Hi, all! Please, help me to solve my problem
Yesterday i tried to build custom ROM image for my PDA and failed .
I made following steps:
1. I made a backup of the existing ROM using mtty and SD card. The result was the 29mb raw file
2. i downloaded the last ROM update from the HP site, extracted it and obtained the ceos.nbf file.
3. Next, i tried to use prepare_imgfs and viewimgfs utilities whith both files.
4. After using prepare_imgfs i got, as expected, the imgfs_raw_data.bin file
5. But when i used viewimgfs, it couldn`t find any data in that file! Here is it's output:
Code:
guidBootSignature: F8 AC 2C 9D E3 D4 2B 4D BD 30 91 6E D8 4F 31 DC
dwFSVersion: 00000001
dwSectorsPerHeaderBlock: 00000001
dwRunsPerFileHeader: 00000001
dwBytesPerHeader: 00000034
dwChunksPerSector: 00000008
dwFirstHeaderBlockOffset: 00000200
dwDataBlockSize: 00001000
szCompressionType: LZX
dwFreeSectorCount: 00013620
dwHiddenSectorCount: 00000100
dwUpdateModeFlag: 00000000
Address: 00000200, dwBlockSignature: 00001D20
dwNextHeaderBlock: FFFBFFFF (size: FFFBFDFF)
Header type: 2F5314CE, Addr: 00000208
Unknown header type, FS_DATA_TABLE??
and more messages like that.
Can anyone tell me, where is the problem?
PS sorry for terrible English
stanru1 said:
Hi, all! Please, help me to solve my problem
Yesterday i tried to build custom ROM image for my PDA and failed .
I made following steps:
1. I made a backup of the existing ROM using mtty and SD card. The result was the 29mb raw file
2. i downloaded the last ROM update from the HP site, extracted it and obtained the ceos.nbf file.
3. Next, i tried to use prepare_imgfs and viewimgfs utilities whith both files.
4. After using prepare_imgfs i got, as expected, the imgfs_raw_data.bin file
5. But when i used viewimgfs, it couldn`t find any data in that file! Here is it's output:
Code:
guidBootSignature: F8 AC 2C 9D E3 D4 2B 4D BD 30 91 6E D8 4F 31 DC
dwFSVersion: 00000001
dwSectorsPerHeaderBlock: 00000001
dwRunsPerFileHeader: 00000001
dwBytesPerHeader: 00000034
dwChunksPerSector: 00000008
dwFirstHeaderBlockOffset: 00000200
dwDataBlockSize: 00001000
szCompressionType: LZX
dwFreeSectorCount: 00013620
dwHiddenSectorCount: 00000100
dwUpdateModeFlag: 00000000
Address: 00000200, dwBlockSignature: 00001D20
dwNextHeaderBlock: FFFBFFFF (size: FFFBFDFF)
Header type: 2F5314CE, Addr: 00000208
Unknown header type, FS_DATA_TABLE??
and more messages like that.
Can anyone tell me, where is the problem?
PS sorry for terrible English
Click to expand...
Click to collapse
i would like to know an answer for this too. thanks
I found solution to extract files, but i couldn't find out how to pack it back...
To unpack files, you need:
1. the Perl interpreter
2. script, which can be found on http://forum.wce.by/viewtopic.php?p=78923#78923
3. You must replace $A and $S variables with your values:
$A is the address of the beginning of the imgfs block. It can be found using WinHex and F8AC2C9DE3D42B4DBD30916ED84F31DC signature. $S is size of imgfs block. It can be found with signature E9FDFF. You must find the table of partitions, and take 4 bytes as it's shown on the screenshot, in the reverse order. (00 C0 BD 00 -> 00BDC000)
For example, for iPaq1950 rom, taken from HP update, values are:
$I = "CEOS.nbf";
$O = "bigbrother.bin";
$A = 0x003BB55A;
$S = 0x0000BDC0;
After Perl script ends it's work you can use imgfsToDump or viewimgfs tools.
