Hi!
I read the wiki page and I searched on the forum but I did not find answer.
When I try to unlock the cid (I have a G3), the cmd screen give me this message:
"Could not update itsutils.dll to the current version, maybe it is inuse? try restarting your device, or restart activesync"
What i have to do?
Thanks to all.
copy the files "EnableRapi" and "Cert_SPCS" to your device and run them (you can find them inside the folder "Utils".
Then run the "LokiwizMsl.bat" from your computer again and it should work.
This trick was already described in the sim unlock part of the wiki
but i've updated the cid unlock wiki with the info.
Hi!!
I still have that message. Could you check if i'm doing something wrong?
This is the guide from the wiki:
"Do the following :
- Copy the cab's from the Utils folder in the Lokiwiz03a.zip file to your Prophet and execute them (There are two files : "Cert_SPCS.cab" and "EnableRapi.cab")"
Sorry but this is not very clear because:
1) there aren't file called "Lokiwiz03a.zip"
2) Need I to do hard reset (or a soft reset) after execute that 2 files?
Please help me, I'm not the only one with that problem.
Thanks to all.
Pepez said:
Hi!!
I still have that message. Could you check if i'm doing something wrong?
This is the guide from the wiki:
"Do the following :
- Copy the cab's from the Utils folder in the Lokiwiz03a.zip file to your Prophet and execute them (There are two files : "Cert_SPCS.cab" and "EnableRapi.cab")"
Sorry but this is not very clear because:
1) there aren't file called "Lokiwiz03a.zip"
2) Need I to do hard reset (or a soft reset) after execute that 2 files?
Please help me, I'm not the only one with that problem.
Thanks to all.
Click to expand...
Click to collapse
Sorry thats the file from the sim unlock part, I've changed the wiki
the files you need are in pdamobiz.com_downgrade_and_unlockcid.rar
Hi!!! Thanks for your update!
I run the 2 files from my machine without hardreset after that.
That solved the Downgrade.bat operation (i did not receive the "itsutils.dll error") but it didn't work with the Cidunlock.bat command.
With the cidunlock.bat command I had the classic error and this one too from the cmd screen:
"CopyFileToTFFS(acidunlocked.bin:0, 0, 00010000)
ERROR: ITWriteDisk - internal error"
After that I made the last experiment.
I tried to update the rom without unlock the cid and I discovered with the Italian Prophet you don't have to unlock the cid.
So I solve my problem!! Thanks to all!
I hope to help someone with this post!
Easy fix to the "Could not update itsutils.dll to the current version..." error
1. Use prapi.exe to query value of 4097.
D:>prapi.exe -q -p 4097
Default is "2"
2. Use prapi.exe to set value of policy 4097 to "1"
D:\>prapi.exe -p 4097 1
Explanation :
4097
0x1001 RAPI Policy The Remote API (RAPI) policy restricts the access of remote applications that are using RAPI to implement ActiveSync operations on mobile devices.
0 ActiveSync service is shut down. RAPI calls are rejected.
1 Full access to ActiveSync is provided. RAPI calls are allowed to process without restrictions.
2 Access to ActiveSync is restricted to the SECROLE_USER_AUTH (User Authenticated) role. RAPI calls are checked against this role mask before they are granted. ( default )
Also check : http://www.xs4all.nl/~itsme/projects/xda/smartphone-policies.html
Related
I have a Vodafone.es S200 I m trying to unlock it but I always get an error: The system cannot find the path specified, and I dont get any code, here it is the full message:
machinagod's HTC Wizard/Prophet/Charmer MSL Revealer v0.3
NOW WITHOUT CID Unlocking POWER!
ECHO is off.
Supports SPL 2.x!!
--------------------
WARNING: This tool is highly experimental!
I will NOT be held responsible for any problems caused by this tool.
--------------------
Thanks to xda-developers, spv-developers, and especially itsme by the work they
released. This solution would not be possible without them.
--------------------
Unlocking RAPI Please wait...
MachinaGod RapiUnlocker v1.0
InitializingThe system cannot find the path specified.
.The system cannot find the path specified.
.The system cannot find the path specified.
...........The system cannot find the path specified.
..........Done!
RAPI Unlocked.
Starting MSL work... DO NOT DISCONNECT UNTIL THIS SCRIPT ENDS
ECHO is off.
The system cannot find the path specified.
ECHO is off.
ECHO is off.
SIMLock Code is your code... Type it with another SIM in...
--------------------
The system cannot find the path specified.
