Related
It's a known fact that lokiwiz can output Wizard's SIM unlock code by using itsme's typhoonciedit.pl perl script.
I've been studying that script for a while now but can't figure how to locate/extract that unlock code . I know where the lockflag is and also where are 5 lock values but nothing of the unlock code.
Anyone knows how/where to get it?
tx
hi,
is there any way to set the sim pin by my applikation?
we don't want our customers to know the sim pin, so our applikation will know it (encrypted config file). if the device needs the sim pin, it shouldn't prompt the user for a sim pin. my application should set it for the user.
Maybe the following code would be helpful for you:
Code:
TelephonyManager tm =
(TelephonyManager)context.getSystemService(Context.TELEPHONY_SERVICE);
Class clazz = Class.forName(tm.getClass().getName());
Method m = clazz.getDeclaredMethod("getITelephony");
m.setAccessible(true);
ITelephony it = (ITelephony) m.invoke(tm);
it.supplyPin("1111");
Please keep in mind that you also need ITelephony.aidl from Android sources.
rwxer said:
Maybe the following code would be helpful for you:
Code:
TelephonyManager tm =
(TelephonyManager)context.getSystemService(Context.TELEPHONY_SERVICE);
Class clazz = Class.forName(tm.getClass().getName());
Method m = clazz.getDeclaredMethod("getITelephony");
m.setAccessible(true);
ITelephony it = (ITelephony) m.invoke(tm);
it.supplyPin("1111");
Please keep in mind that you also need ITelephony.aidl from Android sources.
Click to expand...
Click to collapse
thank you very much.
can you please tell me, where to get the right ITelephony.aidl? i tried searching in my sdk folder, but didn't found anything. google found a couple of different versions. what should i do exactly with the aidl file?
bassmaster said:
thank you very much.
can you please tell me, where to get the right ITelephony.aidl? i tried searching in my sdk folder, but didn't found anything. google found a couple of different versions.
Click to expand...
Click to collapse
I used aidl from source repository http://android.git.kernel.org/ , version 2.2. You can try the one you found.
bassmaster said:
what should i do exactly with the aidl file?
Click to expand...
Click to collapse
Did you try to google?
http://developer.android.com/guide/developing/tools/aidl.html
Place ITelephony.aidl in package com.android.internal.telephony in your source dir. After that java classes should be generated from .aidl files and compiled if you're using standard build script.
I added “ITelephony.aidl” and the code to my app. It all works fine. Thank you.
But now I have the following problem:
My App starts within the device. While booting, the sim pin dialog request appears. This screen is blocking everything - including the start of my app.
How can I avoid that?
The only workaround known to me is to do the following:
I enabled the flight mode before I shut down the device. After reboot my app starts, disables the flight mode and sets the pin.
But I don't know an efficient way that always starts the device in flight mode.
Can you help me please?
You can try to handle android.intent.action.BOOT_COMPLETED intent (see example http://www.androidcompetencycenter.com/2009/06/start-service-at-boot/) and provide sim pin code just after boot. Don't forget to add permission android.permission.RECEIVE_BOOT_COMPLETED
Does anyone know how I can get Eclipse to check my code & see if all the API calls will work on a specific revision ? I've just written some code that used -
Code:
.getTextContent()
on an XML node. Worked fine on my (2.2) phone, but others were getting "Force Close" errors. I eventually worked out they had Andy 2.1, and getTextContent() was introduced in 2.2. OK, I rewrote it to use
Code:
.getNodeValue()
as I want it to run on their phones.
Is there any way I can get Eclipse to check my code against the Min SDK Version, to ensure all of it will work ? Sorry if its an obvious question, but its really annoying me. Thanks.
Introduction:
This post is a guide to show how to perform the NV edit required to unlock US GSM carriers(AT&T and T-Mobile etc.) on the VZW XT907/926 RAZR M/HD stock modem using a Motorola serviceware tool called RadioComm.
This is simply a different method to perform the same hack that was discovered by Arnold Snarb in the main thread about ATT/T-Mobile here.
http://forum.xda-developers.com/showpost.php?p=37123644&postcount=158
Despite the fact that he thanked me for leading the way in that post, he did some really brilliant analysis of the logs in QXDM to isolate this NV Item and saw something in the them that I had missed as well as guessing correctly about it's significance, and deserves all of the credit for this hack.
Everyone should please go and thank him in that post for the outstanding work.
He used a tool called DFS to access and edit NV Item 8322 and change the value of the first byte from 01 to 00 which disables the checking of the MCC/MNC against a list of banned networks and flags MCC 310 as Invalid Country Code.
That method requires booting into BP Tools mode from the boot menu and loading the Qualcomm diagnostic device interfaces.
The problem is that there are no signed 64bit drivers available and you must force load the drivers on Win7/8 64 bit for the diagnostic port in order to see the device properly and have NV read/write access.
This has been a stumbling block for many users and makes the NV editing unnecessarily difficult.
This method uses Factory boot mode and allows RadioComm to have full diagnostic mode access via the Motorola USB Networking driver that loads normally with the standard USB driver set. I will demonstrate 2 different ways to perform the edit, one manual and one using a preconfigured SEEM table file that writes the value in a single operation.