For this solution HUGE thanks to Gvr.
stanru1 said:
I found solution to extract files, but i couldn't find out how to pack it back...
To unpack files, you need:
1. the Perl interpreter
2. script, which can be found on http://forum.wce.by/viewtopic.php?p=78923#78923
3. You must replace $A and $S variables with your values:
$A is the address of the beginning of the imgfs block. It can be found using WinHex and F8AC2C9DE3D42B4DBD30916ED84F31DC signature. $S is size of imgfs block. It can be found with signature E9FDFF. You must find the table of partitions, and take 4 bytes as it's shown on the screenshot, in the reverse order. (00 C0 BD 00 -> 00BDC000)
For example, for iPaq1950 rom, taken from HP update, values are:
$I = "CEOS.nbf";
$O = "bigbrother.bin";
$A = 0x003BB55A;
$S = 0x0000BDC0;
After Perl script ends it's work you can use imgfsToDump or viewimgfs tools.
For this solution HUGE thanks to Gvr.
Click to expand...
Click to collapse
Very nice thanks.
If you find a way to repack it, it would be even better. I actually want to use this method for the hp1930. My problem is that there are no official updates for this model, so I have no shipped roms. Only a sd image dump.
What type of image is the sd dump? dnf or .bin (raw) ?
I think, it`s a raw dump. In any case, imgfs is the same on both images.
stanru1 said:
I think, it`s a raw dump. In any case, imgfs is the same on both images.
Click to expand...
Click to collapse
thanks again
any idea on how to get start address and size from a sd image? I can't find those signatures in the dump
thanks
The signatures may differ in case of the specific image. If you whant, i could look at your file, if you upload your rom into the Rapidshare or the same file-uploading service and give me the link
stanru1 said:
The signatures may differ in case of the specific image. If you whant, i could look at your file, if you upload your rom into the Rapidshare or the same file-uploading service and give me the link
Click to expand...
Click to collapse
thanks man,
I'm uploading to rapidshare right now.
the image was created using a 64mb sd so the image size might be a bit longer
edit :
this is the link: http://rapidshare.com/files/25438977/1930.rar.html
any updates on how to modify a sd image?
Checkout:
http://forum.xda-developers.com/showthread.php?t=625014
Download http://sourceforge.net/projects/androidhtc/files/
confirm working data and testing 3d now
For newer build this should work ALOT better
____________________________________________________________________
Tin boot has now been ported thanks to DZO.
Latest Builds [from me(22/1/10)]:
http://www.megaupload.com/?f=SA71F1MT
Quiet Builds (Doesnt display kernel text):
http://www.megaupload.com/?f=04HIVHK7
The easiest way to test is to download this:
http://www.mediafire.com/?zldjhfnkzk2
and copy androidinstall.tar to your sd card before flashing.
Working:
Calls,Data,Camera
Not Working:
Bluetooth,wireless,google audio search/dial
If you have a different panel type you can always change it after it's booted by doing "echo 1 > /sys/module/board_htckaiser/parameters/panel_type" from adb or /init
It currently doesn't seem to boot from a soft reset, just pull the battery to reboot.
**FLASH at your own risk***
Please remember to donate:
dzo donation link
Thanks also to:
rzk333
_____________________________________________________
After looking into dzo's code for tinboot its seems possible to port it to kaiser. has anyone started porting it over?
i presume the initial steps should be mapping the kaiser nand, then expanding the kernel to boot initialize the hardware correctly. Since im sure serveral people must be working on this i thought a thread here would help maximize our efforts.
Any help you can offer dzo would be grateful.
