Ok I got a unlock code. I put a non 3 three sim into my mobile, but its not requesting me to enter anything. Am on the Grifs_07 rom.
OK fixed! For future reference : I had to install orginal stock 2.3.3 firmware, then the code input thingy showed up.
Dear All,
For over the pass few days I have been scouring many forums known to man, yet I have found not a single method to generate password to enable USB debugging that works. Currently my device is Andromax G2 (its a rebranded of chinese phone Coolpad or Hisense) under Kitkat build 4.4.2, an AD681H series, rooted and TWRP Installed.
I have tried Maxi3, AIDE, and, UDPG but to no avail.
Maxi3 = error Meid/IMEI digit over 15 Char
AIDE = Password generated but device keep asking for password
UDPG = IMEI null
I am hoping I could found a new lead on how to crack this case in this forum.
Kindly advise.
Hello,
I have a Samsung S2 (GT-I9100), the current android version on it was 4.0.2. Recently i tried to upgrade it to android 4.1.2 (I guess it is the latest supported version for this phone isnt it?).
I tried using Samsung Kies and Odin, but always end up with the phone getting locked (I get that SIM Network Unlock PIN message).
I even tried with the "Samsung S unlock" app, but it failed to unlock it.
However, when i downgraded to 4.0.3, the "Samsung S unlock" app unlocked successfully.
I have tried several things, i called my operator to ask for the PIN (but he had no idea what an "unlock PIN" is and asked me to change my phone instead ... -.-), i even tried to extract the "hash" from my data file, and i tried to crack the hash with hashcat, but it failed. I even tried to dial *#197328640#, and proceed as some tutorials has indicated, but i couldnt go beyond the "PHONE CONTROL" menu.
So i have some questions, im planing on installing cyanogenmod (android 5.1.1), would that removed the lock? (i cant try it now, i dont have the phone on me), like is the lock only for samsungs ROMs? or it is like HARD-CODED in the phone?
Another thing is, i was taking a look at where the lock functionality is located (in the source code), and i think i was able to find it in the "hidden.img" file, in an application called SecPhone.apk (odex), so my question here is, if i somehow was able to bypass this function (like always return true or something) then repack the hidden.img and install the new version, would that work? Or i shouldnt waste my time on that?
(And can anyone provide me with the source code of the Android 4.1.2? its a bit hard and annoying to navigate though the code on the browser, i tried to download it using the google repo tool, was running that under VM (as it only works on linux), and it i didnt have enough space, so it failed, and im a bit to lazzy to re-install the VM ...)
One last thing, while examining the code, i noticed that the unlock function takes 2 parameters, the PUK and the PIN, and only if the PUK is null then that function will use the PIN, so would introducing the PUK as the unlock PIN would work?
Thank you for your time ...
Hello. I have one device... a Huawei with a spreadtrum sc8830 chipset, and I would like to flash a recovery through fastboot, but there's some sort of Spreadtrum security in the bootloader. It checks for a header like below...
Code:
SPRD-SECUREFLAG.
................
CODE....PC......
VLR:............
<28 blank lines>
ÿVLR%´õêX±‡Ð.÷Yi
ìcúD¹1ݨª£hUµ.'á
Š¨.ÈÑ'É.ñS.r/€¼.
sSú.Óu®Ñ¨©‹Æ¥Ó`€
ɯ‚ã|’.ÉM..ö<¦)
.øÅÇóHƒOxE¨.*.s.
Ô3„YáèšPÓS‘“‡t.˜
xËP´³J¬ÞŽK6.ál.ö
6¹D+.....*†.....
I've tried what was suggested in this post, but it doesn't work.
I managed to get my hands on the uboot source code on github here and here too.
So far I've discovered the secure boot file and its header. It uses some sort of hash/magic, which is decrypted by the RSA_Decrypt function and verified by the harshVerify function. I have a basic idea of how the flashed images are verified.
Is it possible to reverse the image signing using the uboot source code, or to "correctly" sign my images to be accepted by the bootloader and boot?
Thanks in advance.
A pdf file about secure boot of spreadtrum chip found https://patents.google.com/patent/CN106934289A/zh
Hi, I have a Huawei Mate 10 pro BLA-L29 C432 with unlocked bootloader frp unlocked that is hard bricked.
Reason why it was hard bricked was using HWota and flashing the wrong files
The device shows up in device manager as USB COM 1.0 (COM4) along with COMMUNICATIONS PORT (COM 1).
I have purchased the DC Phoneix + HCU timed license for 3 days ending on 3/4/2019 at 9 AM.
I have downloaded the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks" board firmware directly from DC Phoenix
I have also downloaded the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" appfile directly from DC Phoenix
I begin by selecting the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT" file in the update file selection. Then i select the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" file in the update app file selection.
I click update and am provided with the following error message to the left of the screen
File to update: BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks
Device detected:
COM4: HUAWEI USB COM 1.0 (COM4)
Writing bootloader...
