flashed your ROM and then Phone Information had Auto in select band using which I switched back to GSM.”
https://img.xda-cdn.com/Lpw6Ao9fHG6...es.hu/151126/ffsafas_www.kepfeltoltes.hu_.png
or “ I resolved the problem by flashing Bidomo's ROM”.
But I don't have Nexus 5, I have Zuk Z2 pro.
So the only solution to change baseband is changing the source code of BandMode.java, compile and flash my own rom in the Zuk Z2 pro ?
Not cool Google.
There is probably also a second option:
“Well guys, if anyone else is having this problem now, there is an easier method. You can just restore your efs backup. Yes it's for root users only, but if you have it, it's as easy as rebooting to twrp and restoring efs then reboot without wiping anything.
Btw I have really no idea why google didn't implement an auto band option...”
But I don't have EFS backup...
some said:
“i just flash radio .img solved.”
I don't have radio.img for Zuk Z2 pro
Probably this setting has changed just a byte in a configuration. Does anybody have any idea where could it be ? Or any idea how to fix this baseband ?
Please help.
PS Fortunately second SIM card in my Zuk Z2 pro works. Strange, heh?
Problem SOLVED, but crazy.
As I mentioned I ****ed up my sim1 network when I clicked hidden settings (also can be reach by *#*#4636#*#*) and „Set GSM/UMTS band” to USA band (only choice in ZUK Z2 pro). Then my first sim1 could not call/send sms. Sim2 worked ok.
Even
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1
and restart had had no result.
My baseband was:
#> getprop | grep -i baseba
[gsm.version.baseband]: [.2.0.c1.9-00026-M8996FAAAANAZM-1]
[gsm.version.baseband1]: [.2.0.c1.9-00026-M8996FAAAANAZM-1
I downloaded
https://drive.google.com/drive/folders/0B_e7IyAKmSLcTE0wdXcxdDhFb2c?usp=sharing
the same
filename: zuk_z2_baseband_2.0.079.zip
Baseband version: .2.0.c1.9-00026-M8996FAAAANAZM-1
supported Android version: 6.x/7.x
mentioned here https://zukfans.eu/community/threads/zuk-z2-baseband-collection-versions.4565/
There was a file
bytes 81568256 name NON-HLOS.bin
This is for ZUK z2, I have "zuk z2 pro" version but someone says it is the same.
The version match I hope.
But before I flashed it I made a backup of my modem by
# ls -l /dev/block/bootdevice/by-name/ | grep modem
lrwxrwxrwx 1 root root 16 Sep 28 1970 modem -> /dev/block/sde11
lrwxrwxrwx 1 root root 15 Sep 28 1970 modemst1 -> /dev/block/sdf1
lrwxrwxrwx 1 root root 15 Sep 28 1970 modemst2 -> /dev/block/sdf2
# dd if=/dev/block/sde11 of=/storage/emulated/0/DCIM/Camera/NON-HLOS-my.bin
194560+0 records in
194560+0 records out
99614720 bytes (95.0MB) copied, 1.575881 seconds, 60.3MB/s
and then I copied NON-HLOS-my.bin by android ftp server to my local computer disk. It was REALLY IMPORTANT !
I flashed
adb reboot bootloader
fastboot -i 0x2b4c flash modem non-hlos.bin
fastboot -i 0x2b4c erase modemst1
fastboot -i 0x2b4c erase modemst2
fastboot -i 0x2b4c reboot
(*) non-hlos was from
zuk_z2_baseband_2.0.079.zip
Baseband version: .2.0.c1.9-00026-M8996FAAAANAZM-1
After reboot I had neither cell network or wifi network !!!
Again erasing:
adb reboot bootloader
fastboot -i 0x2b4c erase modemst1
fastboot -i 0x2b4c erase modemst2
fastboot -i 0x2b4c reboot
The same
No wifi ! no sim 1, no sim2 !!!
**** I said.
So fortunately I had a backup.
So
adb reboot bootloader
fastboot -i 0x2b4c flash modem NON-HLOS-my.bin
fastboot -i 0x2b4c erase modemst1
fastboot -i 0x2b4c erase modemst2
fastboot -i 0x2b4c reboot
My wifi network and sim2 network were back, but not only ! Crazy thing, but my sim1 started working again !
Crazy heh ?
Probably this new NON-HLOS.bin which didn't work wrote something in the configuration and after re-flashed NON-HLOS-my.bin again it was able to went away from this stupid USA band and refreshed.
After this: sim1 and sim2 work again. Both can see GSM/3G, I can call/send sms by both.
SOLVED !
