Hello, I am a Korean user who likes htc very much. I have shared how to activate tta-volte volte to the developer of gsi Viper, who develops a lot for htc products, although my English is not good enough, and I'll give you some information now.
It has been 10 years since HTC already closed its business in Korea, so there is no Korean telecommunications company or supplier file, and it does not sell. It's sad. Anyway, let me explain. Originally, HTC products were not allowed to open Qualcomm ports, but only U12+ can open Qualcomm ports
(adb shell - su - setprop sys.usb.config rndis,diag,adb)
Volte in Korea is an independent tta-volte method, so I have the same Qualcomm Snapdragon 845 and I extracted efs files and mbn from Sony Xperia xz2 Korean version firmware, which was officially released in Korea, and pasted them using Qualcomm epsproler.
If the communication company you are using has its own standard like Korea, you can replace the efs file in the same way as I do, and if that doesn't matter, please read the following immediately.
Note the HTC system folder. There is a secret in the system custom folder. First, if you look at customize - MNS folder, it's a number.I see xml. There is a secret in that number. The number is the carrier code. It's very simple. I found this. It was such a pleasure. Please correct the xml title. For example, it is 45008 because it is KT(koreatelecom) mcc:450 mnc:08 You can check the carrier's mcc, mnc(apn) and modify it to 45008.xml and if you look in the custom folder, there is mns_map.xml. Edit the file as text If you enter the 45008th place you changed earlier and reboot, you will be able to create a volte active menu on the existing phone app setup screen.
This is all, simple. When you add an xml (app:mcc+mnc) title in the mns folder, write and save the number that was just added in the custom folder-mns_map_xml text editor, and reboot, the htc phone app settings show the volte activation menu, and there are no other changes to the build-prop In the case of Korea, it was necessary to modify the efs file because it is volte in a nonstandard way.
Modifying directly to root file editor without module It's very simple. My last hope is that volte is possible at gsi and that htc will continue to announce new flagships and that htc users are all healthy, thank you.
*To you in Seoul*
htcmage said:
Hello, I am a Korean user who likes htc very much. I have shared how to activate tta-volte volte to the developer of gsi Viper, who develops a lot for htc products, although my English is not good enough, and I'll give you some information now.
It has been 10 years since HTC already closed its business in Korea, so there is no Korean telecommunications company or supplier file, and it does not sell. It's sad. Anyway, let me explain. Originally, HTC products were not allowed to open Qualcomm ports, but only U12+ can open Qualcomm ports
(adb shell - su - setprop sys.usb.config rndis,diag,adb)
Volte in Korea is an independent tta-volte method, so I have the same Qualcomm Snapdragon 845 and I extracted efs files and mbn from Sony Xperia xz2 Korean version firmware, which was officially released in Korea, and pasted them using Qualcomm epsproler.
If the communication company you are using has its own standard like Korea, you can replace the efs file in the same way as I do, and if that doesn't matter, please read the following immediately.
Note the HTC system folder. There is a secret in the system custom folder. First, if you look at customize - MNS folder, it's a number.I see xml. There is a secret in that number. The number is the carrier code. It's very simple. I found this. It was such a pleasure. Please correct the xml title. For example, it is 45008 because it is KT(koreatelecom) mcc:450 mnc:08 You can check the carrier's mcc, mnc(apn) and modify it to 45008.xml and if you look in the custom folder, there is mns_map.xml. Edit the file as text If you enter the 45008th place you changed earlier and reboot, you will be able to create a volte active menu on the existing phone app setup screen.
This is all, simple. When you add an xml (app:mcc+mnc) title in the mns folder, write and save the number that was just added in the custom folder-mns_map_xml text editor, and reboot, the htc phone app settings show the volte activation menu, and there are no other changes to the build-prop In the case of Korea, it was necessary to modify the efs file because it is volte in a nonstandard way.
Modifying directly to root file editor without module It's very simple. My last hope is that volte is possible at gsi and that htc will continue to announce new flagships and that htc users are all healthy, thank you.
*To you in Seoul*
Click to expand...
Click to collapse
What is the firmware version for your phone, can you support your explanation by images?
htcmage said:
Hello, I am a Korean user who likes htc very much. I have shared how to activate tta-volte volte to the developer of gsi Viper, who develops a lot for htc products, although my English is not good enough, and I'll give you some information now.
It has been 10 years since HTC already closed its business in Korea, so there is no Korean telecommunications company or supplier file, and it does not sell. It's sad. Anyway, let me explain. Originally, HTC products were not allowed to open Qualcomm ports, but only U12+ can open Qualcomm ports
(adb shell - su - setprop sys.usb.config rndis,diag,adb)
Volte in Korea is an independent tta-volte method, so I have the same Qualcomm Snapdragon 845 and I extracted efs files and mbn from Sony Xperia xz2 Korean version firmware, which was officially released in Korea, and pasted them using Qualcomm epsproler.
If the communication company you are using has its own standard like Korea, you can replace the efs file in the same way as I do, and if that doesn't matter, please read the following immediately.
Note the HTC system folder. There is a secret in the system custom folder. First, if you look at customize - MNS folder, it's a number.I see xml. There is a secret in that number. The number is the carrier code. It's very simple. I found this. It was such a pleasure. Please correct the xml title. For example, it is 45008 because it is KT(koreatelecom) mcc:450 mnc:08 You can check the carrier's mcc, mnc(apn) and modify it to 45008.xml and if you look in the custom folder, there is mns_map.xml. Edit the file as text If you enter the 45008th place you changed earlier and reboot, you will be able to create a volte active menu on the existing phone app setup screen.
This is all, simple. When you add an xml (app:mcc+mnc) title in the mns folder, write and save the number that was just added in the custom folder-mns_map_xml text editor, and reboot, the htc phone app settings show the volte activation menu, and there are no other changes to the build-prop In the case of Korea, it was necessary to modify the efs file because it is volte in a nonstandard way.
