Develop Bugs

[Q] E4GT cannot write PPP, AAA, and HA passwords

I am flashing a sprint epic 4g touch to page plus. I got the voice and text part without any problem. However, after I used a donor phone to get PPP password and HA/AAA secrets. I could not write them in. Every time after wrote them using DFS trial version, reading will come back blank, no matter what I do. Anyone knows why and how to write them?
I could not write DMU 10.key using EFS explorer either. QPST EFS explorer could not even list the directory. After I created a DMU folder and dropped 10.key into the folder, the 10.key file would disappear every time after reboot. Any idea？
Any thoughts are much appreciated.

You can write to them I think, but you cannot read them, which is why they come up blank

random45 said:
You can write to them I think, but you cannot read them, which is why they come up blank
Click to expand...
Click to collapse
Thanks. Any idea about the DMU 10.key? The folder is there, but the file is definitely gone after reboot. I can drop another 10.key file into the folder, and change it to read only, still would be gone after reboot. Thanks.

Did you write the SLP and the samsung password before you tried to write things?
There is a lot of good info on this thread about porting the phone to other service.
It is very hard to read those keys, so if you are writing them you can use the DFS log to see if you are getting errors when you try to read them (if you are using dfs to write them...)

wizardknight said:
Did you write the SLP and the samsung password before you tried to write things?
There is a lot of good info on this thread about porting the phone to other service.
It is very hard to read those keys, so if you are writing them you can use the DFS log to see if you are getting errors when you try to read them (if you are using dfs to write them...)
Click to expand...
Click to collapse
Thanks. I'll read the posts in that link.

[Q] Corrupted/Bad/Invalid IMEI -- looking for another option.

Thank you for the read-visit.
I recently bought a second hand Tmobile Samsung SGH-T889 Galaxy Note II. Unfortunately,
I inherited a host of issues. The IMEI is corrupted. In this thread, I'm hoping to figure
out why I can't successfully write to the device. I will list everything that I've tried so far,
and to be honest, I really don't know what I can try next. Share your input please!
SGH-T889
Build Version: M9615ACEHWMAZD17513035
Version Dir ;: ACEFWMAZ
Firmware: T889UVALK8:_(4.1.1) (12/19/12) [FACTORY IMAGE]
Preface:
I read in a few other threads where people were having issues with the 4.1.2 firmware, so
I elected to downgrade to the 4.1.1 using a factory image by flashing using Odin 3.0.7.
I then used "Galaxy Note2 Toolkit" to flash root of the device while also including clockworkmod
recovery and busybox.
First Method:
After downloading and installing the Android Terminal Emulator, I tried to enter
the following code to write to the device:
su
echo 'AT +EGMR=1,7,"IMEI_1"'> /dev/pttycmd1
The device accepted the commands, but the write never occurred.
On the web, this solution is everywhere; however, I think that the
solution is specifically for MTK phones. In fact, the output command
"pttycmd1" isn't in the /dev directory or anywhere within the root file structure.
Second Method:
Accessing the hidden menu on the phone by entering *#7284#, I modified
the Qualcomm USB settings to allow for a serial USB connection.
I then used the "Qualcomm NV Tools," included in the fourth tab of EFS Professional
development software, to restore the backup IMEI to the device at the memory block located
at decimal address 550. The device accepted the command and I received
no indication of error, but the device was again not overwritten.
Third Method:
I installed RootExplorer application and used this tool to access the root directory and made
a copy of the EFS folder where I assumed the IMEI is stored. I then deleted the folder allowing
the system to recreate the EFS Folder after a reboot and a factory reset. I repeated the
previous methods, but I wasn't able to make a difference. Consequently, I restored my EFS folder.
Fourth Method:
I tried messing around with permissions allowing for read/write for the "efs" and "factory" folders
within the root file structure. Notwithstanding, I also expanded my read/write changes to the /dev/block folder focusing in particular on /dev/block/mmcblk0p3. (I read in another thread that the IMEI was stored in this block
/dev/block/mmcblk0p3.) Changing ownership of the files "owner" and "group" to root, I then tried writing to the device again using the previous methods mentioned, as well as fiddling around with another software called
"NV-items reader_writer v1.0," but all these approaches failed too.
Just as an added comment, I think that file manager such as Root Explorer re-mounts a read only root file
structure as a floating read/write. Therefore, while I think that I'm making changes to permissions -- I am, because I can see the change occur -- this change is actually temporary until the device is rebooted.
General Comments:
I suspect the GSM US variant of the Galaxy Note II is different, because I can't explain
why the device will not update the IMEI even with superuser rights. Along the way, I tried to
do a factory reset as well, but remember this approach made little difference since the device
was near factory settings from the onset since I just downgraded to 4.1.1.
Questions
Am I missing another method? please point me in the correct direction -- I'm stumped.
I value and appreciate any input in advance that you could lend.

when you first bought the phone and put in your t-mobile S I M card in it..
what happened .
are you sure its not a blocked imei phone.
this seems to be going around...
are you trying to use it on t- mobile ..
please post the original issue not just want you done to try and fix it..