I have same problem with my new Lenovo legion pro 2 phone what steps would I have to change
I think I have figured out how to root every G6 that is still ARB 0, and doesn't currently have root.
However, I can't test it (sorry not buying yet another G6), so I need someone willing to try.
If I am wrong, you WILL end up with a brick that can't be fixed except by LG.
If you are interested, reply to this thread. Please do not PM me, it will be ignored (sorry too many PMs).
Also, please don't quote this entire post .. just @ mention me.
-- Brian
@runningnak3d I will try it. I have a G6 H873 to test the method on. If it bricks, it bricks for science.
@runningnak3d does this also include bootloader unlock as alluded you may be able to accomplish in your LAF thread? If yes, then i have a H870DS im willing to risk.
@runningnak3d I have an LG G6 sitting on a desk doing nothing because of lack of root option, I wouldn't care to brick it if it is trying to root it, I vae another device as a daily driver
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
runningnak3d said:
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
Click to expand...
Click to collapse
US997z US Cellular unlocked ARB not sure but if that means anti-rollback version 0000 android Oreo 8.0.0
[ro.lge.swversion_arb]: [ ] I guess that means 00
runningnak3d said:
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
Click to expand...
Click to collapse
LG-H870DS/8.0.0/?
SW ver V20d-TWN-XX
Kernel 3.18.71
Hi Brian, how do we find ARB version?
bick said:
LG-H870DS/8.0.0/?
SW ver V20d-TWN-XX
Kernel 3.18.71
Hi Brian, how do we find ARB version?
Click to expand...
Click to collapse
use adb shell... once in adb shell type: getprop ro.lge.swversion_arb
if the output in command prompt window is empty I guess is = 00 if it is 01 then you should get 01 as the output of the command
JEANRIVERA said:
use adb shell... once in adb shell type: getprop ro.lge.swversion_arb
if the output in command prompt window is empty I guess is = 00 if it is 01 then you should get 01 as the output of the command
Click to expand...
Click to collapse
Came back with nothing:
C:\adb>adb shell
lucye:/ $ getprop ro.lge.swversion_arb
lucye:/ $
bick said:
Came back with nothing:
C:\adb>adb shell
lucye:/ $ getprop ro.lge.swversion_arb
lucye:/ $
Click to expand...
Click to collapse
I guess that means it is 00 then
Model: H873
Android Version: 8.0.0
ARB: 00
---------- Post added at 08:49 AM ---------- Previous post was at 08:45 AM ----------
JEANRIVERA said:
US997z US Cellular unlocked ARB not sure but if that means anti-rollback version 0000 android Oreo 8.0.0
[ro.lge.swversion_arb]: [ ] I guess that means 00
Click to expand...
Click to collapse
When I retrieve that value, it returns "ARB00", so I'm not sure if having no value at all means the same thing or not.
Code:
lucye:/ $ getprop ro.lge.swversion_arb
ARB00
A much more reliable way:
Code:
adb shell cat /sys/bus/platform/devices/lge-qfprom/antirollback
Example from an H872:
Code:
$ adb shell cat /sys/bus/platform/devices/lge-qfprom/antirollback
1
With that said, if you are ARB 0, then first we need to get a laf version that we can work with.
Follow the instructions in this post: https://forum.xda-developers.com/tmobile-g6/how-to/root-h872-to-including-11g-t3775518
Except:
Instead of the H91810p KDZ, download the H91510e: link
Instead of any of the H872 KDZs, download the KDZ for the version that is currently on your phone.
Only do PART 1 of the procedure to get the H915 laf onto your phone. Do NOT proceed onto flashing TWRP. If you do, you will brick your phone.
Also, go ahead and get an SD card formatted FAT16 or FAT32. It can't be exFat, NTFS, or ext2, 3, or 4 -- laf can only read FAT partitions on the SD card. It only needs to be big enough to hold TWRP, and the eng. aboot (256meg would do).
Lastly, get FWUL downloaded and burned to a USB stick, and make sure you can boot with it and have network connectivity.
Really last this time -- anyone that wants try this is welcome, but I suggest that you let ONE person try it so that you don't all end up with bricks if I am wrong.
Once I get confirmation that someone has completed the above steps, I will post the remainder on how to unlock your bootloader, and actually flash TWRP.
-- Brian
Okay, going through the procedure for my device now. If anyone wants protection from bricking their phone, I've taken on the smallest straw. Will update very soon.
UPDATE
Sorry for the delay everyone. I said 'very soon' but my wife had an errand schedule for our day.
My initial download of the KDZ apparently corrupted so it took me a while to figure out that it was the problem. Fresh download was accepted by LG UP just fine.
