Related
Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.
This is a REALLY interesting thread. We need more of these! I know that to unlock my good old Galaxy Gio, you had to pull the bml5 partition and look at it with a hex editor to find 8 digits surrounded by nonsense symbols. Unlocking this device is gonna be MUCH harder, but maybe we just need to look at one of the 5 partitions you mentioned with a hex editor? I have no need of unlocking my device, nor have I ever actually tried it, but I'd like to get involved in this. Tell me, what happens when you insert a foreign sim card into your Ace II X (then you power it on or reboot it)? Does a dialog pop up asking for a code?
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.
Szaby59 said:
For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.
Click to expand...
Click to collapse
angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.
angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
wrong thread dude..
---------- Post added at 08:59 PM ---------- Previous post was at 08:59 PM ----------
Codename13 said:
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.
Click to expand...
Click to collapse
they should read the entire thread first right?(first post) see how observent they are
Is this thread dead?
Codename13 said:
Is this thread dead?
Click to expand...
Click to collapse
I think so
---------- Post added at 09:21 PM ---------- Previous post was at 08:35 PM ----------
krazykipa said:
Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.
Click to expand...
Click to collapse
Can you post a zip file op your efs folder?
Thanks in advance.
Hello all,
Unfortunately at this point I have sold all the Ace 2X units I had previously. I wasn't really getting anywhere anyway and ended up buying a Z3X box. Thread can be closed, or feel free to continue in my absence. Good luck!
I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?
Codename13 said:
I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?
Click to expand...
Click to collapse
1- multiple phones with the same IMEI on the same network cause problems for all other (the only reason this can normally happen is your phone losing signal or crashing then reconnecting, so it's reasonable for the phone company to drop all other active links when it connects again)
2- on the U8500 Sonys, the role of CSPSA, EFS and some other firmware partitions is done by the "TA" partition. We know parts of it are signed (with different keys, some specific to the individual hardware) and changing them results in hard bricks... not terribly related to this phone, but the moral is that without knowledge about this undocumented binary sequence that is partition 9 (probably requiring a JTAG backup and trial and error) we common mortals can't afford to experiment blindly
Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.
krazykipa said:
Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.
Click to expand...
Click to collapse
Not sure how to help, but this is some serious looking stuff! I downloaded your attachment, extracted S7560M.pcapng and I converted it to S7560M.pcap using this guide. I then tried opening it and Ubuntu searched for a program that could open it. I got Wireshark and was able to open it. I'm guessing that's no such sort of hacking, right? Anyways, I'd like to help out. In the image you uploaded in that 7z archive, what is the unlock code? I want to scour the data in the Wireshark dump and see if I can find any correlations between the data in the image and the data in the dump. All I have to guess at this time is that all the code is hex, and it probably translates to decimal.
In the screenshot the unlock code is the NET lock code. The other numbers and * # are dialer codes (for unlocking direct from dialer without inserting a foreign SIM) but the actual code is 30385735.
If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?
imei
the unlock code is based on the imei..
somebody unlocked his phone based just on his imei and the name of his carrier over the internet..
Anas Karbila said:
If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?
Click to expand...
Click to collapse
I'll say this again, Partition 9 is unique to each phone. Another way of seeing it is: two people own the same car, when one person is driving the car, the other person can't drive the car, vice versa. You can't duplicate that car, because each numberplate is specific to one car.
Likewise, you can't copy partition 9 to another phone, because it would be the same as using the same numberplate on two different cars. The partition 9 includes the IMEI, if you will, the "numberplate" of the phone.
Mod Edit
Changing imei numbers is illegal.
Any such discussion is not allowed on XDA
Thread closed
malybru
Forum Moderator
hello guys, I'm new in the forum, I have a mobile lower-middle-bought band, his name is Master "smartphone 504-4g", owns the mediatek mt6735 cpu 1 GHz, has 1 GB of RAM, Android 5.1, and 4 GB of rOM.
I tried to extract the rom with MTK droid v2.5.3d tool, but at the end of extraction known that there is only the folder / system saved in the PC, and the program has reported to me the error "No space left on device "thing I was aware through consultation of guides on the internet.
now that I broke the phone after trying to install Xposed (bootloop), how can I enclose all the files in the folder / system I have in the PC, in an IMG to flash file with sp flash tool?