Neither of these methods is as easy as an update.zip install from custom recovery would be, but we don't have a binary that supports the motorola.update_nv function that we used for prior MDM6600 based devices available to us for the MSM8960 devices.
Given that some form of diagnostic mode software and a PC is required, I feel that RadioComm is probably an easier option for most users as it avoids the driver problems and has a clearer and simpler interface for NV read/write access than DFS.
Once you have the latest Motorola drivers installed and RadioComm loaded, this guide should make it very easy and safe to perform what is generally a complicated and potentially dangerous task of editing the radio NVM(Non Volatile Memory).
RadioComm itself is a terrifyingly complex piece of software with a GUI that can bring even the most seasoned and experienced phone hacker to their knees wondering what all the various windows, modules and buttons do.
It is the premier Motorola serviceware application and is designed by and intended for use by top level radio engineers and technicians.
It is an extremely powerful application that can access all models and chipsets of Motorola devices and perform a vast array of diagnostic testing and configuration operations and can be fully automated via multiple scripting languages.
It's just plain scary and confusing and very dangerous if not taken seriously.
Warning and disclaimer:
DO NOT PLAY AROUND WITH ANY FEATURES OR RANDOMLY HIT ANY BUTTONS IN RADIOCOMM!!!
YOU CAN RENDER YOUR PHONE DYSFUNCTIONAL OR UNBOOTABLE IN SECONDS!!!
This cannot be emphasized strongly enough!
Follow the instructions exactly as they are written and shown in the screenshots and you will find it very simple to use have no trouble doing the edit with either method.
You, the user, are the only person responsible for your actions and performing this hack will absolutely void your warranty the same way rooting or any other modifications to your device's software does!
That said, this hack will be undetectable and have no outward visible signs of having been performed other than the fact that any GSM SIM should work afterward.
Root is NOT required and this can be safely done and undone at will without making any other changes on the device and all normal services function properly on VZW's network with the edit in place. It appears to only affect the US GSM network block and nothing else.
Prerequisites:
You need to have a recent set of Motorola USB drivers v. 5.9.0 or greater installed on your PC with a full USB 2.0 compatible port.
You need a standard Motorola micro USB cable.
RadioComm 11.12.xx I have included a link to 11.12.2 below.
https://dl.dropbox.com/u/7632904/RadioComm_v11.12.2_Install.zip
This has been tested on Win7 64bit and WinXP SP3 32bit with .NET Framework 4.0 installed.
Method:
This guide assumes you already have RadioComm and the drivers properly installed and have rebooted both PC and the phone afterward.
The first instructions and screenshots describe the initial setup and manual method using the FTM Common 1 tab and the NV Access window in RadioComm.
When you first open RadioComm you will get a popup stating that the version is more than 2 months old. Just close it and continue.
Now go to the top left corner and hit the Main button and select the MA: Common/MDM6x00 as shown in the first screenshot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Next, go to Settings/USB and select PST USB Driver as shown in the second screenshot.
Test Command Format should default to P2K05 lower in Setings menu.
Leave all other options default.
Now we are ready to connect the phone and perform the edit.
Make sure you have Connect as Media Device in USB settings and USB Debugging enabled in Developer Options.
Power off the phone and then hold both Vol Up and Down + Power to enter the boot menu.
Use the Vol Down key to scroll down in the menu to Factory and then Vol Up key to select and the phone will boot.
Connect the USB cable and RadioComm will enumerate the phone and the radio button in the top right will change colors.
It will cycle sever times red to yellow and eventually go green when the device is fully enumerated and shows as XT907 in the status bar
at the bottom of the screen. You can read the Software Version and MEID/ESN/pESN buttons to make sure everything is working properly.
Each successful read the GUI will flash green and the Command buffer will turn green and any selected button will be green.
Any unsuccessful attempt will turn red.
If not, then restart everything and check over all settings again before proceeding.
Now go to the tabs bar across the top middle of the GUI and select FTM Common 1 tab and go to the NV access window in the center right of that tab and select the top menu Item "FFFF Manual Entry" as shown in the third screenshot.
Now hit the Read button and you will get 2 popup windows.
In the first window you will enter the Decimal NV Item ID 8322 and in the second you will enter the byte length to be read 1 as shown in the fourth screenshot.
When you hit ok it will read the NV Item and flash green and display the data in the hex output buffer below and you will see 01 for the value as shown in the fifth screen shot.
Now highlight the 01 and change it to 00 and hit the write button and this time it will only popup once asking for the Decimal NV Item ID 8322. When you hit OK the item will be written and the GUI will again flash green for a successful write as shown in the sixth screenshot.
You are now finished and can either use the restart button at top right of RadioComm to reboot or manually restart the phone.
The last screen shot is edited to show the steps to use the NV/SEEM feature with a SEEM table file I have provided below to do all of the steps as a single operation. Some users may find this easier than manually editing in the NV Access window but it's really almost the same number of steps.
Go to the top left and hit Features and select NV/SEEM and another window will open and the radio button will cycle again a couple time as it re enumerates the device again it will go green finally. Follow the instructions in the seventh screenshot and be sure to use the Restart button in the main window after you close NV/SEEM because its suspends the phone and it will be black screen and unresponsive and require holding Vol keys and Power for 10 secs to reset it otherwise.
