"Secret Codes" and Hidden Features
Hacking for "Secret Codes" and other hidden phone features.
Skill Level: Easy
Posting
==================================================
Do NOT post general questions/requests on how to do
this or that, they will not be answered, simply
because we don't know yet. Rather try to find out
by yourself and share your results.
==================================================
Purpose
To find all "Secret Codes", special properties and other hidden phone features
and settings, used in the GT-I9300. The secret codes are not so secret, but
are often used to activate and manipulate many settings, such as debug modes,
network connections, factory test modes etc. It is an unfortunate choice of
words but we will stick to this definition nonetheless for simplicity, since
it is also used in the source code by Samsung and AOS. Do not confuse secret
codes with VSC (Vertical Service Codes), USSD (Unstructured Supplementary
Service Data) or other MMI (Man Machine Interface) codes.
Although there are many "standard" codes common to many Samsung phones, they
do vary to some extent. This is because their functionality often depend on
the particular hardware, in particular the baseband processor (aka radio, DSP,
BP or CP) and the multiplexer chips that switches the various internal USB
paths, for example between MHL, BP and AP.
This is an informative reference thread on these features. If you have
relevant additional information you'd like to share, please post it here.
Background
From the Samsung Galaxy S2 experience we have gained the following
understanding when it come to the Factory/Service Mode menus and the
PhoneUtils applications. We are still to work out if this is still true for
the SGS3.
But first it is worth to note, that due to the more complicated, but better
organized phone applications in ICS, the way to enter secret codes have
changed from GB versions. Now all secret codes have to be prefixed with
"*#*#", followed by <code> and post fixed with "#*#*". [Note-1] However,
according to the GT-I9300 Service Manual, there are two codes that should work
without post- and pre-fixes. They are *#1234# (version) and *2767*3855#
(Factory reset! It will wipe your phone instantly, NO warnings, no going back,
no way to cancel.) [Note-2]
==================================================
Newbie Practice Box
Go to your phone dialer and "dial" the following string:
*#*#197328640#*#*
This will trigger the Service Menu.
==================================================This same effect can be accomplished directly on the command line, with a
direct URI broadcast call to the application receiver via:
Code:
[SIZE=2]am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://1111[/SIZE]
Second, it is essential to know that the actual program code (read
assembly/machine code) for the Engineering / Service Mode menu, is actually
located in the baseband processor firmware. What you actually see when you
enter this menu, is just a java based wrapper application, that make direct
function calls through various entry points, in the baseband kernel/firmware.
What does it mean? When you enter a specific "secret code", the wrapper
application (e.g. ServiceMenu.App) deciphers the code to a particular menu
entry in the baseband processor, where it is executed and whose result is
output to the wrapper application.
Third. Apart from hardware differences, because of the baseband firmware
dependance, the set of working secret codes will differ somewhat from your
location, depending on:
Your Modem firmware
Your AOS version (ICS 4.0.1, 4.0.4 etc.)
Your CSC version (Regional codes)
Special Notes
[Note-1] This can be seen in the handleSecretCode() function in the SpecialCh****quenceMgr.java code.
[Note-2] These need testing and confirmation since they clearly contradict [Note-1].
[Note-3] Apparently the Samsung Galaxy S3 will come in at least two versions:
The GT-I9300 (FCC-ID: A3LGTI9300 )
The SCH-I939 (FCC-ID: A3LSCHI939 ) [Possibly the LTE version]
References
[1] "[GUIDE] Noobs guide to extract Galaxy S3 stock firmware(.img)"
[2] "[All Stock Firmwares] I9300XXALE8 (4.0.4) - Kenya (OJV) [19-05-12]"
[3] "[HOW TO][Windows]Extract Deodex Sign and Zipalign an official ROM"
[4] "[GUIDE] dsixda's Android Kitchen - Now with SGS2 support (Windows/Linux/Mac)"
[5] "[REF] Unpacking and repacking stock rom .img files"
[6] "[Tool] Yaffey - Utility for reading, editing and writing YAFFS2 images" (code is here)
[7] "[TOOL] Auto Bloat Remover Tool For GS III!"
[8] "[GUIDE][TOOL] Guide To Create You're Own De-Bloat Tool/APK Installer/For Any Device"
Keywords: Secret, Codes, Hidden, Service, Factory, UART
HOW TO (find new stuff)
So how do you find new codes?
Well Google it! Then consider getting the following tools:
Get jd-gui (Often crashes)
Get jad (doesn't crash, but is cmdline based)
Get sgs2toext4 (and here)
Get Disk Internals Linux Reader
Get a disk image with deodexed Apps (see below)
Then what to do?
The brief version. (For full version, see "References" in OP above.)
Download all the tools shown above.
Download the deodexed firmware images (see post#3)
(If in Windows) Double click the sgs2toext4.
Drag and drop the system.img file to the sgs2toext4 "drop window".
You will now have a system.img.ext4 file, open this file with the LinuxReader tool.
Save entire filesystem (from 5) in a new folder. Close.
Go to the folder containing the *.apk(s) of interest.
Make sure dex2jar.bat (win) is in your path and run it on your interesting.apk like this, for example:
Code:
./path/to/dex2jar.bat Samsungservice.apk
This produces a new file: Samsungservice_dex2jar.jar
Extract (7zip) this file in a new folder.
Go to that folder in command line and enter the appropriate "jad" commands. For example, to decompile all class files globbed by Phone*.class and put the decompiled sources in the "src" sub-directory, do:
Code:
jad -o -r -sjava -dsrc Phone*.class
Go to the source directory (../src) you just created.
Enjoy your *.java files!
Alternatively you can deodex on your own...but don't ask me how to do it.
A few other Tools
http://www.sable.mcgill.ca/soot/
http://jdec.sourceforge.net/
http://stackoverflow.com/questions/647116/how-to-decompile-a-whole-jar-file
http://askubuntu.com/questions/129305/how-can-i-open-binary-image-files-img
The Secret Codes
The information for this post was obtained by decompiling the
deodexed system image of the firmware shown below.
I9300XXALE8
Base Firmware: I9300XXALE8 (4.0.4)
Modem: XXLE8
CSC: OJVALE7
The latest GT-I9300 Stock Firmwares can be found here.