Thanks for help
There are ways to uninstall xPosed Framework if you can get into Recovery:
http://forum.xda-developers.com/xposed/xposed-lollipop-stuck-bootloop-t3055816
Check Needrom.com for your specific device ROM, if it is a common device, or even uncommon, there may be a ROM there. I've also backed up using that tool, and left with unusable files. If you know your device info, Kernel and Fingerprint, use that info when searching Needrom, usually it's listed with the available ROMs.
This came up in a search, I don't know if it is your device:
http://iris504qdevelopment.blogspot.com/
X-weApon-X said:
There are ways to uninstall xPosed Framework if you can get into Recovery:
http://forum.xda-developers.com/xposed/xposed-lollipop-stuck-bootloop-t3055816
Check Needrom.com for your specific device ROM, if it is a common device, or even uncommon, there may be a ROM there. I've also backed up using that tool, and left with unusable files. If you know your device info, Kernel and Fingerprint, use that info when searching Needrom, usually it's listed with the available ROMs.
This came up in a search, I don't know if it is your device:
http://iris504qdevelopment.blogspot.com/
Click to expand...
Click to collapse
hello, thanks for answering.
I searched in needrom.com for the Rom, inputting the fingerprint, the kernel etc. but could not find anything.
the phone of which you wrote me the link is not what I have.
This is the fingerprint:
Code:
alps/full_x5_g518ql/x5_g518ql:5.1/LMY47D/1456459901:user/test-keys
This is the kernel:
Code:
3.10.65 ([email protected]) (gcc version 4.9.x-google 20140827 (mtk-20150409) (GCC) ) #1 SMP Fri Feb 26 12:20:51 CST 2016
and this is the version of the baseband:
Code:
MOLY.LR9.W1444.MD.LWTG.MP.V42.P7
LMY47D seems to be the version of Lollipop
https://www.google.com/search?q=LMY47D/1456459901&ie=utf-8&oe=utf-8#safe=off&q=LMY47D
Using only that at Needrom, I found only this:
http://www.needrom.com/download/real-android-5-1/
Sorry, usually searching the fingerprint brings up SOMEthing useful. but in this case, there are absolutely no results.
I found references to the Kernel too, but nothing useful.
ok , I had also tried on google but to no avail .
how can I do then to put it back ?
I considered the idea to buy some one the same , but I do not know other ways to extract the ROM and then perform the flash procedure on the broken device .
What do you advise me to do?
Are there any tutorials on this site about using MTK droid tools? Its not just about backing up the system.IMG file, there should be a boot.IMG and a recovery.IMG, and then you have to create Scatter files. But I don't know what I'm supposed to do. I've used other tools, it seems that all it gave me was a system.IMG. its highly likely that this file contains everything, but it appears that there is an extra step that we don't know about.
Your device may simply be uncommon, especially with the lack of usable info available for it. I've looked up fingerprints before and there is usually some info. Which was why i suggested it.
Give me a few days to research this issue. Also, have you tried device Safe Mode? Reboot, hold both volume up+down as it starts, see if you can get it to boot. If it does, remove xPosed.
Also, do you have any recovery that works? Because you can send the xPosed removal zip through ADB and it will remove xposed. Check my first link.
Sent from my 6S Plus using XDA-Developers mobile app
---------- Post added at 06:57 PM ---------- Previous post was at 06:51 PM ----------
I was trying to replace Kingroot with SuperSU late last night and my device was stuck at the boot screen. But I was able to ADB into the device and run a shell and look around, you might be able to copy the Xposed removal tool that way and then run it
Sent from my 6S Plus using XDA-Developers mobile app
I forgot one detail that I have not written in my previous posts. besides the problem of Xposed I made bull**** to install a rom that I thought was compatible with this device, and the ROM is that of Doogee X5 Pro, which is very similar in characteristics to the my device. only after doing the flash with sp flash tool, the phone will not turn on anymore. Now It is only detectable by usb connection without battery and pressing the volume up button. I apologize if I have not written before.
the recovery of my phone I remember is that stock, and I replaced it with the ever TWRP of Doogee x5 pro, but it did not work.
