Hello,
I have modem HG532e and i want to access to the underlying linux system using telnet and my user and password that i already have, but when i am in the ATP> prompt and type sh or shell it gives me "Command failed"
I already tried to decompile de cli MIPS program from my modem but i don't understand well how does it validate the password or commands.
I hope you can give a clue about how can i access the modem using telnet.
P.D I exploited a directory transversal vulnerability on the modem using a python script to get the curcfg.xml file that holds the WPA and WEB Admin password, i successfully entered via telnet but i can't access to the shell typing the sh or shell commands,
Thanks
Try to read the disassembled MIPS code near the exit commands verification, i had that modem and i discovered that you have to write "welcometoshell" but that may be different because of customized firmware. By the way, im interested in that directory traversal vulnerability if you want to share more details
Thanks but it still doesnt work
adiazes said:
Try to read the disassembled MIPS code near the exit commands verification, i had that modem and i discovered that you have to write "welcometoshell" but that may be different because of customized firmware. By the way, im interested in that directory traversal vulnerability if you want to share more details
Click to expand...
Click to collapse
Hi, i tried what you told me "welcometoshell" but it did not work, i don't know why, i saw the string in the assembly code but it is like a string that is pushed to stack to be used for a function to show a message to the telnet user.
I reviewed the routines and i found that there is a comparision that decides weather to open the shell or not but i can't find how to crack it mostly due to the fact that i can't change that value in memory, and i get an error while try to execute that binary using qemu, i also tried to find something in the open source code provided by Huawei but i had no success.
The python script is this
github . com/ud2/advisories/blob/master/embedded/huawei/cve-2015-7254/exploit.py
You can use it this way: python exploit.py 192.168.1.254 /var/curcfg.xml
The script use is plenty straightforward, the command above gives you the xml file containing the current WPA password and admin password.
I used that command to get access to files of the web site and the CGI server, i also get the ATP MIPS program that holds the but i cannot find it
i leave you a link to the modem's filesystem, i use IDA, maybe we can find the phrase or word that is used to get access to the shell. The programs are obviously in the "bin" directory and i think that the key is in the lib directory, most exactly in the libatputil.so file.
app . box . com / s / ndy0m21bijixp0hac7ravm5ji4quuyct
Sorry for the english, i speak spanish.
Best regards,
I speak Spanish too, im from Mexico, new in this forum. I was not aware of that recent vulnerability, I sold my modem 2 years ago so I cant play with it but i will take a look at the bin file.
And sorry, the correct string should be "welcome to shell" with spaces, this is an image capture
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If its not, then i will help you find the correct one, as you know, it could take some time.
Si quieres nos comunicamos en español.
Me quede con la cosquillita :v
adiazes said:
I speak Spanish too, im from Mexico, new in this forum. I was not aware of that recent vulnerability, I sold my modem 2 years ago so I cant play with it but i will take a look at the bin file.
And sorry, the correct string should be "welcome to shell" with spaces, this is an image capture If its not, then i will help you find the correct one, as you know, it could take some time.
Si quieres nos comunicamos en español.
Click to expand...
Click to collapse
Mejor le sigo poniendo en ingles pa' que otros usen este recurso cuando se les ofrezca, aunque es genial saber... sabia que hay muchisimo talento aqui en el pais.
Well, i reviewed the code again and i found that that string is amoung other code that calls strcmp c function, so the string is "welcome to shell" and after that i think it compares the result, damm i should learn mips code too
here it is an image with the routine that checks the key word
postimg . org/image/6judvoua3/
the code is here, it seems like xda developers doesnt let me to put urls yet :c
la $t9, strcmp
move $a0, $s0
jalr $t9 ; strcmp
la $a1, aWelcomeToShell # "welcome to shell"<---- tristes monos
lw $gp, 0x518+var_500($sp)
bnez $v0, loc_401E50
nop
i tried that string and it worked.. thank you! at the end returned to the forum and i found that it should be with spaces, it is rare, because the commmand doesnt make sense in a atp cli, but whatever, huawei y sus claves secretas chafas..
now what i need is to find a way to increase the download speed that is currently in 700KB, but i dont have any clue about that, i am going to experiment with the CWMP credentials to see what my ISP see when it connects to my modem, if you have any information about that, please, share it
gracias, no habria podido encontrarlo si no me lo sugieres, creo que ya era muy noche cuando intente y no tome nada de cafe
ahora esperar que me manden el nuevo modem a ver que se le puede hacer, lo que quiero tambien es aumentar mi velocidad de descarga que anda en los 700KB o 5mbps, ojala y sepas algo de eso.
