Hello everyone welcome to my little guide on how to change the mac address of the mi pad 4.
Code:
IM NOT RESPONSIBLE FOR ANYTHING YOU DO WITH YOUR DEVICE! U KNOW THE RISKS
I plan to release a app or at least binary in the next few days to speed up the process for u
Requirements:
- Root
- a hex editor
- a Mi Pad 4
MAKE A BACKUP OF THE PERSIST FOLDER BEFORE!!!
Open the Hex editor
Open the file /persist/wlan_mac.bin (obvious name xiaomi)
The layout of the file is as follows:
It contains 3 mac addresses - one primary and two for fallback(s)
The addresses are displayed in HEX - every hex digit represent two numbers of the mac address
a possible content would be:
20 a4 0f 5b 34 24 20 a4 0f 5c 34 24 20 a4 0f 5a 34 24
To change the actual address simply change like a few bytes of the first address
20 a4 0f 5b 34 24 -> 21 a2 ff 4b 24 34
and reboot the phone.
DO NOT ADD ANY DIGITS THE FILE HAS TO BE 24 BYTES BIG!!
Thats all but be careful with changing the digits not ALL possible combinations are allowed by routers!
Remember that HEX digits are: a-f and 0-9
Feel free to leave a reply or leave a thanks if i helped u.
Related
Hi 2 All!
Please, can you help me in solving with the following problem.
I have download file bootloader.exe to my hp ipaq 1930 and I run it.
Now I see hp logo on white font and some numbers (bootloader version?) 1.07 and under it 1.07
Certainly, hard reset and removing the battery for 2-3 days didn't help. As I was said I need only to run update from big pc. I have another 1930, alive. I made rom-image to sd card using mtyy
Flashing with the card with rom-image didn't help to my injuried 1930
I contacted hp and they said to me that
the rom version for hp1940 1.00.03 is compatible. Then I ran the update, before that changing in the *.nbf file 1940 to 1930 and started flashing. It went to 75% and stoped saying Update error.
Then I was said to fullfill sd card with one symbol (Z). Then I made again a rom-image and I copied all hex values above code Z into a new file. I founf 2 entering starting from FE 03 00 EA and deleted the values above. Then I copied from 1940 nbf the following information^
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 68 70 20 69 50 41 51 20 68 31 39 34 30 00 00 31 hp iPAQ h1940..1
00000010 2E 31 30 2E 32 30 20 45 4E 47 00 00 00 00 0F F6 .10.20 ENG.....?
00000020 71 77 00 00 0C 01
and in the dress from E1-21 wrote checksum value in 32 bit and length of the file in the addresses from 22-25. Then I copied the file into the folder from 1940 with the name=the name of the *.nbf file in the folder. I started update. It began and stoped on 50% saying "Update eroor"
Are there any ideas? Thanks a lot.
Or perhaps somebody has firmware for 1930/35? Thanks a lot
Maybe these people could help you, they must have the image if they are offering the service.
http://www.ipaqrepair.co.uk/ipaqpart447.html
Thanks. Here is the *.nbf file for 1930. http://www.megaupload.com/?d=HROH0ZOO It must have the same nema, as it is in the folder, where 1940 utiilty unpack it's files.
Copy it where the 1940 romupdateutility unpacked it's files. Then run again the utility
Alva said:
Thanks. Here is the *.nbf file for 1930. http://www.megaupload.com/?d=HROH0ZOO It must have the same nema, as it is in the folder, where 1940 utiilty unpack it's files.
Copy it where the 1940 romupdateutility unpacked it's files. Then run again the utility
Click to expand...
Click to collapse
hello could you please re-upload file?
Rom? where is the rom for 1930? please help me
I think this question has not been answered, or it's my lack of searching skills.
Anyway, I have two HD2 phones(both running android) and use Wi-Fi all the time when I'm home.
The problem is that they have the same Mac address, so I can't use them simultaneously.
I tried flashing different roms, different android builds, but nothing seems to work.
Is there any way I can fix this problem?
Thank you in advance.
1.
Tmous HD2
WM: Miri_HD2_WM65X_23139_Sense25_V23.0_WithSwype
Android: FroyoStone Sense V3.1
MAC Address: 00 90 4c c5 00 34
2.