Here are the codes as found in:
serviceModeApp.apk: ServiceModeApp.class
Code:
[SIZE=2]
Code Description JavaCall
----------------------------------------------------------------------------------------------------------------------
197328640 || 2684 Start Service Mode / Enter SM Main Menu SendData('\001', '\001', '\000', '\000', '\000');
1111 FTA SW Version SendData('\001', '\001', '\u1002', '\000', '\000');[/SIZE] [SIZE=2]
2222 FTA HW Version SendData('\001', '\001', '\u1003', '\000', '\000');
8888 SendData('\001', '\001', '\u1003', '\000', '\000');
2886 SendData('\001', '\001', ' ', '\000', '\000');
6984125* SendData('\001', '\001', ' ', '\000', '\000');
2767*2878 ? Factory reset (complete erase & format) SendData('\001', '\001', '!', '\000', '\000');
0228 ADC Reading SendData('\001', '\001', '\005', '\000', '\000');[/SIZE] [SIZE=2]
0599 SendData('\001', '\001', '\024', '\000', '\000');
1575 SendData('\001', '\001', '\025', '\000', '\000');
2263 RF Band Selection SendData('\001', '\001', '\026', '\000', '\000');
2580 SendData('\001', '\001', '\007', '\000', '\000');
301279 || 279301 SendData('\001', '\001', '\024', '\000', '\000');
32489 Ciphering Info SendData('\001', '\001', '\006', '\000', '\000');
4238378 SendData('\001', '\001', '\027', '\000', '\000');
4387264636 SendData('\001', '\001', '\037', '\000', '\000');
7284 PhoneUtil: USB/UART I2C Mode Control SendData('\001', '\001', '\023', '\000', '\000');
738767633 SendData('\001', '\001', '\034', '\000', '\000');
73876766 SendData('\001', '\001', '\033', '\000', '\000');
7387677763 SendData('\001', '\001', '\036', '\000', '\000');
7387678378 SendData('\001', '\001', '\035', '\000', '\000');
9090 Diagnostic Configuration SendData('\001', '\001', '\023', '\000', '\000');
0011 SendData('\001', '\004', '\000', '\000', '\000');[/SIZE] [SIZE=2]
123456 SendData('\001', '\004', '\001', '\000', '\000');
<na> End Service Mode 1 () SendData('\002', '\004', '\000', '\000', '\000');
<na> End Service Mode 2 () SendData('\002', '\001', '\000', '\000', '\000');
[/SIZE]
NOTE: In the table above, I have replaced printed UTF-8 (U+NNNN) characters with '\uNNNN'.
As you can see in the table above, most of the hidden codes are just shortcuts
into various sub-menus (third parameter) of Service Mode application. However,
this does not exclude the use of other hidden codes, that can be used or detected
in other applications.
From a different file we have a some additional codes.
(Not including already covered or overlapping codes.)
serviceModeApp.apk: SecKeystringBroadcastReceiver.class
Code:
[SIZE=2]0000
147852 TestApnSettings: putExtra("testBed", "Suwon");[/SIZE] [SIZE=2]
1478963 TestApnSettings: putExtra("testBed", "Open_market");
22558463 Reset Total Call Time
232331
232332
232337
3214789650
369852 TestApnSettings: putExtra("testBed", "Gumi");
3698741 TestApnSettings: putExtra("testBed", "Delete_DB");
-------------------------------------------------------------------------------
03 NAND Flash S/N (NandFlashHeaderRead)
745 RIL Dump Menu
746 Debug Dump Menu
0228 Battery Status
1111 IF SalesCode="CTC" THEN: TerminalMode
2222 IF SalesCode="CTC" THEN: TerminalMode
2263
8888
9900 || 0514 System Dump
279301
301279
3214789 GCF Mode Settings
5337632 NFC Test
22553767 Call Drop Log View
6335623
TESTMODE
[/SIZE]
These may not always work, since some of them depend on certain "Sales Codes"
or factory IMSI numbers, through statements like:
Code:
if ((mSalesCode.equals("CHM")) && (str.equals("827828868378")))
But these were only codes found in two files.
So there are probably many more codes to be found!
Other Stuff
Here are some unknown functions from: TerminalMode.class
Code:
[SIZE=2]DEBUG_SCR SendData('\001', '\004', '\000', 0, '\000');
EI_DEBUG_SCR SendData('\001', '\006', '\000', 0, '\000');
DATA_ADV SendData('\001', '\003', '\003', 0, '\000');
NAMBASIC SendData('\001', '\003', '\001', 0, '\000');
TESTMODE SendData('\001', '\001', '\000', 0, '\000');
NAMSIMPLE SendData('\001', '\003', '\002', 0, '\000');
TEST_CALL SendData('\004', '\007', c, 0, '\000');
[/SIZE]
Here is a list of all the OEM Commands used in the Service Mode App.