Quedo pendiente si tienes dudas con el script python
mandame mailprivado para estar en contacto irq20xdfr at gmail dot com
can you upload the curcfg.xml file so I can see it ... plz
Download speed up
Has anyone been able to do this?
the only thing I can do is reboot it with the Reboot comand and thats about it, has anyone been able to improve their speed?
-soy de Mexico
Hello, i'm from Mexico too, actually you can get access to the Linux Shell by using the "welcome to the shell" string, i was able to dump the operative system from the modem but i didn't review anything about the speed, that is something that TELMEX must set on its side. Now a i'm getting access to a serial console port in a HG658d Modem which is the new modem that is being distributed by TELMEX, i want to access a shell using the UART, i am using a TTL to USB cable, i'll probably post the results.
Regards,
can you tell me how to extract the firmwar from huawei hg532e router ?
Hey,
I have hg532e and also trying to connect via UART. Are you able to do that?
If so what are pin configs(rx,tx,gnd...) and serial comm configs(baud rate...)?
adiazes said:
I speak Spanish too, im from Mexico, new in this forum. I was not aware of that recent vulnerability, I sold my modem 2 years ago so I cant play with it but i will take a look at the bin file.
And sorry, the correct string should be "welcome to shell" with spaces, this is an image capture
If its not, then i will help you find the correct one, as you know, it could take some time.
Si quieres nos comunicamos en español.
Click to expand...
Click to collapse
hi i need to do as u but my hg532e has a newer frimware and there is no curcfg file in its live var
so can you please sent me the frimware file thats on your router b015a
thanks
I am interested in this.
I would love if you point me in the right direction of how to gaining access to the 658d's shell.
I'm going to tinker around with the said python script just to see where it goes.
can someone give me a tool to modify encrypted config file of hg532e or just send me a config file with telnet activated please i need it
firstusername said:
can someone give me a tool to modify encrypted config file of hg532e or just send me a config file with telnet activated please i need it
Click to expand...
Click to collapse
Did you ever manage to get this?
irq20xdfr said:
The python script is this
github . com/ud2/advisories/blob/master/embedded/huawei/cve-2015-7254/exploit.py
You can use it this way: python exploit.py 192.168.1.254 /var/curcfg.xml
The script use is plenty straightforward, the command above gives you the xml file containing the current WPA password and admin password.
Click to expand...
Click to collapse
Hello, do you know if this vulnerability still works or was patched? I am trying to get the WPA on a hg532d and when I run your script, I get the following error message;
ERROR:root:Exception: HTTP Error 404:
ERROR:root:Exploit failed
Any ideas why? Any help would be appreciated, thanks.
Related
because lost two files.unzip and put them in /system/bin,by RE after root.
Thank you, it is working now.
thank god. Let's try it out.
Great work, It works and has nice stereo sound!
Great Job!
Thanks
Didnt work
I put two files in /system/bin reboot fixi permissions and didnt work
FabioAreia said:
Didnt work
I put two files in /system/bin reboot fixi permissions and didnt work
Click to expand...
Click to collapse
try to put "fm_qsoc_patches" only.do you reboot?
It is working here!
FabioAreia said:
Didnt work
I put two files in /system/bin reboot fixi permissions and didnt work
Click to expand...
Click to collapse
(Faz assim mete só ficheiro fm e depois vais a lista a de aplicações limpas dados e forças fecho depois volta a abrir a apk de radio fm)
Yes its work thanks
FabioAreia said:
Didnt work
I put two files in /system/bin reboot fixi permissions and didnt work
Click to expand...
Click to collapse
To work with me I add to change both files permission to:
rwx r-x r-x
For me it worked only with Root Explorer and not with Remount + ES.
And a few reboots...
works for sure
just be sure that u set permissions right and reboot
I'm not responsible of
bootloops
dead sdcard
overheating
success
device suicide
anything else
Click to expand...