Tmous HD2
WM: CleanEx Core 3.5
Android: phireMOD_SkinnyEVO_v1.3
MAC Address: 00 90 4c c5 00 34
there should be no way at all for both of your devices to have the same mac address.
"00 90 4c c5 00 34" <--do you see this in windows or in android?
the thing is, last i checked, ALL android builds for the HD2 so far are UNABLE to use your device's ACTUAL mac address. instead, the developers have hardcoded a mac address into the HD2 android kernel(s) currently available. the android build i'm using hardcodes "00 11 22 33 44 55" as the mac address even though my device's ACTUAL mac address is much different (when viewed in windows).
i vaguely remember reading somewhere that this is one of the few "to dos" remaining for the developers...keep your fingers crossed, it might all be fixed soon.
finally, to verify, i suggest booting BOTH of your HD2s into windows and then make sure there is no mac address conflict. if so, then there is something really really fishy going on. if the problem occurs only when both HD2s are running android, then the above mentioned theory is probably in effect.
Thanks.
I used wifi on the stock rom with no problems.
Maybe I should try one with "00 11 22 33 44 55" and see if what happens.
Hey all,
I've been looking into how QDLTool works a bit and figured out how to swap the images that it flashes. Please note that QDLTool verifies image hashes for a good reason. You should understand the risks before attempting to meddle with QDLTool for any reason. Anything you do is at your own risk.
I would *strongly* recommend not flashing anything but amss, system, recovery and boot from any custom builds. Any time you flash a partition image, dbl, fsbl or osbl, you run the risk of bricking your device beyond recovery.
Important note: The information below is based entirely on analysis of QDLTool. I haven't used this to flash an image yet. If you plan on using this for development, you'll have to take that step.
Let's get to the details:
QDLTool automatically determines what to flash from the images/ directory. It stores a hash internally for each of the files that it will flash. This hash is basically just a 32-bit XOR of the bytes in the file:
Code:
#!/usr/bin/python
import sys
x = open(sys.argv[1], "rb").read()
print "%02x%02x%02x%02x" % (reduce(lambda x,y: x^ord(y), x[3::4], 0), reduce(lambda x,y: x^ord(y), x[2::4], 0), reduce(lambda x,y: x^ord(y), x[1::4], 0), reduce(lambda x,y: x^ord(y), x[0::4], 0))
To swap out an image, you need to patch the old hash of a file that was previously flashed with the new hash of the file that you'd like to flash.
For this post, I'll assume you're looking at QDLTool from streakflash.zip with MD5 = 63b64ba6a9d1ee770998d2a0e4a19df1.
In this file, the hashes start at offset 0x5fa90. There are 14 of them:
Code:
0005fa90 0b b0 a7 5c 3e e9 bb 29 17 4e 8d ac a0 dc 43 62
0005faa0 2c 3f 4e f1 fb 6b fc 80 11 9d 22 07 66 70 22 4a
0005fab0 bc 38 64 95 d2 c6 72 29 6d f8 99 e2 cc 74 14 49
0005fac0 1b ad 7a 9c 77 fb ee cc
As 32-bit words, they are:
5CA7B00B
29BBE93E
... etc ...
9C7AAD1B
CCEEFB77
In order, they are:
00. Partition (hash = 5CA7B00B)
04. Dbl (hash = 29BBE93E)
08. Fsbl
0c. Osbl
10. Amss
14. Dsp1
18. DT
1c. Appsbl
20. Boot
24. System
28. Userdata
2c. Recovery
30. Logfilter
34. RCFile
So, if I wanted to flash a new recovery, I'd take the hash of my recovery file via the Python script above, then replace the bytes at 0x5fa90 + 2c = 0x5fabc with my hash (stored in little-endian, of course).
It's a bit of manual work at this point, but I think a lot of this could be automated. You'd probably be better off and safer using batch files and fastboot though.
we discovered batch files to flash the images is a bad idea as some images cant be flashed using the normal fastboot mode
Thanks,
i'am looking some infomation about QDLTool also.
but i've no idea what hash was
i'll probatly wait for some "automated" way
QDLTools has so much potention. Somebody that knows coding should make it a automated system for us the little people...
Sent from my Dell Streak using XDA App
Yes, it would be nice if someone could figure out a way to insert new "roms" into the QDL tool, so when new updates are release, it would be a no brainer to do the updates without having to go through a bunch of command lines, or hocus-pokus to get an updated rom (minus the bloated carrier rom) onto the device.