Code:
[SIZE=2]-------------------------------------------------------------------------------
private class OemCommands (ServiceModeApp) value hex
-------------------------------------------------------------------------------
char OEM_SERVM_FUNCTAG = '\001';
OEM_SM_ACTION = '\000'; 00
OEM_SM_DUMMY = '\000'; 00
OEM_SM_END_MODE_MESSAGE = '\002'; 02
OEM_SM_ENTER_MODE_MESSAGE = '\001'; 01
OEM_SM_GET_DISPLAY_DATA_MESSAGE = '\004'; 04
OEM_SM_PROCESS_KEY_MESSAGE = '\003'; 03
OEM_SM_QUERY = '\001'; 01
OEM_SM_TYPE_MONITOR = '\004'; 04
OEM_SM_TYPE_MONITOR_SKT = '\001'; 01
OEM_SM_TYPE_NAM_EDIT = '\003'; 03
OEM_SM_TYPE_PHONE_TEST = '\005'; 05
OEM_SM_TYPE_SUB_ALL_VERSION_ENTER = '\004'; 04
OEM_SM_TYPE_SUB_BAND_SEL_ENTER = '\026'; 16
OEM_SM_TYPE_SUB_BATTERY_INFO_ENTER = '\005'; 05
OEM_SM_TYPE_SUB_BLUETOOTH_TEST_ENTER = '\t'; 09
OEM_SM_TYPE_SUB_CIPHERING_PROTECTION_ENTER = '\006'; 06
OEM_SM_TYPE_SUB_ENTER = '\000'; 00
OEM_SM_TYPE_SUB_FACTORY_PRECONFIG_ENTER = '\016'; 0e
OEM_SM_TYPE_SUB_FACTORY_RESET_ENTER = '\r'; od
OEM_SM_TYPE_SUB_FACTORY_VF_TEST_ENTER = '\031'; 19
OEM_SM_TYPE_SUB_FTA_HW_VERSION_ENTER = '\003'; 03
OEM_SM_TYPE_SUB_FTA_SW_VERSION_ENTER = '\002'; 02
OEM_SM_TYPE_SUB_GCF_TESTMODE_ENTER = '\027'; 17
OEM_SM_TYPE_SUB_GET_SELLOUT_SMS_INFO_ENTER = '\037'; 1f
OEM_SM_TYPE_SUB_GPSONE_SS_TEST_ENTER = '\025'; 15
OEM_SM_TYPE_SUB_GSM_FACTORY_AUDIO_LB_ENTER = '\030'; 18
OEM_SM_TYPE_SUB_IMEI_READ_ENTER = '\b'; 08
OEM_SM_TYPE_SUB_INTEGRITY_PROTECTION_ENTER = '\007'; 07
OEM_SM_TYPE_SUB_MELODY_TEST_ENTER = '\013'; 0b
OEM_SM_TYPE_SUB_MP3_TEST_ENTER = '\f'; oc
OEM_SM_TYPE_SUB_RRC_VERSION_ENTER = '\024'; 14
OEM_SM_TYPE_SUB_RSC_FILE_VERSION_ENTER = '\021'; 11
OEM_SM_TYPE_SUB_SELLOUT_SMS_DISABLE_ENTER = '\034'; 1c
OEM_SM_TYPE_SUB_SELLOUT_SMS_ENABLE_ENTER = '\033'; 1b
OEM_SM_TYPE_SUB_SELLOUT_SMS_PRODUCT_MODE_ON = '\036'; 1e
OEM_SM_TYPE_SUB_SELLOUT_SMS_TEST_MODE_ON = '\035'; 1d
OEM_SM_TYPE_SUB_SW_VERSION_ENTER = '\001'; 01
OEM_SM_TYPE_SUB_TFS4_EXPLORE_ENTER = '\017'; 0f
OEM_SM_TYPE_SUB_TOTAL_CALL_TIME_INFO_ENTER = '\032'; 1a
OEM_SM_TYPE_SUB_TST_AUTO_ANSWER_ENTER = ' '; 20
OEM_SM_TYPE_SUB_TST_FTA_HW_VERSION_ENTER = ----> # UTF-8: U+1003: e1 80 83 MYANMAR LETTER GHA
OEM_SM_TYPE_SUB_TST_FTA_SW_VERSION_ENTER = ----> # UTF-8: U+1002: e1 80 82 MYANMAR LETTER GA
OEM_SM_TYPE_SUB_TST_NV_RESET_ENTER = '!'; 21
OEM_SM_TYPE_SUB_USB_DRIVER_ENTER = '\022'; 12
OEM_SM_TYPE_SUB_USB_UART_DIAG_CONTROL_ENTER = '\023'; 13
OEM_SM_TYPE_SUB_VIBRATOR_TEST_ENTER = '\n'; 0a
OEM_SM_TYPE_TEST_AUTO = '\002'; 02
OEM_SM_TYPE_TEST_MANUAL = '\001'; 01
-------------------------------------------------------------------------------
private class OemCommands (TerminalMode)
-------------------------------------------------------------------------------
OEM_HIDDEN_FUNCTAG = 'Q';
OEM_HM_END_TEST_CALL_MESSAGE = '\t';
OEM_HM_TEST_CALL_MESSAGE = '\004';
OEM_HM_TYPE_TEST_CALL = '\007';
OEM_SERVM_FUNCTAG = '\001';
-------------------------------------------------------------------------------
private class OemCommands (SysDump:)
-------------------------------------------------------------------------------
OEM_DBG_STATE_GET = 6;
OEM_DEL_RIL_LOG = 13;
OEM_DPRAM_DUMP = 14;
OEM_DUMPSTATE = 3;
OEM_DUMPSTATE_ALL = 20;
OEM_ENABLE_LOG = 7;
OEM_GCF_MODE_GET = 15;
OEM_GCF_MODE_SET = 16;
OEM_IPC_DUMP_BIN = 9;
OEM_IPC_DUMP_LOG = 8;
OEM_KERNEL_LOG = 4;
OEM_LOGCAT_CLEAR = 5;
OEM_LOGCAT_MAIN = 1;
OEM_LOGCAT_RADIO = 2;
OEM_MODEM_FORCE_CRASH_EXIT = 23;
OEM_MODEM_LOG = 18;
OEM_NV_DATA_BACKUP = 17;
OEM_OEM_DUMPSTATE_MODEM_LOG_AUTO_START = 19;
OEM_RAMDUMP_MODE = 10;
OEM_RAMDUMP_STATE_GET = 11;
OEM_START_RIL_LOG = 12;
OEM_SYSDUMP_FUNCTAG = 7;
OEM_TCPDUMP_START = 21;
OEM_TCPDUMP_STOP = 22;
-------------------------------------------------------------------------------
[/SIZE]
Enjoy!
Special Properties
Next we'll have a look at some interesting (or not?) system "properties".
For now, I'll just list some of those I found more interesting and potentially useful.