Modifying directly to root file editor without module It's very simple. My last hope is that volte is possible at gsi and that htc will continue to announce new flagships and that htc users are all healthy, thank you.
*To you in Seoul*
Click to expand...
Click to collapse
Dear htcmage,
Can you post the detailed step by step on how to do this?
Regards,
Brian
Related
The result of probably more than 100 hours of solo hackery: a working COM DLL for allowing any application to elevate itself to SYSTEM (root) permissions.
What you need:
An interop-unlocked HTC phone. Sorry second-gen and Arrive users.
A working HtcUtility driver. It's possible some HTC update at some point crippled this. It works for me; if it doesn't work for you let me know what updates you have.
What it does:
Allows changing the security token of any application to give that app unrestricted permissions. At this point, you can call any user-mode API, perform any operation, with full access.
It also allows you to read or write any value from memory, even kernel memory (this is how it modifes the security token).
What it can be used for:
Darn near anything. If it can be done while the phone is booted, you can do it.
What it can't be used for:
Modifying the ROM - the R and O stand for "read only" and they mean it.
Interop-unlocking a phone - it requires interop-unlock to get root in the first place.
How to use it:
In your app, include the HtcRoot.dll library.
Include the code from DriverAccessTest.cs in the test app (defines the COM API and enables using it).
Call the OpenHtcUtility function (will throw an exception if your device is incompatible).
Call the MakeMeRoot function (can also throw exceptions).
(OPTIONAL) Call the ReturnZeroIfRoot function to make sure your app is elevated (does not throw exceptions, will return an error code if you get one).
Do stuff with SYSTEM permissions (probably using another COM DLL, such as for registry or filesystem access).
Call the RestoreToken function (failure to do this *might* cause a kernel memory leak).
Call the CloseHtcUtility function (OS will probably handle this if program just exits).
What you can do right now:
Try the test app. It should pop up a series of messge boxes. Hopefully none of them say anything like "FAILURE".
Report any bugs or failures you discover.
Build things with this library, and publish them!
Breakdown of the download:
There are two folders in the ZIP, one for the Visual Studio 2010 C#/Silverlight XAP project, and one for the Visual Studio 2008 C++/COM DLL project.
The test XAP is in the HtcUtilityTest\bin\Debug folder.
The native (COM) DLL is also available in that folder, or under its own project.
If you want to mess with this, I'm going to assume you are already familiar with hybrid native/managed development for WP7. If not, Heathcliff74 has posted an excellent tutorial on this forum.
Special thanks to:
Heathcliff74 for the hybrid app tutorial and interop unlock info.
Paul_Hammons for the links and info about HtcUtility, the driver that makes this possible. Thread: http://forum.xda-developers.com/showthread.php?t=1434793
Supported devices / firmware versions / ROMs
All HTC devices (if interop-unlocked and with the right firmware numbers) should be compatible.
Some custom ROMs work, some do not. This will depend on the version of the firmware that the ROM's HtcUtility driver is taken from.
I believe I compiled the test app as Mango-only, but the native library doesn't care at all.
Compatible:
Stock ROMs with compatible firmware for HD7, Trophy, Mozart
HD2 (BttF [XBmod-Yuki] v2 SP1)
Not compatible:
Firmware version 2250.21.51004.401 or newer
Verizon Trophy firmware version 2305.13.20104.605 or newer
DFT ROM with build 8107, Firmware 5.10.401
Arrive (except on pre-Mango), Titan, Radar, Titan 2 (no interop-unlock)
Others are untested or results are incomplete.
Goals and future work:
Support more devices:
* Try and add support for newer firmware.
* Help ROM cookers ensure the library is supported.
* Look for similar openings in other OEM libraries.
Future-proofing:
* Allow installation of a mod to support this capability after known updates.
* Resilience against possible future updates.
* Allow users with incompatible devices to downgrade (possibly to NoDo), install the mod, and be able to use the phone after upgrading.
Improve the library:
* Fix some memory leaks.
* Clean up the code - remove dead code and improve comments.
* Allow reading/writing more than 4 bytes at a time from managed code.
* Add APIs to elevate other processes (by name or ID) to SYSTEM.
Develop homebrew around the library:
* Support accessing common APIs (filesystem, etc.).
* Resurrect the Advanced Explorer app, perhaps (registry and filesystem).
* Support native app launching on stock ROMs.
Also reserved
Reserved for OP #2
It does not work on HTC 7 Mozart (HTC Europe):
Error to Write the value 1337 to test address - System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning
Click to expand...
Click to collapse
OS: 7.10.7740.16
Firmware: 2250.21.51101.401
Radio: 5.71.09.02a_22.51.50.21U
Boot: 5.11.2250.1(133487)
Please include the full error message or a description of what went wrong.
Failure on fully updated devices is unfortunately possible - my phone is (intentionally) a few updates behind. I'm looking into ways to make it work anyhow (either sending an older CAB update to roll back, or using the root acess to create an unlocker/root-enabler that survives subsequent updates). I'm going to look into how the full-unlock ROMs differ from standard ROMs, and see if I can do the same thing in running software.
Does it works with custom roms?
If the custom ROM has a working HtcUtility driver, then yes. My goal is to unlock the kind of capabilities normally restricted to custom ROMs on stock firmware, though.
@bleh815: Thanks for the report. That's frustrating; it looks like it is capable of doing read but not write. Write might just be restricted in what addresses is allowed, or it might be disabled entirely (the driver gives the same error code for every problem that I've encountered so far). Time to figure out
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
B) what restrictions that update introduces
C) how to work around those resrtictions (possibly by downgrading and then using root access to add something that will still work after upgrade).
GoodDayToDie said:
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
Click to expand...
Click to collapse
I've just downgraded a mozart of mine back to stock NoDo (TMOB-DE) to find out which OEM update breaks (actually fixes) it.