You bricked it. Time for a new device.
it is very unrecoverable @zelendel?
gae1991 said:
it is very unrecoverable @zelendel?
Click to expand...
Click to collapse
Yes it is dead. You messed up flashing something for another device.
I saw on the internet that there is a box to be able to flash the ROM even if the phone is dead. This box is called MTK-box. I have already had experience in the past with the atf-box for Nokia, you say that might work?
I've used ROM's for wrong device on an MT6582 device I had, effectively bricking it. But I was able to find the correct ROM and flash with that, presto, fixed. The problem here, is that we can't FIND the correct ROM.
I highly suggest contacting the seller, was it DHgate? Try to find out. I bought a brand new iPhone 6S+ 1:1 clone from a seller named iBaby888, and I bricked the device while trying to use SuperSU Me. I contacted iBaby and she pointed me to the correct ROM which fortunately had JUST been posted at Needrom by [email protected] I even Bricked it again 2 nights ago, using Vicki Bonick's KR2SU script. Boom, flashed again.
Any device can be reverted to stock I believe, it's just a matter of having the right ROM. Now in the case of using MTK Droid Tools, I think you missed a step:
http://forum.xda-developers.com/showthread.php?t=2730031
5. Start MTK Droid Tools, and connect your phone with the USB cable to the PC. (if Windows install some drivers, then let it install them automatically).
6. Now on the first page of MTK Droid Tools, it should display all infos about the phone when you connect it.
7. If the sqare is Green, then you have root shell and ready, if its not green, press the ROOT button to the right in MTK Droid tools.
8. Click the "IMEI/NVRAM" button and then Backup to backup your IMEI/NVRAM, the backup files will be inside of the MTK Droid Tools folder.
Also you can manually write down your IMEI number just in case it should be lost.
9. Now go to the tap "root, backup, recovery" (in MTK Droid Tools).
10. Click the Backup button, and it will create a complete backup of your ROM. (in the end it will ask, if you want to pack it, just answer no)
11. When it is finished then also click "To prepare blocks for FlashTool", that will convert the backup to be compatible with Spflashtool. (choose the files.md5 inside the backup folder)
12. After the backup is done it will be inside "backup" in the MTK Droid Tools folder. And inside it there will also be a new folder called "!Files_to_FlashTool" Inside there the files for Spflashtool is. So when loading your backup with Spflashtool you must load the scatter file from inside there.
13. Now to install CWM (clockworkmod recovery) In MTK Droidtools, choose "To use boot from phone" and click the "Recovery and Boot" button. It will ask you a lot, just say yes every time, and it will end of sending CWM recovery to the phone and reboot into it on the phone. After you see CWM on the phone you know it is done. You can switch the menu with the volume keys, and the power is the select button.
14. Inside CWM you can also do a complete backup of your phone (remember to have enough space, you can do the backup to the internal storage OR to the SDcard - try "backup" if that fails then choose instead "backup to external sd" or vice versa). I recommed doing that because CWM makes another backup than the one made with MTK Droid Tools. So if you should get problems or loose something, you can always run your CWM backup into your phone and it will be as before.
15. After your done the backup, copy the backup also to a safe place on your PC. Just in case!
Click to expand...
Click to collapse
There may be a way to convert the backup you made.
I used ROMdump on one of my Goophones, and it created 3 files: config.gz, system.info.gz and system.tar. The System.tar file is a large archive. I suppose I have to convert this into somehting that SPFlash can use, but from what I am reading, I think files like this are supposed to be flashed from Recovery. If you can connect while the device is powered off, you may be able to ADB into the device and start a shell, copy the files in and then start s flash. I have only started working with ADB so I'm not clear on it.
I think best bet, contact the Seller of the device, if that wasn't you have the person who ordered the device send a message, ask if they have access to the ROM, sometimes they will offer to send it to you via Skype, iBaby888 offered that for me, but I found the exact Rom I needed on Needrom. If they don't have it, you can ask for the rom over there, make a post identifying the device and just say "need ROM", provide the fingerprint and Kernel if you do that.
gae1991 said:
I saw on the internet that there is a box to be able to flash the ROM even if the phone is dead. This box is called MTK-box. I have already had experience in the past with the atf-box for Nokia, you say that might work?