--------------------
"Standing on the shoulder of giants"
Ricardo Afonso, 2005
Press Any key to Exit.
I tried everything, I follow the instructions, I run the cabs file onto the diveice but is still the same, any idea?
thanks for your help
Ok finally i managed to unlock the issue was the pc I used a different pc no problem 2 minutes and I have got the key
First SPVServices cannot connect to the remote site (spv-developers.com site down indefinitely?).
Then, I tried the alternative using Unlock_SuperCID_Your_SPV_C500_550_600.rar. Followed every step exactly. When I run Lokiwiz.bat, here is the output from the MSDOS window:
....
--------------------
U. Unlock
L. Lock
C. CID Unlock (SuperCID)
Q. Quit
--------------------
Type the letter and press Enter: C
CID unlocking mobile... DO NOT DISCONNECT UNTIL THE PHONE REBOOTS!
ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom
to indicate the remote party has initiated a graceful shutdown sequence.
opening: lock_backup.bin: No such file or directory
This exe file was created with the evaluation version of Perl2Exe.
For more information visit http://www.indigostar.com
(The full version does not display this message with a 2 second delay.)
...
Then, I just try invoking pdocread manually, regardless of what command line argument I put, or no argument at all, the response is always the same " ERROR: Unable to open WinCE file '\windows' - Returned by WSARecv or WSARecvFrom to indicate the remote party has initiated a graceful shutdown sequence."
From ActiveSync, I do see \windows, but as a directory, not a file. Anyone got any inside or suggestions?
Opening a directory sounds so trivial, what is it trying to do?
PLease, please help! Thank you so much!!!
/dan
The following one i have seen one of the Chinese forum. Is it can possible to root 2.37. I need a help from expert. THanx.
PS: Citie copyright Andrews forum all milk @ coffee produced reproduced thank you, please indicate the source
Note: This downgrade tutorial is only suitable for DHD in SHIP S-ON or ENG S-OFF under the wrong brush 1.72 above the official RUU version of the software, from ENG S-OFF back SHIP S-ON and can not by Visionary + software get ROOT highest authority use, other circumstances do not try!
Preparation:
1, download and install the HTC Sync Download: http://www.htc.com/cn/SupportViewNews.aspx?dl_id=982&news_id=776
2, download adb-tool.zip
Visitors, if you want to see the hidden content please post replies
Will extract from the adb-tool folder to the C root directory, then copy the adb-tool folder three files into the "My Computer "----" C drive "---- "Windows "----" System32" directory.
3, download Downgrade.zip
Visitors, if you want to see the hidden content please post replies
Will extract from the five files to the C drive just copied into the adb-tool folder
4, corresponding to your mobile phone to download the official region Brush Pack (RUU beginning of the EXE file, version 1.32 and below, there are 1.31 to 1.31 recommended)
1) See CID: DHD in "Settings "----" "----" application development "----" USB debugging" tick, and then DHD computer with data cable to connect, connection options "charging only", open the computer's "Start "----" Run", type "cmd", the pop-up window, enter "adb shell getprop ro.cid", then Enter
Appears similar to the "HTC_621" code words HTC_621 behalf of the Taiwan version HTC_622 DHD DHD is representative of the Hong Kong version (and so on ... specific code can be Baidu, if you can not find customer service customer service consulting HTC official website: http:// www.htc.com / CN / Support / online_service.html )
2) find the DHD and the corresponding area of your official Brush Pack, and version 1.32 and paste the following official RUU Collection Address: http://www.anzhuo.cn/thread-15122-1-1.html more official RUU Collection stickers Address: http://xdafil.es/index.php?sort=date&path=DesireHD/RUU/
The Hong Kong version, for example: RUU_Ace_HKCSL_CHT_1.32.832.6_Radio_12.28b.60.140e_26.03.02.26_M_release_155943_signed.exe
RUU: HTC Update Utility abbreviation official upgrade tool
Ace: DHD's internal development code
HKCSL: HK on behalf of Hong Kong, CSL is the largest one mobile network operators, like China Mobile (HTCCN: CN on behalf of China)
CHT: language is Traditional Chinese, Simplified Chinese corresponds to CHS, US behalf of the U.S. (CHS for Simplified Chinese, WWE on behalf of the world's Edition)
1.32.832.6: software version number
12.28b.60.140e_26.03.02.26_M: radio version number
Release: release means here that the final version, along with the corresponding test, a test version of the meaning of
155 943: the version number part of the Signed: Signed through
5, the download is complete run the official Brush Pack, wait until you can brush machine interface operation, do not click Next, and then the computer