Congrats! All done now and the rest is just putting in a SIM and selecting GSM/UMTS in Network Settings and everything should just work!
Below is the link for the .NVM SEEM table file.
https://dl.dropbox.com/u/7632904/TBH_RAZR_M_GSM_Unlock.NVM
Please use this thread to discuss issues relating to this method and RadioComm and keep general discussion of the phone on US carriers in the other thread, thank you!
<Reserved>
Thanks man.. gonna try this when I get home tonight. I was actually just thinking about switching vendors from VZW to someone else and didn't really want to buy a new phone.
Maybe now I don't have to. Proof is in the pudding though, maybe I'll by a cheap month of Straight Talk to see if it works?
Yehudah said:
Thanks man.. gonna try this when I get home tonight. I was actually just thinking about switching vendors from VZW to someone else and didn't really want to buy a new phone.
Maybe now I don't have to. Proof is in the pudding though, maybe I'll by a cheap month of Straight Talk to see if it works?
Click to expand...
Click to collapse
Running RAZR M in US on straight talk now. Works wonderful!!!
Thanks a lot! im a total noob when it comes to most of this, but it worked perfect for me!!
Hmm, MDM6x00? Won't that work on the OG RAZR XT912 / Droid 4 as well?
Skrilax_CZ said:
Hmm, MDM6x00? Won't that work on the OG RAZR XT912 / Droid 4 as well?
Click to expand...
Click to collapse
The MA used in RadioComm is the same chip set base as the RAZR/D4 because it's the closest to the MSM8960 available in this version, which is more than 18 months old now.
What we really need is an updated version of RadioComm with full support for the newer chip sets.
This specific NV Item 8322 does not exist on the MDM6600 chip set devices and I have not been able to find a similar boolean switch item for those phones, unfortunately.
I have been logging with QXDM extensively searching for a way to disable the MCC/MNC block on MDM6600 without success so far.
I have dumps of all of the readable NV items from 0000-12000 from many devices running various builds and even a dump from Chinese engineering build on P3Droid's Dev model where everything is working as it should with open GSM on US carriers.
I would love some help from someone with a better understanding of the radio and diagnostic mode access than myself.
Very few people know how to use the software to even start analyzing the problem.
Remember to install the latest Motorola drivers and *especially* highlight the entire 01 and type 00. I was backspacing only the 1 and it did not "stick" when writing. So HIGHLIGHT, don't backspace. Works perfectly.
is it possible to write the NV item to the Droid 4 then edit ? ?
cellzealot said:
The MA used in RadioComm is the same chip set base as the RAZR/D4 because it's the closest to the MSM8960 available in this version, which is more than 18 months old now.
What we really need is an updated version of RadioComm with full support for the newer chip sets.
This specific NV Item 8322 does not exist on the MDM6600 chip set devices and I have not been able to find a similar boolean switch item for those phones, unfortunately.
I have been logging with QXDM extensively searching for a way to disable the MCC/MNC block on MDM6600 without success so far.
I have dumps of all of the readable NV items from 0000-12000 from many devices running various builds and even a dump from Chinese engineering build on P3Droid's Dev model where everything is working as it should with open GSM on US carriers.
I would love some help from someone with a better understanding of the radio and diagnostic mode access than myself.
Very few people know how to use the software to even start analyzing the problem.
Click to expand...
Click to collapse
Can I use a similar way to unlock XT902(Japanese Razr M)? I can't find 8322 in XT902.......
Followed instructions and worked perfectly. The key for me was the latest Motorola drivers AND the Motorola USB cable that came with the phone. I tried other cables that both charged and synced but the only that worked for this was the Moto cable. Using Win XP SP3 ( 12 year old OS on brand new work laptop. WTF!)
i was wondering if this works on other networks such as boost mobile,net10, criket etc...? i honestly dont have enough money to buy a new phone and whatnot. the whole reason why i did this is because i lost my job and now i cant pay my phone bill and it keeps getting higher and higher.
AKG0214 said:
i was wondering if this works on other networks such as boost mobile,net10, criket etc...? i honestly dont have enough money to buy a new phone and whatnot. the whole reason why i did this is because i lost my job and now i cant pay my phone bill and it keeps getting higher and higher.
Click to expand...
Click to collapse
Boost - No
Cricket - No
They're both cdma. This is to allow the GSM side (SIM CARD based) of the phone to work on other carriers. With that said, your best options are
Net10, Straight Talk, ATT, T-Mobile, Simple Mobile, H20, Orange, and there's a plethora of others out there. Post paid and pre-paid.
@DSDD
I beleive your XT902 is GSM by default. So if what your asking is will this bypass the network lock, no, the device needs to be unlocked by code. Then you can use it outside of the current carrier/country.
after boot, it is set back to 01 again @ address 8322
my phone version is Bsmq_vzw-user 4.1.1 9.8.1Q_27-2 4 release-keysSM_BP_1139.000.32.62P
after write to 8322 with zeros, I read it again the confirm it is written, but after rebooting the phone, the value is back to 01 again.
I guess the verizon driver may override this value during rebooting?
any help?
should I root the phone?