Added link to tinboot code:
Tin boot git
mainly for reference:
An example Vogue rom payload MBR:
Part1: 0100 203f 0118 0200 0000 3e06 0000 0000
Part2: 0119 233f 0133 4006 0000 c006 0000 0000
Part3: 0134 253f 41d4 000d 0000 0068 0000 0000
Part4: 41d4 043f c13f 0075 0000 005b 0100 55aa
An Example Kaiser rom payload MBR:
Part1: 0100 203f 0100 0200 0000 3e00 0000 0000
Part2: 0101 233f 0116 4000 0000 8005 0000 0000
Part3: 0117 253f 81de c005 0000 00b2 0000 0000
Part4: 81df 043f 81a9 c0b7 0000 c0f2 0000 55aa
Tin Boot MBR:
Part1: 0100 233F 0118 0200 0000 be05 0000 0000 : LBA: 00000002 (2) Sectors: 05be(1470) FS:RAWFS
Part2: 0119 233f 0133 c005 0000 0000 0000 0000 : LBA: 000005c0 (1472) Sectors: 0000 (0) FS:RAWFS
Part3: 0134 253f 0134 c005 0000 4000 0000 0000 : LBA: 000005c0(1472) Sectors: 0040 (64) FS:IMGFS
Part4: 0135 043f c13f 0006 0000 0000 0000 55aa : LBA: 00000600(1536) Sectors: 0000 (0) FS:Unknown
first attempts have resulted in phone just rebooting, anyone able to help with this?
Man, I would love to help but I have too many projects on my plate right now. I do really appreciate your efforts! I'm not sure I can beta test, as my Kaiser is my main phone...
not even up to the stage of beta testing yet. just help with porting :
Code:
@
@ Tinboot V 1.0
@ Very simple bootloader for HTC Vogue
@ Martin Johnson - [email protected]
@
.equ MTYPE, 1553
.equ RAM_START, 0x10000000
.equ RAM_SIZE, 0x08000000
.equ INITRD_START, RAM_START+0x00800000
.equ KERNEL_OFFSET, 0x8000
.equ XIP_END, 0x2ff000
.org 0
b boot
.org 0x40
.word 0x43454345
.word romhdr+0x80000000 @ location of wince romhdr
.word romhdr
.org 0x100
tags: .word 5,0x54410001,1,0x1000,0 @ ATAG_CORE, pagesize=4K
.word 4,0x54410002,RAM_SIZE,RAM_START @ ATAG_MEM
.word 4,0x54420005,INITRD_START,fin-initrd @ ATAG_INITRD2
cmdline_start: .word (cmdline_end-cmdline_start)/4,0x54410009 @ ATAG_CMDLINE
.ifdef x428
.asciz "mddi.width=320 mddi.height=428 mtdparts=msm_nand:[email protected](boot),[email protected](root),[email protected](system),[email protected](userdata)"
.endif
.ifdef x480
.asciz "mddi.width=320 mddi.height=480 mtdparts=msm_nand:[email protected](boot),[email protected](root),[email protected](system),[email protected](userdata)"
.endif
.ifdef x320
.asciz "mddi.width=240 mddi.height=320 mtdparts=msm_nand:[email protected](boot),[email protected](root),[email protected](system),[email protected](userdata)"
.endif
.align
cmdline_end: .word 0,0 @ ATAG_END
.org 0x00001000
boot: ldr r0,initrd_ptr
ldr r3,fin_ptr
ldr r1,ird_start_ptr
copyinitrd: ldr r2,[r0],#4
str r2,[r1],#4
cmp r0,r3
blo copyinitrd
mov r0,#0
ldr r1,mtype
ldr r2,tags_addr
ldr pc,kernel_start
mtype: .word MTYPE
initrd_ptr: .word initrd+RAM_START
fin_ptr: .word fin+RAM_START
ird_start_ptr: .word INITRD_START
kernel_start: .word 0x10008000
tags_addr: .word 0x10000100
romhdr:
.word 0x0 @ dllfirst
.word 0x0 @ dlllast
.word 0x80000000 @ physfirst
.word 0x80000000+fin @ physlast
.word 0 @ num mods
.word 0x80000000+fin @ ramstart
.word 0x80000000 @ ramfree
.word 0x88000000 @ ramend
.word 0 @ copyentries
.word 0x80000000 @ copyoffset
.word 0 @ profilelen
.word 0 @ profileoffset
.word 0 @ numfiles
.word 0 @ flags
.word 0x20 @ fsrampercent
.word 0 @ drvglobstart
.word 0 @ drvgloblen
.word 0x201c2 @ cputype/flags
.word 0x80000000 @ pextensions
.word 0 @ trackingstart
.word 0 @ trackinglen
.org KERNEL_OFFSET
kernel:
.incbin "../arch/arm/boot/zImage"
initrd:
.incbin "../../bootenv/initrd-mini.gz"
.align
fin:
.org XIP_END-0x20000,0xff
.incbin "emptyimgfs"
@rootfs:
@.incbin "../../bootenv/rootfs.yaffs"
@.org rootfs + 0xd80000
Ive check the partition sizes and they should be ok for the kaiser? so must be something im missing in here?