Code:
[SIZE=2]Property Setting/String Source Description[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]dev.silentlog.on On SysDump: [/SIZE]
[SIZE=2]gsm.operator.numeric 45001 Sec_Ril_Dump: [RIL::FD] Samsung Testbed[/SIZE]
[SIZE=2]gsm.default.sidmode ? UART[/SIZE]
[SIZE=2]net.tcpdumping On SysDump: ?[/SIZE]
[SIZE=2]nfc.trace.mode On Enable NFC Trace Mode [/SIZE]
[SIZE=2]ril.FTM_MODE ? "FTM_MODE_KEY"[/SIZE]
[SIZE=2]ril.FS true PhoneUtils: updateRAFT() Activates RAFT (???) updates[/SIZE]
[SIZE=2]ril.OTPAuth SysDump: OTP Authentication [/SIZE]
[SIZE=2]ril.cdma.inecmmode true Is phone in ECM mode?[/SIZE]
[SIZE=2]ril.unique_number The RIL Unique Number (UN)[/SIZE]
[SIZE=2]ril.sms.gcf-mode On ? SMS "GCF" mode[/SIZE]
[SIZE=2]persist.log.seclevel On Switchable Log level?[/SIZE]
[SIZE=2]persist.sys.country [/SIZE]
[SIZE=2]ro.build.type eng SysDump: [/SIZE]
[SIZE=2]ro.debuggable On Enable Debug / DBG_ENG / Engineering Mode??[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]Country/Region Specific[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]ro.board.platform [/SIZE]
[SIZE=2]ro.build.characteristics [/SIZE]
[SIZE=2]ro.csc.sales_code SKT | KIT | LGT PhoneFeature: makeFeatureForKor() [/SIZE]
[SIZE=2]ro.product.name espressorf | espresso10rf PhoneFeature: checkDBGLevel() [/SIZE]
[SIZE=2] aegis2vzw PhoneFeature: makeFeatureForKor() [/SIZE]
[SIZE=2] jaguars | jaguark | jaguarl [/SIZE]
A particularly fun string is the following, found in the featureForKor() function:
Code:
[SIZE=2]mFeatureList.put("emergency_for_cyber_terror", boolean2);[/SIZE]
I'd really like to know what this does!
Special Files
As we know from other Samsung Galaxy class phones, there are a number
of files that can be created or modified in order to activate certain
functions. Here we list those found to date. Please post if you know
of other ones!
Apparently setting the "SubscriberID" (IMSI) to "999999999999999" also
activates certain test features. A sim with this IMSI is also known as
a "Factory SIM". However, if the SIM IMSI starts with either "45001" or
"00101" it is a "Test SIM".
[See: ServiceModeApp.apkhoneUtils.java:isFactoryMode() or
FactoryTest.apk:ModuleCommon.java:isFactorySim()]
Code:
[SIZE=2]File FileContent Description[/SIZE]
[SIZE=2]-------------------------------------------------------------------------------[/SIZE]
[SIZE=2]/efs/FactoryApp/factorymode ON Enable Factory Mode[/SIZE]
[SIZE=2]/efs/FactoryApp/keystr ON Blocked (hidden code?) Key String(s)[/SIZE]
[SIZE=2]/efs/imei/mps_code.dat ? ?[/SIZE]
[SIZE=2]/efs/root/ERR ? Error Log[/SIZE]
[SIZE=2]/data/.psm.info ? WiFi Power Save Mode [/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]Various Log Files:[/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]/data/log/CallDropInfoLog.txt ? Dropped Calls Log[/SIZE]
[SIZE=2]/data/log/lucky_ril.log ? ?[/SIZE]
[SIZE=2]/data/log/dumpState_*.log ? ? System Dump Log[/SIZE]
[SIZE=2]/data/log/main_*.log ? ? [/SIZE]
[SIZE=2]/data/anr/traces.txt ? ? [/SIZE]
[SIZE=2]/data/log/err ? ? Error Log[/SIZE]
[SIZE=2]/data/log/err/AENEAS_TRACE_###.bin RF Aeneas Trace Log[/SIZE]
[SIZE=2]/data/log/err/MA_TRACE_###.bin RF MA Trace Log[/SIZE]
[SIZE=2]/mnt/sdcard/log ? ?[/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]System Files [/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]/sys/class/sec/switch/adc [/SIZE]
(Note: Some of these paths need to be verified, as they may be relative...)
Finally, we have two NVpasswords, that is used for uploading or dumping NVram, AFAIK. They are:
873283
3352225
and they can be found in Sec_Ril_Dump.class.
DISCALIMER:
As I do not have access to a GT-I9300, I have not been able to verify
any of the information in this thread! I apologize if there is any erroneous
information here. Please let me know and post new information here as
it become available. Also make sure you make a complete backup, before
attempting any of the codes or other trickery above!
Great post Buddy. But..........
But I didn't Understand Anything, lol better to say Nothing......... Too complicate for my simple mind.
This is some list! Great job!
Very good info there .. how about programming the sim with that IMSI will it have any effect.
Sent from my GT-I9300
tids2k said:
Very good info there .. how about programming the sim with that IMSI will it have any effect.
Click to expand...
Click to collapse
It certainly will, but you will have to find a SIM that is programmable!
You can buy programmable SIM cards from the Sysmocom website, but you need the tools to do so. Sysmocom is ran by some of the GSM security researchers and open source baseband developers...
Here is tutorial on how to clone a SIM card. However, this may be highly illegal in some countries, even for your own! Check your local laws.
(In addition it is a border-line topic on what we are allowed to post here on XDA.)
But Apple proposed, (and here) already some years ago, to have programmable SIM cards built into their devices. This would make perfect sense, since the whole idea about using SIM cards have been neglected and forgotten in the first place. (The original idea, was that it should be extremely easy to switch SIM cards, so that you could easily just borrow someone else's phone, put you card in and make a phone call. Even on designated SIM-holder enabled pay-phones! This has become forgotten and circumvented and damn hard to do with embedded sim cards deep inside your phone.) In addition most cellular providers have lobbied against it...
Definately would look at it. Here is the link for the time being ...
http://www.jaycar.com.au/productView.asp?ID=KC5361
I remember when Dejan found the binary hack way back in 2006 for BB5 Nokia phones, he posted files on his website on how to clone a simcard. But those times only 16bit chips were used.
Here is the scheme tics for the reader if any one interested.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
via Flying Daggers
tids2k said:
how about programming the sim with that IMSI will it have any effect.
Click to expand...
Click to collapse
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Does it look like there are any menus where you can disable Fast Dormancy? *#9900# does not allow you to do this on the S3
Code:
Samsung Galaxy S3 .. Secret Codes found by tids2k
Thanks to E:V:A for his information and knowledge
HOW TO RUN THESE COMMANDS :
Connect your phone into debug mode .. Settings -> USB Debugging [] Enable it.