==
thanks
cellzealot said:
Introduction:
This post is a guide to show how to perform the NV edit required to unlock US GSM carriers(AT&T and T-Mobile etc.) on the VZW XT907/926 RAZR M/HD stock modem using a Motorola serviceware tool called RadioComm.
This is simply a different method to perform the same hack that was discovered by Arnold Snarb in the main thread about ATT/T-Mobile here.
http://forum.xda-developers.com/showpost.php?p=37123644&postcount=158
Despite the fact that he thanked me for leading the way in that post, he did some really brilliant analysis of the logs in QXDM to isolate this NV Item and saw something in the them that I had missed as well as guessing correctly about it's significance, and deserves all of the credit for this hack.
Everyone should please go and thank him in that post for the outstanding work.
He used a tool called DFS to access and edit NV Item 8322 and change the value of the first byte from 01 to 00 which disables the checking of the MCC/MNC against a list of banned networks and flags MCC 310 as Invalid Country Code.
That method requires booting into BP Tools mode from the boot menu and loading the Qualcomm diagnostic device interfaces.
The problem is that there are no signed 64bit drivers available and you must force load the drivers on Win7/8 64 bit for the diagnostic port in order to see the device properly and have NV read/write access.
This has been a stumbling block for many users and makes the NV editing unnecessarily difficult.
This method uses Factory boot mode and allows RadioComm to have full diagnostic mode access via the Motorola USB Networking driver that loads normally with the standard USB driver set. I will demonstrate 2 different ways to perform the edit, one manual and one using a preconfigured SEEM table file that writes the value in a single operation.
Neither of these methods is as easy as an update.zip install from custom recovery would be, but we don't have a binary that supports the motorola.update_nv function that we used for prior MDM6600 based devices available to us for the MSM8960 devices.
Given that some form of diagnostic mode software and a PC is required, I feel that RadioComm is probably an easier option for most users as it avoids the driver problems and has a clearer and simpler interface for NV read/write access than DFS.
Once you have the latest Motorola drivers installed and RadioComm loaded, this guide should make it very easy and safe to perform what is generally a complicated and potentially dangerous task of editing the radio NVM(Non Volatile Memory).
RadioComm itself is a terrifyingly complex piece of software with a GUI that can bring even the most seasoned and experienced phone hacker to their knees wondering what all the various windows, modules and buttons do.
It is the premier Motorola serviceware application and is designed by and intended for use by top level radio engineers and technicians.
It is an extremely powerful application that can access all models and chipsets of Motorola devices and perform a vast array of diagnostic testing and configuration operations and can be fully automated via multiple scripting languages.
It's just plain scary and confusing and very dangerous if not taken seriously.
Warning and disclaimer:
DO NOT PLAY AROUND WITH ANY FEATURES OR RANDOMLY HIT ANY BUTTONS IN RADIOCOMM!!!
YOU CAN RENDER YOUR PHONE DYSFUNCTIONAL OR UNBOOTABLE IN SECONDS!!!
This cannot be emphasized strongly enough!
Follow the instructions exactly as they are written and shown in the screenshots and you will find it very simple to use have no trouble doing the edit with either method.
You, the user, are the only person responsible for your actions and performing this hack will absolutely void your warranty the same way rooting or any other modifications to your device's software does!
That said, this hack will be undetectable and have no outward visible signs of having been performed other than the fact that any GSM SIM should work afterward.
Root is NOT required and this can be safely done and undone at will without making any other changes on the device and all normal services function properly on VZW's network with the edit in place. It appears to only affect the US GSM network block and nothing else.
Prerequisites:
You need to have a recent set of Motorola USB drivers v. 5.9.0 or greater installed on your PC with a full USB 2.0 compatible port.
You need a standard Motorola micro USB cable.
RadioComm 11.12.xx I have included a link to 11.12.2 below.
https://dl.dropbox.com/u/7632904/RadioComm_v11.12.2_Install.zip
This has been tested on Win7 64bit and WinXP SP3 32bit with .NET Framework 4.0 installed.
Method:
This guide assumes you already have RadioComm and the drivers properly installed and have rebooted both PC and the phone afterward.
The first instructions and screenshots describe the initial setup and manual method using the FTM Common 1 tab and the NV Access window in RadioComm.
When you first open RadioComm you will get a popup stating that the version is more than 2 months old. Just close it and continue.
Now go to the top left corner and hit the Main button and select the MA: Common/MDM6x00 as shown in the first screenshot.
Next, go to Settings/USB and select PST USB Driver as shown in the second screenshot.
Test Command Format should default to P2K05 lower in Setings menu.
Leave all other options default.
Now we are ready to connect the phone and perform the edit.
Make sure you have Connect as Media Device in USB settings and USB Debugging enabled in Developer Options.
Power off the phone and then hold both Vol Up and Down + Power to enter the boot menu.
Use the Vol Down key to scroll down in the menu to Factory and then Vol Up key to select and the phone will boot.
Connect the USB cable and RadioComm will enumerate the phone and the radio button in the top right will change colors.
It will cycle sever times red to yellow and eventually go green when the device is fully enumerated and shows as XT907 in the status bar
at the bottom of the screen. You can read the Software Version and MEID/ESN/pESN buttons to make sure everything is working properly.