Ive check the partition sizes and they should be ok for the kaiser?
Click to expand...
Click to collapse
check bootloader log from mtty, it must say something like this
Code:
OEMTranslateBaseAddress 23 80000000 80000000
IPLMSG:0x8:INFO: Loading image ...
IPLMSG:0x9:INFO: Jumping to image...
OEMLaunchImage 80000000
Jump to Physical Address 10300000
*Disconnect*
0x10300000 is your RAM_START,
0x00300000 is shift from Vogue addresses, that dzo catched from logs.
all you need is shift RAM_START, kernel_start and tag_addr addresses in bootloader and change MTYPE, then change prompt to yang to make capable nbh for kaiser.
I now working on tinboot for Nike, it have similar hardware to kaiser. Kernel boots, but now stops on some rpc_call, but that I think I can fix.
sorry for bad english and good luck with tinboot on kaiser
Wow thanks for your help, wouldnt have thought of looking there. Thanks
rzk333 said:
check bootloader log from mtty, it must say something like this
Code:
OEMTranslateBaseAddress 23 80000000 80000000
IPLMSG:0x8:INFO: Loading image ...
IPLMSG:0x9:INFO: Jumping to image...
OEMLaunchImage 80000000
Jump to Physical Address 10300000
*Disconnect*
0x10300000 is your RAM_START,
0x00300000 is shift from Vogue addresses, that dzo catched from logs.
all you need is shift RAM_START, kernel_start and tag_addr addresses in bootloader and change MTYPE, then change prompt to yang to make capable nbh for kaiser.
I now working on tinboot for Nike, it have similar hardware to kaiser. Kernel boots, but now stops on some rpc_call, but that I think I can fix.
sorry for bad english and good luck with tinboot on kaiser
Click to expand...
Click to collapse
how did you find the tag_addr and kernel_start address for the Nike? - Nerver mind , got it to boot upto the same RPC_Write error now, thank you
managed to get past the rpc_write error, commented it out, now invalid root device, presume a kernel driver problem. thought you might want to know for the nike? /kernel/drivers/ contains the error.
now we must dump a whole NAND and find there a partiton table. there we must find a XIP start address, for vogue it is 0x1600000. we need this to map NAND for this command from cmdline
Code:
mtdparts=msm_nand:[email protected](boot),[email protected](root),[email protected](system),[email protected](userdata)
this is means: 3MB on x1600000 for kernel, 13.5M for rootfs on 0x01900000 and etc, without that, kernel will panic/freeze due to inaccessible root device in memory.
hello,
great explain. If you want, i was to posssibility to flash my nand kaiser.
Just write me and i trying your work and report it.
Willou
i beleieve there is also a problem with:
Code:
.equ INITRD_START, RAM_START+0x00800000
it should load the initrd before trying to switch to rootfs, and it doesnt?
Also the partition data is stored in the generated output.nb.payload so that should actually be the same as starting point
Thats great news, am able to do beta tests for you guys, as my Kaiser is my secondary phone nowadays. am able to help trouble shoot and search for problems. pm me if you want my gtalk account.