Writing BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT_3.dtwork...
Error writing Bootloader
3/1/2019 1:09:05 PM Writing device finished - INCOMPLETE
I then proceeded to try the "use bootloader" option under the udpate oeminfo tab and chosen the Kiring970_T2_A8.0_V3
and i have successfully gotten my device to be recognized as follows
Looking for a device in fastboot mode
Device found: AQH7N17B29009368
SN:AQ********************* <- i have censored the following information intentionally
IMEI:866******************* <- i have censored the following information intentionally
IMEI1:86******************* <- i have censored the following information intentionally
MEID:A******************** <- i have censored the following information intentionally
Build number: :BLA-L29 8.0.0.158(C432)
Model: BLA-L29
Battery state: 0
When writing the board file, I get the following
Erasing nvme partition
ERASE partition nvme : FAIL failed to erase partition
Device with unsupported security patch
3/2/2019 11:47:18 AM Writing device finished OK
when writing the update.app file directly from dc-phoenix i get the following error
Extracting partition XLOADER...
Writing XLOADER partition
XLOADER partition UPDATE :FAIL download elf_xloader image verification error
Device with unsupported security patch
3/2/2019 12:02:09 PM Writing device finished - INCOMPLETE
i then though, okay let me try another more rescent .app file, so i downloaded the 8.0.0.158 BLA-L29 c432 "update.zip" file from the internet. I extracted the "UPDATE.APP" file and then selected it in DC-Phoneix and now i get the following message
Attention, this is OTA type file and can't be written via software. Writing it via fastboot may damage the phone. Please use files from our support area.
so I select no, because of this error. I chose to download more "update.zip" files from the internet, and they all give me this attention message.
i then proceeded to use huawei extractor tool to extract kernel,ramdisk,recovery_ramdisk, recovery_vbmeta, and recovery_vendor. I flashed them through fastboot successfully, but no life from the device. As a matter of fact, when i disconnect the device, I have to start from scratch again.
I am really running out of ideas here. =(
Chito307 said:
Hi, I have a Huawei Mate 10 pro BLA-L29 C432 with unlocked bootloader frp unlocked that is hard bricked.
Reason why it was hard bricked was using HWota and flashing the wrong files
The device shows up in device manager as USB COM 1.0 (COM4) along with COMMUNICATIONS PORT (COM 1).
I have purchased the DC Phoneix + HCU timed license for 3 days ending on 3/4/2019 at 9 AM.
I have downloaded the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks" board firmware directly from DC Phoenix
I have also downloaded the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" appfile directly from DC Phoenix
I begin by selecting the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT" file in the update file selection. Then i select the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" file in the update app file selection.
I click update and am provided with the following error message to the left of the screen
File to update: BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks
Device detected:
COM4: HUAWEI USB COM 1.0 (COM4)
Writing bootloader...
Writing BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT_3.dtwork...
Error writing Bootloader
3/1/2019 1:09:05 PM Writing device finished - INCOMPLETE
I then proceeded to try the "use bootloader" option under the udpate oeminfo tab and chosen the Kiring970_T2_A8.0_V3
and i have successfully gotten my device to be recognized as follows
Looking for a device in fastboot mode
Device found: AQH7N17B29009368
SN:AQ********************* <- i have censored the following information intentionally
IMEI:866******************* <- i have censored the following information intentionally
IMEI1:86******************* <- i have censored the following information intentionally
MEID:A******************** <- i have censored the following information intentionally
Build number: :BLA-L29 8.0.0.158(C432)
Model: BLA-L29
Battery state: 0
When writing the board file, I get the following
Erasing nvme partition
ERASE partition nvme : FAIL failed to erase partition
Device with unsupported security patch
3/2/2019 11:47:18 AM Writing device finished OK
when writing the update.app file directly from dc-phoenix i get the following error
Extracting partition XLOADER...
Writing XLOADER partition
XLOADER partition UPDATE :FAIL download elf_xloader image verification error
Device with unsupported security patch
3/2/2019 12:02:09 PM Writing device finished - INCOMPLETE
i then though, okay let me try another more rescent .app file, so i downloaded the 8.0.0.158 BLA-L29 c432 "update.zip" file from the internet. I extracted the "UPDATE.APP" file and then selected it in DC-Phoneix and now i get the following message
Attention, this is OTA type file and can't be written via software. Writing it via fastboot may damage the phone. Please use files from our support area.
so I select no, because of this error. I chose to download more "update.zip" files from the internet, and they all give me this attention message.
i then proceeded to use huawei extractor tool to extract kernel,ramdisk,recovery_ramdisk, recovery_vbmeta, and recovery_vendor. I flashed them through fastboot successfully, but no life from the device. As a matter of fact, when i disconnect the device, I have to start from scratch again.
I am really running out of ideas here. =(
Click to expand...
Click to collapse
sorry bro i never ran into situation like this
only pray for you
Anyone? =(
Chito307 said:
Anyone? =(
Click to expand...