Cool, thanks! It's one of the post-Mango HTC updates; a Microsoft update wouldn't have modified an HTC driver, and my phone has all the pre-Mango HTC updates but it still works.
.
..........
Hi, at first it says "SUCCESS!", then it says "Trying to open a file gives error 1260" and then it says "Now opening a file gives error 0" and finally "Finally, opening a file gives error 1260".
System informations:
OS=7.10.7720.68
Firmwareversion=2250.21.12200.162
Radio=5.68.09.05a_22.50.50.21U
Bootloader=4.6.2250.0(129185)
HTC 7 Trophy.
That is *exactly* the sequence of messages it is supposed to give!!
In particular, the messages I need to see are the "SUCCESS" (the rest is potentially interesting info, but not very important) and then the "Now opening a file gives error 0".
The "SUCCESS" means that a sequence of read/write tests succeeded.
The "Now... error 0" means that the process has been elevated to full permissions.
The "Finally... error 1260" means that the security token was successfully restored at the end, so it was unable to open the file again. This is the expected and correct behavior.
I don't recognize your Firmware Version number; I'm guessing it's specific to your phone. What method did you use to upgrade to Mango?
how do i install it?
Tried on interop-unlocked HTC Surround, not working Tested any call in VS debug mode - no luck at all.
I can confirm that it works with any OS version, from 7004 to 8107.79
On a HTC 7 Mozart (TMOB-DE) it works with firmware 2250.21.13201.111 (Stock NoDo ROM) but the hole gets fixed with 2250.21.51101.111 (1st Post-Mango HTC Update).
You guys are gods taking programming to a hole new level!
I wish to see ms take you all more serious and not let wp7 fail like minmo6.5 did!
I wish I could get on your level!
I realy need some help lerning basic silverlight my self!
But I have read how hybrid working ant this is just fantastic!
conradulations on all your developments so far you guys are truly amazing!
Oh, that code, beautiful reading that!
Thanks for sharing this learnfull code!
I'd like to try it on my Verizon HTC Trophy, I would love to get file access back....
I downloaded the package and I even have VS 2010 installed but beyond that I have no idea as I am not a programmer.
Can someone post a compiled XAP for us to try to see if our phone works with it or not ?
Or some step by step VS 201 directions to try would also be helpful.
@Ttblondey: *FACEPALM* The path to the test XAP is given in the opening post. You install the XAP on your phone using any XAP deployment tool. It requires that your phone be interop-unlocked; Heathcliff74 has a nice long thread about that. The app is called called HtcUtilityTest. Run it, and report the results. If you want to actually *use* the DLL, the instructions for doing that are given too but you need to write some code.
@sensboston: PLEASE give a more complete report! Success and error messages, at the least. Also, your phone version info. Thanks!
@bleh815: THANK YOU! I mean, it's a little annoying to know how far back this was fixed ("First post-Mango HTC update" means the one that was included *with* Mango for most people, or the one after that?) but good to know. Now, to look at exactly what they changed...
@jackrabbit72380: Thanks man! As for working with it yourself, like I mention below, I'm planning to provide a universal homebrew library that people can easily use to do whatever they want.
@fiinix: You're welcome! Honestly, I didn't expect anybody to call my mess of debug-commented and mildly hacky C++ "beautiful" but that hack itself *is* pretty awesome. My only concern with using it is the risk of a context switch causing the wrong app's token to get overwritten, and I should probably look into that, but I think it's OK for the moment. There are bigger fish to fry.
In the meantime, it should open up a huge list of capabilities for tools like your DllImport project. I'm currently considering reviving Advanced Explorer (like TouchXplorer + Registry Editor, but open source; was never ported to Mango though) using the root access instead of using ComFileRW and the provxml driver. Let me know what you want to do with it!
One other thing I'd like to add is the ability to easily elevate *another* process; it's not hard to do but I haven't written it yet. This could be handy for apps where we don't have the source code (for example, elevate Schaps registry editor, which uses low-privilege native code for browsing, so it can read *all* registry locations instead of just some of them).
@DavidinCT: Well, running the test app is easy, just install the XAP. It just runs a battery of tests though, it doesn't actually *do* anything useful. To get filesystem access, you'll need to write some native code (which means using Visual Studio 2008 and the CE/Smart Device plug-in, see Heathcliff74's toturial on the subject). Basically, you would first use this DLL (accessed via COM, you can look at my own C# code for how to do that) to opent he driver handle and elevate the process to root. You could then write your own COM DLL that uses the standard Win32 filesystem APIs (CreateFile, etc. - all are documented on MSDN) and exposes those APIs, or the results of them, to managed code via COM. Then, back in your phone app (the one that called into my HtcRoot DLL) you can call into your own DLL to access the file system.
If that's too big a leap, don't worry. I plan to release a general-purpose high-privilege homebrew DLL that exposes some of the most-used functionality (filesystem, registry, provxml, and other things by request), is easily extensible (possibly using something like the DllImport project, where you just specify the function you want to call and the DLL it's located in right from C#), and that will be a lot easier to hack with. You'll still need to know C# and basic Silverlight, but it'll be a lot easier (and hopefully useful without knowing any C++ or COM).
GoodDayToDie, you are amazing, always keeping me interested!
When starting the test xap, I get the below, it then goes into the "Page Name" and that's it.
Device Info here, running a FullUnlock DFT Rom by a Chinese dev from the DFT Forum.
Nonetheless, top work on getting this started and can't wait to keep reading about the progress!
XeKToReX
I've been working on a custom ROM for the Lumia 1520.3 RM-938 32gb.
The variant info for the model I'm working with is below.
I wanted to know if there were any users out there US or non-US that would be wanting or willing to test a 1520.3 ROM with me.
-You need to be able to understand and be capable of using Windows Phone Internals to unlock your phone
-Your device must be a 32GB model with Samsung eMMC
-This ROM is for the 1520.3 (RM-938) only, and was not tested for the 1520 (RM-939) or 1520.1 (RM-937). However, I own a 32GB RM-940 (1520.2) and this ROM does successfully flash to that device and work.