Thank you for the reply.
This problem stinks.
I don't have a tmobile sim card. The phone is for Tmobile and I hope to use the phone on T-mobile's MVNO (mobile network virtual operator) SimpleMobile, a carrier that piggybacks on the Tmobile carrier. I have Simplemobile SIM card, which the device does not recognize. The network in the "About Phone" in Settings is listed as Unknown. I think that the phone is locked, but I thought that this issue is exclusive of my present dilemma.
So, what is preventing me from writing an update to the device? There are a couple of good Qulalcomm
tools on the market like DFS CDMA ver. 4.7.0.2 and Qualcomm NV Tools, but both of which
fail to restore the IMEI. Is this a CDMA vs GSM tool interface issue?
Where is the IMEI stored on the device? My efs/imei folder only has one file: "mps_code.dat"
(I guess NV_DATA.BIN file is not present for LTE users.)
Thanks again, in any case.

If I were you, I'd try writing the T889 NV backup from the AWS mod thread with QPST or QXDM. Then finish off with the IMEI using EFS Professional.
As you've noticed, no NV_DATA.BIN for our devices. The /efs partition isn't enough of a backup to fix things.
Information applicable to the N7100 is going to be useless here since it has an Intel baseband, as opposed to the LTE variants which run on a Qualcomm chip.

Darkshado said:
If I were you, I'd try writing the T889 NV backup from the AWS mod thread with QPST or QXDM. Then finish off with the IMEI using EFS Professional.
As you've noticed, no NV_DATA.BIN for our devices. The /efs partition isn't enough of a backup to fix things.
Information applicable to the N7100 is going to be useless here since it has an Intel baseband, as opposed to the LTE variants which run on a Qualcomm chip.
Click to expand...
Click to collapse
Thank you Dark Shado[w].
Fifth Method:
I used QPST configuration to establish a serial connection. Using one of the software's client applications called
QPST Software Download, I made a backup of NV Memory Files and then used a hex editor
to locate the IMEI number (offset 00001700 --fyi) and made the repair. However, when I attempted to restore the
file using QPST Software Download, the software failed to update the device. Take note that the software indicated the memory restore worked. However, again, I'm not sure what is preventing me from writing to the device.
Every editor or tool that I have used to interface with the device successfully reads the device but does not write.
In the Qualcomm USB Settings, I have chosen either "RNDIS + DM + Modem" or "DM + MODEM + ADB" settings.
I also try to make sure that "USB Debugging" is checked in "Developer options" in Settings. (This
setting appears to toggle depending on which USB serial setting is chosen.)
I began messing around again with EFS Professional. The problem with this approach is that the backup file is stored in the form of an image file. Unfortunately, I can't edit the image to repair the IMEI with a hex editor.
Previously the backup file was in the form of a bin or text format making the process of editing easy.
I also confirmed indeed that the address location of the efs folder including the IMEI is recorded in /dev/block/mmcblk0p3 for Galaxy Note II LTE variants.
Any other ideas? Is there any other toolkits that might be easier to work with?

Hey since you already odin 4.1.1 go ahead and unlock your phone using the free unlock method. Than try using your simple mobile sim again.

G7Baker said:
Hey since you already odin 4.1.1 go ahead and unlock your phone using the free unlock method. Than try using your simple mobile sim again.
Click to expand...
Click to collapse
Hi G7Baker. Thank you for the reply.
I was not able to unlock the device using the *#197328640# approach.
The device is missing the "Press [4] NW LOCK NV DATA INITIALLIZ"
I read elsewhere that I needed to downgrade the device to 4.1.1 and this option
would reappear in the menu settings. Specifically, if I downgraded the modem from
4.1.2 to 4.1.1, this option would again appear. In my case, the option is still missing.
I figured that I would just focus on my corrupt IMEI before addressing the locking issue...but if you any ideas,
i am open.

I'll be blunt: you haven't listened to anything I've said.
Use the .qcn file from the AWS mod thread. Not yours hex-edited to contain your IMEI. You NV items are already messed up.
Toggling USB Debugging might undo the "RNDIS + DM + Modem" setting.
Use EFS Professional to type in (not copy-paste, it's a quirk in the UI) your IMEI, then write it. Make sure you've got the latest version, and that you're using the Qualcomm tools. Or hex-edit the file from the AWS mod thread since you're capable of doing so.
Ditch this "toolkit" mindset and get their actual components, latest versions, straight from the devs. You'll be able to check for issues in their respective threads as well.
Good luck,
Darkshado