Click to expand...
Click to collapse
SPFlash and other flashing tools all work that way, even Odin, the device must needs be powered off and in some cases the battery removed. They even have tools to reset the device, if your device does not have a reset button hidden somewhere, the developers of the Flash tools sometimes tell you to disconnect the battery, but in the case of a device not having access to the battery, there is the reset button. Always trip that before each attempt to Flash.
It's basically the same thing, I'm sure OP can flash the device, but we can't find the stock ROM anywhere.
with respect to paragraph 11 forgotten, the program in my case has not created any file called "files.md5", the guide I've read (which is the same that you posted you) I knew I would have to be after the backup, but so was not . In the folder "backup" I only have the folder "/ system" with subfolders "app", "priv-app" etc.
I remember also that the program at the end of the backup asked me if I wanted to compress zip, I clicked "no" and in the right part of the program I read "activities ended in error," I read above and I see the another error "no space left on device", and the guide I've read this error occurs with only the devices with 4 GB of ROM for perform the backup also in the device. anyway thank you for helping me.
my phone id dead
please if you can help me too.
I have an allview phone that has a mediatek mt8735m processor is(dead)does not start,but when I plug it into the usb port of the pc,the your pc recognizes it but does not stay connected
what could I do about it?
Hi guys,
I'm still owning an old i9300 and would like to flash CM14.1 to it (already have the same model running CM14).
This particular device is.. well kind of soft bricked - I think. I'm running out of ideas.
It shows the developer IMEI 00049... and no valid serial #
Not a single howto/patched kernel/app is solving this. I searched not only the xda-developers forum but all parts of g**gle I can handle the language
What I tried already:
- Installed the stock FW with ODIN (even after a full wipe of the internal eMMC partitions with CM13 as root )
- Downgraded to 4.0.4 ICS (and in this step I was able to re-create the serial # by manually patching nv_data and .nv_data)
- Removed /efs with mke2fs and let the device re-create it (it re-creates all the necessary files including nv_data.bin etc.) - without showing the IMEI
- Built a serial cable to talk to the modem (nice - but no solution for my problem)
- Maybe my biggest mistake: Tried (by accident) to restore an entire OS from a similar phone - INCLUDING /efs - to this phone. After that step my phone displayed a while the wrong serial #
My questions are:
- If I delete all the partitions of the internal eMMC (dd if=/dev/zero of=/dev/block/mmcblk0 - DON'T TRY THIS AT HOME). From *where* is /efs re-created? Where exactly is serial ä and IMEI stored?
- Is there a chance to bring this device back to live? I really want to bring this device to a repair shop, but the repair shop in my village does not even know what /efs or UART is - they are replacing just glasses and stuff
And: No, I don't have an /efs backup of this phone....
Have you tried flashing via kies?.
Yes you did brick it by cross flashing another devices identity.
If the device is an international btu you can try flashing the stock rom twice with a factory reset in between. If no joy then try kies again. The phone has lost who it is. You have to get it to remember.
The stock btu rom: https://drive.google.com/file/d/0B4vTiHTBB629OVlvY0pkcXN4ak0/view?usp=drivesdk
Beamed in by telepathy.
Hello shivadow,
shivadow said:
Have you tried flashing via kies?.
Click to expand...
Click to collapse
Yes - *plenty* of times (like 20..30) to rest the device to a defined state after a non-working [patched modem|EFS-repair|differnent firmware|...]
shivadow said:
The stock btu rom: [...]
Click to expand...
Click to collapse
Thanks a lot - but even this firmware does not help (I tried this - oh, before Christmas holidays, I think)
In the meantime I have learned a lot about the EFS folder:
- Never, ever restore a foreign EFS folder - it will not work
- Manually fiddling around with the nv_data bin is hard work (although I'm now able to switch the serial number back to the one printed under the battery)
- The device is fixable, but most probably not without a box - just because the necessary information is not freely available. With a free trial of a software I was able to reset the IMEI to a fake one and all of sudden I had network and was able to make calls
- With some AT+MSLSECUR/AT+IMEITEST stuff I'm not able to set the IMEI - it seems some certificate is missing (maybe the protection from Samsung for modifying the IMEI?). I was always stuck in the last step: actually write/set the IMEI does not work.