Great initiative
Great initiative! I wish I was able to help, but unfortunately my abilities leave much to desire. so all I am able to offer is words of encouragement ...
it should load the initrd before trying to switch to rootfs, and it doesnt?
Click to expand...
Click to collapse
yup, kernel skips it, because initrd is on wrong shift in rom, that is because RAM_START/NAND start are wrong, I guess.
Do you have the same problem on the nike?
yes, everything are equal on this stage of loading kernel, due to same hardware. I have no progress now.
Excellent work. I'm no expert by any means but I'll see if I can help at least port the code over. Yet another bookmarked thread to the list
I there, my Kaiser is just only for personal tests (flashing, testing betas and android)
I can help you with my phone, but i don't writing any code... just for test!
Sorry for my bad english, i'm french
Excellent work.
Click to expand...
Click to collapse
excellent work of dzo thanks go to him.
tinboot repo updated for some changes related to kaiser, now pointers are calculated dynamicly and kaiser have own compile script. nand loading turned off cuz we don't now know start address. this should help to pass bug with initrd.
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
DaarkZek said:
In the 9.0 roms there is a Phh settings > Huawei > disable fingerprint settings. Don't know if it works on Nokia's though
Click to expand...
Click to collapse
There is no such setting in "Phh settings" unfortunately
Here is a logcat of when I double tap the fingerprint scanner. It triggers the volume down for some reason.
If someone could figure out what is the cause, it would be great
f
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
phhusson said:
f
Should be easy to fix
Please run getevent in adb shell, then do all the fingerprint gestures, then paste everything the getevent command said here.
Click to expand...
Click to collapse
I havent had the issue after I updated the Nokia 7 Plus firmware to Pie November before installing any GSI. But I did the getevent command anyway, in case it helps
Output:
Code:
phhgsi_arm64_ab:/ # getevent
add device 1: /dev/input/event6
name: "sdm660-snd-card-b2n Button Jack"
add device 2: /dev/input/event5
name: "sdm660-snd-card-b2n Headset Jack"
could not get driver version for /dev/input/mice, Not a typewriter
add device 3: /dev/input/event2
name: "goodix_fp"
add device 4: /dev/input/event4
name: "gpio-keys"
add device 5: /dev/input/event3
name: "hallsensor"
add device 6: /dev/input/event1
name: "fts_ts"
add device 7: /dev/input/event0
name: "qpnp_pon"
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006a 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0069 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0067 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 006c 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000001
/dev/input/event2: 0000 0000 00000000
/dev/input/event2: 0001 0072 00000000
/dev/input/event2: 0000 0000 00000000
I first tapped the fingerprint scanner, then swipped the scanner from left to right, then right to left, down to up, up to down and then double tapped it
Neffarion said:
Hello, I have installed multiple GSI's on my phone (Nokia 7 Plus). Most of them work OK, although they all seem to have something in common. They all have fingerprint gestures which can't be turned off. I have tried to find a toggle but there's is none on any ROM. It does get really annoying, as soon as my finger gets near the fingerprint scanner, the volume starts changing because of it.
Anyone know a way to disable it? thanks
Click to expand...
Click to collapse
best way to check is compare between generic.kl present in system/user/keylayout with any of the generic.kl of your device with another ROM having no problem...
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Is there a solution for this problem yet?
I've the same problem with my MI a2 lite. Everytime I touch the sensor the volume button shows up.
I've thus problem with all custom gsi roms, but not with the stock rom.
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
eremitein said:
just put this file to /system/system/usr/keylayout/uinput-goodix.kl via twrp
Click to expand...
Click to collapse
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
cd492 said:
Do you mean copy this txt file to the keylayout directory?
Sent from my Phh-Treble vanilla using Tapatalk
Click to expand...
Click to collapse
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
eremitein said:
no
you need rename .txt file as uinput-goodix.kl and then move it to /system/usr/keylayout dir, where is Generic.kl file placed
Click to expand...
Click to collapse
Perfect thanks mate.