Click to collapse
everything in here became obsolete, you still can use but now there's an better way to do it
here's the link for flashfire thanks to @Chainfire
here's the link for xposed for lollipop thanks to @rovo89
download the sdk 21 arm version
just download the xposed zip and the flashfire
and use flashfire to flash the zip
it takes around 8 minutes to flash on our device but works
the old way to do it is here:
I found some files on google from a guy called "Nodis" that promised to install xposed on lollipop
yay
they worked?
No.
:crying:
but I followed the script manually and then...
yes xposed on lollipop working
Let's start
You'll need:
Code:
d690n (but mine is using d693n rom)
Root
busybox
Some app to unninstall system apps
Working adb
SeLinuxModeChanger
usb debugging enabled
the files from here
Luck
Let's begin
uninstall lg quick view app (it'll be force closing continuously)
download the CantRecoverv4 file attached in here
extract to desktop or the place you want
open cmd (or bash for linux) in the xposed folder that you extracted
a good way for do this is open the folder, hold shift, right mouse click and click open command window here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
type the following commands and then press enter to execute
Code:
adb push system /data/local/tmp/system
Code:
adb push installer /data/local/tmp
Code:
adb shell
in the adb shell type
Code:
su
in the su shell
Code:
chmod 755 /data/local/tmp/installer
and
Code:
/data/local/tmp/installer
it's really important to follow the order.
then install XposedInstaller_3.0-alpha4.apk
just open the xposedapp.bat and it will (should) install xposed app.
I've noticed that if you install SeLinuxModeChanger from @MrBIMC some blocked mods start working
So download the app here, install and set it to permissive.
reboot your device.
now xposed is probably working (worked for me)
MAYBE it'll work for other lollipop device without recovery
thanks if i helped.
If you have any questions ask in here and if I can help I'll do.
if the real author of this isn't the guy Mentioned contact me and I'll add your credits
thanks to @MrBIMC for SeLinuxModeChanger
Screenshots:
Reported working list:
D690
D693n
Xperia ZR
Can you Help me ?
gkillershots said:
Let's begin
uninstall lg quick view app (it'll be force closing continuously)
download the files attached in here
extract to desktop or the place you want
open cmd (or bash for linux) in the xposed folder that you extracted
type the following commands and then press enter to execute
Code:
push system /data/local/tmp/system
Code:
push installer /data/local/tmp
Code:
adb shell
in the adb shell type
Code:
su
in the su shell
Code:
chmod 755 /data/local/tmp/installer
and
Code:
/data/local/tmp/installer
it's really important to follow the order.
then install XposedInstaller_3.0-alpha2.apk
reboot your device.
now xposed is probably working (worked for me)
MAYBE it'll work for other lollipop device without recovery
thanks if i helped.
If you have any questions ask in here and if I can help I'll do.
if the real author of this isn't the guy Mentioned contact me and I'll add your credits
Click to expand...
Click to collapse
where I have to put the files ? here it seems "not found" im using "terminal emulator for android" and my g3 stylus is d690n with lollipop 5.0.2
V2power said:
where I have to put the files ? here it seems "not found" im using "terminal emulator for android" and my g3 stylus is d690n with lollipop 5.0.2
Click to expand...
Click to collapse
don't use terminal emulator, use adb. do you want me the tuto to setup adb?
gkillershots said:
don't use terminal emulator, use adb. do you want me the tuto to setup adb?
Click to expand...
Click to collapse
ohh thanks bro, i never used adb, but now i know how to use and i never heard of it i go try.
OW NICE !! Thanks man i finally got i,now i have xposed,thx
Sorry for my bad english
V2power said:
OW NICE !! Thanks man i finally got i,now i have xposed,thx
Sorry for my bad english
Click to expand...
Click to collapse
no problem, I'm brazilian too and please hit thanks if I helped
Hi OP,
I followed all you instructions and at the end my Xposed Installer shows.....
"Installation is only possible manually via recovery for now"
Please help.
Sunil Jagtap said:
Hi OP,
I followed all you instructions and at the end my Xposed Installer shows.....
"Installation is only possible manually via recovery for now"
Please help.
Click to expand...
Click to collapse
even if xposed is working he shows this message, just look if there are green numbers under active.
if it has, try some module because it may be working
in one of my screenshots you can see what i'm saying.
gkillershots said:
even if xposed is working he shows this message, just look if there are green numbers under active.
if it has, try some module because it may be working
in one of my screenshots you can see what i'm saying.