-Like any altering of any device outside of stock or OEM specifications, there is a chance for something to go wrong. Even though most errors or issues can be reversed or fixed you could potentially render your device useless or damage it in other ways. You would be willing to do this at your own risk.
-It would be best/ideal to do this with a spare device and not your main daily phone
I currently use T-mobile US so one of the customizations I did was to alter the NVI settings and provisioning files to use t-mobile US HD voice and LTE bands. I also removed some of the apps, and made a couple of other changes just for testing. I'm limited in what I can verify works for cellular tweaks and changes since I only use T-Mobile US.
If anyone is interested, let me know here and I'll post up a link to the image files. If not no worries. I'll link what I come up with either way at some point.
Model info: Lumia 1520.3 RM-938 Product code: 059V6X0 with 29.1GB Samsung eMMC
ROM info: Version 1703 Build 10.0.15063.1446
UPDATE:
I've moved to another area of focus and so for now I ended troubleshooting and building this particular ROM further. However what I ended up with I have posted a link for as I said I would. The only real changes from what the original ROM was is I added my own NVI files under \Programs\CommonFiles\OEM\Public\Nokia\MultiVariant\MCC-310\ and replaced the default variant NVI files with the same. I replaced the ADC files under \Programs\CommonFiles\ADC with that of the T-Mobile 640 LTE variant. I also removed some xap files that I personally found annoying or had no use for. That is about it.
Flash this at your own risk of course LINK
Testing Lumia 1520.3 ROM
Hi, Sir !
I am ready to participate in new OS testing. I have Lumia 1520 RM-937, in Europe
RomanMel said:
Hi, Sir !
I am ready to participate in new OS testing. I have Lumia 1520 RM-937, in Europe
Click to expand...
Click to collapse
I added some bullets in RED. Please review them in the first post and let me know if you understand or if you have any questions.
Nate0, how you unbricked the phone?
augustinionut said:
Nate0, how you unbricked the phone?
Click to expand...
Click to collapse
My RM-939 is still bricked. I'm almost positive the uuid of the critical partitions are mismatched and maybe more...but going forward I did not work with that particular variant anymore since its modem nvi hard parameters (China Unicom) limited me for what I was originally trying to do anyway.
https://forum.xda-developers.com/wi...mer-unbrick-jtag-t3082592/page52#post68692677
https://forum.xda-developers.com/wi...ia-1320-hard-bricked-wpinternals-2-3-t3734020
https://forum.xda-developers.com/windows-10-mobile/lumia-emergency-files-including-models-t3748037
https://forum.xda-developers.com/windows-10-mobile/testing-debrand-lumia-1520-att-rm-940-t3656783
nate0 said:
UPDATE:
I've moved to another area of focus and so for now I ended troubleshooting and building this particular ROM further. However what I ended up with I have posted a link for as I said I would. The only real changes from what the original ROM was is I added my own NVI files under \Programs\CommonFiles\OEM\Public\Nokia\MultiVariant\MCC-310\ and replaced the default variant NVI files with the same. I replaced the ADC files under \Programs\CommonFiles\ADC with that of the T-Mobile 640 LTE variant. I also removed some xap files that I personally found annoying or had no use for. That is about it.
Flash this at your own risk of course LINK
Click to expand...
Click to collapse
What edits did you make here? Could I not access the files in Mass Storage mode on my phone to update the files and fix the issue. Even I am on T-Mobile US and want to be able to use the LTE bands they support + enable HD Voice which the phone and both T-Mobile technically support.
maverickrohan said:
What edits did you make here? Could I not access the files in Mass Storage mode on my phone to update the files and fix the issue. Even I am on T-Mobile US and want to be able to use the LTE bands they support + enable HD Voice which the phone and both T-Mobile technically support.
Click to expand...
Click to collapse
I added and changed enough nvi settings to get the LTE bands I wanted and HD voice to work. If you want to know which lines were changed just compare the updated nvi file to the RM-938 original nvi file for MCC-310.
The link is no longer valid.
cataclysms said:
The link is no longer valid.
Click to expand...
Click to collapse
Thanks for noticing. I was not aware of anyone still using it...went back the other day and did some clean up of all my shared access. Message me and I can share it for you.
nate0 said:
Thanks for noticing. I was not aware of anyone still using it...went back the other day and did some clean up of all my shared access. Message me and I can share it for you.
Click to expand...
Click to collapse
The message icon is grayed out. I think it is because I am a new member. It won't let me message you.
cataclysms said:
The message icon is grayed out. I think it is because I am a new member. It won't let me message you.
Click to expand...
Click to collapse
What model 1520 do you have?... I miss that phone in some ways.
Hi,
The 10 iii uses the Snapdragon X51 Modem. This modem seems to be in very few phones at the moment, however, the modem is the same on the OnePlus Nord N10 5G and Nokia X20 . Both of these devices are available in the US and contain some additional bands that the 10 iii does not.
With the Xperia 10 iii most likely not receiving a US Customized firmware in the future, is there any path forward with modifying the bands that are available on the modem?
Currently, my progress is as follows...