Sent from my Phh-Treble vanilla using Tapatalk
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Hey, I tried following this. But I have a few questions.
1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling.
2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz).
Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working?
Thanks
kamiyaa said:
Hey, I tried following this. But I have a few questions.
1. you show the values of 00441, 00946, 02954 that are set when in automatic/US and original. Are there any changes to make to these? When I set to Automatic, I get 'mobile network unavailable' when making a call. When I set it to US, it switches between B2 and B5 when calling.
2. After setting 01877, 06828 and 65633 to the modified values, I am still unable to connect to #25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz).
Namely, when I open up Network Signal Guru and make a call, it switches between B2 and B5. Any idea why this is and how to get B4 1700 3g umts working?
Click to expand...
Click to collapse
Well, setting to Automatic shouldn't mask any bands enabled in rf_bc_config, at least not for any of the rf_bc_config settings that I examined. I don't have a T-Mobile SIM card, however, so I wasn't able to confirm that WCDMA Band IV was picked up when you set bit #25. If you set it to U.S. Mode, however, it will definitely get masked.
The one thing I would recommend, however, is to avoid using Preferred Roaming Lists (PRLs) in the Set Preferred Network Type setting.
For example, my instinct was to use LTE/UMTS auto (PRL), which should prefer 4G connections and fall back to 3G when unavailable. However, I've had consistently better luck getting 4G connections when I use the default LTE/TD-SCDMA/UMTS setting. On the AT&T Wireless network we'll never use TD-SCDMA, but PRLs seem to be causing problems and there's no plain LTE/UMTS option. The PRL indicates which bands, sub bands, and service provider identifiers will be scanned and in what priority order, and I just don't believe these are configured correctly on this phone for North America.
Hello,
Sorry to bother you, but may I ask a few stupid questions?
I don't know much about how this works, but I've got a Mi A2 and I've seen you managed to unlock band 28 for LTE in the Lite version, and that is the only band I'm missing in my country. Is this that hard to do, and possible in the regular A2 version? I need to unlock bootloader and root for this, right? If it's not difficult, I would appreaciate some instructions if you don't mind
Thanks!
Magendanz said:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
Click to expand...
Click to collapse
Well i have tried switching here to test different ones and now it looks i cant access internet anymore :'(
even if i have the 4G logo on my network, the traffic is like stopped, chrome or any app say i am not connected.
If anyone have any idea to get it back? Thanks in advance ( i use french 4G network, Bouygues Telecom)
Antho02 said:
If anyone have any idea to get it back?
Click to expand...
Click to collapse
Original values are posted above, which you can write back pretty easily with QXDM. Also, if you made a QPST backup (which I recommend), you can restore from that.
I tried this, but it killed vodafone UK LTE, also, what subscription do you use for dual sim?, thats got to mess things up if you dont tick it on dual sim phones??, because i didnt choose dual sim it only edited sim1, so if you know the subscription method could you please post.
Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English!
marcos1979 said:
Hi, I'm trying to unlock the band 28 but I can not install the drivers. Could you tell me which are the correct drivers? Thank you and sorry for my lousy English!
Click to expand...
Click to collapse
enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10
boe323 said:
enable the port and just update in devices, under ports, the driver in this thread isnt mi a2 lite diagnostic driver, windows installs the correct one if your using latest win 10
Click to expand...
Click to collapse
Sorry to insist with these questions, it's my first time with Xiaomi. The steps I take are the following and I can not install the drivers (the devices do not appear in the Windows Device Manager) and I can not install QPST either:
* Enable USB debugging
* Activate USB Diag (*#*#717717#*#*)
* Connect the phone
Only "Android Composite ADB Interface" is observed in the Device Manager.
The installation of QPST is canceled before completion.
Is it necessary to enable root?
Is it necessary to unlock the bootloader?
Sorry, as I said it's my first time with Xiaomi, I come from Motorola. I need to enable band 28 to have better coverage here in Argentina because in my area it is very bad without that band.