Click to expand...
Click to collapse
Thanks Gkillershots,
The xposed is now active, but it dont looks like other mobile. sorry OP, i dont know first.
I check modules G3 tweak but its not fully supportive do you know any modules like X Blast or Wannam for Our D690 only rooted.
Thanks in advance.
Sunil Jagtap said:
Thanks Gkillershots,
The xposed is now active, but it dont looks like other mobile. sorry OP, i dont know first.
I check modules G3 tweak but its not fully supportive do you know any modules like X Blast or Wannam for Our D690 only rooted.
Thanks in advance.
Click to expand...
Click to collapse
many modules aren't working, check if you are using the new g3 tweaksbox and use the new gravitybox lp too, because they complements each other.
and the selinux mode changer can make some things work too.
gkillershots said:
many modules aren't working, check if you are using the new g3 tweaksbox and use the new gravitybox lp too, because they complements each other.
and the selinux mode changer can make some things work too.
Click to expand...
Click to collapse
Thanks for your reply,
I have tried all kind of modules but non of theme support fully,
g3 tweaksbox only make some changes in ui but no satisfactory result
Gravitybox dont support our D690
is there any fully supportive module in your knowledge which gives me satisfactory result
Hxnter said:
Wow dude, I can't believe you made Xposed wihout recovery
I'm gonna try this out soon as I get my phone back
Click to expand...
Click to collapse
Thanks Pal!!! Work for my Xperia ZR Lollipop!!!
Sunil Jagtap said:
Thanks for your reply,
I have tried all kind of modules but non of theme support fully,
g3 tweaksbox only make some changes in ui but no satisfactory result
Gravitybox dont support our D690
is there any fully supportive module in your knowledge which gives me satisfactory result
Click to expand...
Click to collapse
i know but some tweaks works.
search for layers manager on google play store or in here. it's a new lollipop theme engine and it works on my g3
but it's not xposed
shenlong85 said:
Thanks Pal!!! Work for my Xperia ZR Lollipop!!!
Click to expand...
Click to collapse
thanks for the report
Al ejecutar el primer codigo me aparece
Error: device not found no me explico por que soy root. La depuracion usb esta activa que falla?
How do I uninstall it if I installed framework with this method?
Dereklop said:
Al ejecutar el primer codigo me aparece
Error: device not found no me explico por que soy root. La depuracion usb esta activa que falla?
Click to expand...
Click to collapse
Try Installing the drivers
irsal226dunkz said:
How do I uninstall it if I installed framework with this method?
Click to expand...
Click to collapse
I recommend you re-flashing the stock rom because it's a lot easier
Do I have to uninstall the quick view app with the new method? If so, can I install it again later? Or should I totally ignore the old method?
the-careta said:
Do I have to uninstall the quick view app with the new method? If so, can I install it again later? Or should I totally ignore the old method?
Click to expand...
Click to collapse
totally ignore the old method, just download the newest xposed zip for our phone (sdk21 armv7) then flash it via flashfire
no need to uninstall quickview
Bueno les dejo este script para facilitar la instalación del firmware.
Es muy sensillo de usar:
1- Descomprimir el los archivos de la carpeta script en la carpeta donde tengas descomprimido el firmware.
2-ejecutar flashfirmware.bar
3- seleccionar 1 y presionar enter
4- esperar y listo!!!
Well I leave this script for easy installation of firmware.
It is extremely easy to use:
1- Unzip the files in the script folder in the folder where you have unzipped the firmware.
2-run flashfirmware.bar
3- select 1 and press enter
4- waiting and ready !!!
video:
https://youtu.be/QUOAwdcPpQQ
link de descarga :
https://mega.nz/#!CF1ShSCQ
agradecer no cuesta nada !!
thank costs nothing!!
You have to be very carefull about flash with a script... if some system.img_sparsechunk.? is missed and you reboot then it could break (or brick) something ... not all flashfiles have the same number/name files or even sparsechunk quantityes. Anyway, thanks for it
It's just as easy to make a simple bat file with a text editor with the exact files you need to flash and run it from a cmd prompt. Or just copy and paste into the cmd window and hit enter.