1. Root the 10 iii with Magisk -
This is easily done by downloading firmware with XperiFirm, extracting the boot.sin, "unsinning" it to get a boot.img, patching the boot.img with Magisk, and then flashing the modified boot.img with fastboot. To do this, the bootloader must be first unlocked. Simply use the factory method of unlocking the bootloader. Generate a code for the Sony Xperia 10 ii (as the 10 iii isn't listed yet, but the codes are interchangeable, this applies to all iii devices like the 5 and 1, just use the ii codes). Unlocking the bootloader will wipe the device and lose the Sony DRM keys.2. Qualcomm QPST Connection -
Most Qualcomm modems support their QPST application. This diagnostic application allows you to interface with the modem on your phone and change it's parameters. The process to connect to that application involves installing their modem drivers, opening the com port on your pc to connect to your phone, and initiating the connection.Here is a guide on setting it up that pertains to the 1 ii, but is relevant to most Sony devices. Note that the "enable Qualcomm diag" step contains a correction for us....."setprop persistent.sub.eng 1" should be "setprop persist.usb.eng 1" and installing the drivers (9018, not 9020) on the device in device manager should contain the "MI_00" hardware ID instead.3. Digging in to the files
Here is where my roadblock begins and expertise falls off. The modem contains many xml files that can be edited to set bands, enable data features, etc. Most relevant files appear to be in the "policyman" folder. However, my efforts on actually having any edits make any impact have been a zero sum game. Making changes to the band_set_01 and carrier_policy files seems to make no difference on enabled bands, how it connects to my network (Verizon), etc.Any one have any ideas or thoughts? Is this path forward even possible?
Below are links to the policyman files that I extracted from the modem. Feel free to download them and view/modify. If other modem files would like to be looked at, just let me know. Most other files seem to be an unknown file format and not easily modified xml.
Here is a copy of the stock 10 iii policyman folder (note my carrier_policy is standard Verizon) - Download
Here is a copy of a modified band_set_01. I basically added all Verizon bands to all rf_band_lists that could be US related.
I have tried various carrier_policy changes. Also attempted to use generic/pre-made ones from other devices that contain more defined rules. Here is an example of one I tried from a OnePlus 9
Thanks!
Hi, were you really able to root the phone the way you described? Or is this just the theoretical steps? Because currently it's not even possible to unlock the bootloader on this phone (yet, hopefully) which would forbid the flashing of a modified boot.img as far as I know.
Looks like we'll have to wait some more before anything really moves for this phone.
combinedfleet said:
Hi, were you really able to root the phone the way you described? Or is this just the theoretical steps? Because currently it's not even possible to unlock the bootloader on this phone (yet, hopefully) which would forbid the flashing of a modified boot.img as far as I know.
Looks like we'll have to wait some more before anything really moves for this phone.
Click to expand...
Click to collapse
Yes, the device is able to be rooted normally with Magisk. To unlock the bootloader, just generate a code for a Xperia 10 ii, they work just fine. Note that unlocking the bootloader will wipe the device and lose DRM keys. https://developer.sony.com/develop/open-devices/get-started/unlock-bootloader/#unlock-code I have edited the OP to include this step.
I can help you to list all devices supported bands and 4G & 5G combinations if you like to contribute log to cacombos.com/contribute. Qualcomm diag option is best for Sony devices when rooted.
You can't edit firmware defined combinations because these are compiled and signed by Qualcomm. To edit these have to recompile from source and sign. And of course the firmware source is not public and signing keys are very secure.
olkitu said:
I can help you to list all devices supported bands and 4G & 5G combinations if you like to contribute log to cacombos.com/contribute. Qualcomm diag option is best for Sony devices when rooted.
You can't edit firmware defined combinations because these are compiled and signed by Qualcomm. To edit these have to recompile from source and sign. And of course the firmware source is not public and signing keys are very secure.
Click to expand...
Click to collapse
I planned on contributing to your website!
I know I stop logging with ctrl+c, but, is there a limit to amount of qmd1 files that are created per proc_type?
The example on ca combos looks like it moves on to the next proc_type automatically? Below is my current terminal.
Code:
XQ-BT52:/sdcard/diag_logs $ su
ogs -f /sdcard/diag_logs/Diag.cfg -m /sdcard/diag_logs/Diag.cfg <
diag_mdlog: command = o
diag_mdlog: command = f
diag_mdlog: command = m
diag:main: kernel supported: NUM_PERIPHERALS = 7, DIAG_CON_ALL: 255
diag: No Session is active for the given mask
diag_mdlog: Closing diag_fd_temp
diag_mdlog: Warning output directory already exists: /sdcard/diag_logs
diag_mdlog: Proceeding...
diag_mdlog: Diag_LSM_Init succeeded.
REMOTE PROCESSOR MASK 0
diag:kernel supported: NUM_PERIPHERALS = 7, DIAG_CON_ALL: 255
logging switched
Output dirs /sdcard/diag_logs --- /sdcard/diag_logs
diag: check_for_diagid_cmd DIAG_GET_DIAG_ID
diag_mdlog: Reading mask for MSM, proc_type: 0
Reading the mask file: /sdcard/diag_logs/Diag.cfg
diag: Determining contents of directory /sdcard/diag_logs for circular logging ...
diag: Determining contents of directory /sdcard/diag_logs for circular logging ...
creating new file /sdcard/diag_logs/diag_log_20210703_1119471625325587206.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1123011625325781935.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1127191625326039079.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1131261625326286642.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1136221625326582083.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1140061625326806999.qmdl
@olkitu I stopped the logging after about 20 minutes. Submitted the logs to cacombos.
Archerpunk said:
@olkitu I stopped the logging after about 20 minutes. Submitted the logs to cacombos.
Click to expand...
Click to collapse
Got it and now supported combinations of this device listed here: https://cacombos.com/device/XQ-BT52 (HW combos).
During logging seems you have only enabled LTE bands 4 and 5.
This device sold in US? This is global model - same sold in Europe too. Device missing US combinations.
Archerpunk said:
I planned on contributing to your website!
I know I stop logging with ctrl+c, but, is there a limit to amount of qmd1 files that are created per proc_type?
The example on ca combos looks like it moves on to the next proc_type automatically? Below is my current terminal.
Code:
XQ-BT52:/sdcard/diag_logs $ su
ogs -f /sdcard/diag_logs/Diag.cfg -m /sdcard/diag_logs/Diag.cfg <
diag_mdlog: command = o
diag_mdlog: command = f
diag_mdlog: command = m
diag:main: kernel supported: NUM_PERIPHERALS = 7, DIAG_CON_ALL: 255
diag: No Session is active for the given mask
diag_mdlog: Closing diag_fd_temp
diag_mdlog: Warning output directory already exists: /sdcard/diag_logs
diag_mdlog: Proceeding...
diag_mdlog: Diag_LSM_Init succeeded.