Each successful read the GUI will flash green and the Command buffer will turn green and any selected button will be green.
Any unsuccessful attempt will turn red.
If not, then restart everything and check over all settings again before proceeding.
Now go to the tabs bar across the top middle of the GUI and select FTM Common 1 tab and go to the NV access window in the center right of that tab and select the top menu Item "FFFF Manual Entry" as shown in the third screenshot.
Now hit the Read button and you will get 2 popup windows.
In the first window you will enter the Decimal NV Item ID 8322 and in the second you will enter the byte length to be read 1 as shown in the fourth screenshot.
When you hit ok it will read the NV Item and flash green and display the data in the hex output buffer below and you will see 01 for the value as shown in the fifth screen shot.
Now highlight the 01 and change it to 00 and hit the write button and this time it will only popup once asking for the Decimal NV Item ID 8322. When you hit OK the item will be written and the GUI will again flash green for a successful write as shown in the sixth screenshot.
You are now finished and can either use the restart button at top right of RadioComm to reboot or manually restart the phone.
The last screen shot is edited to show the steps to use the NV/SEEM feature with a SEEM table file I have provided below to do all of the steps as a single operation. Some users may find this easier than manually editing in the NV Access window but it's really almost the same number of steps.
Go to the top left and hit Features and select NV/SEEM and another window will open and the radio button will cycle again a couple time as it re enumerates the device again it will go green finally. Follow the instructions in the seventh screenshot and be sure to use the Restart button in the main window after you close NV/SEEM because its suspends the phone and it will be black screen and unresponsive and require holding Vol keys and Power for 10 secs to reset it otherwise.
Congrats! All done now and the rest is just putting in a SIM and selecting GSM/UMTS in Network Settings and everything should just work!
Below is the link for the .NVM SEEM table file.
https://dl.dropbox.com/u/7632904/TBH_RAZR_M_GSM_Unlock.NVM
Please use this thread to discuss issues relating to this method and RadioComm and keep general discussion of the phone on US carriers in the other thread, thank you!
Click to expand...
Click to collapse
---------- Post added at 11:14 PM ---------- Previous post was at 10:48 PM ----------
tried again for couple of times, this time it actually works.
maybe last time I reboot the phone too early?
sipida said:
my phone version is Bsmq_vzw-user 4.1.1 9.8.1Q_27-2 4 release-keysSM_BP_1139.000.32.62P
after write to 8322 with zeros, I read it again the confirm it is written, but after rebooting the phone, the value is back to 01 again.
I guess the verizon driver may override this value during rebooting?
any help?
should I root the phone?
==
thanks
Click to expand...
Click to collapse
Glad you got it working. There is no VZW software on the phone capable of writing to the radio NV, so it's not being reverted by anything.
If anyone else has similar issues I would suggest trying the NV/SEEM method as that will definitely write the item properly.
queberican351 said:
@DSDD
I beleive your XT902 is GSM by default. So if what your asking is will this bypass the network lock, no, the device needs to be unlocked by code. Then you can use it outside of the current carrier/country.
Click to expand...
Click to collapse
XT902 has sim lock, and there is no way to key in unlock code. So I think it maybe unlocked by modifying another NV item.
Does this tutorial unlock mobile data usage on other carriers. I cannot seem to get data working on my XT907 in Australia. GSM and MMS work fine, so why doesnt Data?
I don't know for certain because I only have experience with domestic US GSM carriers, but I tend to doubt it.
You can try it and see and revert it easily if it doesn't work. You can also try flashing the Telstra XT905 NON-HLOS.bin(modem) and fsg.mbn(carrierEFS/NVM config).
This was the method used to get US GSM service on XT907 before the method shown here was discovered.
It works but is limited to GSM/EDGE data services here in the US.
I am inclined to think it is some other problem with the device because it should work as a global capable phone by default.
dsdd said:
XT902 has sim lock, and there is no way to key in unlock code. So I think it maybe unlocked by modifying another NV item.
Click to expand...
Click to collapse
If it has a sim lock and you can acquire the code open your dialer and press #073887* (#0SETUP*) and it'll prompt you for the code.
Several people have PMd me questions about this method and I would much prefer that they be posted here in the thread so that everyone may benefit from the information.
Please include as much information about your PC and driver versions and be as thorough as possible in explaining your problems.
Hello everyone. It's been heavily requested that I create a guide on how to program the values I provided in one of the posts on my previous boot image thread into the Boost Desire 626S modem so I decided to take the job into my own hands for your convenience.
First you will need QPST, QXDM, and the modem diag usb driver if it is not already installed on your computer. Here are the links:
QPST:
https://www.sendspace.com/filegroup/XynIcslf8H6Qm2TsJ5z4ZEocT85CdvbS
QXDM:
https://www.sendspace.com/filegroup/XynIcslf8H6Qm2TsJ5z4ZEocT85CdvbS
DIAG DRIVER:
https://www.sendspace.com/filegroup/XynIcslf8H6Qm2TsJ5z4ZEocT85CdvbS
1 --- INSTALLING SOFTWARE / DRIVERS
Run QPST.2.7.425 from the QPST folder in the QPST.zip archive and install it by clicking next through the dialog box at each step.