LG UP indicated an "ARB PASS: SUCCESS" after the laf partition flashed and then once my H87320g KDZ was flashed without the laf, it has now rebooted into a stock LG install, no bootloop or brick.
Download TWRP: link
Download eng. aboot: link
Copy them both to your SD card, and then put it in your phone, and boot to download mode. Your screen probably won't init -- so all you will see is "download mode" in blue, and not the full download mode screen .. that is normal.
Boot up FWUL from the USB stick, and hook your phone up to your PC.
Login (password is linux)
On the desktop is an LG folder -- open it. Inside is runningnak3d icon -- double click it.
You will be at a shell prompt. Type:
Code:
git pull
git checkout h872-miscwrte
./partitons.py --list
Post the output here...
-- Brian
runningnak3d said:
Download TWRP: link
Click to expand...
Click to collapse
Which TWRP should I grab, the one for H872?
---------- Post added at 03:42 PM ---------- Previous post was at 03:25 PM ----------
I downloaded the H872 one. Here is the output of those commands:
Code:
[B][[email protected] lglafsploit]$[/B] git pull
remote: Enumerating objects: 73, done.
remote: Counting objects: 100% (73/73), done.
remote: Compressing objects: 100% (49/49), done.
remote: Total 66 (delta 42), reused 28 (delta 17)
Unpacking objects: 100% (66/66), done.
From https://gitlab.com/runningnak3d/lglaf
11caab1..05a924a h872-miscwrte -> origin/h872-miscwrte
3ef85ef..8c04118 h918-miscwrte -> origin/h918-miscwrte
* [new branch] h932-dd-write -> origin/h932-dd-write
4f5522c..be4d9e0 v10-miscwrte -> origin/v10-miscwrte
Already up to date.
[B][[email protected] lglafsploit]$[/B] git checkout h872-miscwrte
Branch 'h872-miscwrte' set up to track remote branch 'h872-miscwrte' from 'origin'.
Switched to a new branch 'h872-miscwrte'
[B][[email protected] lglafsploit]$[/B] ./partitions.py --list
MBR Header
LBA size (sector size): {0} 512
Number of MBR partitions: 1
# Active From(#s) Size(#s) Code Type
1 _ 1 4294967295 EE EFI GPT protective MBR
GPT Header
Disk GUID: 98101B32-BBE2-4BF2-A06E-2BB33D000C20
LBA size (sector size): 4096
GPT First LBA: 1
GPT Last LBA: 59391
Number of GPT partitions: 29
# Flags From(#s) To(#s) GUID/UID Type/Name
1 1152921504606846976 6 10245 20117F86-E985-4357-B9EE-374BC1D8487D Unknown
471A9803-7DF2-5BFE-55D0-6B0A138D0E0E boot
2 1152921504606846976 10246 20613 9D72D4E4-9958-42DA-AC26-BEA7A90B0434 Unknown
CEE95E9A-4402-59CD-3748-2AE13F052C01 recovery
3 1152921504606846976 20614 30981 DF24E5ED-8C96-4B86-B00B-79667DC6DE11 Unknown
27DDFCD8-D866-57EA-0DEA-04D6FCC0C386 recoverybak
4 1152921504606846976 30982 31493 A053AA7F-40B8-4B1C-BA08-2F68AC71A4F4 Unknown
4C1ADAD3-D945-8B94-5FD8-461F57BF5546 tz
5 1152921504606846976 31494 32005 E6C8667F-8044-44A7-B1D9-BEFE88AAD86C Unknown
A48C85CC-487D-AE1E-4A66-4223711B9FD1 tzbak
6 1152921504606846976 32006 32517 400FFDCD-22E0-47E7-9A23-F16ED9382388 Unknown
97D88AF5-8BAF-4993-2172-94D497B88DC3 aboot
7 1152921504606846976 32518 33029 C993E3DF-FE66-49C9-8D8D-7C681C4DCAE9 Unknown
695164DD-4E12-F27E-1989-28CBB576459E abootbak
8 0 33030 34053 4627AE27-CFEF-48A1-88FE-99C3509ADE26 Unknown
D267834D-FAB1-920A-E6FC-A56D7420459F raw_resources
9 0 34054 35077 C1DAB2CF-697D-4665-B43D-00BA47487528 Unknown
B9795B4C-400D-1E60-205B-5650DEE574C5 raw_resourcesbak
10 1152921504606846976 35078 35205 098DF793-D712-413D-9D4E-89D711772228 Unknown
