Related
Hi all, i've purchased an SM-G900F but there is a problem, it has rooted.
I've noticed those :
- I can see IMEI number (if i do #*06#) but my EFS folder is empty
- When turn on WiFi , the device will reboot automatically and appear " Factory Mode is On"
- i can make first call with sim , after i'm unable to call , but the 3G network works
- Whit ES File Explorer i've see that my efs folder is empty (But i can see my IMEI with secret code)
- In Device Info i see one time "Official Status" and another time "Personalized Status"
I'm tinking that old owner is a very st......d guy. Howewer these are all information :
Model : SM-G900F
Version : 4.4.2
BASEBAND : NE2
BUILD : NE2
What do you think? How i can solve the problems?
EDIT 1 : i've formatted from recovery , now it ask me to insert the samsung account of old owner...
- Use Phone INFO ★Samsung★ app to obtain more detailed information about your device, including Model, Baseband, Bootloader, CSC, IMEI, S/N, etc...
- May be the Reactivation lock has been enabled. You should ask the ex-owner for the account.
qwertyup88 said:
Hi all, i've purchased an SM-G900F but there is a problem, it has rooted.
I've noticed those :
- I can see IMEI number (if i do #*06#) but my EFS folder is empty
- When turn on WiFi , the device will reboot automatically and appear " Factory Mode is On"
- i can make first call with sim , after i'm unable to call , but the 3G network works
- Whit ES File Explorer i've see that my efs folder is empty (But i can see my IMEI with secret code)
- In Device Info i see one time "Official Status" and another time "Personalized Status"
I'm tinking that old owner is a very st......d guy. Howewer these are all information :
Model : SM-G900F
Version : 4.4.2
BASEBAND : NE2
BUILD : NE2
What do you think? How i can solve the problems?
EDIT 1 : i've formatted from recovery , now it ask me to insert the samsung account of old owner...
Click to expand...
Click to collapse
reactivation lock is on. you will need to contact old owner. There is also a way to "fix" that but not sure if it is appropriate for XDA.
kabloomz said:
reactivation lock is on. you will need to contact old owner. There is also a way to "fix" that but not sure if it is appropriate for XDA.
Click to expand...
Click to collapse
Can you send me an email ? i really need hepl
vndnguyen said:
- Use Phone INFO ★Samsung★ app to obtain more detailed information about your device, including Model, Baseband, Bootloader, CSC, IMEI, S/N, etc...
- May be the Reactivation lock has been enabled. You should ask the ex-owner for the account.
Click to expand...
Click to collapse
The guy was not traceable now. He's vanished ....
You are kinda between a rock and a hard place if reactivation lock is enabled and you don't have the login to toggle that. In most cases that means that the phone is stolen and this is an explicit anti theft feature. You need that login from the original owner. Or if you have the original receipt, you might be able to convince a Samsung repair center to disable the reactivation lock for you.
In any event, as to your original question the most likely cause of the problem is a corrupt configuration file, namely a text file named "factorymode". You can try this repair from the command line or a root aware text editor.
Code:
echo -n ON > /efs/FactoryApp/factorymode
.
fffft said:
You are kinda between a rock and a hard place if reactivation lock is enabled and you don't have the login to toggle that. In most cases that means that the phone is stolen and this is an explicit anti theft feature. You need that login from the original owner. Or if you have the original receipt, you might be able to convince a Samsung repair center to disable the reactivation lock for you.
In any event, as to your original question the most likely cause of the problem is a corrupt configuration file, namely a text file named "factorymode". You can try this repair from the command line or a root aware text editor.
Code:
echo -n ON > /efs/FactoryApp/factorymode
.
Click to expand...
Click to collapse
Just now the guy told me account and password . Now i'm able to use my phone !!!!! But now i see that the efs folder is empty...
qwertyup88 said:
Just now the guy told me account and password . Now i'm able to use my phone
Click to expand...
Click to collapse
Great. But you neglected to tell us if you tried (or even noticed) the suggestion to check your factory mode configuration file. The contents should show "ON" (yes, "ON") and the permissions 0644. Your efs folder may appear empty to you when it really isn't. It depends on whether you have your file browser (or command line options) set to display hidden and system files or not.
.
fffft said:
Great. But you neglected to tell us if you tried (or even noticed) the suggestion to check your factory mode configuration file. The contents should show "ON" (yes, "ON") and the permissions 0644. Your efs folder may appear empty to you when it really isn't. It depends on whether you have your file browser (or command line options) set to display hidden and system files or not.
.
Click to expand...