Run QXDMInstaller from the QXDM folder in the QXDM.zip archive and install it by clicking next at each step as well.
Run HTC CDMA LTE DIAG Modem Driver v3.0.2.0 from the inside the DIAGDRIVER.zip archive and you've got everything you need to now program the Boost Desire 626S modem.
2 --- SETTING UP USB DEBUGGING
---First you will need to enable usb debugging.
---Connect your Desire 626S to a usb port on your computer.
---Open the settings app and scroll to about and select it.
---Next, select software information then select more and tap on build number 7 times.
---This will enable access to Developer Options in the settings app.
---Tap back three times and you will now see developers options as selectable in the settings app.
---Tap on developer options and scroll down a bit to USB debugging option.
---Make sure it has a blue checkmark next to it so it is enabled.
3 --- SETTING UP DIAG USB ACCESS
---Now we will enable usb diag access to allow communications with QPST/QXDM.
---On your computer with the phone still connected, open a command prompt as administrator and type adb shell then hit enter.
---Or if you are using minimal adb and fastboot installation, open the shortcut for it as administrator and type adb shell then hit enter.
---On your phone, tick the box next to always allow and tap ok.
---You might have to type in adb shell again and hit enter.
---Do so and you will see [email protected]_a32ewhl:/ $ at the prompt which means you have shell access.
---Now we need root shell access.
---With the shell access, type in su and hit enter.
---Allow the root access for adb shell in the supersu prompt that pops up on your phone.
---You will now see [email protected]_a32ewhl:/ # in the command prompt window.
---Congrats you now have root access.
---With root shell access type this in and hit enter in the command prompt window:
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/func_en
---You might hear a ding and you have now enabled diag access to use QPST/QXDM in order to program the modem.
4 --- SETTING UP MODEM DIAG COMMUNICATION
---To open QXDM, click the orb in the bottom left hand corner to open the start menu and then click all programs.
---Scroll to QXDM Professional and click it and then click the next QXDM Professional shortcut under it.
---QXDM will now open so now it's time to access the diag port to the modem.
---Click on options in the bar towards the top of the window and then click on communications.
---Under target port, click on the box that says disconnect and click on the available COM port whether it might be COM1-5 then click ok.
5 --- PROGRAMMING MODEM NV ITEM VALUES
---Now we are down to the nitty gritty, actually programming the values for the bands in the modem. It is actually quite easy to do if you figure out what needs to be done.
---Click on the box next to view on the second bar down and click on the NV browser option to open it.
---In the NV browser window you will see some of the first typical NV items that might be included in a modem firmware but we are looking for the certain ones we want to edit to change bands and functionality.
---Left click the up and down arrows on the scroll bar and hold the left mouse button to slowly scroll from item value to item value if you need to, and slowly drag the knob on the scroll bar up and down if you require quicker navigation through the NV items.
---Once you reach an NV item you want to change, for instance, item 1877, click it and in the box under fields section you will see the input field used to change the following value field are both 0, followed by the respective nv items true name.
---To retrieve the content of each field for item 1877 or any nv item, click the read button in the bottom right hand side of the nv browser window, and you will be presented with the fields contents.
---For example NV item 1877 has a default value field content of 78135687 on my Boost Desire 626S so input field is also the same but this input field is what we change.
---Click the value under input once to select it then click it again and it will be editable with the caret blinking and 78135687 highlighted.
---Type in or copy and paste the value you wish to use for the value field in this input field once it is highlighted then hit enter on the keyboard and click write in the bottom right hand side of the window to make the new value stick.
---Congrats you have changed the value for an NV item.
---After writing new values, click offline in the bottom right hand side of the nv browser and wait 5 seconds.
---You will see the signal bar on your phone go blank.
---Click reset and the signal on your phone will be restored.
---Follow these last few steps when writing new values to ensure they stick.
---Reboot your phone and the values will stick.
6 --- GETTING MSL/SPC CODE FOR YOUR PHONE
---Scroll to item ID 00085 with description security code and click it to select it then click read in the bottom right hand side of the NV browser window
---In the input and value fields you will be presented with the MSL/SPC for your phone.
---Use this MSL/SPC code to program/edit the modem nv item values in EPST menus accessed by using ##3282# in the dialer.
---Also type in spc ****** in the text field in the command bar below the view bar in the QXDM window and hit enter, the six stars being the six digits of your MSL/SPC.
---Enter the MSL/SPC in the latter manner before writing new values to the modem for safe measure to ensure they stick.
---Quick note, enter *#*#4636#*#* in the dialer to open the testing menu, and tap phone information then scroll down to set preferred network type, and tap the down arrow to the right then scroll to and tap the network type you would like to use.
7 --- HERE ARE SOME RELEVANT NV ITEMS AND THE VALUES TO WRITE TO THEM....