REMOTE PROCESSOR MASK 0
diag:kernel supported: NUM_PERIPHERALS = 7, DIAG_CON_ALL: 255
logging switched
Output dirs /sdcard/diag_logs --- /sdcard/diag_logs
diag: check_for_diagid_cmd DIAG_GET_DIAG_ID
diag_mdlog: Reading mask for MSM, proc_type: 0
Reading the mask file: /sdcard/diag_logs/Diag.cfg
diag: Determining contents of directory /sdcard/diag_logs for circular logging ...
diag: Determining contents of directory /sdcard/diag_logs for circular logging ...
creating new file /sdcard/diag_logs/diag_log_20210703_1119471625325587206.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1123011625325781935.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1127191625326039079.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1131261625326286642.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1136221625326582083.qmdl
creating new file /sdcard/diag_logs/diag_log_20210703_1140061625326806999.qmdl
Click to expand...
Click to collapse
No limits but file size by default max 100MB and then create new one automatically.
olkitu said:
Got it and now supported combinations of this device listed here: https://cacombos.com/device/XQ-BT52 (HW combos).
During logging seems you have only enabled LTE bands 4 and 5.
This device sold in US? This is global model - same sold in Europe too. Device missing US combinations.
No limits but file size by default max 100MB and then create new one automatically.
Click to expand...
Click to collapse
Yes, it appears this device only supports bands 4 and 5 for the Verizon Network.
It isn't sold in US, but is sold globally. Most other regions (EU, Asia, Etc) seem to have specific customized firmware with mostly similar bands.
Is there a way to export all the CA combos in a format for the Carrier Policy?
Archerpunk said:
Yes, it appears this device only supports bands 4 and 5 for the Verizon Network.
It isn't sold in US, but is sold globally. Most other regions (EU, Asia, Etc) seem to have specific customized firmware with mostly similar bands.
Is there a way to export all the CA combos in a format for the Carrier Policy?
Click to expand...
Click to collapse
For now there is no tool to export Qualcomm format out.
Was hoping this thread would bear some fruit because if band difference is a solely software matter these days, rooting should allow us full access to all the features of any damn phone.
Archerpunk said:
Hi,
The 10 iii uses the Snapdragon X51 Modem. This modem seems to be in very few phones at the moment, however, the modem is the same on the OnePlus Nord N10 5G and Nokia X20 . Both of these devices are available in the US and contain some additional bands that the 10 iii does not.
With the Xperia 10 iii most likely not receiving a US Customized firmware in the future, is there any path forward with modifying the bands that are available on the modem?
Currently, my progress is as follows...
1. Root the 10 iii with Magisk -
This is easily done by downloading firmware with XperiFirm, extracting the boot.sin, "unsinning" it to get a boot.img, patching the boot.img with Magisk, and then flashing the modified boot.img with fastboot. To do this, the bootloader must be first unlocked. Simply use the factory method of unlocking the bootloader. Generate a code for the Sony Xperia 10 ii (as the 10 iii isn't listed yet, but the codes are interchangeable, this applies to all iii devices like the 5 and 1, just use the ii codes). Unlocking the bootloader will wipe the device and lose the Sony DRM keys.2. Qualcomm QPST Connection -
Most Qualcomm modems support their QPST application. This diagnostic application allows you to interface with the modem on your phone and change it's parameters. The process to connect to that application involves installing their modem drivers, opening the com port on your pc to connect to your phone, and initiating the connection.Here is a guide on setting it up that pertains to the 1 ii, but is relevant to most Sony devices. Note that the "enable Qualcomm diag" step contains a correction for us....."setprop persistent.sub.eng 1" should be "setprop persist.usb.eng 1" and installing the drivers (9018, not 9020) on the device in device manager should contain the "MI_00" hardware ID instead.3. Digging in to the files
Here is where my roadblock begins and expertise falls off. The modem contains many xml files that can be edited to set bands, enable data features, etc. Most relevant files appear to be in the "policyman" folder. However, my efforts on actually having any edits make any impact have been a zero sum game. Making changes to the band_set_01 and carrier_policy files seems to make no difference on enabled bands, how it connects to my network (Verizon), etc.Any one have any ideas or thoughts? Is this path forward even possible?
Below are links to the policyman files that I extracted from the modem. Feel free to download them and view/modify. If other modem files would like to be looked at, just let me know. Most other files seem to be an unknown file format and not easily modified xml.
Here is a copy of the stock 10 iii policyman folder (note my carrier_policy is standard Verizon) - Download
Here is a copy of a modified band_set_01. I basically added all Verizon bands to all rf_band_lists that could be US related.
I have tried various carrier_policy changes. Also attempted to use generic/pre-made ones from other devices that contain more defined rules. Here is an example of one I tried from a OnePlus 9
Thanks!
Click to expand...
Click to collapse
In lte_feature_ca_mcc entries of each operator, you need to edit them and add combinations for your operator
If you own a oneplus phone and have no clue what this is or does ,then do some research first. In my time reversing all of oneplus in general i have made a lil tool that will generate the code for this on the device. If you cant get into diag mode or into *#36446337# then this will decrypt and enable it for 10 min. I still need some phones to test on. Also i have a one line command that will disable it totally but needs root shell.
here is v1.2
One+_TooL.exe | by Ju5t3nc4s3 for OnePlus 7 Pro
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
lots added ,and without password
this tool will give you your code without giving up your imei on the internet. i have done all this just with adb shell commands, so know worries. also there is alot of extra tools added to it.
justencase6 said:
If you own a oneplus phone and have no clue what this is or does ,then do some research first. In my time reversing all of oneplus in general i have made a lil tool that will generate the code for this on the device. If you cant get into diag mode or into *#36446337# then this will decrypt and enable it for 10 min. I still need some phones to test on. Also i have a one line command that will disable it totally but needs root shell.