To Win7, for example: C: \ Users \ Administrator \ AppData \ Local \ Temp (If you do not find the corresponding folder, click Show hidden folder, if found
To xp, for example: C: \ Documents and Settings \ Administrator \ Local Settings \ Temp rom.zip, please use the search function in the computer's Temp directory search)
Directory, there is similar to {BC47B5B7-0CDF-4C97-9A2A-5C6C8E36186A} folder, inside there's a certain rom.zip archive, this archive copy out and rename it PD98IMG.zip, and then into the DHD mobile phone memory card root directory
Started:
1, DHD in "Settings "----" "----" application development "----" USB debugging" tick, and then DHD computer with data cable to connect, connection options "only charge "
2, open the computer's "Start "----" Run", type "cmd", the pop-up window, enter "cd \", Enter, then type "cd \ adb-tool", then Enter
Then another input (note the space):
1) "adb push psneuter / data / local / tmp", carriage return (the psneuter files to the phone / data / local / tmp directory)
2) "adb push misc_version / data / local / tmp", carriage return (the misc_version files to the phone / data / local / tmp directory)
3) "adb shell chmod 777 / data / local / tmp / psneuter", enter (modify file attributes psneuter 777)
4) "adb shell chmod 777 / data / local / tmp / misc_version", enter (modify file attributes misc_version 777)
5) "adb shell / data / local / tmp / psneuter", carriage return (Executive psneuter file)
6) "adb shell", carriage return (return adb shell)
Completion of 6), you should see the command prompt window "#" symbol, if not, check whether the correct implementation of the above steps if there is "#" symbol
Then enter:
7) "/ data / local / tmp / misc_version-s 1.31.405.3", carriage return (the role of this step is to make your system from that under the current software version is 1.31.405.3, automatic upgrades for the back to prepare)
8) "exit", Enter
9) "adb reboot bootloader", Enter
At this point the phone will automatically restart, and then automatically detect the presence of PD98IMG.zip, then automatically upgrade is complete, you will downgrade your phone to find that your own version of the official RUU
Downgrade to this end, you have complete the downgrade, so now you can re-post in accordance with Brush tutorial from scratch http://www.anzhuo.cn/thread-21957-1-1.html
Finally, I wish you success Brush
cool thanks for your tutorial.
Sent from my Desire HD using XDA Premium App
Coooooll, thanks sooo much
My phone's software is 2.37.707. Can i downgrade to 1.32 by this way? In hboot is ship s-on...
People, this is not a tutorial, it is a question. The guy does not know, he asks. This tutorial cannot downgrade anything above 1.7, unlike the existing guide in XDA. Mod, please remove this thread from the dev section.
That guide does not even have source pointing to the right place.. Makes my blood boil.
Sent from my Desire HD using Tapatalk
If it is a question then it is in the wrong section and it might be deleted.
Anyhow, untill it is not deleted, you can look in these posts:
http://forum.xda-developers.com/showthread.php?t=905003
http://forum.xda-developers.com/showthread.php?t=857537
I've used these posts for the first time, got root, but not full root. Had downgraded the radio, but when i wanted to upgrade the radio it told me that i hadn't root, and got serious problems connecting to pc. so I've installed an offical RUU and use ATM TOOL
---- ATM TOOL -----
Simply use this tool. This is the best tool, as it querys the phone if it can or not be downgraded/rooted/unlocked:
http://forum.xda-developers.com/showthread.php?t=1037315
That is what i have used. Now i don't remember if i had radio 2.37
But you will have to downgrade it anyhow.
Check this out:
http://forum.xda-developers.com/showthread.php?t=905003
Dislcaimer: this is for educational purposes only,you shall not use this on other people phones without permission under any circumstances,and am not responsable to any misuse of this hack
Click to expand...
Click to collapse
ok so not long ago i had a problem with a locked android device with a pattern and i managed to unlock it using adb,so here's how in case you were stuck one day with a locked device.
the device needs to have usb debugging enabled in case usb debugging isn't enabled and you have cwm you can run the same instructions from cwm,root is not required (though it will be so better if the device was rooted)
this was tested on:gingerbread,ice cream sandwich and jelly bean.
both method are through adb.
method 1:
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit
-AND/OR-
method 2:
Code:
adb shell rm /data/system/gesture.key
and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded
you can try both of them,here is how i managed to remove the lock:
1- run the first method.