----------------
Items 6828 and 6829
35184372088830
all lte
----------------
Item 65633
0x00001FFFFFFFFFFE
all LTE Bands
----------------
Item 441
32767
all 3G
----------------
Item 946
65535
all 3G
----------------
Item 1878
32
max HW band
----------------
Item 2954
4294967295
all 3G
----------------
Item 1877
18446744073709551615
all 3G
----------------
Item 4548
18446744073709551615
all 3G
----------------
Item 11
B only
Channel 384 and 777
----------------
Item 12
B only
Channel 384 and 777
----------------
Item 441
0x2
Channel B
----------------
Item 442
0xFFFF
All Roam
----------------
Item 10
LTE Only
Band Pref
----------------
Item 5
0x0
Slot Cycle Index
-------------------
Item 4
0x9A
Station Class Mark
----------------
Item 179
0
Voice Privacy
----------------
What next?
---------- Post added at 11:36 AM ---------- Previous post was at 11:19 AM ----------
I meant how do I use d softwares to edit LTE bands
Thanks a lot man. I've successfully programmed the values and although I have a Sprint version and the LTE bands are different in my country, I was able to get the values from NV calculator on play store. I've not had time to check if they work albeit I programmed 3g bands a while back and band 2100 which works in my country failed to work, I hope the LTE works. Thanks once again
You're Welcome
doyin116 said:
Thanks a lot man. I've successfully programmed the values and although I have a Sprint version and the LTE bands are different in my country, I was able to get the values from NV calculator on play store. I've not had time to check if they work albeit I programmed 3g bands a while back and band 2100 which works in my country failed to work, I hope the LTE works. Thanks once again
Click to expand...
Click to collapse
You're Welcome. Glad it worked for you.
@anthonykb
---With root shell access type this in and hit enter in the command prompt window:
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/func_en
---You might hear a ding and you have now enabled diag access to use QPST/QXDM in order to program the modem.
Click to expand...
Click to collapse
Great work !!
Do you have any reference to other commands for switching the download / service modes?
To flash boot-loaders and such !!
I have the board support package for the msm8909 chipset and I am working on building the required programmers.
Just need to write my partition.xml ( I have the GPT info. )
My plan is to make a Qfil flashable Service Rom.
Update: Bands were successfully programmed as I stated earlier but sadly, they don't work. I just hope and pray someone somewhere is making a from scratch custom kernel for this device
@doyin116
Did that for Lollipop ( Completed ) For Marshmallow they didn't release the source yet.
I don't think it will be a problem to use the CAF source. ( Will Find out soon. )
Here is my kernel.
http://forum.xda-developers.com/desire-626/development/kernel-wip-port-lollipop-5-1-source-t3470476
Here's my source.
https://github.com/Bigcountry907/kernel_htc_a32eul
I just synced the CAF Android 7.0 source.
It's gonna be a wile cause I been developing this by my self but it is in the works.
I have built the UBERTC cortex a9 toolchains and compiled the kernel inline with the recovery both in omnirom 6.0 and omnirom7.0.
Omnirom 7.0 uses Ninja for building. https://ninja-build.org/
I didn't know if this would cause a problem but it didn't. None I couldn't fix anyway.
So I have used the 5.1 kernel source and built it successfully in newer android versions.
It could be the combination of ninja and the UBERTC toolchain that make it work. IDK.
What do you need in the kernel? I might have it built.
BigCountry907 said:
@doyin116
Did that for Lollipop ( Completed ) For Marshmallow they didn't release the source yet.
I don't think it will be a problem to use the CAF source. ( Will Find out soon. )
Here is my kernel.
http://forum.xda-developers.com/desire-626/development/kernel-wip-port-lollipop-5-1-source-t3470476
Here's my source.
https://github.com/Bigcountry907/kernel_htc_a32eul
I just synced the CAF Android 7.0 source.
It's gonna be a wile cause I been developing this by my self but it is in the works.
I have built the UBERTC cortex a9 toolchains and compiled the kernel inline with the recovery both in omnirom 6.0 and omnirom7.0.
Omnirom 7.0 uses Ninja for building. https://ninja-build.org/
I didn't know if this would cause a problem but it didn't. None I couldn't fix anyway.
So I have used the 5.1 kernel source and built it successfully in newer android versions.
It could be the combination of ninja and the UBERTC toolchain that make it work. IDK.
What do you need in the kernel? I might have it built.[/QUOTE
Came across your kernel but from my understanding, it was meant for the METRO PCs version of 626s while mine is the Sprint version. I also tried to downgrade from marshmallow to lollipop but wasn't successful because it seemed the tutorial again was for METRO PCs. As to what I need in the kernel, I heard Qualcomm has an anti-tamper settings or so that prevents flashed bands from working but can be by passed by a built from scratch kernel.
My questions now are: can I flash your kernel on my 626s albeit the Sprint version and if yes, how do I downgrade to 5.1 on my Sprint version. If no, could you please create a custom kernel for the Sprint version? Thanks
Click to expand...
Click to collapse
Maybe I can get you a ruu of lolipop.
Let me go see.
Most likly I need to build you a kernel.
BigCountry907 said:
@doyin116
Did that for Lollipop ( Completed ) For Marshmallow they didn't release the source yet.
I don't think it will be a problem to use the CAF source. ( Will Find out soon. )
Here is my kernel.
http://forum.xda-developers.com/desire-626/development/kernel-wip-port-lollipop-5-1-source-t3470476
Here's my source.
https://github.com/Bigcountry907/kernel_htc_a32eul
I just synced the CAF Android 7.0 source.
It's gonna be a wile cause I been developing this by my self but it is in the works.