Then in MS-DOS C:\ type
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://****
where **** is the secret code :-) So let us begin
Secret Codes **** Function
2684 or 197328640 DEBUG MENU
0000 CSC SPECIFIC
827828868378 CSC SPECIFIC
2684 SERVICE MODE ( WATCHDOG/DUMPS/LOGS OPTIONS)
0011 CONNECTION STATUS
123456 CONNECTION STATUS
22558463 RESETS TOTAL TALK TIME
32489 CIPHERING INFO
2580 NON-SUPPORT
232337 BLUETOOTH ADAPTER ADDRESS
232331 BLUETOOTH RF TEST
232332 ??
9090 DIAG CONFIG (MODEM)
73876766 SELLOUT SMS ENABBLE
738767633 SELLOUT SMS DISABLE
7387678378 SELLOUT SELF SET TEST MODE
7387677763 SELLOUT SMS SET PRODUCT MODE
4238378 GCF SETTINGS
4387264636 SELLOUT SMS MAIN
1575 GPS SETTINGS
6984125 ????
2886 ??
2767*2878 ??
745 RIL COMMANDS ( NICE ONE )
746 ANOTHER DUMP TOOL ( NICE ONE )
9900 or 0514 SYSDUMP
1111 FTA SW VERSION
2222 or 8888 FTA HW VERSION
301279 or 279301 RRC ( HSPA ) CONTROL
2263 BAND SELECTION
5337632 SOME KIND OF SOUND
0228 BATTERY STATUS
03 NAND FLASH UNIQUE NO.
3214789 GCF MODE ENABLE/DISABLE
6335623 WIFI HIDDEN MENU
NOW FACTORY SETTINGS
06 IMEI
0589 LIGHT SENSOR TEST
80 TOUCH NOISE TEST
251 WAKELOCK ON
250 WAKELOCK OFF
350 REBOOT
5238973 LCD TYPE
4327 HDCP INFO
22235 ACCELEROMETER SENSOR INFO
0782 RCT CLOCK
86824 TOUCH KEY SENSTIVITY
0842 VIBRATION TEST
0673 SPEAKER/HEADPHONE/HEADSET TEST
0289 MELODY TEST
2663 TOUCH FIRMWARE UPDATE
2664 POINTER LOCATION
0588 PROXIMITY TEST
3264 RAM CHECK
7780 MASTER RESET
7769 PROXIMITY SENSOR TEST
87976633 FACTORY RESET
9999*3288 QWERTY COUNTER
767*2878 QWERTY COUNTER RESET
0283 LOOPBACK TEST
7328735824 LOT ID
three new tablets in work ... lol
if ((str1.startsWith("GT-P31")) || (str1.startsWith("GT-P51")) || (str1.startsWith("SCH-i705")));
tids2k said:
Code:
Samsung Galaxy S3 .. Secret Codes found by tids2k
Thanks to E:V:A for his information and knowledge
HOW TO RUN THESE COMMANDS :
Connect your phone into debug mode .. Settings -> USB Debugging [] Enable it.
Then in MS-DOS C:\ type
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://****
where **** is the secret code :-) So let us begin
Secret Codes **** Function
2684 or 197328640 DEBUG MENU
0000 CSC SPECIFIC
827828868378 CSC SPECIFIC
2684 SERVICE MODE ( WATCHDOG/DUMPS/LOGS OPTIONS)
0011 CONNECTION STATUS
123456 CONNECTION STATUS
22558463 RESETS TOTAL TALK TIME
32489 CIPHERING INFO
2580 NON-SUPPORT
232337 BLUETOOTH ADAPTER ADDRESS
232331 BLUETOOTH RF TEST
232332 ??
9090 DIAG CONFIG (MODEM)
73876766 SELLOUT SMS ENABBLE
738767633 SELLOUT SMS DISABLE
7387678378 SELLOUT SELF SET TEST MODE
7387677763 SELLOUT SMS SET PRODUCT MODE
4238378 GCF SETTINGS
4387264636 SELLOUT SMS MAIN
1575 GPS SETTINGS
6984125 ????
2886 ??
2767*2878 ??
745 RIL COMMANDS ( NICE ONE )
746 ANOTHER DUMP TOOL ( NICE ONE )
9900 or 0514 SYSDUMP
1111 FTA SW VERSION
2222 or 8888 FTA HW VERSION
301279 or 279301 RRC ( HSPA ) CONTROL
2263 BAND SELECTION
5337632 SOME KIND OF SOUND
0228 BATTERY STATUS
03 NAND FLASH UNIQUE NO.
3214789 GCF MODE ENABLE/DISABLE
6335623 WIFI HIDDEN MENU
NOW FACTORY SETTINGS
06 IMEI
0589 LIGHT SENSOR TEST
80 TOUCH NOISE TEST
251 WAKELOCK ON
250 WAKELOCK OFF
350 REBOOT
5238973 LCD TYPE
4327 HDCP INFO
22235 ACCELEROMETER SENSOR INFO
0782 RCT CLOCK
86824 TOUCH KEY SENSTIVITY
0842 VIBRATION TEST
0673 SPEAKER/HEADPHONE/HEADSET TEST
0289 MELODY TEST
2663 TOUCH FIRMWARE UPDATE
2664 POINTER LOCATION
0588 PROXIMITY TEST
3264 RAM CHECK
7780 MASTER RESET
7769 PROXIMITY SENSOR TEST
87976633 FACTORY RESET
9999*3288 QWERTY COUNTER
767*2878 QWERTY COUNTER RESET
0283 LOOPBACK TEST
7328735824 LOT ID
Click to expand...
Click to collapse
Untested, here; nevertheless - thanks for this info guys!!
Sent from my GT-I9300 using xda premium
This should all work. Didnt had much time to look for other commands, will do in a day or so.
Sent from my GT-I9300 using XDA Premium HD app
Odia said:
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Click to expand...
Click to collapse
Thanks! Probably very useful, but
1) Is that temporary? (How to get back original after having use this code?)
2) Where is it located? (What App + class files?)
Odia said:
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Click to expand...
Click to collapse
doesnt work on sgs III
Hi all,
a couple of month ago I build an app with shortcuts for the "secret" dialer codes within the galaxy S2, because I could not remember them all ...This app is special tailored for the galaxy S2, but should work on all SAMSUNG devices with TOUCHWIZ ... Not all codes will work on all devices, but a lot these codes work on other samsung touchwiz devices.
I tested the App with my GS3 and a lot of these codes still working ....