Years ago, I played around with Linux, and found the same issue. A lot of command line knowledge is required. My command line stopped at dos 6.x, going all the way back to dos 2.x
Windows spoiled everyone
I do not plan to "make 10 helpful posts", but i have question for "[HOWTO] GT-I9100 Free SIM Unlock via nv_data.bin by Odia" ( http: //forum.xda-developers.com/showthread.php?t=1064978 ). If moderator thinks, that the question deserves to be in its right place, please move it.
5. If the hash is 7D 3E 17 CF CD 81 6C AC D4 E0 25 FA A6 50 04 FD D1 7D 51 F8 ignore it since that is 00000000
6. Put the hash into the BF exe for example:-
ighashgpu.exe /h:EF63BF26E2382917D96850CCF9632458EE6E6C77 /t:sha1 /c:d /max:8 /min:8 /salt:0000000000000000
and wait for it to finish, do that for each hash which is not zeros, the Found password: [50681318] is the code.
Click to expand...
Click to collapse
I don't understand how sha1 of 506813180000000000000000 is EF63BF26E2382917D96850CCF9632458EE6E6C77
or how sha1 of 000000000000000000000000 is 7D 3E 17 CF CD 81 6C AC D4 E0 25 FA A6 50 04 FD D1 7D 51 F8.
if i do
echo -n "0000000000000000000000000"|sha1sum
i get 8e17426f851a81f65e3626c12d5ba83132207f6f
and
echo -n "506813180000000000000000"|sha1sum
d9d4ec51debfaba4e603003e594705b81a22e2ca
can somebody explain?
Thanks
explanation
I had the same question today, finally found the solution. Similar to you, I have misinterpreted salt parameter in the quoted command example:
ighashgpu.exe /h:EF63BF26E2382917D96850CCF9632458EE6E6C77 /t:sha1 /c:d /max:8 /min:8 /salt:0000000000000000
Salt is not 16 zero digits, but 8 zero bytes (represented as hexadecimal). Try it yourself, note the e parameter of echo (enable interpretation of backslash escapes):
echo -ne "00000000\0\0\0\0\0\0\0\0"|sha1sum
7d3e17cfcd816cacd4e025faa65004fdd17d51f8 -
I have problem when i try to unpack boot.img from CM10.1.3 Stable version for I9100G.
I tried many time but It say can't find kernel or ramdisk.
Any body help me please?
Anybody help me please???????????????????????
Very few people post here these days, not even the mods seem to be around. If you want help with this, you're either going to have to be really patient (understatement, don't be surprised if you still don't have an answer in a week), or go ask in the CM discussion thread. Your question isn't exactly a 'Hlap mai fone borked ! Odin don't werk !' type query. There aren't many people who post to S2 forums anymore who can answer this type of question.
So you can either sit in this thread & not get the answers you're looking for, or you can be proactive & seek them out.
I tried to worked out with few boot images before. I dont know what is yours
can you upload it please.
If you have windows it will be easy for you to explore that image in hex editor
That what i know so far is. Open your image in hex editor and look for "error" phrase
and you will find several of that 'error' kernel error header error compression error
im my case it is last one before compressed file. You need to recognize magic of
compressed file it is just after 'error'
Ex.
for gzip is: 1F 8B 0B
for LZMA is: 5D 00 00 00 04 FF FF
you can look for that instead 'error' And then you need to cut of everything before
magic number. Make your file start of that magic number. If you do that you will be able to
decompress it. gunzip file.gz or unlzma file.lzma
or you can use your android to find archive in your boot.img
hexdump -C boot.img | grep '1f 0b 08'
and result is
000046b0 72 6f 72 00 1f 8b 08 00 00 00 00 00 02 03 ac bd |ror.............|
ant then you have hex address 46b0 witch is pointing on first byte of that line. Its 72
hex is not easy to count in your memory so we need to convert it to dec value
echo $((16#46b0))
result is
18096 but remember this addres is pointing on 72. We need address of next 4 byte 1f
so we need to count in a memory then. Addres of 1f is 18100
Its easy now. We need to extract archive from boot.img
dd if=boot.img of=archive.gz bs=18100 skip=1
And then decompress it. Thats not all it is just a clue i hope it will work out for you