Sent from my SM-T530NU using Tapatalk
"/dev/block/bootdevice/by-name/system" missing directory, cannot mount custom ROM!
Since i was hoping i could root and maybe install a custom ROM onto my Moto X Play, i followed all the steps correctly, and managed to get myself stuck at trying to flash a custom ROM.
Last i witnessed the device boot to the stock OS is before I flashed SuperSU onto my phone, to which it got my device stuck in a 'bootloop'. I try to flash SuperSU again to see if anything didnt follow through properly, and it fails.
I decide to get my hands on a custom ROM (CyanogenMod) and try flashing that, and it fails.
(Note: i am using TWRP recovery to do this)
I managed to find where it was going wrong in the logs, and it reads:
could not detect filesystem for /dev/block/bootdevice/by-name/system, assuming ext4
mount: failed to mount /dev/block/bootdevice/by-name/system at /system: no such file or directory
unmount of /system failed; no such volume
After looking through the file manager, I found that the directory "/dev/block/bootdevice" did not exist, and I am pretty sure that this is what is keeping my device 'half-dead'.
Is there any way to restore this and any other missing directories so I can actually flash a custom ROM?
Use adb sideload.Follow this guide
http://forum.xda-developers.com/showthread.php?t=2318497
Same error
effingbadluck said:
Use adb sideload.Follow this guide
http://forum.xda-developers.com/showthread.php?t=2318497
Click to expand...
Click to collapse
I tried the method given in the link but still showing the same error.
could not detect filesystem for /dev/block/bootdevice/by-name/system, assuming ext4
mount: failed to mount /dev/block/bootdevice/by-name/system at /system: no such file or directory
unmount of /system failed; no such volume
update your twrp recovery.
I had the same problem, no matter what ROM i used on my MotoX Pure USA, it would never boot, and got simialr error.
I fixed it my flashing a stock ROM if i find the link i will post it, it was big like over 2G, after that i was able to flash any rom and it worked.
I did see another error after flashing a bunch of different ROMs and no matter how many wipes i did in recovery phone would not flash again so restored the stock flash and flash custom over that and it is working great. I search all over the internet for help and people with similar issues but no fix, honestly i flashed the stock because i gave up, and that led me to the fix.
---------- Post added at 10:24 AM ---------- Previous post was at 10:04 AM ----------
i think i used one of these https://forum.xda-developers.com/mo...rom-stock-rooted-debloated-x1575-6-0-t3262242
how to deal with this?
can't even boot
e: failed to mount:/dev/block/bootdevice/by-name/cache ext4 (invalid argument)
can't mount /cache/ recovery/log
can't open /cache/ recovery/log
Solution failed to mount /dev/block/bootdevice/by-
Si erreur : failed to mount /dev/block/bootdevice/by-
name/system
(généralement accompagner d'une demande de mot de passe a
cause de cryptage avec TWRP)
il faut annuler car on ne peut trouver le mot de passe du cryptage (sauf si beaucoup de chance XD)
il faut installer le fichier : SR1-SuperSU-v2.79-SR1-
20161221223537.zip avec adb (si vous ne connaissez pas adb il faut regarder un tutoriel pour l'installer c'est un outil très puissant)
tutoriel sur youtube : watch?time_continue=307&v=m3E-WYwk1QM ( je ne peux pas mettre de lien )
puis reset toutes les partitions :
- data
- dalvick cache
- cache
- systeme
- internal storage
puis utiliser la fonctionnalité TWRP reparer le systeme de fichier de toutes les partitions le permettant
il faut respecter l'ordre des étapes
Step 1 - Download all Files From This Link And Install It.
drive.google.com/open?id=1byS_zHoGMDKC_yuiTCDff3JmlfkWfujJ(use https )
Step 2- Convert imei no using imei converter (Imei no will be on your box) and note down somewhere
step 3-now open zuk z2 plus.qcn from hxd.
step 4- now Copy the 1st 4 digits of your Converted IMEI And Search in HxD (search in Hex not in string )and replace with your Converted IMEI and do same for 2nd IMEI and for MEID (MEID is same like 1st imei without last digit.just search you will get all values by searching)
step 5-now connect phone to pc (Rooted ) and use this commands through CMD.