You could also add your own codes and ussd codes to an app internal database ... and some users even uses this database as hidden phone book
Check it out: https://play.google.com/store/apps/details?id=com.widgapp.HiddenFeaturesFREE
(Important: These codes will NOT work on most custom roms, Nexus S, Galaxy Nexus, HTC, Sony, Motorolla etc. ...I´m a little bit annoyed by comments like: Not working on my HTC, Sony, Nexus S, Samsung XYZ with custom rom zyx .... ...without Touchwiz, there is no possibility to use touchwiz firmware functions!)
SAMSUNG GALAXY S3 CODES SECRETS
*#06# Show IMEI number
*#0*# LCD Test Menu
*#*#4636#*#* user statistics and Phone Info
*#0011# Displays status information for the GSM
*#1234# View SW Version PDA, CSC, MODEM
*#12580*369# SW & HW Info
*#197328640# Service Mode
*#0228# ADC Reading
*#32489# (Ciphering Info)
*#232337# Bluetooth Address
*#232331# Bluetooth Test Mode
*#232338# WLAN MAC Address
*#232339# WLAN Test Mode
*#0842# Vibra Motor Test Mode
*#0782# Real Time Clock Test
*#0673# Audio Test Mode
*#0*# General Test Mode
*#2263# RF Band Selection
*#9090# Diagnostic ConfiguratioN
*#7284# USB I2C Mode Control
*#872564# USB Logging Control
*#4238378# GCF Configuration
*#0283# Audio Loopback Control
*#1575# GPS Control Menu
*#3214789650# LBS Test Mode
*#745# RIL Dump Menu
*#746# Debug Dump Menu
*#9900# System Dump Mode
*#44336# Sofware Version Info
*#7780# Factory Reset
*2767*3855# Full Factory Reset
*#0289# Melody Test Mode
*#2663# TSP / TSK firmware update
*#03# NAND Flash S/N
*#0589# Light Sensor Test Mode
*#0588# Proximity Sensor Test Mode
*#273283*255*3282*# Data Create Menu
*#273283*255*663282*# Data Create SD Card
*#3282*727336*# Data Usage Status
*#7594# Remap Shutdown to End Call TSK
*#34971539# Camera Firmware Update
*#526# WLAN Engineering Mode
*#528# WLAN Engineering Mode
*#7412365# Camera Firmware Menu
*#07# Test History
*#3214789# GCF Mode Status
*#272886# Auto Answer Selection
*#8736364# OTA Update Menu
*#301279# HSDPA/HSUPA Control Menu
*#7353# Quick Test Menu
*2767*4387264636# Sellout SMS / PCODE view
*#7465625# View Phone Lock Status
*7465625*638*# Configure Network Lock MCC/MNC
#7465625*638*# Insert Network Lock Keycode
*7465625*782*# Configure Network Lock NSP
#7465625*782*# Insert Partitial Network Lock Keycode
*7465625*77*# Insert Network Lock Keycode SP
#7465625*77*# Insert Operator Lock Keycode
*7465625*27*# Insert Network Lock Keycode NSP/CP
#7465625*27*# Insert Content Provider Keycode
*#272*IMEI# then we will get buyer code (For samsung galaxy sIII csc code)
*#*#7780#*#* Factory data reset - Clears Google-account data, system and program settings and installed programs. system will not be deleted, and OEM programs, as well as My Documents (pictures, music, videos)
ascsa said:
I tested the App with my GS3 and a lot of these codes still working ....
Click to expand...
Click to collapse
Hi! Thanks for your effort, but your post risk confusing people and corrupting this thread, because the red application functions (as shown in your table) only show that your app is not able to use those codes, and not that they do not work with SGS3.
TO ALL:
DO not post new codes here, unless you have either:
a) personally tested the codes on a GT-I9300
b) found and documented references in the source code, that can be independently verified.
Thanks!
Hi, after some time searching for tools and info i have gathered a few working tools and service manuals for our belloved G3.
Here is the Service Manual Link
Here is the Smart Boot Diagnostic Tool Link
Here is the QDLoader HS-USB driver for 64bit windows pc Link
Here is the QDLoader HS-USB driver for 32bit windows pc Link
Here is the AP-CHIP dll and ATT achive for Flash Tool for use without LG B2B connection Link
Here is the LG FlashTool 1.5.10.1120 Link
Here is the Megalock .dll file to overwrite in flash tool folder for B2B nologin Link
Here is the How To Calibrate document Link
Here is a document that shows how to Flash a "dead boot" LG phone Link
Hope this will help someone or teaching others. Excuse my english and if i posted in a wrong section. Thanks !
scamex said:
Hi, after some time searching for tools and info i have gathered a few working tools and service manuals for our belloved G3.
Here is the Service Manual Link
Here is the Smart Boot Diagnostic Tool Link
Here is the QDLoader HS-USB driver for 64bit windows pc Link
Here is the QDLoader HS-USB driver for 32bit windows pc Link
Here is the AP-CHIP dll and ATT achive for Flash Tool for use without LG B2B connection Link
Here is the LG FlashTool 1.5.10.1120 Link
Here is the Megalock .dll file to overwrite in flash tool folder for B2B nologin Link
Here is the How To Calibrate document Link
Here is a document that shows how to Flash a "dead boot" LG phone Link
Hope this will help someone or teaching others. Excuse my english and if i posted in a wrong section. Thanks !
Click to expand...
Click to collapse
Thank you for posting these links, it's sometime impossible to figure out "what to google" if you know what I mean.
Was wondering if you had found any MTP drivers that work, as the ones LG provides does not work for windows 8 64bit.
tidaboy9 said:
Thank you for posting these links, it's sometime impossible to figure out "what to google" if you know what I mean.
Was wondering if you had found any MTP drivers that work, as the ones LG provides does not work for windows 8 64bit.
Click to expand...
Click to collapse
Just install Media Sync Manager i belive from microsoft and you`ll be fine.
problem with my lg g3 help!!
i have a problem with my lg g3 d855, not write in emmc
elite124 said:
i have a problem with my lg g3 d855, not write in emmc
Click to expand...
Click to collapse
Once it happened me too. I just factory resetted the device and after that flashing was ok.
scamex said:
Once it happened me too. I just factory resetted the device and after that flashing was ok.