Darkshado said:
I'll be blunt: you haven't listened to anything I've said.
Use the .qcn file from the AWS mod thread. Not yours hex-edited to contain your IMEI. You NV items are already messed up.
Toggling USB Debugging might undo the "RNDIS + DM + Modem" setting.
Use EFS Professional to type in (not copy-paste, it's a quirk in the UI) your IMEI, then write it. Make sure you've got the latest version, and that you're using the Qualcomm tools. Or hex-edit the file from the AWS mod thread since you're capable of doing so.
Ditch this "toolkit" mindset and get their actual components, latest versions, straight from the devs. You'll be able to check for issues in their respective threads as well.
Good luck,
Darkshado
Click to expand...
Click to collapse
Thank you Darkshado[w] for the advise.
Game plan
qcn generic file (binary format) --> modify imei in qcn generic file --> EFS Professional-Qualcomm (fourth tab) to apply Restore
Darkshado[w], I'm looking at the EFS Professional -- Qualcomm tab (fourth tab). Just to be clear, this tab has a
"Qualcomm NV Tools" button, to which I don't proceed. This tab has also a set of "NV Backup" and "NV Restore" functions. These functions are supported for US variants only. (The T-mobile T889 has a Qualcomm chipset Gobi MDM9215, making the device eligible, right? or I guess these tools are meant only for Sprint and Verizon variants only) These tools, I believe, are where you would like me to use to make my restoration possible.
Just to be clear, this Restore/Backup receives a binary file, opposed to "Qualcomm NV Tools" that receive a text file.
However, when I click on "NV Backup" or "NV Restore," the phone immediately reboots.
On the same page the following disclaimer is written "If these functions are not supported your phone will just reboot." My device rebooted and I can't use this approach for the moment.
---
I was searching the AWS thread to which you alluded.
On December 28, 2012, I saw that you posted a full NV backup, IMEI removed, at the following thread:
http://50.23.216.69/showthread.php?t=2068041&page=2
I downloaded your attachment and modified the TEXT file to include my repaired IMEI for the T889 and then used
EFS Profressional via "Qualcomm NV Tools" to restore to my device.
I made sure that the device was set for a USB serial connection,
since "Qualcomm NV Tools" would not make the SPC connection otherwise.
The restore procedure completed without any errors, but the device was not successfully written to...again.
---
I also downloaded the ATT_I317_AWSMOD_dumimei.qcn file from the thread. Using QPST via their client application "Software Download" I attempted to make the restoration.
I attempted the restoration twice using "RNDIS + DM + Modem" and "DM + Modem + ADB" settings. In the phone utility menu, UART was always set to "PDA" and USB was set to "PDA" as well. In both cases, the device was not written. The software indicated that the restoration was successful when in fact this case was untrue.
--
On the EFS Professional version2.0.062, I was able to generate backup files using the backup option located on the second tab.
For this backup option, I selected "International LTE Variants" for the "Device Filter." The software
generated one tar.gz file; however, when extracted, a efs.img file and four other bin files are revealed. Unfortunately, the image file of efs contains my corrupted IMEI, which I'm not sure how to edit. I tried to use Hex Workshop Hex Editor to edit the file but can't find the IMEI in this type of file. Alternatively,
is there a generic backup tar.gz of SGH-T889 that I can try to restore?
--
What are your thoughts? Please advise.

garbageslot said:
Hi G7Baker. Thank you for the reply.
I was not able to unlock the device using the #197328640# approach.
The device is missing the "Press [4] NW LOCK NV DATA INITIALLIZ"
I read elsewhere that I needed to downgrade the device to 4.1.1 and this option
would reappear in the menu settings. Specifically, if I downgraded the modem from
4.1.2 to 4.1.1, this option would again appear. In my case, the option is still missing.
I figured that I would just focus on my corrupt IMEI before addressing the locking issue...but if you any ideas,
i am open.
Click to expand...
Click to collapse
I later downgraded the firmware from T889UVALK8 to T889UVALJ1 of 4.1.1. The NW LOCK NV DATA INITIALLIZ
finally appeared and was able to unlock the device successfully. Awesome!
However, I'm still trying to figure why my NV Memory Block refuses to be written. Please share your input!

No solution ... yet.
I tried deleting the efs folder and then I went back through all the methods that I have discussed
really to determine if and when the device was being written. Trying to restore the efs folder from a backup
copy, my findings seem conclusive.
I found that the ONLY solution that replaced my efs folders was EFS Professional--Restore (third tab).
In my case, I'm just restoring my corrupt NV memory backup back onto the device, but this approach can
work for me. In all other methods that I employed, the device and software indicated that a successful update was
made but these cases are untrue; the device is not updated.
Where does this leave me? If I am going to flash my device using this restore feature of EFS Professional(third tab),
I need to flash a modified efs.img that is corrected for my corrupted imei.
Does anyone have a solution out there for the SGH-T889?

garbageslot said:
I later downgraded the firmware from T889UVALK8 to T889UVALJ1 of 4.1.1. The NW LOCK NV DATA INITIALLIZ
finally appeared and was able to unlock the device successfully. Awesome!
However, I'm still trying to figure why my NV Memory Block refuses to be written. Please share your input!
Click to expand...
Click to collapse
I learned today that someone claimed that this SGH-T889 device has a hardware security measure in place. The device has a chip that has the IMEI that is write/no-rewrite (eMMC?); therefore, successful service combines both a hardware and software approach. My "deep throat" operative also said that the IMEI for this particular device appears in five different places within the NV Memory block, making the repair not so trivial.
Can anyone confirm this statement? I can't find anywhere where this statement is validated.