Click to expand...
Click to collapse
What exactly do you want tested? I'm familiar with dialer codes, but I'm not sure what you're looking to find or fix.
Need to see if the script I wrote will work with other OnePlus devices. Does *#36446337# do anything.
justencase6 said:
Need to see if the script I wrote will work with other OnePlus devices. Does *#36446337# do anything.
Click to expand...
Click to collapse
It doesn't appear to do anything.
Then that means engineermode is encrypted. And my script will enable this
.
I tried it on my op9pro a barcode scanner appeared
Mangtas_666 said:
I tried it on my op9pro a barcode scanner appeared
Click to expand...
Click to collapse
The scanner will come up, I can generate the QR code, to decrypt, but I'm working on a script that will do it on the device
No, its not encrypted just download this and it will work normally.
EngineerMode V1.01.0.171117173719.25c8842 APK Download by OnePlus Ltd. - APKMirror
EngineerMode V1.01.0.171117173719.25c8842 APK Download by OnePlus Ltd. - APKMirror Free and safe Android APK downloads
www.apkmirror.com
I use it to edit the efs folder.
I found permanent unlock code generation method, so I created website to generate it.
It looks like QR code scan is just for checking code...
OnePlus Unlock Code Generator
Convert your IMEI to OnePlus FactryMode (EngineeringMode) unlock code.
one.andro.plus
Question what is engineering mode used for?
terlynn4 said:
What exactly do you want tested? I'm familiar with dialer codes, but I'm not sure what you're looking to find or fix.
Click to expand...
Click to collapse
I haven't tried this variant: OnePlus 9 Pro LE2125 | 11.2.9.9 BA | Magisk v23.0 | Omega Kernel
How is it on heavy use?
AndroPlus said:
I found permanent unlock code generation method, so I created website to generate it.
It looks like QR code scan is just for checking code...
OnePlus Unlock Code Generator
Convert your IMEI to OnePlus FactryMode (EngineeringMode) unlock code.
one.andro.plus
Click to expand...
Click to collapse
The code looks like the serial number ?
Steve0007 said:
The code looks like the serial number ?
Click to expand...
Click to collapse
Yes, but it uses password + IMEI to generate so doesn't match with android's serial number
AndroPlus said:
Yes, but it uses password + IMEI to generate so doesn't match with android's serial number
Click to expand...
Click to collapse
Seems to match with the serial number shown on the fastboot first screen.
@AndroPlus
Looking at your mbn module, it replaces some config modem files only for APAC Region.
Could you update for EU and US also ?
Does it improve any data speed as far as you know?
Steve0007 said:
Seems to match with the serial number shown on the fastboot first screen.
Click to expand...
Click to collapse
Didn't match on my device.
Steve0007 said:
@AndroPlus
Looking at your mbn module, it replaces some config modem files only for APAC Region.
Could you update for EU and US also ?
Does it improve any data speed as far as you know?
Click to expand...
Click to collapse
I can't maintain other region's one, please extract mbn from other model's modem.img (can open with 7zip) and put them in the module.
My module has two method to enable VoLTE so most carriers work without mbn.
It doesn't improve speed from my testing.
I created another code generator.
Features:
Pure JavaScript implementation
QR code generation
10 minutes only code (On OnePlus 7T, this is needed) generation
https://jsfiddle.net/nvsofts/vpuqfwhx/
Result only (for mobile devices): https://jsfiddle.net/nvsofts/vpuqfwhx/show
AndroPlus said:
I found permanent unlock code generation method, so I created website to generate it.
It looks like QR code scan is just for checking code...
OnePlus Unlock Code Generator
Convert your IMEI to OnePlus FactryMode (EngineeringMode) unlock code.
one.andro.plus
Click to expand...
Click to collapse
Hi is there an issue with the web site? Running on the desktop, and on the device, same result, no output.
Thank you
gregpilot said:
Hi is there an issue with the web site? Running on the desktop, and on the device, same result, no output.
Thank you
Click to expand...
Click to collapse
On my side it works normally... You can use nvsofts' one since results are same
some background,
I am after thorough tests on the topic of how it works VoLTE and VoWiFi And what causes it to be activated in some providers and in some not.
The source from which I drew all a lot of information was: https://volteromania.blogspot.com/p/samsung-voltevowifi-settings.html?m=1
Actually, I followed all the steps but got stuck on the most important part.
In order to start communication for VoLTE It is necessary to define a profile IMS.
Samsung chose - unlike APN Not to allow any user to create such a profile, but the profiles are inside files json in the file /system/priv-app/imsservice/imsservice.apk
I am very interested in trying to edit the files json These, but all my attempts were unsuccessful.
I have a Samsung S21 ultra Rooted, on which I perform the tests.
I can't edit the APK without hurting him. Any change in it causes the application not to load - and completely disables the service IMS and the registration.
The files I want to edit are in
/priv-app/imsservice/imsservice.apk/res/raw
It's files json simple.
Maybe someone can help me?
im curruntly trying to enable Volte on Samsung SM-N920L korean phone in defferent region..no luck..im rooting for you..if any succuss please let we know too..
I gave up.
This is Samsung's behavior on purpose to make consumers have to replace the phones.
Anyway, in the technical part,
In Android 13, in my opinion, this is not completely possible, since every change in the application damages the signature, but even in older versions it is necessary to change the Java code as well, And as you know it is compiled.
I spent many hours on this, with several devices, I purchased a Galaxy 7 for the tests, and I failed.
I do not know if this still works, but on my SM-9700 (HK) with Android 10 I made VoLTE work in Germany by copying the "product/omc/DBT/conf" from a SM-970F to the corresponding TGY directory of the SM-9700.
I was able to run volte on the galaxy s7.
It requires a lot of changes.
Including in the smali files of the application imsservice.apk and it was a nightmare.