C56E8DC3-3671-12F1-8A01-BC9981649736 rpm
11 1152921504606846976 35206 35333 680CA584-238C-4E0F-8438-15F43257A055 Unknown
C3DB3F2B-A906-A9ED-5021-259DEC048569 rpmbak
12 1152921504606846976 35334 35461 E1A6A689-0C8D-4CC6-B4E8-55A4320FBD8A Unknown
88BE6260-D924-EAF8-BE5A-363EDE26C991 hyp
13 1152921504606846976 35462 35589 24C03326-2523-4E03-8C5E-B07ED7A44CD9 Unknown
0CE8ECBE-46EE-3889-9130-6533519A807F hypbak
14 1152921504606846976 35590 35717 C00EEF24-7709-43D6-9799-DD2B411E7A3C Unknown
343B1328-A7F3-5284-0463-11EC47201309 pmic
15 1152921504606846976 35718 35845 4E646DCC-29E2-459A-B7C5-618E6F3AD76A Unknown
34B1563F-E471-03A6-99F3-FEC1CC85CC80 pmicbak
16 0 35846 35877 F65D4B16-343D-4E25-AAFC-BE99B6556A6D Unknown
D6A64FD3-7F54-545C-48D8-9791D2D632ED devcfg
17 0 35878 35909 10A0C19C-516A-5444-5CE3-664C3226A794 Unknown
0572C0B3-91F0-E82E-08D0-4276C17B4C3F devcfgbak
18 1152921504606846976 35910 57925 A8944C60-3BD0-442F-94C1-D137A5F9C383 Unknown
F5165B81-2DA2-B61D-C11C-82E7B5C7409F modem
19 1152921504606846976 57926 58053 303E6AC3-AF15-4C54-9E9B-D9A8FBECF401 Unknown
7A18B22B-D98E-598B-48D9-672F34850E54 sec
20 1152921504606846976 58054 58181 4F772165-0F3C-4BA3-BBCB-A829E9C969F9 Unknown
494050D0-F6E5-1440-FA96-4E4ECB3DD491 keymaster
21 1152921504606846976 58182 58309 7C29D3AD-78B9-452E-9DEB-D098D542F092 Unknown
4A9A5D18-8149-97ED-C7A9-04B53EFE2E85 keymasterbak
22 1152921504606846976 58310 58437 73471795-AB54-43F9-A847-4F72EA5CBEF5 Unknown
FD7411E7-3C64-42A8-D306-6B31AD271019 cmnlib
23 1152921504606846976 58438 58565 7C29D3AD-78B9-452E-9DEB-D098D542F092 Unknown
8A2F1492-8C9E-3F67-EB15-84FADE9A8058 cmnlibbak
24 1152921504606846976 58566 58693 8EA64893-1267-4A1B-947C-7C362ACAAD2C Unknown
F00B6251-F0EA-9516-C3A3-C3D7AEDDF7A1 cmnlib64
25 1152921504606846976 58694 58821 379D107E-229E-499D-AD4F-61F5BCF87BD4 Unknown
3B2CA5FC-07C6-9A73-2EE4-E4E9E7D3001A cmnlib64bak
26 1152921504606846976 58822 58949 E6E98DA2-E22A-4D12-AB33-169E7DEAA507 Unknown
C4655C1F-AC8F-9BC0-469D-211E69A237E9 apdp
27 1152921504606846976 58950 59077 ED9E8101-05FA-46B7-82AA-8D58770D200B Unknown
705B6B2F-C1C5-C343-B70F-6DB5F9E10D68 msadp
28 1152921504606846976 59078 59205 11406F35-1173-4869-807B-27DF71802812 Unknown
BE798179-83E0-F385-4B9B-3FF815104459 dpo
29 0 59206 59206 3716CB88-FF5A-4DEE-A392-12A05637B49D Unknown
830F530A-C109-D818-959A-1C0BADE11951 grow5
While the H872 version should work, grab the one for the US997.
OK....
Here goes the magic (or the boom and cry -- depending on the outcome).
Actually -- let's make sure you have full root access first....
Type:
Code:
./lglaf.py
whoami
-- Brian
Alright, I grabbed the US997 version. Here is the output:
Code:
[B][[email protected] lglafsploit]$[/B] ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.#
xrosser said:
Alright, I grabbed the US997 version. Here is the output:
Code:
[B][[email protected] lglafsploit]$[/B] ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.#
Click to expand...
Click to collapse
Hmmm... that isn't good. That makes no sense actually.
Try:
Code:
!EXEC toybox whoami\0
Two spaces between EXEC and toybox
-- Brian
Same output. It is a strange return for that command... I even tried 'echo $USER' and same result.
Code:
[[email protected] lglafsploit]$ ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.# !EXEC toybox whoami\0
Hello, I am LAF. Nice to meet you.# echo $USER
Hello, I am LAF. Nice to meet you.#