Click to collapse
y factory mode is on , because i can't acces my wifi, and it appear that factory mode is on. I've set to see hidden files , but now i haven't root on my device
Edit: terminal emulator say : no such file or directory
Edit 2 : Solved with terminal emulator and busy box Thanks to @leoaudio13 for his dump
These are the command for mount efs :
su
mke2fs /dev/block/mmcblk0p12
mount -w -t ext4 /dev/block/mmcblk0p12
reboot
After then , with text editor i've disabled FactoryApp in efs folder tanks to all
.
For the benefit of anyone else reading this thread, do not repeat the steps in the post above until
you understand what they do. A typo in those steps could easily cause you endless grief.
Glad you go it working.
If those steps fixed your issue, then you mislead us with erroneous information earlier. You said that you had an empty efs folder earlier. But those steps would not have been necessary or effective if that was accurate. You must have had a missing efs partition. There is a considerable difference between an empty and nonexistent item and that datum would have led us to a solution.
On a normal phone, there would be an extant efs folder and it would be automatically mounted at boot. A missing folder strongly suggests that the wrong firmware or a flash error took place. Presumably by the previous owner.
Anyone using the make filesystem command mke2fs /dev/block/mmcblk0p12 should be very careful with typos as an incorrect address could cause major corruption that would be difficult to recover from.
.
Originally Posted by qwertyup88 View Post
Hi all, i've purchased an SM-G900F but there is a problem, it has rooted.
I've noticed those :
- I can see IMEI number (if i do #*06#) but my EFS folder is empty
- When turn on WiFi , the device will reboot automatically and appear " Factory Mode is On"
- i can make first call with sim , after i'm unable to call , but the 3G network works
- Whit ES File Explorer i've see that my efs folder is empty (But i can see my IMEI with secret code)
- In Device Info i see one time "Official Status" and another time "Personalized Status"
I'm tinking that old owner is a very st......d guy. Howewer these are all information :
Model : SM-G900F
Version : 4.4.2
BASEBAND : NE2
BUILD : NE2
What do you think? How i can solve the problems?
EDIT 1 : i've formatted from recovery , now it ask me to insert the samsung account of old owner...
Click to expand...
Click to collapse
Ive got almost the same problem, i bought my s5 to a friend who visited Philippines from Korea, He acquired the Phone in a Pawnshop in korea, i restore the phone and now it asked me for a password which i dont know, send it to the Technician, Force to delete the account (dont know how) but the problem is that, Phone has NO SIGNAL from then on, it has a NO signal above instead of a bar signal, EFS folder is empty, IMEI was null 000000000000000.
Anybody has the same experience? how can i fix this? please help.
Not perfectly solved .... After first call it don't connect to the network. Only after reboot it connect.
Any suggestions ?
qwertyup88 said:
Not perfectly solved .... After first call it don't connect to the network. Only after reboot it connect.
Any suggestions ?
Click to expand...
Click to collapse
could be a block imei by the operator? if it is POSSIBLE to solve? or it could be due however to the efs folder, or the firmware, modem?
edreab86 said:
Ive got almost the same problem, i bought my s5 to a friend who visited Philippines from Korea, He acquired the Phone in a Pawnshop in korea, i restore the phone and now it asked me for a password which i dont know, send it to the Technician, Force to delete the account (dont know how) but the problem is that, Phone has NO SIGNAL from then on, it has a NO signal above instead of a bar signal, EFS folder is empty, IMEI was null 000000000000000.
Anybody has the same experience? how can i fix this? please help.
Click to expand...
Click to collapse
it's a different problem , you have a null imei , in your case it's more difficult to resolve.
Originally Posted by qwertyup88
it's a different problem , you have a null imei , in your case it's more difficult to resolve.
Click to expand...
Click to collapse
As you can read i said, Ive got almost the same problem, i don't say we have the same problem. in a sense that previous owner account or the reactivation lock is present. sorry if i made a statement that bothers you, just looking for a solution.
hello guys, always about the efs folder I was reading this post: http://forum.xda-developers.com/showthread.php?t=2705524.
according to you through this tool is possiblile restore the backup I had done with samsung tool? I would like to try this because the efs folder on my sm-g900f is 23kb, but the backup I had done with samsung tool is 14mb !! what do you think?
Hello there,
i would like to get informations about the communication of an app, as it is using a VERY big amount of bandwith. And I'm curious.. I want to understand the complete communication.
I tried mitmproxy but it seems, that it is using a hardcoded proxy internally. So i thought about a different approch:
Adding Logging to the app itself.
The App is using a stripped down version of the okhttp lib (github.com:square/okHttp), that contains (in versions 1.5.0 to 1.6.0) the Request class. The constructor seems to not be changed in the app.
github.com/square/okhttp/blob/parent-1.5.0/okhttp/src/main/java/com/squareup/okhttp/internal/http/Request.java
I would like to add logging capability to the constructor in th compiled .class . Something like
Log.d("AppTarget",url.getProtocol()+"://"+url.getHost()+":"+url.getPort()+url.getPath()+" "+method);
at the end of the constructor.
1) Is this a good idea? (Or are there better ways? )
2) How to do this? Of course: I have to edit the bytecode. But more like: how to do this.
3) I have attached a compiled version of the lib
A wonderfull day
Mimoja
Well decompiling the app, adding the logging lines and recompiling wont work i suppose, because apktool etc dont return working code.
If you have another rooted android phone by chance, you should try intercepter-ng app found here on xda, works great as mitm tool to get other wifi device's traffic
--------------------
Phone: Nexus 4
OS: rooted Lollipop LRX21T
Bootloader: unlocked
stock Recovery
---
---
---
---
---
For owners of Xiaomi Air 12 or 13 that are facing static sound in Audio cause of Windows 10 please update your Realtek driver from their own website and not use windows update or general update. You need to download the latest 64bit driver dated ' 14-Jun-17 - 6.0.1.8186 '
@Wootever, sorry for my unrelated question. But, I have a Xiaomi Air 13 2016 and I've set a supervisor password when I changed to Linux. I then removed the password when I changed back to Windows 10, but it's still asking me for one...
Do you happen to know a way on how to remove the BIOS password on this laptop? I've extracted the executable from Insyde H20 A06 updater and changed the platform.ini, so it does a force flash of the password area (Password=1), however, it's still asking for one.. Any help would be greatly appreciated! Thanks in advance
@r00tPT
Try to set the password again and then set it to blank.
Wootever said:
@r00tPT
Try to set the password again and then set it to blank.
Click to expand...
Click to collapse
Thanks, but I cannot set the a new password, as when I try to access the BIOS, it asks me for a password..
I wanted to reset this password altogether, so I can access my BIOS and set a new one =/
@r00tPT
You can try to flash this default BIOS A06 Package, it will overwrite all device specific data (Serial, Windows Key, NVstore).
All settings should be set to default (including the password), but i haven't tested this (no guarantee and at your own risk).
Edit:
Don't forget to create a backup using the Backup.cmd file, it should be possible to restore the Serial number on the "empty" default BIOS.
Wootever said:
@r00tPT
You can try to flash this default BIOS A06 Package, it will overwrite all device specific data (Serial, Windows Key, NVstore).
All settings should be set to default (including the password), but i haven't tested this (no guarantee and at your own risk).
Edit:
Don't forget to create a backup using the Backup.cmd file, it should be possible to restore the Serial number on the "empty" default BIOS.
Click to expand...
Click to collapse
Thank you, Wootever! I think it's worth a try.
Would it make sense to create the backup, flash the default package, confirm if there's no password and then flash back the original Xiaomi BIOS to restore the Serial number?
Sorry, as I have near to none experience related to bios. thanks once again
@r00tPT
The backup includes all current settings (including the password), restoring it would also re-enable the password protection.
I made a little script to restore the device serial from the backup.bin file.
This is necessary because the Windows Activation seems linked with the device serial number.
Edit:
Updated the script.
Wootever said:
@r00tPT
The backup includes all current settings (including the password), restoring it would also re-enable the password protection.
I made a little script to restore the device serial from the backup.bin file.
This is necessary because the Windows Activation seems linked with the device serial number.
Edit:
Updated the script.
Click to expand...
Click to collapse
Wouldn't it be best to make a backup of the current bios with a flash programmer? I still haven't done this, as I'm trying to figure out what password I put.. (I basically set a supervisor password when I disabled secure boot, but then when I tried to set a new blank password it didn't change it back)
I have a friend who has the exact same laptop. Would it be fine if I made a backup of his bios and restore it into mine?
Could there be an issue or some missing information? Probably only the device serial number, which I could write again using your script? Would that be feasible?
By the way, sorry for asking these questions here/to you, but it's hard to find some guidance regarding this topic. Thanks once again
@Wootever, it worked!! You're the greatest man! I'm now able to access my BIOS again!
Is there any way to re-enable the flash protected range register again, just in case?
Wootever said:
I just got my hands on a Xiaomi Air 13 (2016 version) and wanted to share my findings.
The BIOS version of this device is A07, which is not yet made available by Xiaomi and originally, BIOS updates can only be flashed with the Insyde tools.
However, those require a valid certificate to correctly sign the binary file, thus a provided backup of version A07 won't be applicable as a update.
Intel Flash Programming tool is another alternative which allows to flash unsigned/customized versions, but in practice FPT can't access the BIOS region due to the protected range register which prohibits write access.
Code:
Error 316: Protected Range Registers are currently set by BIOS, preventing flash access.
Please contact the target system BIOS vendor for an option to disable Protected Range Registers.
Fortunately there is an undocumented variable switch that i found by coincidence which deactivates the flash protected range register.
For this i made a little tool which automatically patches the variable to allow BIOS update via FPT.
Note: modifying your BIOS is at your own discretion, i am not responsible for any damage caused by this procedure.
Download my variable patcher, extract it and execute Patcher.cmd
Reboot your device.
Download BIOS A07 for the Xiaomi Air 13 (2016)
Execute Backup.cmd to create a backup of your current BIOS.
Then execute Update.cmd to install version A07.
Use Serial.cmd to restore the device serial number from the backup BIOS.
Reboot your device.
I also made a few changes for this BIOS:
Updated microcode to 0xBA
Increased PWM frequency to 5000 Hz
Click to expand...
Click to collapse
I tried but I have this problem with patcher, any suggestion?
@Wootever
1) after upgrading the bios, how do i re-activate the flash protected range register?
2) do you have the default clean A07 bios (without the microcode and PWM changes)?
thank you!
May I ask if there is an easy way to unlock BIOS totally on Xiaomi Air 13? Because previously I opened a topic about it in biosmods.com , someone reached to me and told that due to write protection it needs quoting from him: "Bios mod can be flashed using SPI-programmer+SOIC8 clip only". That requires opening laptop up and connecting clip on chip physically. I love to tinker things in my laptop but that is a bit scary for me. So is there another way to do it, anyone knows??
THANK YOU!! This is pure gold! By the way, does the flag you found also unlock the ME region?
Update: nevermind. The answer is no unfortunately
bigorbi said:
May I ask if there is an easy way to unlock BIOS totally on Xiaomi Air 13? Because previously I opened a topic about it in biosmods.com , someone reached to me and told that due to write protection it needs quoting from him: "Bios mod can be flashed using SPI-programmer+SOIC8 clip only". That requires opening laptop up and connecting clip on chip physically. I love to tinker things in my laptop but that is a bit scary for me. So is there another way to do it, anyone knows??
Click to expand...
Click to collapse
No, you can flash any bios mod with the flag found by @Wootever. However, you may want to get a programmer (Altera USB blaster has cheap Chinese clones supported by flashrom) and a SOIC8 clip anyway just in case. They're dirt cheap and allow for recovery when things go wrong.
As a bonus, an external programmer enables you to get rid of the management engine.
CARLiCiOUS said:
THANK YOU!! This is pure gold! By the way, does the flag you found also unlock the ME region?
Update: nevermind. The answer is no unfortunately
Click to expand...
Click to collapse
It might be possible if the variable for ME Image Re-Flash is set:
Code:
Me FW Image Re-Flash, Variable: 0xD08
Disabled, Value: 0x0 (default)
Enabled, Value: 0x1
Variable to unlock protected range register:
Code:
BIOS SPI Lock:, Variable: 0x258
Enabled, Value: 0x1 (default)
Disabled, Value: 0x0
Edit:
Here is another variable patcher that also enables the ME Re-Flash variable.
(Note: not tested, use with caution)
As you may noticed since last week google wants us, the custom rom users to manually register our android_id to the link https://www.google.com/android/uncertified/
It looks simple isn't it?
But there's a catch. Each google account can register up to 100 ids. So if you keep registering new ids after every clean install you'll more likely to hit that 100 ids limit soon. That's even worse for fhe rom developers as they may flash up to 20-30 roms a day.
I'm figuring out that in a different way though. The procedure I'm following is:
A. BEFORE ANYTHING
If you're doing this first time:
1) Copy this database from /data/data/com.google.android.gsf/databases/gservices.db
2.1) Open the database with a sql editor or from adb shell or a terminal emulator in sqlite3, see android_id with this sql command:
SELECT *
FROM main
WHERE name="android_id";
2.2) OR from adb shell:
$ adb root
$ adb shell 'sqlite3 /data/data/com.google.android.gsf/databases/gservices.db "SELECT * FROM main WHERE name = \"android_id\";"'
3) Then save the value you're seeing to somewhere else, and register to your account at https://www.google.com/android/uncertified/
B. THEN FOR EVERY CLEAN INSTALL
1) Backups and wipes.
2) Flash rom (pt roms with vendors have the firmware included).
3) Flash gapps.
4) Optionally flash a custom kernel.
5) Reboot and configure your device.
6) Flash magisk, reboot.
THEN THIS PART IS IMPORTANT:
7.1) Again copy this database /data/data/com.google.android.gsf/databases/gservices.db and open in a sql editor (or with sqlite3 in terminal emulator, or adb shell) and execute this sql command:
UPDATE main
SET value=XXXXXXXXXXXXXXXXXXX
WHERE name="android_id";
7.2) OR from adb shell:
$ adb root
$ adb shell 'sqlite3 /data/data/com.google.android.gsf/databases/gservices.db "UPDATE main SET value=XXXXXXXXXXXXXXXXXXX WHERE name = \"android_id\";"'
Note: XXXXXXXXXXXXXXXXXXX is your android_id as you've learned and registered to your account before (You can see the android_id s you've registered at the same google link).
I just registered my IMEI, that one stays the same across factory resets.
Also, Titanium backup has an option to restore a previously used android ID.
Deleted
Deleted
muff99 said:
I just registered my IMEI, that one stays the same across factory resets.
Also, Titanium backup has an option to restore a previously used android ID.
Click to expand...
Click to collapse
Yes that works too but this is the manual method for the gsf android_id. Wifi only devices doesn't have IMEI for example.
https://www.xda-developers.com/google-removes-100-device-registration-limit-uncertified-device-page/
G4B33 said:
https://www.xda-developers.com/google-removes-100-device-registration-limit-uncertified-device-page/
Click to expand...
Click to collapse
Yes so now we don't have to do that much of hacky-wacky stuff just to get gsf certified status anymore. #YayGoogle? ?
What if you don't do that?
seems not working. After rebooting, it went back to previous id
You know I've just realized that doing exactly what's written on Google's page (that I've shared link of it) doesn't change my status too. My id is exactly what I've registered on the id registration page but no it stays uncertified so you can ignore this post too... I hope we can find a solution soon :/
ccelik97 said:
You know I've just realized that doing exactly what's written on Google's page (that I've shared link of it) doesn't change my status too. My id is exactly what I've registered on the id registration page but no it stays uncertified so you can ignore this post too... I hope we can find a solution soon :/
Click to expand...
Click to collapse
I think the display will always stay on "not certified", but you are atill able to use the Google services (which unregistered custom ROM users are not any more, if I understood correctly).
This is just a guess on my side, I have not tested this (and I can't since I added all kinds of IDs to that registration page ...).
All in all the information flow from Google on this topic has been spectacularly bad, imho.
When I register my GSF id, its not saved or a different number is display, see my correct I'd in the enter field vs ones registered.
image45 said:
When I register my GSF id, its not saved or a different number is display, see my correct I'd in the enter field vs ones registered.
Click to expand...
Click to collapse
That's because you entered it in hex format, it gets converted into decimal.
Also, don't post your id here ... Not sure what happens if other people register your id with their Google account.
muff99 said:
That's because you entered it in hex format, it gets converted into decimal.
Also, don't post your id here ... Not sure what happens if other people register your id with their Google account.
Click to expand...
Click to collapse
Do I need to convert it or is that an accepted way to submit the information please?
If I try to resubmit it advises already registered.
Is there a way to bypass the lockscreen on a Xiaomi 3S without doing a reset and losing all the data?
When I was living in China I found out my boss had installed a RAT on my phone and was monitoring my location and accessing my messages/photos etc. When I confronted him about it he changed the lockscreen password and said he wanted 15000rmb from me to unlock it. He told me there was nothing I could do about it because he is Chinese and I'm not so the police will believe him. I ended up just getting a new phone because it wasn't worth the fight to me at the time
That was back in 2016 but I have a bit of an emergency situation and I really need to access some data that's save on this phone
A few points worth mentioning
Google account and "lost my phone" methods are not available to me as it's not an international version so has no google functionality
I don't have a xiaomi account so I can't use the xiaomi versions of the above
I have tried the android lock screen crash method here https://www.oreilly.com/library/vie...98/85928bf7-5c5e-40cb-9a9b-5aa4e75d8032.xhtml but I do not get the option to copy/paste data from this text field. So I'm assuming it's the wrong version of Android
I have tried connecting the phone via USB to a computer that has the Android SDK tools installed and using the command "adb shell rm /data/system/gesture.key" but I get an error "this adb server's $ADB_VENDOR_KEYS is not set".
I've tried at least 10 different android unlocking tool piece of software I can find, but as far as I can tell they all just try to format and I need the data on the phone