I have built the UBERTC cortex a9 toolchains and compiled the kernel inline with the recovery both in omnirom 6.0 and omnirom7.0.
Omnirom 7.0 uses Ninja for building. https://ninja-build.org/
I didn't know if this would cause a problem but it didn't. None I couldn't fix anyway.
So I have used the 5.1 kernel source and built it successfully in newer android versions.
It could be the combination of ninja and the UBERTC toolchain that make it work. IDK.
What do you need in the kernel? I might have it built.
Click to expand...
Click to collapse
BigCountry907 said:
Maybe I can get you a ruu of lolipop.
Let me go see.
Most likly I need to build you a kernel.
Click to expand...
Click to collapse
Would really appreciate you building me a kernel. Thanks in advance
@doyin116
I got my hands on a RUU for sprint lolipop.
I will upload when I get a chance.
Right now i'm in kernel mode so you might get lucky.
Hopefully I can add the sprint config to my tree and build it.
I'm trying that with the vzw 526. So if all goes well........
After I make recovery for 526 I will compile you a kernel.
BigCountry907 said:
@doyin116
I got my hands on a RUU for sprint lolipop.
I will upload when I get a chance.
Right now i'm in kernel mode so you might get lucky.
Hopefully I can add the sprint config to my tree and build it.
I'm trying that with the vzw 526. So if all goes well........
After I make recovery for 526 I will compile you a kernel.
Click to expand...
Click to collapse
I'm glad. Is there a time frame for all of this to be done?
I will upload this ruu tonight. Over the weekend I will put together the kernel over the weekend.
You will have to test it. I don't think I can flash sprint to my device. It's metro. But I am s-off.
BigCountry907 said:
@doyin116
I got my hands on a RUU for sprint lolipop.
I will upload when I get a chance.
Right now i'm in kernel mode so you might get lucky.
Hopefully I can add the sprint config to my tree and build it.
I'm trying that with the vzw 526. So if all goes well........
After I make recovery for 526 I will compile you a kernel.
Click to expand...
Click to collapse
BigCountry907 said:
I will upload this ruu tonight. Over the weekend I will put together the kernel over the weekend.
You will have to test it. I don't think I can flash sprint to my device. It's metro. But I am s-off.
Click to expand...
Click to collapse
No problem. I'm up for it
@doyin116n116
Here is the 5.1 ruu for sprint.
https://drive.google.com/open?id=0B8jitdIyh2NtUHQ2YWd5T2RCUFk
Download it and rename the file 0PM9IMG.zip.
See the downgrade post for metro pcs and edit the mainver in the misc partition as shown there.
You can just flash the misc.img that is posted on that thread.
Copy the 0PM9IMG.zip to your sdcard.
Boot the phone into download mode.
It will ask you if you want to install the ruu.
Hit the vol up key to install it.
If it reboots the first time back to download mode then hit vol up again.
It will flash for sure.
And don't worry.....it is easier to go back to MM than it is to go to LP.
BigCountry907 said:
@doyin116n116
Here is the 5.1 ruu for sprint.
https://drive.google.com/open?id=0B8jitdIyh2NtUHQ2YWd5T2RCUFk
Download it and rename the file 0PM9IMG.zip.
See the downgrade post for metro pcs and edit the mainver in the misc partition as shown there.
You can just flash the misc.img that is posted on that thread.
Copy the 0PM9IMG.zip to your sdcard.
Boot the phone into download mode.
It will ask you if you want to install the ruu.
Hit the vol up key to install it.
If it reboots the first time back to download mode then hit vol up again.
It will flash for sure.
And don't worry.....it is easier to go back to MM than it is to go to LP.
Click to expand...
Click to collapse
@BigCountry907 I'm having issues flashing the misc.img. I flashed through adb fastboot flash misc.img and it said unknown partition 'misc.img' error: cannot determine image file name for 'misc.img'. I flashed through twrp and it said could not find meta-inf/com/Google/Android/update-binary in the zip file. Through adb I did adb push misc.img /sdcard/".
"adb shell"
"su"
"dd if=/sdcard/misc.img of=/dev/block/bootdevice/by-name/misc" and it succeeded but when I flashed the 5.1 ruu it said ru_zip_error.
Could it be that the downgrading process is for metro PCs/ do I have to be unrooted or can I get detailed process of flashing it if I did it wrong. Alternatively, is there a tool I can use to access the misc.img partition and edit it myself?
@doyin116
I am creating a new how to thread.
We have got this thread way off topic.
The new thread is here.
http://forum.xda-developers.com/desire-626/general/how-to-downgrade-sprint-desire-626s-to-t3498653
Give me a little wile to write it up.
If a Moderator would like to move post #7 through post #17 to there that would be good.
How do we request a moderator to do that?
Old thread on old phone, I realize... but hoping someone might catch this & assist me. Having issues with gather SPC using QXDM 03.14.594 on 626s 0PM92 - Sprint MM ROM running on I-Wireless [T-Mobile].
While attempting READ on 00085, response is: "No DIAG response received".
Concerned about programming NV values in EPST w/o it. Any thoughts?
Update: After upgrading both qxdm/qpst, I'm getting a return on read from phone. Has it possibly been set as: 000000?