2-reboot
3-run the second method
4-reboot
NOTES:
-in the first method each line is a seperate command so click enter after typing each line.
-in the second method type all the command and then press enter.
-after running both methods and rebooting you may see the pattern lock,that doesn't necessarily mean it doesn't work,just try any random pattern and it may unlock then remove the pattern from settings.
-this may and may not work,it may work on some devices and don't on others,so all you can do is trying it but i can't assure it will work.
a small donation would be much appreciated thank (check my signature)
But What if i remember the password well enough, but didnt have data enabled the moment it got locked?
Explained elaborately here>>>http://forum.xda-developers.com/showthread.php?p=29963687
It will unlock either (Loook at the time of message above - I am time traveler )
i have better method than bot the above ones
look for smudges on the phone
Do the files need to be restored or are they just the user data for the pattern locks?
This is really great...
i wonder how do you discover this
you must be a hacker
Or you could boot into recovery backup data
wipe factory reset and reboot
Could try restoring data but most likely restore pattern lock
Or simply enter your gmail address as requested
2nd option...
if you have Custom recovery
use AROMA File Explorer and you can do the same thing through the recovery
or adb through the recovery
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Method #1 FAIL:
1|[email protected]:/data/data/com.android.providers.settings/databases $ ll
opendir failed, Permission denied
255|[email protected]:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
Error: unable to open database "settings.db": unable to open database file
Method #2 FAIL:
[email protected]:/data $ ll /data/system/gesture.key
-rw------- system system 20 2012-08-11 04:51 gesture.key
[email protected]:/data $ rm /data/system/gesture.key
rm failed for /data/system/gesture.key, Permission denied
(I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I'd encrypt my phone and use a passphrase instead)
This is a useful guide, thanks, I will try it :good:
So I guess if Debugging wasn't previously enabled, you have no chance to unlock it...
I've noticed a locked Archos tablet in a shop (probably some stupid shopper locked it) and when I saw this thread announced on the first page I was thinking of helping the shop owner. But I guess I cannot.
Have a nice day!
I don't know whether this method can use on neither:
Rooted
Installed Busybox
Rom Version Older or Newer than CM7
This method require ADB Debugging On & A PC & A tool Provided
I found this trick a long time ago
I come for sharing
Click to expand...
Click to collapse
Download the By-pass security Hack.7z
http://www.mediafire.com/download.php?li2686c3jenmen6
Click to expand...
Click to collapse
Primary Step for all method:
Click to expand...
Click to collapse
Extract it to anywhere using 7-zip.
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & selete secure
Instruction To Remove Pattern Lock:
Click to expand...
Click to collapse
Now, find lock_pattern_autolock, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove PIN Lock:
Click to expand...
Click to collapse
Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove Password Lock:
Click to expand...
Click to collapse
Now, find lockscreen.password_salt, Delete Record
Now, find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
hmmm i hope those thief's don't find these thread lol
zmore said:
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Click to expand...
Click to collapse
Nor does either method work on unrooted Galaxy Nexus with stock Jelly Bean. Yay stock Android.
mixtapes08 said:
hmmm i hope those thief's don't find these thread lol
Click to expand...
Click to collapse
don't leave usb debugging checked on then.
I advise you guys to also post your Android version. My opinion is that the security hole that permits this hack has been removed in JellyBean, maybe even in an earlier version.
I will try it too a little later, just for the fun's sake.
aussiebum said:
don't leave usb debugging checked on then.
Click to expand...
Click to collapse
If you have forgotten to leave USB debugging enabled, reboot your phone into recovery and do the same. No USB debugging required.
You may however need to mount the partition being accessed by this method, and you can do that only if you have a custom recovery installed (which you more-than-likely have, since you're here on XDA). Just go to 'Mounts and Storage' and mount /data. Then use the method just the normal way. Cheers!
Useful guide for sure. Will keep this as reference!
Does this only work for the pattern unlock or will it also work on the password or the PIN unlock screen?
I can confirm that it is working on a CM7.2 Motorola Defy.
Thanks m.sabra!
What to do if you forgot a PIN/password for Huawei EMUI "App lock" feature? I couldn't find an existing solution, so I had to solve the problem for myself. I have a Huawei p20 pro phone, but this solution is also suitable for other devices running on EMUI Android OS.
In my case, my root rights helped me, but if you don’t have them, you can probably solve the problem by using the ADB console (see UPDATE below).