Additional data:
Xiaomi Mi A2 Lite (M1805D1SG)
Build number: PKQ1.180917.001.V10.0.4.0.PDLMIXM
Windows 10 Pro x64 (1809)
Thanks and, again, sorry for my English (Google translator)
OK, I was able to make everything work !!!
I used "TOOL_ALL_IN_ONE_1.1.1.2" to install the ADB drivers and from there the other drivers were installed. Also, I used "QPST 2.7 Build 474" and "QXDM 0.3.12.714"
A new question: I need to only enable band 28 for LTE (the others are compatible with those used in my country), is it OK to only modify line 6828 (LTE_BC_CONFIG) to the value "687329509599"? Am I doing things right?
The tests I will do tomorrow in an area where there is bad coverage of band 4 and good band coverage 28.
Thank you!!!
im not sure, make a note of original values and do your own testing, post back with your findings.
boe323 said:
im not sure, make a note of original values and do your own testing, post back with your findings.
Click to expand...
Click to collapse
Edited:
I confirm that the band 28 is not enabled since it does not connect in the area of low coverage in band 4. I suspect that is because I could not modify the line 65633 (lte_band_pref) for the error nv status error received: command unrecognized.
please, I need help to modify that! Thank you!
thanks for your help.
the only thing I could not do is edit line 65633 lte_band_pref, it gives me read error (nv status error received: command unrecognized). what am I doing wrong?
Do I need to enable root? Do I need to unlock the bootloader?
Thanks!
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse
Hello, sorry for insisting. I was able to edit the item 06828 lte_bc_config and put it in 687329509599 (1010000000001000000010000000000011011111) (Bands 1-5, 7-8, 20, 28, 38, 40) but I still do not have coverage in band 28 although other phones do have in the Same location and with the same provider.
After enabling root and touching several things (Install Network Signal Guru -> Clear Forcings and I do not know if I have played anything else), I can read line 65633 lte_band_pref and it appears in 0x0000FFFFFFDF3FFF (111111111111111111111111110111110011111111111111) (Bands 1-14, 17-21 , 23-48) (?) So I assume that band 28 would be enabled. In Network Signal Guru I can see that band 28 is enabled but I still can not connect to it. Is there something I'm missing? Could it be a SIM problem? (I use a SIM that was cut to nanoSIM) Could someone unblock band 28 and connect to it?
Any help will be welcome!
Thank you!
PS: I was not sure whether to edit the previous post or create a new one. If I am doing wrong, please delete the previous one.
(Using Google Translator)
I'm having the same problem trying to get LTE Band 17 enabled for AT&T Wireless. I can read both lte_bc_config and lte_band_pref in QXDM to confirm that it *should* be enabled, but it's not picking up the nearby towers. That has me suspecting that this is due to lack of support in the power amplifier. When I look in Network Signal Guru it's not even listing Band 17, however, so there may be something else that we're missing.
I did just pick up another Mi A2 Lite, and so I've got test hardware (that isn't my primary phone) to investigate further.
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse
How did you enable band 28 ? Can you recommend any article on that kindly
Samuelah said:
How did you enable band 28 ? Can you recommend any article on that kindly
Click to expand...
Click to collapse
I followed the steps in my OP exactly (and there are links there to my sources), but was unable to test band 28 & 41 because my service provider doesn't use them. I just know that they now show as enabled in Network Signal Guru.
B28 unlocked
Its worked for me I have tested 700 mhz ( B28 ) is unlocked
add carrier aggregation lte-a 4g+
If you want lte-a in mi a2 lite for frequency added (support 2*2 carrier aggregation only ( 2*frequency )) so Its Enable LTE Advanced I have found guide for mi a1 but its work for this devices too here :https://forum.xda-developers.com/mi-a1/how-to/guide-enable-4g-lte-carrier-aggregation-t3894282
good modding :good:
Magendanz said:
As has been documented on many XDA forums, we can make modifications to NVRAM on Qualcomm devices to unlock RF and LTE bands that have been disabled by the OEM. I decided to take a crack at this on the Mi A2 Lite with some mixed results, and am looking for suggestions. First of all, here are the "secret" phone codes that you'll need:
Enable Diagnostics Mode: *#*#717717#*#*
Info Menu: *#*#4636#*#*
From this last, there's a Phone Info section that allows you to set the Preferred Network Type. By default, this is LTE/UTS auto (PRL), where PRL stands for Preferred Roaming List. In the page menu, there's also Select Radio Band, which allows you to select either Automatic or United States.