I think tomorrow I will bring the device to a repair shop in a larger town (they will have the knowledge I hope) and then I will compare broken EFS/fixed EFS (i.e. nv_data.bin) to learn even more.
So, you flashed another devices nvram and didn't have a backup of your own?.
Beamed in by telepathy.
shivadow said:
So, you flashed another devices nvram and didn't have a backup of your own?.
Click to expand...
Click to collapse
Exactly - it restored by mistake the backup to the wrong device. So not even parts of the original EFS folder - not even one single bit - is available. (Of course, the EFS folder of the wrong device is also not working...)
Looks like the phone will need to be repaired by a cell shop.
Hi guys,
the people in a repair shop were able to restore the original IMEI although undelete/forensics in an ext4 FS is not what I do every day it looks like:
- "they" replaced the nv_data.bin with another one (maybe some "empty" one?)
- the IMEI is definitely properly integrated (*#0011# menu is telling "IMEI CERTI: PASS and AT+MSLSECUR is now requesting a proper certificate)
Now I will start some investigation with the two (well, three) different versions of nv_data.bin
I'm still wondering *where* an i9300 is storing the identity after i.e. an eMMC replacement..
Has somebody particular informations of the RPMB area of the eMMC? Maybe I'm going to JTAG that device to find out...
Hello there,
I'm wondering if there's anyone knowledgeable to point me in the right direction. Coronavirus (or I) messed up the build.prop file in a Chinese-made JTY-K107 (MT6580 architecture) tablet and now stuck in a soft-brick state. I cannot use adb push or adb sideload (doesn't detect device probably because I had attached another MT device, a Huawei on the PC before and that is the device I pulled the build.prop from to mess with the bigger tablet and now all seems jumbled driver-wise on my Win 10). In any case, I am able to copy to the SD card an update.zip but factory recovery installation is not possible ("installation aborted" - signing issue?). I tried these two zips inside which the original build.prop files are now nestled. It's maybe the commands/scripts that are at fault or it's some signing issue (that hopefully can be tackled). I don't know. I am very reluctant to think about flashing ROMs at this stage. (Porting MT-architecture ROMs are not exactly easy or risk-free, from what I have seen around other threads/forums.)
The link to the folder with the non-working update zips I pulled from other sites or threads (not knowing how I should go about building these files from scratch on my own):
https://app.box.com/s/7byabibx2j0jfo2zlgmg0oi0ca66vkyn
Thanks very much for any info (or possibly a fix of the zips to make it compatible with MT6580 to install the update).
Cheers,
Zoltán
@zanodor
IMHO a simple factory reset may solve your problems.
jwoegerbauer said:
@zanodor
IMHO a simple factory reset may solve your problems.
Click to expand...
Click to collapse
Today I was thinking, people like overcomplicating things: there must be some easy solution. I actually had done that out of frustration (knowing that I had a Titanium Backup on SD) but the boot issue persists (I tried again but all I see is the Android logo for minutes now).
I thought maybe there was a way to repackage my full Titanium Backup into a zip that could be used in Factory Recovery for a restore solution? I perused the net in vain for that too.
I really don't fancy reinstalling Win 10 to fix the driver issues or trying on one of my Linux machines (I am a noob on those too).
Thanks for the answer, anyway.
In the end I managed to restore the tablet (took me 2-3 days of looking around). I'm only writing this up so others facing adb probs can solve their issues on their MTK-built devices. (Actually probably this will work on any device that is not Samsung or whatever old famous brands.)
The first thing to do was sorting out VCOM drivers. There's a Nigerian-sounding guy whose forum Hovatek I followed for tricks on how to go about it (had to download and install Virtual Serial Port Driver to sort out connection issues in Miracle Box/Thunder). Whenever you have some problem, I suggest you include Hovatek in the search string, cause chances are he has a tool and a tut.