So, the PIN is stored in the file "/data/misc/hsm/databases/applock.db". If you have root rights, you can delete it (and other files like "applock.db-shm", "applock.db-wal", "applock.db-journal", etc), which will reset all the settings for "App lock". Or with using any sqlite-editor on PC you can open "applock.db" file, and erase the "encrypt_password_sha256_salt" and "encrypt_password_sha256" fields in the "applockpreference" table.
In both cases restart the phone, the PIN code should disappear.
If you do not have root rights (so you cannot delete/edit the file "applock.db"), but you can read it, then you may use this python3 code (you can use any online interpreter to run it) to bruteforce PIN in less than a minute:
Code:
import hashlib, binascii
encrypt_password_sha256_salt = '609605825498166908'
encrypt_password_sha256 = '1000:5b2d362c202d34332c202d32352c202d33332c2034392c2036322c202d38372c2032362c2031312c202d32312c2031352c202d35382c2034312c203132362c2031312c202d34325d:97f6fdf9a44a1f3fb21e2296'
pbkdf2_password = bytes.fromhex(encrypt_password_sha256.split(':')[1])
needed_hash = encrypt_password_sha256.split(':')[2][:24]
result = ''
for i in range(0, 10000):
pin_str = str(i).zfill(4)
pin_and_salt = pin_str + encrypt_password_sha256_salt
sha256_hash = hashlib.sha256(str.encode(pin_and_salt))
sha256_hash_str = sha256_hash.hexdigest()
dk = hashlib.pbkdf2_hmac('sha1', str.encode(sha256_hash_str), pbkdf2_password, 1000)
if binascii.hexlify(dk)[:24].decode("utf-8") == needed_hash:
result = pin_str
break
if (i + 1) % 1000 == 0:
print('{}% done'.format((i + 1) // 100))
if result != '':
print('found: "{}"!'.format(pin_str))
else:
print('hmm... nothing found :(')
UPD:
I tried to get "applock.db" file through ADB console, and failed. "/data/misc/hsm/databases" is not accessible, "HwSystemManager.apk" a.k.a. "com.huawei.systemmanager" does not support "run-as com.huawei.systemmanager" command, and it has a "android:allowBackup=false" param in it's manifest, so "adb backup -noapk com.huawei.systemmanager" doesn't work.
So I can summarize, that my solution doesn't work without root rights (but if you have it, everything will be fine!).
hioma said:
What to do if you forgot a PIN/password for Huawei EMUI "App lock" feature? I couldn't find an existing solution, so I had to solve the problem for myself. I have a Huawei p20 pro phone, but this solution is also suitable for other devices running on EMUI Android OS.
In my case, my root rights helped me, but if you don’t have them, you can probably solve the problem by using the ADB console or an advanced file manager.
So, the PIN is stored in the file "/data/misc/hsm/databases/applock.db". If you have root rights, you can delete it (and other files like "applock.db-shm", "applock.db-wal", "applock.db-journal", etc), which will reset all the settings for "App lock". Or with using any sqlite-editor on PC you can open "applock.db" file, and erase the "encrypt_password_sha256_salt" and "encrypt_password_sha256" fields in the "applockpreference" table.
In both cases restart the phone, the PIN code should disappear.
If you do not have root rights (so you cannot delete/edit the file "applock.db"), but you can read it, then you may use this python3 code (you can use any online interpreter to run it) to bruteforce PIN in less than a minute:
Click to expand...
Click to collapse
password stored in secured partition...
this metbod it would be too simple...
huawei is not stupid... try factory reseting.... before take factory reset,delete google account and logout huawei id...
spityu85hun said:
password stored in secured partition...
this metbod it would be too simple...
huawei is not stupid... try factory reseting.... before take factory reset,delete google account and logout huawei id...
Click to expand...
Click to collapse
This is not "guess", this is a working solution. "/data/misc/hsm/databases/" is secured directory, but (I think) it is accessible through ADB console (and if you have root rights, it 100% accessible and editable, so you can clear or "decipher" PIN, stored as pbkdf2 key). So you can solve problem without wiping, I think, it's a good solution.
hioma said:
This is not "guess", this is a working solution. "/data/misc/hsm/databases/" is secured directory, but (I think) it is accessible through ADB console (and if you have root rights, it 100% accessible and editable, so you can clear or "decipher" PIN, stored as pbkdf2 key). So you can solve problem without wiping, I think, it's a good solution.
Click to expand...
Click to collapse
grat...now helped for thief for hack applocker pin...