For details on how to make changes to NVRAM on Qualcomm phones, I'll direct you to this thread for the Xiaomi Mi Note Pro. Here are the relevant values:
Code:
ID Desc Category Original Value Modified Value
01877 rf_bc_config CDMA 562950035735424 562950069289856
06828 lte_bc_config LTE 687195291871 1787696847071
65633 lte_band_pref System 0x000000A0000800DF 0x0000FFFFFFFFFFFF
ID Desc Category Original Value U.S. Automatic Cleared
00441 band_pref CDMA 0x0380 0x0000 0xFFFF 0xFFFF
00946 band_pref_16_31 System 0x04E8 0x04A8 0xBFFF 0x3FFF
02954 band_pref_32_63 System 131072 0 252116992 4294967295
For a better understanding of these values, I recommend this thread which includes RF band descriptions. Note that the band prefs (a.k.a. "forcings") can be cleared with Network Signal Guru (Cleared) or set with the Select Radio Band command (U.S. or Automatic).
Let's tackle the RF bands first. I used my Nexus 5X as a reference, since it was advertised by Google as having "universal" band support.
Code:
rf_bc_config (64-bit):
562950035735424 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
562950069306247 00000000 00000010 00000000 00000000 00000110 11101000 01000011 10000111 (Nexus 5X)
562950069289856 00000000 00000010 00000000 00000000 00000110 11101000 00000011 10000000 (Modified)
band_pref (64-bit):
131072 0x04E8 0x0380 00000000 00000010 00000000 00000000 00000100 11101000 00000011 10000000 (Original)
0 0x04A8 0x0000 00000000 00000000 00000000 00000000 00000100 10101000 00000000 00000000 (U.S. Mode)
252116992 0xBFFF 0xFFFF 00001111 00000111 00000000 00000000 10111111 11111111 11111111 11111111 (Automatic)
So, we're just looking at unlocking the following RF band for T-Mobile support:
#25 WCDMA Band IV - US T-Mobile (AWS) (1700 MHz)
On LTE we're getting a bit more aggressive:
Code:
lte_bc_config (64-bit, of which 44 bits relevant): Bands Active:
687195291871 0000 10100000 00000000 00001000 00000000 11011111 1-5,7-8,20,38,40 (Original)
1099830990943 0001 00000000 00010011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,29,41 (Nexus 5x)
1100502079583 0001 00000000 00111011 00001001 00011000 01011111 1-5,7,12-13,17,20,25-26,28-30,41 (Pixel)
1787698289887 0001 10100000 00111011 00011111 00011100 11011111 1-5,7-8,11-13,17-21,25-26,28-30,38,40-41 (Pixel 2)
1787696847071 0001 10100000 00111011 00001001 00011000 11011111 1-5,7-8,12-13,17,20,25-26,28-30,38,40-41 (Modified)
1787696847071 0001 10100000 00001000 00001000 00000000 11011111 1-5,7-8,20,28,38,40-41 (Actual)
My goal was to add LTE bands 12-13, 17, 25-26, 28-30 & 41, but as you can see I was only successfully able to add bands 28 & 41. In particular, LTE band 17 is critical to AT&T Wireless in the U.S.
Does anyone understand why some bands were unable to be unlocked, even after setting lte_band_pref to allow pretty much anything? Are there additional NVRAM settings that I missed, or is this due to lack of support in the power amplifier? Does anyone even know the model of power amplifier used in this phone?
Click to expand...
Click to collapse