I would have to call bulls..t on that, I lost my imei flashing a tmobile modem to get lte and was able to rewrite my imei and get it working. Took me 2 days and lots of messing around but finally worked.
http://forum.xda-developers.com/showthread.php?t=2068281
You can try this link has some valuable info and links.

rail205 said:
I would have to call bulls..t on that, I lost my imei flashing a tmobile modem to get lte and was able to rewrite my imei and get it working. Took me 2 days and lots of messing around but finally worked.
http://forum.xda-developers.com/showthread.php?t=2068281
You can try this link has some valuable info and links.
Click to expand...
Click to collapse
Thank you Rail205 for your reply. Reviewing the thread that you sent,
I'm still not sure how I should proceed.
I was comparing my device allocation using the df command on the android emulation terminal .
# df
My partition allocations are consistent with jravi and darkshado[w] on the first page of the thread,
so I'm wary if I flash with an updated PIT file that this approach will make a difference.
My device is reading the correct internal storage for example.
To reiterate, if the block allocations are the same, can I assume that using a new T889V pit file
on my device the T889 will make no difference?
Currently, my device is now unlocked, rooted with a 4.1.2 OS.
The device has radio service.
Unlike everyone else who has been successful e.g. Darkshado[w] who has successfully
written an editable hex file or text file (depending on the method employed), my
device remains unmodified when performing approaches of this kind.
The only method that appears to work for me is flashing an image file
using EFS Professional (third tab).
This dilemma is the chicken / egg conundrum, how do I flash the device with the corrected img file
when I don't have a copy of an img file with the corrected imei with which to flash? Otherwise, considering
a no-img file approach, I could try to make the partitions writable (fyi I have used Root Explorer already to modify
the permissions of /dev/block, /efs and /factory before attempting an update -- you guessed it, no luck.)
Anyone, any thoughts? Anyone?

Success!
Sixth Method
NOTE: Please also refer to "Six Method. Addendum" post #21 located later in this thread. Both posts are critical to understanding the complete solution.
Well, I decided to go to one of these guys who advertise on Craigslist to repair corrupt IMEI. He claimed that he was using one of these boxes that reads and writes without technically flashing the device.
I sat with him for a couple hours, and, in the end, he could not do it! My IMEI went from some corrupted output to reading simply "0/9." At that point, I had limited phone service and mobile data EDGE only. The device had trouble finding the DM mode as well. (He felt so bad that he couldn't take my money, but this moment was also a validation for me that my device had a very specific problem, not a trivial contest in the least, but an awesome validation that this last week's efforts were not in vain: If the 'expert' can't figure this out, then where would this leave me?)
An important note worth mentioning is that the Craigslist guy downgraded my android OS from 4.1.2 prior to making modifications. Unfortunately,
I did not note to which version and build he downgraded. (My guess: most likely a build variation of 4.1.1 OS)
Anyhow, so I returned home and decided to get to work and access the phone through the service mode with the intention of rebuilding the NV memory block.
*#197328640#
[1] UMTS
[6] Common
[6] NV REBUILD
[1] Load defaut NV
This approach changed my IMEI from "0/9" to "0/0." Now, when I tried connecting to the device, the software read the correct DM Mode. (Interestingly, I still received limited phone service.)
I used a program called "NV-items reader_writer v1.0." Of the many programs that I tried, this program is super simple since the software output is text based i.e. you don't need a hex editor. The download link is here.
http://modemfiles.blogspot.com/2013/09/download-free-nv-items-reader-writer.html
I extracted the memory block from decimal address 550 to 550 and modified the block to read my non-corrupted IMEI. (I didn't need
to change root permissions or anything complicated like that, steps I performed in some of my previous method-approaches.)
My device finally was written and read the correct IMEI!
Thank you to everyone who contributed. My success is your own!
UPDATE:
So, as I mentioned above that I was receiving EDGE only and the carrier service was spotty. In the end, I realized that my NV Build was corrupted, and since I was now able to write to the device, I corrected this problem by referencing Darkshado[w]'s post.
On December 28, 2012, I saw that he posted a full NV backup for the T889, IMEI removed, at the following thread:
http://50.23.216.69/showthread.php?t=2068041&page=2
UPDATE: XDA admins have invalided the hyperlink to Darkshado[w]'s original post. If you require the text file, private message me with your email
and I will send you the same template file that he had originally made available. (edited 7/18/2015)
Using "NV-items reader_writer v1.0," I wrote to my device using the file provided by Darkshado[w]. Again just to be clear, I restored the entire NV build and only changed the IMEI block, which is located at decimal address 550. Now, my device is finally getting reliable connectivity at 4G speeds (only 4G, opposed to LTE, since I'm using a MVNO instead of a direct Tmobile plan). Anyways awesome still!

I'm glad you fixed it man!..you went through Hell fixing your phone.
I ALWAYS read and follow these "bad IMEI" threads to learn something "just in case" and I must say that your case it's the most complex (for me anyways) I've ever read.
Cheers to you!