Click to expand...
Click to collapse
and I do, so now I'm losing esperansas that attempt everything and get errors
elite124 said:
and I do, so now I'm losing esperansas that attempt everything and get errors
Click to expand...
Click to collapse
Please use google translate.
How fixed
elite124 said:
and I do, so now I'm losing esperansas that attempt everything and get errors
Click to expand...
Click to collapse
Dis you fix this issue????? i have the same error
same error
error flashing or erasing
if you solve this problem, please email me [email protected]
where to place AP-CHIP dll and ATT archive to choose in smart boot diagnostic tool ?
nickamania said:
where to place AP-CHIP dll and ATT archive to choose in smart boot diagnostic tool ?
Click to expand...
Click to collapse
I want to know too.
--------------------------------------------------------
I take this opportunity to present my case, I have the green screen (Appz Whatchdog bark) screen when I try to enter download mode with the usual method (Volume Up and push USB cable) tries to enter but ends up turning off the display and is recognized immediately in admisnistrador device as "Qualcomm HS-USB QDLoader 9008" all with the battery connected. My question now is this, do I still should remove the battery and make the bridge between the 2nd. and ground contact on the motherboard of the device? And thenceforth to follow the repair with SmartBootDiag v1.3.1
Lg g3 d 850 att smart boot bin missing in recovery folder .if any one have plz upload
hello, i have bought g4 with same problem, i have lg flash tool and qualcomm drivers but i dont have required files for it, its h818n dual sim, any idea ?
thanks
At & t lg g3 d850
cdmababa said:
Lg g3 d 850 att smart boot bin missing in recovery folder .if any one have plz upload
Click to expand...
Click to collapse
Please send mesage from me [email protected]. Using LG smart boot Diag Tool to unbrick LG G3 models that stuck in qualcomm 9008 mode.I got the link:good:
ertas71 said:
Please send mesage from me [email protected]. Using LG smart boot Diag Tool to unbrick LG G3 models that stuck in qualcomm 9008 mode.I got the link:good:
Click to expand...
Click to collapse
Plz explain ,
Sent from my HTC_One_max using Tapatalk
G3
Hi.D850 D851 Ap_chip https://mega.nz/#!h0JExLwb!rDBMrSbj5nuUhyVN5EzoeHO6d3apl1EPjU4ugLcgYFI
http://www.gsmkolik.com/lg-g3/21619-lg-smart-boot-diag-tool-unbrick-lg-g3.html
Ap-Chip for D850,D851,All EU Global,LGLS990_ASPR_Sprint,LGVS985_AVRZ_VRZ
LG G3 D858HK hard Bricked Need Help
After Boot diagnostic still my phone is on same bricked state only qualcomm 9008 no emmc detected the log file of boot diagnostic is as
>> ---------------------------- Start Logging ----------------------------
>> USB Status : Qualcomm HS-USB QDLoader 9008 (COM41)
>> Ready to access the target board...
>> BootLoader File : LGD858HK_AHKG_HKG.mbn
>> 1. Model : LGD858HK , 2. Suffix : AHKG , 3. Operator : HKG
>> Bootloader : LGD858HK_AHKG_HKG.mbn
>> AP Chip : MSM8974_G3 , BootLoader : LGD858HK_AHKG_HKG.mbn
>> Trying Connection To Device with sahara protocol for AP Chip.
>> Successfully Connection To Device with sahara protocol for AP Chip.
>> connected with Sahara Protocol successfully.
>> Loading flash to SYS_IMEM.
>> Loading 0 Kbytes to SYS_IMEM.
>> Loading 4 Kbytes to SYS_IMEM.
>> Loading 8 Kbytes to SYS_IMEM.
>> Loading 12 Kbytes to SYS_IMEM.
>> Loading 16 Kbytes to SYS_IMEM.
>> Loading 20 Kbytes to SYS_IMEM.
>> Loading 24 Kbytes to SYS_IMEM.
>> Loading 28 Kbytes to SYS_IMEM.
>> Loading 32 Kbytes to SYS_IMEM.
>> Loading 36 Kbytes to SYS_IMEM.
>> Loading 40 Kbytes to SYS_IMEM.
>> Loading 44 Kbytes to SYS_IMEM.
>> Loading 45 Kbytes to SYS_IMEM.
>> Successfully Loaded to SYS_IMEM.(Total 45 Kbytes)
>> Flash Image was normally loaded to SYS_IMEM.
>> Checking for device status.
>> [Verifying Hello Protocol]
>> Sending Hello request 0 time(s).
>> SendSync EHOST_HELLO_RSP OK.
>> Hello Response OK.
>> Got Hello response for Hello request.
>> [Verifying Security Protocol]
>> Security Response OK.
>> Connected to flash bootloader.