In my case I had to add a brand new provider that didn't appear anywhere, maybe that's why everything was complicated and maybe if it's a defined operator and just enabling the option is simpler.
Anyway,
It really wasn't easy, but I had most of the information from the first post I wrote, but I was also able to find a lot on my own.
It is not easy.
Maybe Samsung will release the source code (including java) of the imsservice.apk application and then it will be easier..
Have you ever tried just copying the content of the conf directory from another phone?
This made VoLTE work on my Hong Kong Note10 (Snapdragon) in Germany.
ZXR said:
Have you ever tried just copying the content of the conf directory from another phone?
This made VoLTE work on my Hong Kong Note10 (Snapdragon) in Germany.
Click to expand...
Click to collapse
I have nowhere to copy. I don't have a phone that works with the same carrier I wanted to test. I had to write all the settings myself.
Which carrier do you need? We (the forum) might copy it for you.
shmuel0990 said:
I was able to run volte on the galaxy s7.
It requires a lot of changes.
Including in the smali files of the application imsservice.apk and it was a nightmare.
In my case I had to add a brand new provider that didn't appear anywhere, maybe that's why everything was complicated and maybe if it's a defined operator and just enabling the option is simpler.
Anyway,
It really wasn't easy, but I had most of the information from the first post I wrote, but I was also able to find a lot on my own.
It is not easy.
Maybe Samsung will release the source code (including java) of the imsservice.apk application and then it will be easier..
Click to expand...
Click to collapse
Can you please share knowlage with us..im tring for days now..i tried with csc options..added everything in customer.xml ,others.xml
i read the files inside immservice app..there are lines for my carrier.. cant understand what to add..by the way using a activity manager.. i opened a ims settings page..
Is there something i can change for carrier? Photo attached
prasadmanjulago said:
Can you please share knowlage with us..im tring for days now..i tried with csc options..added everything in customer.xml ,others.xml
i read the files inside immservice app..there are lines for my carrier.. cant understand what to add..by the way using a activity manager.. i opened a ims settings page..
Is there something i can change for carrier? Photo attached
Click to expand...
Click to collapse
t what phone is this
I tried Galaxy S7, Android 8.
I don't think the solution I came up with is suitable for every device.
shmuel0990 said:
t what phone is this
I tried Galaxy S7, Android 8.
I don't think the solution I came up with is suitable for every device.
Click to expand...
Click to collapse
thanks. i succeeded yesterday...i didnt edit imsservice.apk
i found enforceskippingpackages.xml file in system/csc_contents folder
in the only couple of lines
imsservices.apk
imslogger.apk
imssettings.apk etc
i removed those ims lines.. then volte worked.. i already added enable volte lines on csc/others.xml and customer.xml before.
i didnt edit anything on the attached screenshot i sent on above reply
thanks,,,
prasadmanjulago said:
thanks. i succeeded yesterday...i didnt edit imsservice.apk
i found enforceskippingpackages.xml file in system/csc_contents folder
in the only couple of lines
imsservices.apk
imslogger.apk
imssettings.apk etc
i removed those ims lines.. then volte worked.. i already added enable volte lines on csc/others.xml and customer.xml before.
i didnt edit anything on the attached screenshot i sent on above reply
thanks,,,
Click to expand...
Click to collapse
Hello, I don't know how it made to work for you. I have the same problem but the ims lines are already no longer present in the enforceskippingpackages.xml file and the volte does not work...
thib66 said:
Hello, I don't know how it made to work for you. I have the same problem but the ims lines are already no longer present in the enforceskippingpackages.xml file and the volte does not work...
Click to expand...
Click to collapse
i already made some changes to others.xml and customer.xml file also..What country are you? Send me telegram or whatsapp no..ill send my files and figure whays wrong
shmuel0990 said:
t what phone is this
I tried Galaxy S7, Android 8.
I don't think the solution I came up with is suitable for every device.
Click to expand...
Click to collapse
I have an S7 and I need to do exactly what you did - add a brand new provider. Can you share more precise details on how you did it?
prasadmanjulago said:
thanks. i succeeded yesterday...i didnt edit imsservice.apk
i found enforceskippingpackages.xml file in system/csc_contents folder
in the only couple of lines
imsservices.apk
imslogger.apk
imssettings.apk etc
i removed those ims lines.. then volte worked.. i already added enable volte lines on csc/others.xml and customer.xml before.
i didnt edit anything on the attached screenshot i sent on above reply
thanks,,,
Click to expand...
Click to collapse
Hi,
I would like to have your guidance
I have a LG v60 L-51a docomo model where field test option (hidden menu ) is disabled.
I am unable to enable volte in India to use jio.
Searched various options seems no way out. However i was able to locate hidden apps by using 3party launcher app. LG ims. But unable to launch hidden menu to changed ims settings. Help me to by pass this application to enable volte.
I don't know if this will help anyone, or if anyone can help me, but...
SM910v, (verizon wireless) with T-Mobile SIM
6.01 Marshmallow (please read the rest anyway)
4G/LTE Data works.
Voice calls fall back to 2G/Edge, ie no VoLTE.
-------- HOWEVER -------
Changing the sales_code.dat from VZW to TMO enables VoLTE, and it works great.
(it breaks the settings pages, though, so it's not a solution)
When sales_code is VZW, then IMS Settings-->IMS Information:
All are "false", Registration Information is "no profile is registered", although the profile "T-Mobile VoLTE/RCS" is available and status is 'on' in the Manage IMS Profiles page.
I can not find a way to 'register' it.
When sales_code is TMB,
then, in IMS Settings-->IMS Information:
All are "true", Registration Information is "T-Mobile VoLTE/RCS",
And, of course, VoLTE works great.
I mention this in this thread because just having the correct profile present & available may not be enough. At least in my case, it appears that the sales_code (or some other CSC function) flips a flag somewhere that allows the profile to become selected/active. I've been trying to find it for six weeks, with no luck yet. Thanks for reading.