( apply commands from adb fasboot tool 2016 folder )
commands are - 1.adb shell
2.su
3.setprop sys.usb.config diag
step 5-it will dignostic port confirm port no. from device manager and than
open QFIL and select your diag port and goto Tools select qcn backup and restore and than browse and select your saved qcn file and restore.
step 6- than open write dual imei and put non-converted imei and write you will see pass.
step 7- open meid msn tool than select meid and put your sim one imei and do write you should see pass.
step 8- restart your phone now you will have both sim working with 3g/4g/volte .
SOON i WILL UPLODE WITH PHOTOES GUIDE IF YOU THINK ITS CONFUSING
Zeta_Byte said:
Step 1 - Download all Files From This Link And Install It.
drive.google.com/open?id=1byS_zHoGMDKC_yuiTCDff3JmlfkWfujJ(use https )
Step 2- Convert imei no using imei converter (Imei no will be on your box) and note down somewhere
step 3-now open zuk z2 plus.qcn from hxd.
step 4- now Copy the 1st 4 digits of your Converted IMEI And Search in HxD (search in Hex not in string )and replace with your Converted IMEI and do same for 2nd IMEI and for MEID (MEID is same like 1st imei without last digit.just search you will get all values by searching)
step 5-now connect phone to pc (Rooted ) and use this commands through CMD.
( apply commands from adb fasboot tool 2016 folder )
commands are - 1.adb shell
2.su
3.setprop sys.usb.config diag
step 5-it will dignostic port confirm port no. from device manager and than
open QFIL and select your diag port and goto Tools select qcn backup and restore and than browse and select your saved qcn file and restore.
step 6- than open write dual imei and put non-converted imei and write you will see pass.
step 7- open meid msn tool than select meid and put your sim one imei and do write you should see pass.
step 8- restart your phone now you will have both sim working with 3g/4g/volte .
SOON i WILL UPLODE WITH PHOTOES GUIDE IF YOU THINK ITS CONFUSING
Click to expand...
Click to collapse
This is very long and difficult method....
This is actually very easy method but if your doing it for 1st time than its complicated. ( 1st time it took around 3 days to understand this all BUT NOW I CAN RESTORE IMEI USING THIS METHODE IN 15 MINUTES)
Zeta_Byte said:
This is actually very easy method but if your doing it for 1st time than its complicated. ( 1st time it took around 3 days to understand this all BUT NOW I CAN RESTORE IMEI USING THIS METHODE IN 15 MINUTES)
Click to expand...
Click to collapse
1 Go to diagnostics mode
2. Open Qfil and restore qcn file
---------- Post added at 11:34 AM ---------- Previous post was at 11:30 AM ----------
Sunny_sharma9 said:
1 Go to diagnostics mode
2. Open Qfil and restore qcn file
Click to expand...
Click to collapse
3. Stay in dignostics mode and open any imei writer
4. Write imei no in the tool and place enter
5.Rrstart the phone its done...
imei related issue
Zeta_Byte said:
This is actually very easy method but if your doing it for 1st time than its complicated. ( 1st time it took around 3 days to understand this all BUT NOW I CAN RESTORE IMEI USING THIS METHODE IN 15 MINUTES)
Click to expand...
Click to collapse
bro when i search in hxd imei it saying not found means search mai nhi mil raha hai plzz help bro
[QUOTE = "Zeta_Byte, postagem: 78368959, membro: 9608168"]
Etapa 1 - Baixe todos os arquivos deste link e instale-os.
drive.google.com/open?id=1byS_zHoGMDKC_yuiTCDff3JmlfkWfujJ(use https)
Passo 2 - Converta imei no usando o conversor de imei (Imei no estará na sua caixa) e anote em algum lugar
etapa 3 - agora abra zuk z2 plus.qcn de hxd.
passo 4- agora Copie os 4 primeiros dígitos de seu IMEI convertido e pesquise em HxD (pesquise em hex, não em string) e substitua por seu IMEI convertido e faça o mesmo para o segundo IMEI e para MEID (MEID é igual ao primeiro imei sem o último dígito .apenas a pesquisa, você obterá todos os valores pesquisando)
passo 5 - agora conecte o telefone ao pc (Enraizado) e use estes comandos por meio do CMD.