New link to file please
garbageslot said:
Success!
Sixth Method
Well, I decided to go to one of these guys who advertise on Craigslist to repair corrupt IMEI. He was using one of these boxes
that reads and writes without technically flashing the device.
I sat with him for a couple hours, and, in the end, he could not do it! My IMEI went from some corrupted output
to reading simply "0/9." I had limited phone service and mobile data EDGE only. The device had trouble finding the DM mode as well. (He felt so bad that he couldn't take my money, but this moment was also a validation for me that my device had a very specific problem, not a trivial contest in the least, but an awesome validation that this last week's efforts were not in vain: If the 'expert' can't figure this out, then where would this leave me?)
Anyhow, so I returned home and decided to get to work and put the phone into a service mode with the intention
of rebuilding the NV memory block.
*#197328640#
[1] UMTS
[6] Common
[6] NV REBUILD
[1] Load defaut NV
This approach changed my IMEI from 0/9 to 0/0. Now, when I tried connecting to the device,
the software read the correct DM Mode. (Interestingly, I still received limited phone service.)
I used a program called "NV-items reader_writer v1.0." Of the many programs that I tried, this program
is super simple since the software output is text based i.e. you don't need a hex editor. I extracted the memory block
from decimal address 550 to 550 and and modified the block to read my non-corrupted IMEI. (I didn't need
to change root permissions or anything complicated like that, steps I performed in some of my previous
method-approaches.)
My device finally was written and reads the correct IMEI!
The guy from Craigslist suspects -- mind you, he wasn't gregarious in the least-- he hinted that "the box"
was needed to break some kind of internal logical state between the device's IMEI and
T-mobile's network protocols. Once this state was broken, the device was receptive to being written.
Thank you to everyone who contributed. My success is your own!
UPDATE:
So, as I mentioned above that I was receiving EDGE only and the carrier service was spotty. In the end, I realized that my NV Build was corrupted, but since I was now able to write to the device, I corrected this problem by referencing Darkshado[w]'s post.
On December 28, 2012, I saw that he posted a full NV backup for the T889, IMEI removed, at the following thread:
Using "NV-items reader_writer v1.0," I wrote to my device with the corrected IMEI using the file from Darkshado[w] as a template (replacing decimal address 550). Now, my device is finally getting reliable connectivity and 4G speeds (only 4G, opposed to LTE, since I'm using a MVNO instead of a direct Tmobile plan). Anyways awesome still!
Click to expand...
Click to collapse
Hello! I'm facing the same issue with my T889, could you please re-post the file from darkshadow's post?
Thank you!

NV Backup Blank-IMEI Template File
walydiesel said:
Hello! I'm facing the same issue with my T889, could you please re-post the file from darkshadow's post?
Thank you!
Click to expand...
Click to collapse
Thank you WalyDiesel for the follow up.
The administrators of this site appear to have made the original link outdated since I started this thread..
Please internally message me your email and I will send you the NV Backup Blank-IMEI template file.
(The file exceeded the attachment limits for this thread.)
You still need to edit decimal address 00550
to your specific IMEI number. Upon doing so,
write the entire file to your T889 device.
Good luck! -- You are in the home stretch.

garbageslot said:
Thank you WalyDiesel for the follow up.
The administrators of this site appear to have made the original link outdated since I started this thread..
Please internally message me your email and I will send you the NV Backup Blank-IMEI template file.
(The file exceeded the attachment limits for this thread.)
You still need to edit decimal address 00550
to your specific IMEI number. Upon doing so,
write the entire file to your T889 device.
Good luck! -- You are in the home stretch.
Click to expand...
Click to collapse
Ok! I sent you my email inbox.
Thank you!

walydiesel said:
Ok! I sent you my email inbox.
Thank you!
Click to expand...
Click to collapse
I'm back!
Unfortunately, the past two days I tried, But I can't write back the file to phone using nv_reader_writer tool. I can't even read from phone. It keeps saying "Failed, phone does not answer".
I read on a thread that it could be because my chip is not Qualcomm. In fact my chip is Exynos. Is it the problem? Is there another tool that I could use? Thank you.
P.S: I'm running stock android 4.3. I also tried stock 4.1.2. Same result and Service mode just leads me to a black screen with Serviceode written on top.

[GUIDE]Save 3g settings from other carriers

I've seen so much people complaining about flashing their cellphones to another carrier but the phone isnt saving 3g info to the efs. Well, it seems like something blocked by Sprint. To get it working do this:
-Connect your phone in dial mode to your windows pc(doesnt work on other OS).
-Download this file
-Download this FREE version CDMA Workshop
-Open CDMA Workshop, on the right top side, check the box next to the textbox and introduce your spc and click connect and read.
-Navigate to memory tab and in "NV-items" click write and select the 1st file you just downloaded.
-Finally close CDMA Workshop and it'll ask you to reboot the phone, click yes and then proceed to flash your phone.
I used Qualcomm QPST to configure data in my country. I guess DFS also work but I havent tested it yet.
Links are not mine but tested it.
Original thread here, in spanish.