1> ----------------------------------------------------------------------
>> PBL SOFTWARE HISTORY
1> ----------------------------------------------------------------------
>> 1.Smart Boot Diagnosis Tool v1.3.1 <analysis tool="" for="" booting="" failure="">
>> 2.PBL_VERSION_NUMBER [fc021834] = 1c6c6162
1> ----------------------------------------------------------------------
1> ----------------------------------------------------------------------
>> SECURE_BOOT_INFORMATION
1> ----------------------------------------------------------------------
>> [QFPROM - AP Anti-rollback Region of OEM Region ]
>> QFPROM_AP_ANTIROLLBACK_1 [0xFC4B80B8] = 0x00000000
>> QFPROM_AP_ANTIROLLBACK_2 [0xFC4B80BC] = 0x00000000
>> QFPROM_AP_ANTIROLLBACK_3 [0xFC4B80C0] = 0x00000000
>> QFPROM_AP_ANTIROLLBACK_4 [0xFC4B80C4] = 0x00000000
1> ----------------------------------------------------------------------
>> QFPROM_DEVICE_SN_1 [0xFC4B81F0] = 0x1256AFAE
>> QFPROM_DEVICE_SN_2 [0xFC4B81F4] = 0x8800000B
1> ----------------------------------------------------------------------
>> QFPROM_MSA_ANTIROLLBACK_1 [0xFC4B80C8] = 0x00000000
>> QFPROM_MSA_ANTIROLLBACK_2 [0xFC4B80CC] = 0x00000000
1> ----------------------------------------------------------------------
>> [QFPROM QFuse INFO]
>> QFPROM_OEM_ID_LSB [0xFC4B80F0] = 0x00310000
>> QFPROM_OEM_ID_MSB [0xFC4B80F4] = 0x00000000
>> QFPROM_SECURE_BOOT_ENABLE_LSB [0xFC4B83F8] = 0x00202020
>> QFPROM_SECURE_BOOT_ENABLE_MSB [0xFC4B83FC] = 0x00000000
>> QFPROM_JTAG_DISABLE_LSB [0xFC4B80E8] = 0x3FC000C0
>> QFPROM_JTAG_DISABLE_MSB [0xFC4B80EC] = 0x040001FE
1> ----------------------------------------------------------------------
>> JTAG_ID [0xFC4BE0E0] = 0x107B40E1
>> OEM_ID [0xFC4BE0E4] = 0x00310000
>> SERIAL_NUM_MSB [0xFC4B81F4] = 0x8800000B
>> SERIAL_NUM_LSB [0xFC4B81F0] = 0x1256AFAE
>> [SECURITY INFO]
>> OEM_CONFIG_ROW0_LSB_ADDR [0xFC4B80E8] = 0x3FC000C0
>> OEM_CONFIG_ROW0_MSB_ADDR [0xFC4B80EC] = 0x040001FE
>> OEM_CONFIG_ROW1_LSB_ADDR [0xFC4B80F0] = 0x00310000
>> OEM_CONFIG_ROW1_MSB_ADDR [0xFC4B80F4] = 0x00000000
>> FEAT_CONFIG_ROW0_LSB_ADDR [0xFC4B80F8] = 0x00B08010
>> FEAT_CONFIG_ROW0_MSB_ADDR [0xFC4B80FC] = 0x00000000
>> FEAT_CONFIG_ROW1_LSB_ADDR [0xFC4B8100] = 0x00000001
>> FEAT_CONFIG_ROW1_MSB_ADDR [0xFC4B8104] = 0x0004785F
1> ----------------------------------------------------------------------
>> Start Address : 0xfc102140
>> End Address : 0xfc102c80
1> ----------------------------------------------------------------------
>> PBL_APPS LOG
1> ----------------------------------------------------------------------
>> PBL_LOG_COUNT=15
>> LOG_CODE :: 0xef010800 [ DECODED : 0x00010800 ]
>> TIMESTAMP :: 0x0002f50c
>> LOG_CODE :: 0xef0f0203 [ DECODED : 0x000f0203 ]
>> TIMESTAMP :: 0x0002fb8e
>> LOG_CODE :: 0xef010802 [ DECODED : 0x00010802 ]
>> TIMESTAMP :: 0x000330c9
>> LOG_CODE :: 0xef010804 [ DECODED : 0x00010804 ]
>> TIMESTAMP :: 0x0003471e
>> LOG_CODE :: 0xef010806 [ DECODED : 0x00010806 ]
>> TIMESTAMP :: 0x00034a84
>> LOG_CODE :: 0xef010808 [ DECODED : 0x00010808 ]
>> TIMESTAMP :: 0x00034b25
>> LOG_CODE :: 0xef01080a [ DECODED : 0x0001080a ]
>> TIMESTAMP :: 0x00034bae
>> LOG_CODE :: 0xef0f0300 [ DECODED : 0x000f0300 ]
>> TIMESTAMP :: 0x00034c11
>> LOG_CODE :: 0xef01080c [ DECODED : 0x0001080c ]
>> TIMESTAMP :: 0x00034c48
>> LOG_CODE :: 0xef5d0200 [ DECODED : 0x005d0200 ]
>> TIMESTAMP :: 0x00034d17
>> LOG_CODE :: 0xef5d0400 [ DECODED : 0x005d0400 ]
>> TIMESTAMP :: 0x0006f367
>> LOG_CODE :: 0xef5d0201 [ DECODED : 0x005d0201 ]
>> TIMESTAMP :: 0x0006f3bc
>> LOG_CODE :: 0xef0f0600 [ DECODED : 0x000f0600 ]
>> TIMESTAMP :: 0x0009bad1
>> LOG_CODE :: 0xef0f0500 [ DECODED : 0x000f0500 ]
>> TIMESTAMP :: 0x0714aad1
>> LOG_CODE :: 0xefa00502 [ DECODED : 0x00a00502 ]
>> TIMESTAMP :: 0x071766a9
1> ----------------------------------------------------------------------
>> < PBL DUMP LOG >
1> ----------------------------------------------------------------------
>> 1> PBL_GENERAL_LOG_FUNC_EXEC
1> PBL_FUSE_LOG_DEFAULT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_FUSE_FAST_BOOT
1> PBL_GENERAL_LOG_DEFAULT
1> PBL_SDCC_LOG_DETECT_PORT_ACCESS_ERR
1> PBL_SDCC_LOG_CARD_TYPE_ERR
1> PBL_SDC_LOG_DEFAULT
1> PBL_FUSE_USB_ENUM_TIMEOUT
1> PBL_FUSE_AP_SW_REV
1> PBL_AUTHENTICATION_LOG_DEFAULT
>> Logged Time : 2016-09-02 15:47:33...successfully Completed.
>> Saved Log File(LOG_LGD858HK_AHKG_HKG_20160902_154733.txt) successfully.
scamex said:
Hi, after some time searching for tools and info i have gathered a few working tools and service manuals for our belloved G3.
Here is the Service Manual Link
Here is the Smart Boot Diagnostic Tool Link
Here is the QDLoader HS-USB driver for 64bit windows pc Link
Here is the QDLoader HS-USB driver for 32bit windows pc Link
Here is the AP-CHIP dll and ATT achive for Flash Tool for use without LG B2B connection Link
Here is the LG FlashTool 1.5.10.1120 Link
Here is the Megalock .dll file to overwrite in flash tool folder for B2B nologin Link
Here is the How To Calibrate document Link
Here is a document that shows how to Flash a "dead boot" LG phone Link
Hope this will help someone or teaching others. Excuse my english and if i posted in a wrong section. Thanks !
Click to expand...
Click to collapse
Thanks. Was very usefull
this post save me multiple times;
everityme i use autoreck on a stock LG i got bulk error ecc and smartboot is the only tool that instantaneously unbrick the phone
:good: