Related
Hi.
I come from another post looking for a solution to my dilemma (http://forum.xda-developers.com/galaxy-s5/help/switch-stock-rom-t2866861#post55236673), thanks to fffft member found that I can open the band 4 of my cell S5 using the QPST program, however I can not find a modified .qcn file that corresponds to my model (G900F).
What I have done is make a backup of my original .qcn (which understand not share because there goes my IMEI) and I need advice from someone who knows that is the parameter that should change to open the AWS band 4.
Much appreciate your help.
I see that nobody has answered, if it was not for lack of cooperation, or because no one has had this problem.
Continue researching and achieve get qcn file G900M, which is super, but not left so installed as well, the QPST program generates an error and does not let install, so proceeded to compare them to see how different they are, and actually they are very different in their hexadecimal setting.
The issue now is, I need someone to tell me what are the parameter I have to modify my original qcn (my G900F) to enable AWS band 4.
Thank you for your help.
..
Hello again fffft.
I will try to explain everything in the best way. I can not send the file qcn G900M, because I have understood that within the IMEI can be identified, and the first thing I asked the person I give it to me was that change could not deliver it to anyone.
Now step by step to do was the following (taken from this forum http://forum.xda-developers.com/showthread.php?t=2291589 ):
Install phoneutil.apk in my phone.
Install QPST 2.7 build 323.
Choose the usb connection “RNDIS + DM + MODEM” from the menu that comes by typing *#0808#.
On the Ports tab of the program QSPT set the COM port corresponding to the cell (seeing that port recognizes the cell through Device Manager).
Choose “Start Clients” and choose “SOFTWARE DOWNLOAD”.
Hit the “Restore” tab, set port to COM number, choose the QCN file, and start.
Attached two images, one in which it is seen that the process is running smoothly, and a second in which shows the error.
With regard to your question about the RMNET protocol, for I must say I have no idea regards, because as I said I am still a newbie.
Finally and with respect to qcn file G900T me would be very very difficult to get the file G900M was relatively easy (not as easy lol) but because here in my country is the model that is sold, but the model does not get G900T no way.
I remain attentive to your suggestions, and thanks again for the help.
..
I thought S5 supports AWS band as well as other bands? I bought S5 from Rogers and use it with Wind mobile (Canada).
..
Hi.
Well, with my answer are attached to the two qcn files, not if it's okay to post them because I do not know which is the information that I'm giving, but I'll trust you fffft.
Review the entries with IMEI and clear, making this process and I thought this would be a very good explanation of why not to overwrite the original file leaves the cell, because the second IMEI not for the phone, but even if this were true, no understand how in the above forum they spread a qcn file for S4 that everyone could use.
Anyway, I hope that with this we can advance the issue to see if I can get out of this mess.
Thanks again.
..
Ok fffft, I found the parameter you say, but now my question is, as I edit the file qcn? I need some special program?
Loperaco said:
Ok fffft, I found the parameter you say, but now my question is, as I edit the file qcn? I need some special program?
Click to expand...
Click to collapse
Well, download the program XVI32 to edit the hexadecimal, apparently was successful but eventually the program generated the same mistake I had already seen, indicating "Could not reset the phone. COmmunication Errors Occurred".
Will you help me?
..
Hi there.
I have an interesting fact to share, because I could not properly complete the process to overwrite the qcn file then started to review the QPST program and its functions, among these I found the display content on qcn files through this for any entries who had been unable to write and determine that it was possible to write the file so qcn "hot" (ie directly on the phone) Oh and surprise! when I saw that the code / parameter that indicated fffft if I had changed even though the restore process had not been successful.
Anyway achieved modify the parameter in question and probe the cell after this, but still not achieve even connect AWS band 4, so despite the success the result was a failure.
Knowing this now accept suggestions from all of you experts.
..
Got a little further, but the bands did not get enabled...
fffft said:
Docx? Shouldn't those be .qcn files?
Anyway, you should try encouraging someone to post a NV dump from their 900T for comparison. You can check the existing AWS threads to confirm, but as I recall to enable AWS on earlier Galaxy models, required editing NV_RF_BC_CONFIG_l from 80 03 e8 04 to 80 03 e8 06
So ostensibly you will want to make the same change on your 900F. Comparing your NV to a 900T would lend confidence to that presumption.
.
Click to expand...
Click to collapse
fffft, Laperaco,
I am pursuing the same Band change as described here and have an update of the things that I was able to discover:
1) I was able to use QPST and pull NV backup from my phone - see my JJ_ATT_S5_Bands_Tester_No_IMEI (IMEI removed in Line 550)
**Note that I was not able to restore any QCN back to my phone in either USB mode (and I think this is what Loperaco was talking about), but...
2) I was able to program my phone directly using RF NV Item Manager, but did not get desired results (see below):
- a) I changed 1877 NV_RF_BC_CONFIG_l from 80 03 e8 04 to 80 03 e8 06 and nothing changed - i.e. radio still worked and I was still getting EDGE (no HSPA+)
- b) I tried changing the next line 1878 NV_RF_HW_CONFIG_I from f6 to 2c, because I saw that in another QCN file I found online. That actually "killed" my radio altogether, at least until I changed it back to f6
- c) Upon further inspection of the SM-N900T file I found online (too big to upload here), I saw that there are quite a few differences, which leads me to believe that additional configurations must be made to take advantage of the HSPA+ bands.
!! Please !! If someone with T-Mobile SGS5 looking at this, could you pull your QCN, mask IMEI if you'd like and post it here for comparison.
Otherwise, fffft, do you have any other thoughts regarding the changes needed...?
Last note that files are posted as .qcn.txt, becuase forum does not allow posting of qcn file extensions. Just remove .txt and you will have original qcn.
Thanks,
JJ
fffft said:
Your reluctance to document what you have done in detail is unfortunate because it prevents us from confirming that you did as you summarized or possibly discern any errors along the way. Nor did you tell us how you concluded that the phone did not connect to AWS, whether the changes were persistent after a reboot or what the service mode showed for activity after using the diagnostic menu to lock the handset to AWS, et cetera.
Of particular value would be a before and after NV dump from your phone, alongside a 900T NV dump. Which would illustrate both the required changes and any progress made with the attempted write.
To reply to your question, two obvious possibilities are apparent
1. That you changed the parameter as you summarized and that was insufficient to effect the desired change. Which would mean that the required parameter is different for the S5 than preceding Galaxy models for some reason e.g. that a different parameter needs editing or that radio changes are needed as well, even though that was not the case for the S3 & S4.
2. That you made some inadvertent error in your procedure that you didn't discern. No one can look for possible errors in the absence of you providing a detailed, step by step description of what you did though.
.
Click to expand...
Click to collapse
Ok ok, let me see how I can solve this.
First of all is not reluctance, I tried to be clear in how I do things, but I'll try again:
1. I bought a model of cell G900F that has disabled the AWS band 4.
2. I tried using the QPST program to replace the qcn file with one that corresponded to a G900M model, since in this model if the band 4 is enabled, but the process to make it in the program generated the error "Could not reset the phone. Communication Errors Occurred ".
3. I do not know how or if the QPST program writes an error log, so I do not know where to look it can be sent. I explain how to install and run the program each button is a bit wasteful, but I followed the steps in this forum http://forum.xda-developers.com/showthread.php?t=2291589
4. After this, and having received suggestions from fffft, I tried modifying the original qcn file from my phone, because I thought that perhaps the problem was because they were different models and finally the phone would not allow me to put a qcn file of another model. The modifications I did was change the parameter NV_RF_BC_CONFIG_l from 80 03 e8 04 to 80 03 e8 06. This is done by the program XVI32 modifying the hexadecimal.
5. I tried again using the option to restore the qcn file in QPST program, but got the same error "Could not reset the phone. Communication Errors Occurred".
6. I assumed I had to think of something else so it was when using the RF NV Manager (included in the installation program QSPT) for locate the actual file contents qcn on my phone, and I realized that despite the error obtained in restoring the file using the QPST program the parameter indicated in paragraph 4 of this list if it had changed.
7. I proceeded to check the signal and actually still had no access to the 4G network, the most that is connected to the HSDPA + network.
8. I read the comments from fffft and now I'm writing this.
I hope I was clear in my problem and have made a good step by step.
Now the issue is that:
A. I do not know how to access the diagnostic menu that enables or disables the AWS band, so I do not understand fffft what you're talking about.
B. I agree that modify only the parameter in question is not sufficient, otherwise the matter would be solved.
C. It is possible that I made a mistake as you point out, I finally am new to this, but still I explained my process so I am attentive to suggestions.
Thanks for the help.
JJ_Boja said:
fffft, Laperaco,
I am pursuing the same Band change as described here and have an update of the things that I was able to discover:
1) I was able to use QPST and pull NV backup from my phone - see my JJ_ATT_S5_Bands_Tester_No_IMEI (IMEI removed in Line 550)
**Note that I was not able to restore any QCN back to my phone in either USB mode (and I think this is what Loperaco was talking about), but...
2) I was able to program my phone directly using RF NV Item Manager, but did not get desired results (see below):
- a) I changed 1877 NV_RF_BC_CONFIG_l from 80 03 e8 04 to 80 03 e8 06 and nothing changed - i.e. radio still worked and I was still getting EDGE (no HSPA+)
- b) I tried changing the next line 1878 NV_RF_HW_CONFIG_I from f6 to 2c, because I saw that in another QCN file I found online. That actually "killed" my radio altogether, at least until I changed it back to f6
- c) Upon further inspection of the SM-N900T file I found online (too big to upload here), I saw that there are quite a few differences, which leads me to believe that additional configurations must be made to take advantage of the HSPA+ bands.
!! Please !! If someone with T-Mobile SGS5 looking at this, could you pull your QCN, mask IMEI if you'd like and post it here for comparison.
Otherwise, fffft, do you have any other thoughts regarding the changes needed...?
Last note that files are posted as .qcn.txt, becuase forum does not allow posting of qcn file extensions. Just remove .txt and you will have original qcn.
Thanks,
JJ
Click to expand...
Click to collapse
Hi JJ.
We are indeed talking about the same issue, however I see a difference and that is that despite not having the band 4 AWS enabled on your phone, this only gives you the edge band, however my phone without enabling the band 4 gives me HSDPA+, so my question, just out of curiosity, is what is the frequency at which your operator transmits the EDGE network?
Loperaco said:
5. I tried again using the option to restore the qcn file in QPST program, but got the same error "Could not reset the phone. Communication Errors Occurred".
6. I assumed I had to think of something else so it was when using the RF NV Manager (included in the installation program QSPT) for locate the actual file contents qcn on my phone, and I realized that despite the error obtained in restoring the file using the QPST program the parameter indicated in paragraph 4 of this list if it had changed.
Click to expand...
Click to collapse
Laperaco,
1) I was also unable to load qcn file from backup even without modifications, so...
2) I made modifications directly to the phone using RF NV Item Manager*
*Note from my post that changing line 1877 made no difference in connectivity for me.
3) This specific connection is below (although it naturally fluctuates):
Network Type: EDGE:2
GSM RSSI: -89db (63%) 12 asu
GSM Signal Strength: 13db (42%)
Preferred Network Type is LTE/GSM autio (PRL)*
*Non-GSM selections (WCDMA, LTE-only, etc) simply do not connect, so no HSPA+ for me
JJ
JJ_Boja said:
Laperaco,
1) I was also unable to load qcn file from backup even without modifications, so...
2) I made modifications directly to the phone using RF NV Item Manager*
*Note from my post that changing line 1877 made no difference in connectivity for me.
3) This specific connection is below (although it naturally fluctuates):
Network Type: EDGE:2
GSM RSSI: -89db (63%) 12 asu
GSM Signal Strength: 13db (42%)
Preferred Network Type is LTE/GSM autio (PRL)*
*Non-GSM selections (WCDMA, LTE-only, etc) simply do not connect, so no HSPA+ for me
JJ
Click to expand...
Click to collapse
Ok JJ, we are going through the same steps, we must wait for more help, I'll keep researching but I see that not many people have our problem.
I have a question is that with that code or through option that could see data that you send me.
Any information or change that has put it in the post.
..
Hi,
Hi I have a few questions.
Are NCK and SPCK codes stored in NVRam?
How are they calculated, is it still based on IMEI or does the carrier generate the random numbers and inserts them in the phones NVRam or elsewhere?
I'm curious how do those famous box systems work like SigmaKey, DC Unlocker etc.? They send some data via DFU and unlock the phone, reset the unlock counter, fix empty IMEI, flash new firmware etc. I've managed to view some NVRam items via QXDM but I have no idea what I'm looking at, I understand some things of course but still.
Why do I get most of the time "NV Status Error Received: Item inactive" what does that mean?
Sorry if I'm asking dumb questions.
Thanks for your help!
How to active MyfordTouch Navigation
As noted by flsdiver in the previous myfordtouch thread
(http://forum.xda-developers.com/win...rd-touch-hack-enable-features-t3321397/page13)
Modify the APIM as-built data using Forscan (you will need to request an extended license for Forscan)
You will also need a ELM327 device that can do HSCAN/MSCAN.
1) Program APIM using Forscan & ELM327 device. Change the as built data bit with
(7d0-01-02. Byte 1 = 00 No Nav. Byte 1 = 04 with Nav)
Turn key off, turn on, sync black screen for a bit, then performing routine system maintenance.... for about 2 mins.
*Unknown if ACM as built data bit needs to be changed yet.
2) Program ACM as build with bit mentioned in this thread. Not sure needed/what it does but I did it anyway.
3) New method seems to be either getting a license file from vincentka post 535 (http://forum.xda-developers.com/showpost.php?p=68993515&postcount=535)
OR
Using the PNG file described here https://www.drive2.ru/l/10018006/ posted by rmcgry
http://forum.xda-developers.com/showpost.php?p=69046248&postcount=545
Download license (BT4T-14F500-BE) from URL attached in the excel document. You will need to replace “YAABBCCD” in the URL section and provide your vehicle’s ESN number otherwise it won’t work. This appears to be case sensitive so make sure it is all uppercase letters.
You can get the ESN number in the settings section on the myfordtouchunit. You do not need to change anything else in the URL.
*To do non-north america and non-latest software you will need all the proper field values for your vehicle from the as build and from the current software installed on the vehicle.
All credit goes to flsdiver for the URL/Excel doc/steps needed.
*Ford could change this URL and this would no longer work!
4) *This step may not be needed depending on if you are using the PNG file method. Create the USB device and edit the autoinstall.lst file to only install the BT4T-14F500-BE file.
5) Stick in A7 nav SD Card.
6) Enjoy the trip!
For the long winded explanation, and those that what to put the pieces together...
Background:
APIM = Accessory Protocol Interface Module it is what holds the software that runs MFT.
ACM = Audio Control Module (Radio)
IPC = Instrument Panel Control Module
ESN = APIM Serial Number.
The Module Id of the APIM is 7D0 on the can-bus.
The APIM must be programmed with as build data to turn on NAV, more on that later.
I programmed the APIM bits via obdII 1st then did the nav/license install, not sure order matters or not.
Optionally the ACM bit can be set (this is very vehicle specific).
The NAV software license must be installed on the APIM via a normal USB update process.
The NAV software license must be digitally signed by f0rd for the serial number (ESN) that is on your APIM.
See other discussions for why one license file does not work in all vehicles (or you wouldn't be reading this thread, everyone would have NAV)
When done correctly you will see the license show up on the MFT license screen.
Sources of data regarding your APIM:
1) Get the As Build data for your vehicle.
this contains some of the values needed to build the software unlocker url and contains the 7d0
motorcraftservice.com/AsBuilt put in VIN
download file and save as xml (it's easier to read than .ab with simple browser)
also, i save this page as html file (ctrls) so that i can easily reference the modules/addresses and compare data for apim/acm.
this is sample of 7d0 apim as build data that determines what is or is not installed on your vehicle
Code:
APIM
7D0-01-01 2AAA 0006 03B6
7D0-01-02 0409 0604 8071
7D0-02-01 5553 0103 8006
7D0-02-02 0200 0000 00DD
7D0-02-03 0000 DC
7D0-03-01 2055 5203 00A5
7D0-04-01 0103 0201 00E3
7D0-04-02 0101 DF
Instrument Panel Control Module
IPC 720-01-01 2C0B 1064 6034
IPC 720-01-02 2013 106D
IPC 720-02-01 4DC0 3C31 3CE0
IPC 720-02-02 1000 A9E4
IPC 720-03-01 2805 5400 00AC
IPC 720-03-02 C848 013D
IPC 720-04-01 C441 0000 0031
IPC 720-04-02 5553 00D5
IPC 720-05-01 0000 0000 002D
IPC 720-05-02 0000 113F
IPC 720-06-01 0000 0000 002E
IPC 720-06-02 0000 002F
IPC 720-07-01 8401 88A0 603C
IPC 720-07-02 0000 0030
Audio Control Module
ACM 727-01-01 1801 1808 0069
ACM 727-01-02 0600 37
ACM 727-02-01 5B8C
ACM 727-03-01 1446
ACM 727-04-01 0001 0155 53DD
This is an excerpt from the as build file that contains the software values for the apim, you will need this to build proper software download url.
Code:
<NODEID>
7D0
<F110>DS-ET4T-14D212-AB</F110>
<F111>ES7T-14F130-BA</F111>
<F113>ES7T-14D212-DA</F113>
<F188>EM5T-14D205-AD</F188>
</NODEID>
2) Software Installation Report
this comes from the usb stick that you used to do your last update.
or you may put the SYNCStatusChecker.zip on a usb stick, put it in your car, turn on key, it will install the report on your usb stick.
look in the syncmyride folder for xml file that is in the format Sync_<esn>_<vin>.xml
this file contains all the information you should need to do the software download!
below is an excerpt from this software report.
<VIN> <ESN> <HardwareFordPartNumber> <ImageFPN> <VMCUFordPartNumber> <FPN> (2nd application is for nav in this case)
Code:
<Vehicle>
<VIN>1FTEW1EG2FFA47262</VIN>
<DisplayType>0A</DisplayType>
<ModuleHW>
<ESN>YAABBCCD</ESN>
<MACAddress>001122334455</MACAddress>
<WIFIMACAddress>0011223344</WIFIMACAddress>
<HardwareFordPartNumber>ES7T-14F130-BA</HardwareFordPartNumber>
<CCPU>
<ImageFPN>EA5T-14D544-AD</ImageFPN>
<Version>6.0.15065.0.0</Version>
<OEMVersion>3.08.15128.EA.10_PRODUCT </OEMVersion>
<Applications>
<Application>
<GUID>{00000000-0000-0000-0000-000000000000}</GUID>
<FPN>EA5T-14F496-AD</FPN>
<Version>0.0.0.0</Version>
<Name>EA5T-14F496-AD</Name>
</Application>
<Application>
<GUID>{00000000-0000-0000-0000-000000000000}</GUID>
<FPN>EA5T-14F657-AD</FPN>
<Version>0.0.0.0</Version>
<Name>EA5T-14F657-AD</Name>
</Application>
...
<VMCU>
<VMCUFordPartNumber>EM5T-14D205-AD</VMCUFordPartNumber>
<Version>Vector_VMCU_02.04.31</Version>
</VMCU>
3) Alternatively you can get most of this same information from the diagnostic screen.
Radio off, key on, eject button hold, still holding eject hold the right (next ) button.
Cancel tone test
Goto APIM Diagnostic/Part Numbers
Find on screen -
APIM Serial Number: <ESN>
H/W Part Number: <HardwareFordPartNumber>
CCPU S/W Part Number: <ImageFPN>
VMCU S/W Part Number : <VMCUFordPartNumber>
This would leave you to guess your particular NAV pack. <FPN>, usually EA5T-14F657-AD for north america.
You can use all of this data above, from your vehicle, map it to line 7 of excel, it will generate the url on line 8 for you.
Download the software, confirm that you have BT4T-14D546-EE in the zip, this is the NAV software license.
Unzip to USB stick, let this install run just like any normal sync update.
After update you should be able to go to Settings/System/Install Applications/View Software License and see the nav license on your MFT.
APIM Programming
You will need to download Forscan software.
You will need a good OBDII Forscan compatible OBDII interface.
Old Real Elm327s with MSCAN/HSCAN switch, or other good interfaces, not the cheap $5 elms on ebay 99.9% will not work.
Consult Forscan site for more on compatible interfaces.
Connect Interface and Forscan, let it scan modules.
Configuration Programming select APIM as build.
The important thing to set is one bit at 7D0-01-02 00 needs to be 7D0-01-02 04 in all cases we have seen so far.
7D0-01-02 0009 0604 806D No Nav
7D0-01-02 0409 0604 8071 Nav
The checksum (last byte), is the sum of all other bytes on that line
Checksum for this can be simple, just add 04 hex, so 6D + 04 = 71. See post #7 for good explaination on checksum.
Your numbers will be different for your vehicle.
The 1st byte 00/04 and the last checksum are all that need be changed.
Forscan may or may not calculate this checksum dynamically, i don't remember.
After doing this the MFT will reboot.
At which time, you should have nav.
You will need an SD map card (A7 is current) in the vehicle to use NAV. Go buy one, so that Here maps gets paid.
Please do not post the url in this thread. Build and download your own.
Attached a simplified excel with clearer header with entries attached.
Edit:
Climate in lower right quadrant can also be enabled. Post #69
You said:
4) Create the USB device and edit the autoinstall.lst file to only install the BT4T-14F500-BE file.
But in the "original" flsdiver instructions we had:
3) Download license (BT4T-14F500-BE) and nav software pack (EA5T-14F657-AD hint! in my case)..
How it is? It is not needed the "nav software pack"?
adyboss said:
You said:
4) Create the USB device and edit the autoinstall.lst file to only install the BT4T-14F500-BE file.
But in the "original" flsdiver instructions we had:
3) Download license (BT4T-14F500-BE) and nav software pack (EA5T-14F657-AD hint! in my case)..
How it is? It is not needed the "nav software pack"?
Click to expand...
Click to collapse
All the myfordtouch update files already have NAV included so it should already have NAV installed you just need to change the as built data and run the license activation.
seadiel said:
All the myfordtouch update files already have NAV included so it should already have NAV installed you just need to change the as built data and run the license activation.
Click to expand...
Click to collapse
And what if my system is not updated to the latest version (having 3.07 instead of 3.08)? And of course don't want to update it...
Can be activated?
adyboss said:
And what if my system is not updated to the latest version (having 3.07 instead of 3.08)? And of course don't want to update it...
Can be activated?
Click to expand...
Click to collapse
Yea the update prior to 3.08 you should be fine. Just note the SD card's below per version. I am thinking older versions than 2012 may have problems unlocking.
Build Version Released Date:
12023 3.0.2 SYNCGen2 Released 05 Mar 2012
unknown 3.1.3 SYNCGen2 Released September 2012 (BEV vehicles only)
12156 3.2.2 SYNCGen2 Released September 2012 (Limited release)
12285 3.5.1 SYNCGen2_4.29.12285_PRODUCT Released December 2012 + GPS Update (A4) new SD card
13171 3.6.2 SYNCGen2_4.30.13171_PRODUCT Released August 2013 (Can use A3 & A4 SD cards)
14122 3.7.11 SYNCGen2_4.32.14122_PRODUCT Released September 2014 (Can use A5 SD card, A3 and A4 untested)
15128 3.8 SYNCGen2_3.08.15128.EA.10_PRODUCT Released October 02 2015 (Compatible with A3, A4, A5, A6 and A7 SD cards only.)
flsdiver said:
The important thing to set is one bit at 7D0-01-02 00 needs to be 7D0-01-02 04 in all cases we have seen so far.
7D0-01-02 0009 0604 806D No Nav
7D0-01-02 0409 0604 8071 Nav
The checksum (last byte), is the sum of all other bytes on that line, just add 04 hex, so 6D + 04 = 71. - i need to confirm this statement.
Your numbers will be different for your vehicle. the 1st byte 00/04 and the last checksum are all that need be changed.
Forscan may or may not calculate this checksum dynamically i don't remember.
Click to expand...
Click to collapse
Total checksum is computed as so for the NAV line: 07 + D0 + 01 +02 + 00 + 09 + 06 + 04 + 80 = 16D (only use last two digits)
But yeah adding 4 in hex should work fine as a quick shortcut.
Forscan says it does calculate the checksum automatically.
Success on my 2015 escape ,I‘m In China
For escape ,I compaired the nav/nonnavi
ACM 727-04-01 has no difference
I changed 7D0-01-02 2th hex to 4 to enable navigation
and 7D0-02-02 4th hex to 8 to enable the "speed point warn "
Thanks
wangks18 said:
Success on my Kuga 2015(escape) With a D5 NavSDcard (I'm in China)
Thaks
Click to expand...
Click to collapse
Cool even works in China.
Changed my mind, would be too confusing
not only in China , also in Europe Perfect manual . THX
BR from Poland
Managed to use a "backup" of maps SD card today.
COMpulse said:
Managed to use a "backup" of maps SD card today.
Click to expand...
Click to collapse
NOW we are talking!!!
What was involved with cracking this thing? I really wanna try this out on the A6 card I have right now
Sent from my VS987 using Tapatalk
I can't take any credit for it. Someone here was kind enough to point me in the right direction to find a crack.
I assume XDA frowns on any discussions involving cracking or circumventing paying for commercial software.
With that said, if you want to PM me, I can go into detail.
COMpulse said:
I can't take any credit for it. Someone here was kind enough to point me in the right direction to find a crack.
I assume XDA frowns on any discussions involving cracking or circumventing paying for commercial software.
With that said, if you want to PM me, I can go into detail.
Click to expand...
Click to collapse
Sent you a PM
Got the license file successfully installed in a '15 Taurus! I set the bit in the APIM as noted and loaded the license file without issue after finally getting the URL right. I had to do a regular SYNC update to get the software current enough to work with the URL, so that was a stumbling block for a while. The screen still says "Information" instead of "Navigation" but I suspect there's something I've overlooked somewhere. In any case, the hard part is done, and many thanks to those who did the heavy lifting.
jethoss said:
Got the license file successfully installed in a '15 Taurus! I set the bit in the APIM as noted and loaded the license file without issue after finally getting the URL right. I had to do a regular SYNC update to get the software current enough to work with the URL, so that was a stumbling block for a while. The screen still says "Information" instead of "Navigation" but I suspect there's something I've overlooked somewhere. In any case, the hard part is done, and many thanks to those who did the heavy lifting.
Click to expand...
Click to collapse
After you change the APIM data it should say insert nav sd card. Then the info is moved to next to the home button
Agreed. It should say Insert SD or Navigation.
Wrong APIM modification?
lucasb8888 said:
After you change the APIM data it should say insert nav sd card. Then the info is moved to next to the home button
Click to expand...
Click to collapse
My error - that's what I was looking for, but it's still stuck on "Information." The license file is there, now I just need to check the APIM. I might try to set the bit back to 00 again, then reset it to 04 and see if that helps.
Also of note - Forscan does NOT compute the checksum automatically, at least on my installation.
FORScan claims to fix the checksum but I've never tested it. I always re-calc the checksum. If you're using my AsBuilt tool, there's a checksum calc built in.
I accidentally restored TWRP backup of another Zuk Z2 phone on my new pgone and in this process over-wrote the EFS partition. This left me with a phone having no IMEI, no mac for Wifi and Bluetooth. Effectively No Network on phone.
Worried, I searched across internet to find out ways to restore IMEIs and get my phone working again. The way out was to restore xqcn file and use it to get back IMEIs, mac address etc. But there were various posts and mixed feedbacks. Even when I restored modified xqcn and got IMEIs back, it had only one sim actually working and other had no signal.
I spent many hours searching for finding right steps. It was a long tiring process wherein close to 2 days were gone trying multiple methods, flashing QPST roms around 10 times to observe network in Stock ROM , in Custom ROMs and after reflashing etc etc etc . Shouts go out to Akrapovic & Nordicus for their detailed posts which helped me in understanding lot many things and also finalizing key steps to restore IMEIs, MAC etc and getting phone working
Pre-requisites:
1) QPST installed on PC; Download v 2.7.453 from here or elsewhere if you know of
2) ADB / Fastboot installed
3) Drivers Installed for Zuk Z2
4) Hex Editor to edit xcqn file
5) WriteDualIMEI_W_G_eMMC - to write IMEIs once xqcn has been restored
6) Zuk Z2 rooted with ADB enabled through developer options and connected to computer
For points 2 and 5, pls refer here to download the files and tools.
So the solution which worked for me, and one which has been tried and tested is following:
1) First check the IMEIs dialing *#06#.
If you see IMEI and matching with that on your box, there is no issue and you should stop.
If you see blank / error, process further
2) The EFS is corrupt and hence we don't see IMEIs. Follow this paget and get the EFS partition wiped out to properly prepare EFS for restore of xqcn in next steps.
I had restored xqcn file without wiping EFS partition and later on had issues. But all these issues were gone when first wiped EFS and then restored xqcn. So will suggest doing same.
3) Get the xqcn for our phone Zuk Z2 from here original credits to 唐大土土 and Nordicus who shared it here
Use HexEditor to search below default values and replace them with your devices value. IMEIs / MEID is available on box. MAC can be assumed suitably
MEID: 22 22 22 22 22 22 22
IMEI1: 33 33 33 33 33 33 33 33
IMEI2: 44 44 44 44 44 44 44 44
WIFIMAC: 55 55 55 55 55 55
BTMAC: 66 66 66 66 66 66
4) To be on safer side and avoid other variabilities, it is suggested to first flash QPST rom to ensure that apart from EFS all other partitions are fine. This is optional.
5) Now with rooted phone connected to PC, open command prompt on PC and go to adb folder. From there type these commands
Code:
adb shell
su (looking at the phone screen, as during this second command you need to grant root rights)
setprop sys.usb.config diag
Once done you will see in device manager 3 new com ports are open. If some errors or no success in getting com ports opened you can try following too
Code:
adb shell
su (looking at the phone screen, as during this second command you need to grant root rights)
setprop sys.usb.config diag,rmnet,adb
setprop sys.usb.config diag,acm_smd,acm_tty,rmnet_bam,mass_storage,adb
6) In Device Manager, you will see a com port title Qualcomm Android Diagnosis etc, note the com no.
7) Open QPST, click "Add new port" and enter the port in both places (Port and Port Label), which is written in the device manager.
Next Click Start Client -> Software download. Go to Restore tab, and use the modified xqcn file which you saved in step 2 and press Start.
If any error, tick the check box "Allow phone/file ESN mismatch" and press Start
8) Once restore is 100% done, close the QPST and open the WriteDualIMEI_W_G_eMMC, and put in the IMEIs and flash. You should see Green Pass.
9) Reboot phone and dial *#06# - the IMEIs should be seen. Bingo, job done... give me thanks. Just put in SIM and network should be back.
For Step 7, if more details required, pls refer this post with step by step details
Hope this helps !! I will be extremely happy if this guide helps you in restoring IMEIs, repairing lost network and radio issues.
Reserved
Reserved for FAQs and other experiences.
If i keep a backup of efs patition using twrp..will i be safe in case the partition is corrupt or unreadable?
Bidyadhar said:
If i keep a backup of efs patition using twrp..will i be safe in case the partition is corrupt or unreadable?
Click to expand...
Click to collapse
Yes, that will help in future. Also should take backup of xqcn file using QPST.
I had the lost IMEI problem before, but I did not need rooted phone to solve it. Just turn off the phone, then press Volume (-), and finally connect at the same time the usb cable (make sure drivers were installed before!). You will see 3 new devices, the important is the diagnostics one. Take note of the COM port, and you can use QFIL to backup/flash the qcn. All without root
rainbyte said:
I had the lost IMEI problem before, but I did not need rooted phone to solve it. Just turn off the phone, then press Volume (-), and finally connect at the same time the usb cable (make sure drivers were installed before!). You will see 3 new devices, the important is the diagnostics one. Take note of the COM port, and you can use QFIL to backup/flash the qcn. All without root
Click to expand...
Click to collapse
Interesting, was not aware of this. Is this EDL mode?
mGforCe said:
Yes, that will help in future. Also should take backup of xqcn file using QPST.
Click to expand...
Click to collapse
Sir, can you please tell me how to backup xqcn?
Sent from my Z2 Plus using Tapatalk
Bidyadhar said:
Sir, can you please tell me how to backup xqcn?
Sent from my Z2 Plus using Tapatalk
Click to expand...
Click to collapse
Go till Step 7 as per first post and therein choose backup in place of restore. That's it !
mGforCe said:
Interesting, was not aware of this. Is this EDL mode?
Click to expand...
Click to collapse
I think is not EDL mode, because usb vendor and product ids are different. When I had the IMEI problem, I tried to restore qcn from EDL mode to no avail. After that, I found the suggestion of using Vol(-) and it worked, but it is a diffrent mode, because screen is not black in this one, it shows some options instead (sdcard flash, qcn restore, etc).
mGforCe said:
Use HexEditor to search below default values and replace them with your devices value
Click to expand...
Click to collapse
Please, write here a guide how to edit this values in HEX-editor.
Thanks in advance!
sergsinger said:
Please, write here a guide how to edit this values in HEX-editor.
Thanks in advance!
Click to expand...
Click to collapse
Pls refer below quoted text from OP
Use HexEditor to search below default values and replace them with your devices value. IMEIs / MEID is available on box. MAC can be assumed suitably
MEID: 22 22 22 22 22 22 22
IMEI1: 33 33 33 33 33 33 33 33
IMEI2: 44 44 44 44 44 44 44 44
WIFIMAC: 55 55 55 55 55 55
BTMAC: 66 66 66 66 66 66
Click to expand...
Click to collapse
Use Search and replace feature of Hex Editor to replace above value with your device values
mGforCe said:
Pls refer below quoted text
Click to expand...
Click to collapse
Man, I've tried to do it with two different editors with no luck, because I'm not so close to operate with it. So I ask you to write guide.
Regards.
Problem solved, done by myself.
sergsinger said:
[Man, I've tried to do it with two different editors with no luck, because I'm not so close to operate with it. So I ask you to write guide.
Regards.
Problem solved, done by myself.
Click to expand...
Click to collapse
Good, why don't you share small guide on same for other users now.
mGforCe said:
why don't you share small guide on same for other users now
Click to expand...
Click to collapse
It looks strange. I've asked you to do this, but now you ask me to write a small guide...
I've used Hex Workshop (it's not an advertisement, because I've tried to edit QCN-file with few different editors and they wasn't so friendly to use).
1) Open editor, choose QCN.
Press "Search" and put in data of MEID, Wi-Fi and Bluetooth MACs:
MEID: 22 22 22 22 22 22 22
WIFIMAC: 55 55 55 55 55 55
BTMAC: 66 66 66 66 66 66
!!! Please, notice, that Wi-Fi MAC, that you can see in menu of phone is shown as "54 55 55 55 55 55", but in editor it will be found as "55 55 55 55 55 55" and even in three places. I've changed in all three, because edition of one only doesn't change MAC after reboot.
3) Check after reboot:
- Wi-Fi and Bluetooth MACs are native
- MEID has changed, but it become upside down by group consist of 2 digits (first two digits are now in the end and so on). Problem was solved by "MEID/ESN Tool".
Press "Volume -" and "Power On/Off" (release Power after vibration) until you see "Menu from 0 to 5" (SD update...GetInfo). Connect phone to PC. Launch "MEID/ESN Tool", press "Initialize" (COM-port will be shown), then press button "MEID" and set checkbox "do MEID", enter native MEID (it is like IMEI w/o last digit; it is shown on the box and on the film from the back of the phone), press "Write".
!!! I've tried to change MEID in "MEID/ESN Tool" before QCN was edited, but this was unsuccessful, MEID didn't changed. MEID become native after I've edited QCN in hex-editor and then used "MEID/ESN Tool" as mentioned above.
4) The last one - recover native IMEIs. IMEIs were changed via programm "WriteDualIMEI(W+G_eMMC)". Press "Volume -" and "Power On/Off" (release Power after vibration) until you see "Menu from 0 to 5" (SD update...GetInfo). Connect phone to PC. Launch "WriteDualIMEI(W+G_eMMC)" and enter native IMEIs, press "Start". After reboot you will get native IMEIs.
!!! I've tried to edit IMEIs in hex-editor. But QCN include IMEIs consist of 16 digits, but regular IMEI consist of 15. I've replaced last (useless) number by pressing "space" on keyboard and after reboot there wasn't network. I've supposed that I need to put not a "space", but something like "leave an empty cell" in hex-editor. I haven't tried to do this because I have "WriteDualIMEI(W+G_eMMC)".
@sergsinger don't know why it's strange.. we can give back to xda community only by sharing our knowledge!
Since you had learnt and done it yourself, why not to share the same.
rainbyte said:
I had the lost IMEI problem before, but I did not need rooted phone to solve it. Just turn off the phone, then press Volume (-), and finally connect at the same time the usb cable (make sure drivers were installed before!). You will see 3 new devices, the important is the diagnostics one. Take note of the COM port, and you can use QFIL to backup/flash the qcn. All without root
Click to expand...
Click to collapse
i try your method without rooting, but it didn't work, can you send me qcn file to edit for z2132, also to edit with hex editor is find and replace imei 3333...33 with our imei number is ok or there is other method, also where to look for meid.
sunnythehoney said:
i try your method without rooting, but it didn't work, can you send me qcn file to edit for z2132, also to edit with hex editor is find and replace imei 3333...33 with our imei number is ok or there is other method, also where to look for meid.
Click to expand...
Click to collapse
Pls read OP in detail...the xqcn file is shared there...also to write IMEI you will need tool WriteDualIMEI_W_G_eMMC
Again pls read and download all tools as mentioned in OP as pre-requisite
mGforCe said:
Pls read OP in detail...the xqcn file is shared there...also to write IMEI you will need tool WriteDualIMEI_W_G_eMMC
Again pls read and download all tools as mentioned in OP as pre-requisite
Click to expand...
Click to collapse
i download above 66...6.xqcn file posted above and edit with hexeditor by replacing meid:22.....22 by imei translator hex number. same for imei numbers and restore through qpst config. and then use writedualimei_w_g_emmc all operations shows no error completed successfully but after reboot when dial *#06# shows null meid or imei. now i am going to try by inverting meid no by inverting regular meid no. and imei in inverting pair and make first 8 as 8A. see what happen
sunnythehoney said:
i download above 66...6.xqcn file posted above and edit with hexeditor by replacing meid:22.....22 by imei translator hex number. same for imei numbers and restore through qpst config. and then use writedualimei_w_g_emmc all operations shows no error completed successfully but after reboot when dial *#06# shows null meid or imei. now i am going to try by inverting meid no by inverting regular meid no. and imei in inverting pair and make first 8 as 8A. see what happen
Click to expand...
Click to collapse
where did you find your mied no i am having the same problem
badri21 said:
where did you find your mied
Click to expand...
Click to collapse
It is shown on the box & film from the back of the phone. Usually it is like first IMEI w/o last digit.
In hex-editor MEID which comes with QCN will be simply found by typing "22 22 22 22 22 22 22" in search bar.
I was planning to get a new phone with a great display, and that was exactly when RP2 went on sale. I'm otherwise satisfied with the phone, but single SIM is definitely a deal breaker in China. Given that I could not find any other phone matching my criteria, I decided to get the RP2 and tried to enable dual SIM on it. Till now I've had some success, and here is what I have done.
If you have strong demand for dual SIM like I do, you may try these steps. This thread, however, is NOT a proper nor complete guide on this topic. It is just a record of my trials - they are highly experimental, risky, and potentially broken. There is absolutely no guarantee on signal quality, stability, power consumption or even the success rate. Your device can be permanently damaged if any detail goes wrong. Make sure you understand all the risks and you are able to justify every command before typing it to your phone!
I do appreciate suggestions for the correct way, though. Comments are greatly welcomed!
My environment
QPST 2.7.477 - only PDC is used here, so any version with standalone PDC tool might do the job. But new versions required if you want to use other tools.
QXDM Professional 3.14.1144 - this one is optional. It's used to tweak some parameters, but dual SIM does work without the tweaks.
Qualcomm USB drivers 2.1.2.0 from 2015/7/8 - older versions might work as well.
Windows 10, 1803
arter97's kernel and Magisk-patched stock kernel images readily at hand. The latter can be obtained by patching a stock kernel image in Magisk Manager with "Keep dm-verity/avb 2.0" UNTICKED. I had the latter installed on the phone.
Make sure root shell can be obtained during boot with ALL kernel images. This is an important recovery approach if the phone bootloops.
Steps
I've gone through a tricky path to confirm that there is indeed a second IMEI in the phone prior to the steps, which supported follow-up researching. This thread will not cover this part as this is merely trial-and-error. I will provide suggestions on diag connection though.
1. make a backup of all partitions on the phone, leaving out system, vendor and userdata partitions of course. There are 88 partitions in my backup.
2. make a QCN backup of modem NV. This step could be optional as modemst1/2 has already been backed-up in previous step - I'm not sure about this, and have completed this step whatsoever.
3. make a backup of /vendor/etc/vintf/manifest.xml, and add slot2 instances to the following HALs:
android.hardware.radio - this one has 2 interfaces, and both of them need the slot2 addition
vendor.qti.hardware.radio.am
vendor.qti.hardware.radio.qtiradio - this one has 2 versions, and both of them need the slot2 addition
4.
Code:
adb shell su -c setprop persist.radio.multisim.config dsds
5. find any USB mode with rmnet in /vendor/etc/init/hw/init.msm.configfs.rc, and switch to it. I used "diag,serial_cdev,rmnet,dpl,adb", and that's
Code:
adb shell su -c setprop sys.usb.config diag,serial_cdev,rmnet,dpl,adb
6. Windows shows a lot of new USB devices. Force-install Qualcomm WWAN driver for the RmNet device. I chose "Network Adapters -> Qualcomm -> Qualcomm HS-USB WWAN Adapter 90B8", but anything named after "Qualcomm HS-USB WWAN Adapter" should do.
7. open PDC. There are 3 dual SIM (DSDS) hardware profiles available:
SR_DSDS-LA-7+7_mode-SDM845
SR_DSDS-WD-7+7_mode-SDM845
SR_DSDS-WP8-7+7_mode-SDM845
The one with WP8 in its name can be ignored, and here comes the hard choice.
I tried the WD one in the first place: activated it in the context menu on Sub0 then Sub1, and clicked Activate twice. PDC complained about malformed packet after second click, and the profile was shown as Active on Sub0, and Pending on Sub1. Nothing bad happened after a reboot, regardless of the errors above. Two SIM slots were present in About Phone, and second IMEI is correctly shown there as well. Upon inserting two SIM cards I got dual VoLTE online, and everything behaved like a normal dual SIM SDM845 device. There were some little glitches though: once or twice a day signal bars disappeared and popped up again in a few seconds. Mobile data also stuttered at random times, though not frequent - sometimes mobile data was stable for the whole day. I was satisfied with the results, and made another backup of partitions.
Then I started comparing the WD and LA profiles. I quickly realized that LA marked the phone as DSDS while WD as SS in the device_mode NV entry (I honestly had no idea why dual SIM just worked with WD). There were other differences unknown to me, but LA seemed more "correct" and I decided to switch to this profile. After deactivating WD on both Sub0 and Sub1, I activated LA on Sub0 but not Sub1. The phone could still make use of two SIMs, but without VoLTE on either card. LTE was still available for both cards though. The glitches with WD were mostly gone (data still stuttered but recovered much faster), and the phone SEEMED cooler and battery SEEMED to drain slower.
Finally I could not understand the lack of VoLTE and switched back to WD (still Sub0 only). This time only the first SIM card could register on IMS/VoLTE. The second one registered on LTE but not IMS, regardless of default data card selection. Activating WD on Sub1 did not solve the problem. Manual checks/corrections on the differences between WD and LA made no effect either. I had to flash the backup made after first WD trial, and dual VoLTE worked again.
I came to the following conclusion after this step:
a. hardware profiles may be applied to Sub0 only (can anyone confirm this?)
b. a profile may not be completely reverted after applying. That is to say, same profile status does not mean same baseband behavior.
c. LA profile does not support VoLTE for some reason.
d. if you want dual VoLTE, your best bet would be activating WD on Sub0 and Sub1 right after previous steps, though Sub1 won't accept the setting.
e. mobile data may stutter with dual SIM (this could also be the fault of my service provider however)
Any clarification on this step is appreciated. If you want to enable dual SIM, you have to make your own choice here. Just remember to backup before every change.
8. apply some NV changes from LA on WD base:
ue_usage_setting: from DATA_CENTRIC to VOICE_CENTRIC
device_mode: from SS to DSDS
disable_global_mode: from 1 to 0
I failed to find any difference after these changes. this step could be optional. I myself use the phone as daily driver with these changes though.
That's all. Don't worry, I'm confused as you Everything just works or fails without any valid reason
Other Details
1. RP2 uses the same SIM card slot as Samsung. I filed an card tray from Samsung S7 so that it fits RP2. Its size naturally() fits RP2, just make it as thin as Razer's tray and it will work.
2. if you want to restore a modemst1/2 backup, do that in TWRP. If this needs to be done in Android system, stop vendor.rmt_storage first.
3. if the phone reboots to recovery right after booting to lock screen, this could be SIM count in baseband and system diverging. Run
Code:
adb shell su -c setprop persist.radio.multisim.config ss
during boot to see if this fixes the problem. If it does, restore all backups then start all over.
4. QPST does not recognize the diag port from the phone upon USB connection. Do this so that diag port works:
Code:
# in adb shell, assuming USB mode has already been switched
su
setenforce 0
stop vendor.per_mgr
# wait a few sec until QPST recognizes SDM845 on the diag port
start vendor.per_mgr
# SDM845 disappears and re-appears after a few sec, and QPST is usable
5. arter97's kernel disables diag drivers, and QPST could never recognize the phone. You have to use stock kernel if you intend to use anything other than PDC.
Screenshots and photos:
Screenshot of About Phone:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Screenshot of dual VoLTE:
Photos of the filed card tray inside RP2:
The original Samsung tray:
And after filing:
Reserved for minor fixes
that's interesting
i have tried this, but the second imei doesn't appears what am I doing wrong?
ps: i find second imei in QCN backup
IMG
I finally got it
i updated to rom deodexed and zipalign from Warrior1988
after that I looked at the settings, the second Imei appeared
then I put sim card, android recognizes then it worked
PS: i modded SIM Card with MicroSD, now i have dual SIM with MicroSD :laugh:
IMG
unfortunately, now i see this message on starting, but starts normally (don't shutdown) :victory:
IMG
Update: you can remove this with command
reboot "dm-verity enforcing"
Hey man! What sim card tray did you use and how did you modify it for dual SIM and sdcard?
Using a command to reverify the DM will get rid of the red text and boot
th3cavalry said:
Hey man! What sim card tray did you use and how did you modify it for dual SIM and sdcard?
Using a command to reverify the DM will get rid of the red text and boot
Click to expand...
Click to collapse
I did this method, and used default sim card tray
and thanks for command
So I'm stuck at step 7. I have the both SIM slots showing in the phone but no IMEI for SIM2. When I open PDC it doesn't show anything.
When we add the slot2, do we add slot1,slot2 or do we add a whole nother line in the file for slot2?
Did you have any issues with PDC in the beginning?
updateing said:
I was planning to get a new phone with a great display, and that was exactly when RP2 went on sale. I'm otherwise satisfied with the phone, but single SIM is definitely a deal breaker in China. Given that I could not find any other phone matching my criteria, I decided to get the RP2 and tried to enable dual SIM on it. Till now I've had some success, and here is what I have done.
If you have strong demand for dual SIM like I do, you may try these steps. This thread, however, is NOT a proper nor complete guide on this topic. It is just a record of my trials - they are highly experimental, risky, and potentially broken. There is absolutely no guarantee on signal quality, stability, power consumption or even the success rate. Your device can be permanently damaged if any detail goes wrong. Make sure you understand all the risks and you are able to justify every command before typing it to your phone!
I do appreciate suggestions for the correct way, though. Comments are greatly welcomed!
My environment
QPST 2.7.477 - only PDC is used here, so any version with standalone PDC tool might do the job. But new versions required if you want to use other tools.
QXDM Professional 3.14.1144 - this one is optional. It's used to tweak some parameters, but dual SIM does work without the tweaks.
Qualcomm USB drivers 2.1.2.0 from 2015/7/8 - older versions might work as well.
Windows 10, 1803
arter97's kernel and Magisk-patched stock kernel images readily at hand. The latter can be obtained by patching a stock kernel image in Magisk Manager with "Keep dm-verity/avb 2.0" UNTICKED. I had the latter installed on the phone.
Make sure root shell can be obtained during boot with ALL kernel images. This is an important recovery approach if the phone bootloops.
Steps
I've gone through a tricky path to confirm that there is indeed a second IMEI in the phone prior to the steps, which supported follow-up researching. This thread will not cover this part as this is merely trial-and-error. I will provide suggestions on diag connection though.
1. make a backup of all partitions on the phone, leaving out system, vendor and userdata partitions of course. There are 88 partitions in my backup.
2. make a QCN backup of modem NV. This step could be optional as modemst1/2 has already been backed-up in previous step - I'm not sure about this, and have completed this step whatsoever.
3. make a backup of /vendor/etc/vintf/manifest.xml, and add slot2 instances to the following HALs:
android.hardware.radio - this one has 2 interfaces, and both of them need the slot2 addition
vendor.qti.hardware.radio.am
vendor.qti.hardware.radio.qtiradio - this one has 2 versions, and both of them need the slot2 addition
4.
Code:
adb shell su -c setprop persist.radio.multisim.config dsds
5. find any USB mode with rmnet in /vendor/etc/init/hw/init.msm.configfs.rc, and switch to it. I used "diag,serial_cdev,rmnet,dpl,adb", and that's
Code:
adb shell su -c setprop sys.usb.config diag,serial_cdev,rmnet,dpl,adb
6. Windows shows a lot of new USB devices. Force-install Qualcomm WWAN driver for the RmNet device. I chose "Network Adapters -> Qualcomm -> Qualcomm HS-USB WWAN Adapter 90B8", but anything named after "Qualcomm HS-USB WWAN Adapter" should do.
7. open PDC. There are 3 dual SIM (DSDS) hardware profiles available:
SR_DSDS-LA-7+7_mode-SDM845
SR_DSDS-WD-7+7_mode-SDM845
SR_DSDS-WP8-7+7_mode-SDM845
The one with WP8 in its name can be ignored, and here comes the hard choice.
I tried the WD one in the first place: activated it in the context menu on Sub0 then Sub1, and clicked Activate twice. PDC complained about malformed packet after second click, and the profile was shown as Active on Sub0, and Pending on Sub1. Nothing bad happened after a reboot, regardless of the errors above. Two SIM slots were present in About Phone, and second IMEI is correctly shown there as well. Upon inserting two SIM cards I got dual VoLTE online, and everything behaved like a normal dual SIM SDM845 device. There were some little glitches though: once or twice a day signal bars disappeared and popped up again in a few seconds. Mobile data also stuttered at random times, though not frequent - sometimes mobile data was stable for the whole day. I was satisfied with the results, and made another backup of partitions.
Then I started comparing the WD and LA profiles. I quickly realized that LA marked the phone as DSDS while WD as SS in the device_mode NV entry (I honestly had no idea why dual SIM just worked with WD). There were other differences unknown to me, but LA seemed more "correct" and I decided to switch to this profile. After deactivating WD on both Sub0 and Sub1, I activated LA on Sub0 but not Sub1. The phone could still make use of two SIMs, but without VoLTE on either card. LTE was still available for both cards though. The glitches with WD were mostly gone (data still stuttered but recovered much faster), and the phone SEEMED cooler and battery SEEMED to drain slower.
Finally I could not understand the lack of VoLTE and switched back to WD (still Sub0 only). This time only the first SIM card could register on IMS/VoLTE. The second one registered on LTE but not IMS, regardless of default data card selection. Activating WD on Sub1 did not solve the problem. Manual checks/corrections on the differences between WD and LA made no effect either. I had to flash the backup made after first WD trial, and dual VoLTE worked again.
I came to the following conclusion after this step:
a. hardware profiles may be applied to Sub0 only (can anyone confirm this?)
b. a profile may not be completely reverted after applying. That is to say, same profile status does not mean same baseband behavior.
c. LA profile does not support VoLTE for some reason.
d. if you want dual VoLTE, your best bet would be activating WD on Sub0 and Sub1 right after previous steps, though Sub1 won't accept the setting.
e. mobile data may stutter with dual SIM (this could also be the fault of my service provider however)
Any clarification on this step is appreciated. If you want to enable dual SIM, you have to make your own choice here. Just remember to backup before every change.
8. apply some NV changes from LA on WD base:
ue_usage_setting: from DATA_CENTRIC to VOICE_CENTRIC
device_mode: from SS to DSDS
disable_global_mode: from 1 to 0
I failed to find any difference after these changes. this step could be optional. I myself use the phone as daily driver with these changes though.
That's all. Don't worry, I'm confused as you Everything just works or fails without any valid reason
Other Details
1. RP2 uses the same SIM card slot as Samsung. I filed an card tray from Samsung S7 so that it fits RP2. Its size naturally() fits RP2, just make it as thin as Razer's tray and it will work.
2. if you want to restore a modemst1/2 backup, do that in TWRP. If this needs to be done in Android system, stop vendor.rmt_storage first.
3. if the phone reboots to recovery right after booting to lock screen, this could be SIM count in baseband and system diverging. Run
Code:
adb shell su -c setprop persist.radio.multisim.config ss
during boot to see if this fixes the problem. If it does, restore all backups then start all over.
4. QPST does not recognize the diag port from the phone upon USB connection. Do this so that diag port works:
Code:
# in adb shell, assuming USB mode has already been switched
su
setenforce 0
stop vendor.per_mgr
# wait a few sec until QPST recognizes SDM845 on the diag port
start vendor.per_mgr
# SDM845 disappears and re-appears after a few sec, and QPST is usable
5. arter97's kernel disables diag drivers, and QPST could never recognize the phone. You have to use stock kernel if you intend to use anything other than PDC.
Click to expand...
Click to collapse
th3cavalry said:
So I'm stuck at step 7. I have the both SIM slots showing in the phone but no IMEI for SIM2. When I open PDC it doesn't show anything.
When we add the slot2, do we add slot1,slot2 or do we add a whole nother line in the file for slot2?
Click to expand...
Click to collapse
PDC works for me from the beginning. Please check:
1. Did you install the correct driver for the RmNet device?
2. There is a combo box in PDC window with nothing selected by default. Could you choose HS-USB WWAN Adapter in its dropdown list?
th3cavalry said:
So I'm stuck at step 7. I have the both SIM slots showing in the phone but no IMEI for SIM2. When I open PDC it doesn't show anything.
When we add the slot2, do we add slot1,slot2 or do we add a whole nother line in the file for slot2?
Click to expand...
Click to collapse
for me the second IMEI only worked after I installed this https://forum.xda-developers.com/razer-phone-2/development/rom-mr1-stock-deodexed-zipalign-t3916502
and to PDC work i used this driver https://androidfilehost.com/?fid=11410963190603864074
Wait, so... Even though this is a single-SIM phone, it has a second IMEI in it, and the hardware to read a second SIM? All they had to do to make this officially dual-SIM was make a slightly different SIM tray and change the hardware profile?
Gamesoul Master said:
Wait, so... Even though this is a single-SIM phone, it has a second IMEI in it, and the hardware to read a second SIM? All they had to do to make this officially dual-SIM was make a slightly different SIM tray and change the hardware profile?
Click to expand...
Click to collapse
Maybe they need more resources to fine tune dual SIM experiences (if they have not given up the plan for this variant). For example modem could crash when IMS registration states change on both slots simultaneously (this is why my signal bars disappear from time to time), and radio performance could be drastically degraded when two slots are registered on different bands. Making a product market-ready takes much more resources than making in happen in lab, and Razer might not want to invest that much in this area.
updateing said:
Maybe they need more resources to fine tune dual SIM experiences (if they have not given up the plan for this variant). For example modem could crash when IMS registration states change on both slots simultaneously (this is why my signal bars disappear from time to time), and radio performance could be drastically degraded when two slots are registered on different bands. Making a product market-ready takes much more resources than making in happen in lab, and Razer might not want to invest that much in this area.
Click to expand...
Click to collapse
Makes sense. I suppose I shouldn't trivialize the process. It mostly just surprises me that the hardware (and some of the software) is there at all. They must have had plans to do dual-SIM up until almost the last minute, because otherwise I can't imagine why they wouldn't save the money needed to put that extra hardware in there. And I can't imagine they'll release any such thing at this point. They basically shut down their mobile phone division, and haven't even released a software update in months.
hey guys..
enabling diag is workig on android 8.1.? it was using on pie but didnt work on oreo...anyone faced wtih this pb..?
Code:
aura:/ $ su
aura:/ # setprop sys.usb.config diag,serial_cdev,rmnet,dpl,adb
aura:/ #
---------- Post added at 02:27 PM ---------- Previous post was at 02:10 PM ----------
t-mobile_mda said:
hey guys..
enabling diag is workig on android 8.1.? it was using on pie but didnt work on oreo...anyone faced wtih this pb..?
Code:
aura:/ $ su
aura:/ # [B]setprop sys.usb.config diag,serial_cdev,rmnet,dpl,adb[/B]
aura:/ #
Click to expand...
Click to collapse
i think it is not working on oreo..tried again on pie and worked again...
Code:
C:\Users\X\Desktop\Razer\Phone_2\Root\8.1>adb shell
aura:/ $ su
aura:/ # [B]setprop sys.usb.config diag,serial_cdev,rmnet,dpl,adb[/B]
C:\Users\X\Desktop\Razer\Phone_2\Root\8.1>
hey again guys..
can anyone pls sahre the modemst parts..? single sim or dual it doesnt metter..
lrwxrwxrwx 1 root root 15 1970-03-18 15:27 modemst1 -> /dev/block/sdf2
lrwxrwxrwx 1 root root 15 1970-03-18 15:27 modemst2 -> /dev/block/sdf3
dd if=/dev/block/sdf2 of=/sdcard/sdf2
dd if=/dev/block/sdf3 of=/sdcard/sdf3
w.b.r.
What are the chances of breaking my phone with these steps?
Just like anything else, trial and error.
So does this kill WiFi calling?
I tried this and I jacked it up a bit. i got it to get both SIMs working (TMOUS and KT). The WiFi calling for TMOUS stopped working and also if I went to "Mobile Data" it reset the radio and never opened the menu. So i tried to revert and it got stuck in a boot loop and when i did get in the cell was completely not working, No sim, no IMEI. Luckily i flashed an older ROM (shipped 8.1MR0) and progressively upgraded through the ROMs from there and have service again. This tells me that the Stock Razer Images from their developer site don't have 'everything' for a full restore.
t-mobile_mda said:
hey again guys..
can anyone pls sahre the modemst parts..? single sim or dual it doesnt metter..
lrwxrwxrwx 1 root root 15 1970-03-18 15:27 modemst1 -> /dev/block/sdf2
lrwxrwxrwx 1 root root 15 1970-03-18 15:27 modemst2 -> /dev/block/sdf3
dd if=/dev/block/sdf2 of=/sdcard/sdf2
dd if=/dev/block/sdf3 of=/sdcard/sdf3
w.b.r.
Click to expand...
Click to collapse
Grab the Stock ROM for your version then extract it: https://developer.razer.com/razer-phone-dev-tools/factory-images/
All of them have "modem.img" used in there flash script in this command:
Code:
%fastboot_cmd% flash modem_a modem.img
%fastboot_cmd% flash modem_b modem.img
I don't think this works on 9MR2