[Q] [ADVICE NEEDED] Developing a Free method to Network Unlock GT-I8150

Hello XDA!
A quick thanks to those reading/interested and I apologize in advance if this belongs in the development section. I don't have permission to post their yet (perhaps with good reason!). After much searching, I've come to the conclusion there is, as yet, no free method of network unlocking the Galaxy Wonder GT-I8150.
I want to find a method to do this, test it, and then automate the process through a shell script and/or batch file. If it doesn't cost too much, I'll even try and make an app for it. I have two reasons for doing this: I own this model of phone (surprise!) and more importantly, I want to expand my portfolio of little computer projects because I want a job in IT, and I want it now.
So this thread will serve as a knowledge base and brainstorming place. Please -anyone with ideas about how to go about this - let me know!
Here's what I'm trying at the moment: based on a similar method used to unlock the HTC Sensation (and some other models), I'm going through the mmcblk virtual partitions after copying them to a .txt file (filetype is binary, .txt is just so my girl's Mac opens them with a text editor). Using a grep command with a regular expression I'm pulling every single 8 character long string of only digits and exporting the result to another txt file.
I then search the mmcblkXpXX file for these 8 long strings one at a time, trying to read through what I can of the binary file for giveaways like "isim_auth_key" or what not.
I started yesterday so I'm only up to mmcblk0p06.
If you have a network unlocked version of this phone, I might end up needing certain files to compare, but I won't ask unless I think I'm onto something.
Finally, if anyone has found an NV_data.bin, bml5 file (or equivalent) for this model, tell me what it's called! Or where I need to extract it from.
Thanks in advance,
GrayedFox

Info
Here are some links to information about unlocking various models of phones, using slightly different methods, for those interested. None apply directly to the gt-i8150 but I'm trying to tweak them just as a starting point.
http://forum.xda-developers.com/showthread.php?t=828534
http://forum.xda-developers.com/showpost.php?p=17148825&postcount=334
http://forum.xda-developers.com/showthread.php?t=1693491
http://forum.xda-developers.com/showthread.php?t=1335548
http://forum.xda-developers.com/showthread.php?t=1064978
Here is some information from my mmcblk0p06 file... wrapped in spoilers.
PERSO: Failure to write: %sPerso Command can be handled only on a provisioned session or when Card is not present on slotmits/perso.txt
[first mention of a person.txt file I've found]
EFS file read successfully [this implies there IS an efs file somewhere…]
EFS: Creating ISN file
EFS store sequence number
EFS: ISN file not present
AMSS\products\7x30\core\securemsm\smetest\test_crypto\src\sectestcipher.c
if anyone knows how to access that perso.txt file listed, please post the linux command here!

I'm afraid to say I'm running out of ideas here I've pulled every single mmcblk file on the phone - on stock rom and on cyanogenmod - looking for some sort of reference to a network unlock key but it's just not there. I even got Vodafone to send me my unlock key and have been searching the files for the exact key but it's no where on the phone.
I've even data dumped each of these files too - with an authenticated and nonauthenticated sim (network unlocked and network locked) sim and searched using a hex editor. I will have to move on to another project soon, but perhaps this will serve as an informing post for some: let it be known, there are absolutely NO references to an unencrypted network unlock key for this model of phone on stock rom.
Not in any of the mmcblkXpXX files (where most unlock keys are found for other phones) - and I've searched hard.
if anyone has further suggestions I'll remain subbed to this thread. Peace.

Probably they save a lock code, and the unclock is calculated with that lock code and IMEI.

GrayedFox said:
I'm afraid to say I'm running out of ideas here I've pulled every single mmcblk file on the phone - on stock rom and on cyanogenmod - looking for some sort of reference to a network unlock key but it's just not there. I even got Vodafone to send me my unlock key and have been searching the files for the exact key but it's no where on the phone.
I've even data dumped each of these files too - with an authenticated and nonauthenticated sim (network unlocked and network locked) sim and searched using a hex editor. I will have to move on to another project soon, but perhaps this will serve as an informing post for some: let it be known, there are absolutely NO references to an unencrypted network unlock key for this model of phone on stock rom.
Not in any of the mmcblkXpXX files (where most unlock keys are found for other phones) - and I've searched hard.
if anyone has further suggestions I'll remain subbed to this thread. Peace.
Click to expand...
Click to collapse
Hello
while searching for sim unlock i found this method for galaxy s4 mini could you check if it work with our wonder device?
here -> http://forum.xda-developers.com/showthread.php?t=1693491
Regards

[GUIDE] Restoring IMEI and EFS after erasing or corrupting (No backup needed)

OOPS!
You were following guides on XDA, and throwing random commands in ADB from the posts under the guides (DON'T DO THIS!) and now your slick new ROG phone 2 doesn't have mobile data, calls, wifi, or bluetooth. You quickly find out that flashing the phone with any firmware old or new, doesn't help you, as this issue is directly linked to your chip in your phone.
I quickly found that I needed a QCN file from someone with a rog 2 phone, however I could not get any help here on XDA except from the user Greatuser123, who did not want to give out his QCN file (understandably), but did send me some notes to try and help with other tools.
With nothing working, and no QCN file, I ordered another ROG 2 and waited for it in the mail. After it got here, I quickly extracted the QCN file, replaced the IMEI's in it, and used QPST to restore my phone.
I am simply writing this guide with the generic QCN file with my info masked out of it, so no one has to go through what I went through.
Common issue
This most commonly happens with ROG 2 Phones from the commands:
DO NOT RUN THESE COMMANDS UNLESS YOU KNOW WHAT YOU ARE DOING!
(spaced command to ensure no one runs this!)
fastboot erase modem st 1
fastboot erase modem st 2
Click to expand...
Click to collapse
On most phones, on a reboot, these partitions would be restored on reboot, but not on most ROG's.
Prerequisites
Rooted Phone
QPST
Qualcomm USB drivers
IMEI Converter
Platform Tools
The Fix
Follow the above root linked video, or find the root thread for your phone here on XDA, and root your phone. This will not work unless you are rooted, although I do not know how you would get into this mess without having your phone rooted already.
Install QPST tools
Install Qualcomm USB drivers
Download the attached zip "good_qcn.zip" and extract the .QCN file anywhere on your machine
Open the .QCN file with any Hex Editor (I used HxD) and search for the Hex-Values: 08 3A 85 99 99 99 99 99 99
NOTE: There will be TWO locations with this value. This is where your IMEI_1 and IMEI_2 will go. Your IMEI_2 goes into the FIRST occurrence, while your IMEI_1 goes in the second.
Download the IMEI Converter app and type in your IMEI_1 and click "Convert", place the converted hex output into a notepad or similar
Do the same for your IMEI_2 and place it in the same location
Now that you have the HEX version of both your IMEI's, paste your IMEI_2 in the FIRST occurrence of the fake IMEI in the QCN file
Paste your IMEI_1 in the last occurrence of the fake IMEI and now save your new .QCN file.
Ensure your device is in USB Debugging Mode.
Download and extract the Platform Tools if you do not have them already.
Plug your phone into your computer using either port
Navigate to your extracted Platform Tools and in a Command Line type "adb devices" to ensure your device is visible.
Run a shell with "adb shell" and elevate your permission with "su"
Now it is time to enable Diag mode by running "setprop sys.usb.config rndis,diag,adb"
At this time, if you installed the Qualcomm Drivers, your device manager should have a port similar to "Qualcomm HS-USB Diag". If not keeping trying to re-enter diag mode and ensure the drivers are correct.
Open up "QPST Configuration" which was installed earlier. You should see your phone listed under "Active Phones". Click "Start Clients" -> "Software Download"
The Port field of the QPST Software Download should list your phone, if not something is wrong.
Click "Restore", and in the xQCN field, click "Browse", change the file type from XQCN to QCN, and select your newly made QCN file
Click "Start", and once the process is done, restart your phone
Conclusion
If all went well, your phone should now have all its bells and whistles again. Sometimes it may require a Factory Reset, and this should always be the practice anyways. If you have mobile data, but only H+ or EDGE, dial *#*#4636#*#* on your phone and ensure LTE is provisioned.
Good luck guys!
Special thanks to: Greatuser123 for helping when no one else would, and HomerSp for his many useful guides that some tools and knowledge was borrowed from.

Hi bro, Nice to meet you and I did my best to help you out, as I spent some stress on this when I was one of the first people that suffered with this issue. And gladly you solved it, bro you misunderstood badly about I did not want to give you the qcn, I was going to give you my qcn file but first I was asking to you for some proof , photo of same phone as me and the package to know that you are not going to change or edit badly ( doing mischievousness) as you never sent the proof I did not send the qcn file.. you can re check again your messages. Bro

Thank you very much for this, life saver.
My wifi and bluetooth works fine but I cannot get my mobile to power back on. When I go into the menu mobile power is just not there :/
Do you have the global or the cn version?

BlazingBullets said:
Thank you very much for this, life saver.
My wifi and bluetooth works fine but I cannot get my mobile to power back on. When I go into the menu mobile power is just not there :/
Do you have the global or the cn version?
Click to expand...
Click to collapse
This QCN came from a global device, but I imagine this could be used to recover the mobile at least temporary to fully fix the device, no matter the origins.
Sorry for the delay.

Greatuser123 said:
Hi bro, Nice to meet you and I did my best to help you out, as I spent some stress on this when I was one of the first people that suffered with this issue. And gladly you solved it, bro you misunderstood badly about I did not want to give you the qcn, I was going to give you my qcn file but first I was asking to you for some proof , photo of same phone as me and the package to know that you are not going to change or edit badly ( doing mischievousness) as you never sent the proof I did not send the qcn file.. you can re check again your messages. Bro
Click to expand...
Click to collapse
No no, please do not think I meant you by that. It was other users (understandably) that questioned my motives before you. I absolutely would have taken you up on your offer if I did not already have the phone on the way Either way, I really appreciate your help during this, and I hope you continue to help other users the same way you did for me.

decrypterfixer said:
This QCN came from a global device, but I imagine this could be used to recover the mobile at least temporary to fully fix the device, no matter the origins.
Sorry for the delay.
Click to expand...
Click to collapse
After a lot of heart ache and even making an EDL cable I could not get cell network back. I"ve sent it into ASUS to get fixed. I have made a few backups and will diff them when I get my device back so hopefully I can see what they have fixed so others don't have to experience this.

BlazingBullets said:
After a lot of heart ache and even making an EDL cable I could not get cell network back. I"ve sent it into ASUS to get fixed. I have made a few backups and will diff them when I get my device back so hopefully I can see what they have fixed so others don't have to experience this.
Click to expand...
Click to collapse
I can help u

Well done mate you will be a hero someday haha good job ?

Leevii2208 said:
I can help u
Click to expand...
Click to collapse
Please provide your support ouvertly here and not via social media!
I've edited your post; please refer to https://forum.xda-developers.com/oneplus-5t/how-to/telegram-chat-channels-forward-t3765018

not work
ty but not working or i did wrong. i wrote (change my imei, two way u and other program) and post new "good.qcn" (i see finished in QPST Software). i restart phone but nothing change. i think phone in document just "read-only".