Click to collapse
you already done what may be possible to recover
huawei can do it if it is in warranty
It's seems that the error is right there , the security patch isn't supported so it won't finish writing the files, it is stated in DC locker that some devices like mate 10 pro and newer devices are not supported the same reason why there are no new unlocked codes for bootloader on DC unlock and no new unlocked codes for sim also, have your tried flashing those files yourself through fastboot method ? With out the hcu from DC
?
I had same problème
Now phone is OK but IMEI 000000000000
This worked for me, it requires IDT and unencrypted board firmware (these are usually paid). dtgks might work if you only flash board firmware, but you have to be careful so it doesn't wipe oeminfo (if you still want to unlock after. You can still get unlock code through HCU on board firmware so it doesn't really matter).
Edit xml that comes with unencrypted board so it doesn't erase oeminfo.
Flash bootloader files with DC, phone is put in fastboot mode.
Open up IDT.
Select xml in both settings of IDT and in settings of USBMAP. In USBMAP, select com port in the list and click on Skip.
Now start flashing using IDT.
When flashing is done phone will boot to board firmware.
When on board firmware, follow this guide to get your imeis and that stuff back:
1)Flash board (already done)
2)Flash oeminfo from fastboot (own backup if available, if you edited xml you will still have your own oeminfo flashed)
3) Dump modemnvm_system, modemnvm_factory and modemnvm_backup partitions using dd and adb shell ('dd if=/dev/block/bootdevice/by-name/modemnvm_system of=/sdcard/modemnvm_system.img' and so on), board firmware has global root so you don't need to flash Magisk or anything like that (which is impossible anyway, board fw will only accept board or stock images)
4)Flash dumped modemnvm_system, modemnvm_factory and modemnvm_backup using fastboot
5)Modify and brand with HCU (check all checkboxes except the last 2, fill in any missing info)
6)Unlock Sim network with HCU
7)If you previously used HCU to get unlock code you need to generate it again (HCU patches oeminfo so their unlock code works). Also if you forgot to edit xml you'd have to generate a new code, your old code will not work if oeminfo was wiped.
8)Use dload with Service Firmware from androidhost.ru, regular update.zip does not work in dload mode.
And make sure the firmware you dload is newer than GPU Turbo firmware. (XLOADER needs to be 02, else you brick again)
Please note that you only have one shot at this... If you, for example, flash dload but forget to generate unlock code and don't have your own oeminfo flashed you will not be able to repair device without opening it up to get testpoint.
ante0 said:
it requires IDT
Click to expand...
Click to collapse
What is IDT ?
badmania98 said:
What is IDT ?
Click to expand...
Click to collapse
Image Download Tool, some leaked tool (like Odin for Samsung).
It's available on androidhost.ru iirc
I need dload with Service Firmware please
I flashed with many firmware no seccess
ante0 said:
This worked for me, it requires IDT and unencrypted board firmware (these are usually paid). dtgks might work if you only flash board firmware, but you have to be careful so it doesn't wipe oeminfo (if you still want to unlock after. You can still get unlock code through HCU on board firmware so it doesn't really matter).
Edit xml that comes with unencrypted board so it doesn't erase oeminfo.
Flash bootloader files with DC, phone is put in fastboot mode.
Open up IDT.
Select xml in both settings of IDT and in settings of USBMAP. In USBMAP, select com port in the list and click on Skip.
Now start flashing using IDT.
When flashing is done phone will boot to board firmware.
When on board firmware, follow this guide to get your imeis and that stuff back:
1)Flash board (already done)
2)Flash oeminfo from fastboot (own backup if available, if you edited xml you will still have your own oeminfo flashed)
3) Dump modemnvm_system, modemnvm_factory and modemnvm_backup partitions using dd and adb shell ('dd if=/dev/block/bootdevice/by-name/modemnvm_system of=/sdcard/modemnvm_system.img' and so on), board firmware has global root so you don't need to flash Magisk or anything like that (which is impossible anyway, board fw will only accept board or stock images)
4)Flash dumped modemnvm_system, modemnvm_factory and modemnvm_backup using fastboot
5)Modify and brand with HCU (check all checkboxes except the last 2, fill in any missing info)
6)Unlock Sim network with HCU
7)If you previously used HCU to get unlock code you need to generate it again (HCU patches oeminfo so their unlock code works). Also if you forgot to edit xml you'd have to generate a new code, your old code will not work if oeminfo was wiped.
8)Use dload with Service Firmware from androidhost.ru, regular update.zip does not work in dload mode.
And make sure the firmware you dload is newer than GPU Turbo firmware. (XLOADER needs to be 02, else you brick again)
Please note that you only have one shot at this... If you, for example, flash dload but forget to generate unlock code and don't have your own oeminfo flashed you will not be able to repair device without opening it up to get testpoint.
Click to expand...
Click to collapse
Hello
I do every thing on the tuto but i have 1 problem
I have no network it still no service