(aplique os comandos da pasta adb fasboot tool 2016)
os comandos são - shell 1.adb
2.su
3.setprop sys.usb.config diag
passo 5-será porta dignostic confirmar porta no. do gerenciador de dispositivos e então
abra QFIL e selecione sua porta diag e goto Tools selecione qcn backup and restore e então navegue e selecione seu arquivo qcn salvo e restaure.
passo 6 do que abrir a gravação dual imei e colocar imei não convertido e escrever você verá passar.
passo 7 - abra a ferramenta meid msn do que selecione meid e coloque seu sim um imei e escreva você deve ver passar.
passo 8 - reinicie o telefone agora, você terá os dois sim trabalhando com 3G / 4G / volte.
EM BREVE VOU UPLODIR COM O GUIA DE FOTOS SE VOCÊ ACHA QUE ESTÁ CONFUSO
[/CITAR]
I could not do this tutorial, in the part of editing the file in hexadecimal, do not find the lines. Could you help? does anyone know how to put the zuk z2 z2131 in diagnostic mode.
Zeta_Byte said:
Step 1 - Download all Files From This Link And Install It.
drive.google.com/open?id=1byS_zHoGMDKC_yuiTCDff3JmlfkWfujJ(use https )
Step 2- Convert imei no using imei converter (Imei no will be on your box) and note down somewhere
step 3-now open zuk z2 plus.qcn from hxd.
step 4- now Copy the 1st 4 digits of your Converted IMEI And Search in HxD (search in Hex not in string )and replace with your Converted IMEI and do same for 2nd IMEI and for MEID (MEID is same like 1st imei without last digit.just search you will get all values by searching)
step 5-now connect phone to pc (Rooted ) and use this commands through CMD.
( apply commands from adb fasboot tool 2016 folder )
commands are - 1.adb shell
2.su
3.setprop sys.usb.config diag
step 5-it will dignostic port confirm port no. from device manager and than
open QFIL and select your diag port and goto Tools select qcn backup and restore and than browse and select your saved qcn file and restore.
step 6- than open write dual imei and put non-converted imei and write you will see pass.
step 7- open meid msn tool than select meid and put your sim one imei and do write you should see pass.
step 8- restart your phone now you will have both sim working with 3g/4g/volte .
SOON i WILL UPLODE WITH PHOTOES GUIDE IF YOU THINK ITS CONFUSING
Click to expand...
Click to collapse
Brother, when I copy the first 4 digits of the converted IMEI, and search HxD, it says, 'can't find'.
Zeta_Byte said:
Step 1 - Download all Files From This Link And Install It.
drive.google.com/open?id=1byS_zHoGMDKC_yuiTCDff3JmlfkWfujJ(use https )
Step 2- Convert imei no using imei converter (Imei no will be on your box) and note down somewhere
step 3-now open zuk z2 plus.qcn from hxd.
step 4- now Copy the 1st 4 digits of your Converted IMEI And Search in HxD (search in Hex not in string )and replace with your Converted IMEI and do same for 2nd IMEI and for MEID (MEID is same like 1st imei without last digit.just search you will get all values by searching)
step 5-now connect phone to pc (Rooted ) and use this commands through CMD.
( apply commands from adb fasboot tool 2016 folder )
commands are - 1.adb shell
2.su
3.setprop sys.usb.config diag
step 5-it will dignostic port confirm port no. from device manager and than
open QFIL and select your diag port and goto Tools select qcn backup and restore and than browse and select your saved qcn file and restore.
step 6- than open write dual imei and put non-converted imei and write you will see pass.
step 7- open meid msn tool than select meid and put your sim one imei and do write you should see pass.
step 8- restart your phone now you will have both sim working with 3g/4g/volte .
SOON i WILL UPLODE WITH PHOTOES GUIDE IF YOU THINK ITS CONFUSING
Click to expand...
Click to collapse
It didn't work for me, first of all, I only wanted to restore the IMEI I already had before flashing via QPST, and when I searched for the converted IMEI number, it was already there, in the .qcn file obtained from my defective phone!!
edudezbr said:
I could not do this tutorial, in the part of editing the file in hexadecimal, do not find the lines. Could you help? does anyone know how to put the zuk z2 z2131 in diagnostic mode.
Click to expand...
Click to collapse
commands are - 1.adb shell
2.su 3.setprop sys.usb.config diag