I want redmagic 3 qcn file

good job bro
Is it works for rog phone 3?

I can't find that hex
hello friends 08 3A 85 99 99 99 99 99 99 no found please help me

Hi, perfect post friend. Im try backup qcn to my Rog Phone 3, but when try said Satuts: Memory Backup Failer and Errors: Disr Error while write to file, any solution to this? I appreciate your help.

decrypterfixer said:
OOPS!
You were following guides on XDA, and throwing random commands in ADB from the posts under the guides (DON'T DO THIS!) and now your slick new ROG phone 2 doesn't have mobile data, calls, wifi, or bluetooth. You quickly find out that flashing the phone with any firmware old or new, doesn't help you, as this issue is directly linked to your chip in your phone.
I quickly found that I needed a QCN file from someone with a rog 2 phone, however I could not get any help here on XDA except from the user Greatuser123, who did not want to give out his QCN file (understandably), but did send me some notes to try and help with other tools.
With nothing working, and no QCN file, I ordered another ROG 2 and waited for it in the mail. After it got here, I quickly extracted the QCN file, replaced the IMEI's in it, and used QPST to restore my phone.
I am simply writing this guide with the generic QCN file with my info masked out of it, so no one has to go through what I went through.
Common issue
This most commonly happens with ROG 2 Phones from the commands:
DO NOT RUN THESE COMMANDS UNLESS YOU KNOW WHAT YOU ARE DOING!
(spaced command to ensure no one runs this!)
On most phones, on a reboot, these partitions would be restored on reboot, but not on most ROG's.
Prerequisites
Rooted Phone
QPST
Qualcomm USB drivers
IMEI Converter
Platform Tools
The Fix
Follow the above root linked video, or find the root thread for your phone here on XDA, and root your phone. This will not work unless you are rooted, although I do not know how you would get into this mess without having your phone rooted already.
Install QPST tools
Install Qualcomm USB drivers
Download the attached zip "good_qcn.zip" and extract the .QCN file anywhere on your machine
Open the .QCN file with any Hex Editor (I used HxD) and search for the Hex-Values: 08 3A 85 99 99 99 99 99 99
NOTE: There will be TWO locations with this value. This is where your IMEI_1 and IMEI_2 will go. Your IMEI_2 goes into the FIRST occurrence, while your IMEI_1 goes in the second.
Download the IMEI Converter app and type in your IMEI_1 and click "Convert", place the converted hex output into a notepad or similar
Do the same for your IMEI_2 and place it in the same location
Now that you have the HEX version of both your IMEI's, paste your IMEI_2 in the FIRST occurrence of the fake IMEI in the QCN file
Paste your IMEI_1 in the last occurrence of the fake IMEI and now save your new .QCN file.
Ensure your device is in USB Debugging Mode.
Download and extract the Platform Tools if you do not have them already.
Plug your phone into your computer using either port
Navigate to your extracted Platform Tools and in a Command Line type "adb devices" to ensure your device is visible.
Run a shell with "adb shell" and elevate your permission with "su"
Now it is time to enable Diag mode by running "setprop sys.usb.config rndis,diag,adb"
At this time, if you installed the Qualcomm Drivers, your device manager should have a port similar to "Qualcomm HS-USB Diag". If not keeping trying to re-enter diag mode and ensure the drivers are correct.
Open up "QPST Configuration" which was installed earlier. You should see your phone listed under "Active Phones". Click "Start Clients" -> "Software Download"
The Port field of the QPST Software Download should list your phone, if not something is wrong.
Click "Restore", and in the xQCN field, click "Browse", change the file type from XQCN to QCN, and select your newly made QCN file
Click "Start", and once the process is done, restart your phone
Conclusion
If all went well, your phone should now have all its bells and whistles again. Sometimes it may require a Factory Reset, and this should always be the practice anyways. If you have mobile data, but only H+ or EDGE, dial *#*#4636#*#* on your phone and ensure LTE is provisioned.
Good luck guys!
Special thanks to: Greatuser123 for helping when no one else would, and HomerSp for his many useful guides that some tools and knowledge was borrowed from.
Click to expand...
Click to collapse
I tried it till finish, but when I check, I lost my wifi mac address (status unavailable) and my imei still unknown. And now I wanna retry, I stuck at QPST Configuration application at step 17, it sometimes detected the phone, sometimes don't, it make me can't continue to click "star clients", (check in device manager, nothing wrong). can you help me?

sure which device rog 2 or 3?

gjkhan said:
sure which device rog 2 or 3?
Click to expand...
Click to collapse
uhhg that's a issue just download visual c++ redistributable 2010 sp1 x86 and it should be fine

gjkhan said:
sure which device rog 2 or 3?
Click to expand...
Click to collapse
Rog2. The port keep blinking when in QPST Tools, sometimes it detected, sometimes don't, so I can't copy the qcn to the phone. And also I don't know what's wrong with the qcn, I had follow the instruction, but it not works

hmmm use another pc or cable.

gjkhan said:
hmmm use another pc or cable.
Click to expand...
Click to collapse
Try itt but problem still persist