Using Miracle Thunder and acting on Hovatek's instructions I made a copy of my firmware. All I really needed was the sytem.img, of course. My bootloader being fine (messing up your device with build.prop only results in a soft brick), it didn't need fixing. Using Assayyed's Kitchen and Hovatek's tutorial again I unpacked the system.bin I extracted with Miracle (which must be all the time used with virus protection off) after renaming system.bin to sytem.img. I exchanged the build.prop and repacked system but didn't wait for the update.zip to be made, instead I took the img file I wanted in the Kitchen. Then tried SP Flash tool to flash system.img on the device but I had issues with the scatter file. So I downloaded a firmware from Boycracked or whoever and used that scatter (in the meantime I overwrote the system.img with mine). I flashed device, turned on the tablet and voila. I hope this helps peeps out there with similar issues.
Hello guys, first of all: thank you very much for your Forum; I'm learning a lot even if I remain a complete noob!
I'm trying to use LineageOS 17.1 (lineage-17.1-20210118-UNOFFICIAL-a3y17lte, recovery OrangeFox 11.01) on Galaxy A3 2017 (SM-A320FL), and I did something really stupid trying to make Link2App work.
I had problems to format properly the miniSD using Android's apps, and I could not remove the card from the phone (the slot's opening is damaged). So then I tried to format the card using ADB + BusyBox + fdisk, BUT I did it while I was distracted by other job's issues, and I didn't realize I was working on the internal SD instead of on the removable card (yes, complete idiot...).
Result: a brand new empty partition table in my phone, permanently stuck in Download mode (impossible even to power off it).
I tried to restore the phone using this procedure, but it failed midway. By the way, I could Odin-flash TWRP and then restore the partitions using the repartion script. Eventually, I fleshed my OrangeFox and LineageOS: the system is now perfectly working, but the phone doesn't recognize any more my SIM and IMEI (dialing: *#06#) is blank.
I had a Fox's "light" backup, but it didn't solve anything.
I'm still having the original box with the IMEI number on the label, but I didn't find a suitable procedure to use it.
Kies3: the SM-A320 phone seems too old to allow the Initialization procedure described here (yes, the phone was unplugged)
There are many apps promising miracles (for instance: ToolHero, MTK Engineering Mode, IMEI Generator Pro, EFT Dongle...); however, I tried some, and they seem to me just ****ty pieces of software, requiring the original system or dubious paid services.
Dialing codes* procedure (like Method 1 here). I cannot remove SIM or battery to complete the procedure. Besides, my phone doesn't react to the code; probably they are country or SIM specific...
Line command (terminal emulator or ADB): this seems to be the most promising method; however, the line
Code:
echo 'AT +EGMR=1,7,"MY_IMEI_NUMBER"'>/dev/pttycmd1
doesn't do anything on my device
IMEI generator: I tried to generate a new MP0B_001 file using this guide. The download link is broken, then I downloaded the files from another source, and I prefer to add to my system just the MPB_001, without flashing the "repair" tool. Besides, I don't have any /nvram folder in my $root/data/ directory... (the only IMEI related folder is in $root/eps/).
Any suggestion to solve this mess? Thank you very much!
Daniele
* EDIT: after typing *#*#197328640#*#* the phone window closes.
Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com
jwoegerbauer said:
Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com
Click to expand...
Click to collapse
Thank you very much for your answer! The 2-3 methods seem promising; however, I isolated the problem and solved it before receiving your message.
The problem: after messing with the partitions, I tried to restore my system, downloading the files via Freja. However, I select the wrong CSC, using my SIM provider code (TIM) instead of the generic code for Italy (ITV).
I noticed it exploring the light backup I had done in TWRP (only System partition): a CSC_version.txt was there, pointing to A320FLOXA9CTK1 (ITV version, while I restored using A320FLTIM8CTH1, TIM carrier version). ITV was also mentioned in the file $ROOT/eps/imei/mps_code.dat (dunno if this is relevant)
Solution: Odin + the right firmware did the trick. I had my IMEI back and the phone working, then I came back flashing TWRP, Orangefox and, eventually, LineageOS.
Everything is working now, and, of course, I backed up EPS partition (now).
Many thanks!
daniele