How to find the MSL for your Photon Q
chrisngrod posted a tool for getting the MSL from logcat (http://forum.xda-developers.com/showthread.php?p=31765156) but is in the form of a .bat script, which isn't very useful for Mac or Linux users. I'm a decently regular reader, but I guess I've never posted. So sorry that this isn't in the dev section.
I'm assuming a couple things here
You have the android SDK installed, or at least adb available to you
You have a Motorola Photon Q (on Sprint?) plugged into your computer and appropriate drivers installed (if needed--not sure)
USB Debugging is enabled on your device
You know what a terminal is, or at least how to use one
You are in the current directory of adb. If it's in your path, omit the "./"
Make sure your computer sees your phone
Code:
./adb devices
You should see something like
Code:
List of devices attached
T*******Y device
where *'s are numbers. If you don't see any devices, make sure nothing else is interfering (tethering apps on computer, etc)
Now, go to the dialer on your phone, and dial ##DATA#. A menu should pop up, tap on Data Profile, then the three dots at the top right, and finally Edit. Enter 6 random digits, and click Verify.
Now go back to your computer and run this
Code:
./adb logcat -b radio -d | grep "grde"
Hopefully you'll only see one line. If there's more than one, look for one that looks like this
Code:
09-21 21:56:38.837 360 360 E RIL-MOTEXT: NV Read 32, length 6, data length 6, grde - 313934333230
The last set of numbers is what we care about. Your MSL is encoded in the even digits (in counting i.e. 2, 4 ,6 ,8 ..). Mine happened to be hidden in some 3's. So this phone's MSL is 194320.
Test it out by going back to your phone and typing it in.
This worked for me, and I haven't found anywhere else that talked about doing it for the Photon Q, so please correct any incorrect information.
asinginglamp said:
How to find the MSL for your Photon Q
Now go back to your computer and run this
Code:
./adb logcat -b radio -d
Hopefully you'll only see one line. If there's more than one, look for one that looks like this
Code:
09-21 21:56:38.837 360 360 E RIL-MOTEXT: NV Read 32, length 6, data length 6, grde - 313934333230
The last set of numbers is what we care about. Your MSL is encoded in the even digits (in counting i.e. 2, 4 ,6 ,8 ..). Mine happened to be hidden in some 3's. So this phone's MSL is 194320.
Click to expand...
Click to collapse
I was able to do this with only the phone and connectbot. Putting in a false code and then looking over logcat for the NV Read 32, Mine was also hanging out with a group of 3s.
KitsunePaws said:
I was able to do this with only the phone and connectbot. Putting in a false code and then looking over logcat for the NV Read 32, Mine was also hanging out with a group of 3s.
Click to expand...
Click to collapse
Nice. I tried doing it with aLogcat, but didn't see anything. Didn't think to try connectBot.
with me it was between the 3's, i copied the msl.bat to the ADB-platform tools folder what i use for compiling-decompiling apk's, and it worked.
This Is Cray
Gojira-r32 said:
with me it was between the 3's, i copied the msl.bat to the ADB-platform tools folder what i use for compiling-decompiling apk's, and it worked.
Click to expand...
Click to collapse
err
i tried this method the only thing i see on the transcript using adb logcat is checksubsidylockpasswrdcomplete<>errorno=RIL_OEM_CDMA_GENERIC_FAILURE..
Like ive tried everything, any suggestions..besides call sprint
batzluminatti said:
err
i tried this method the only thing i see on the transcript using adb logcat is checksubsidylockpasswrdcomplete<>errorno=RIL_OEM_CDMA_GENERIC_FAILURE..
Like ive tried everything, any suggestions..besides call sprint
Click to expand...
Click to collapse
Do you get anything with adb logcat?
???
asinginglamp said:
How to find the MSL for your Photon Q
chrisngrod posted a tool for getting the MSL from logcat (http://forum.xda-developers.com/showthread.php?p=31765156) but is in the form of a .bat script, which isn't very useful for Mac or Linux users. I'm a decently regular reader, but I guess I've never posted. So sorry that this isn't in the dev section.
I'm assuming a couple things here
You have the android SDK installed, or at least adb available to you
You have a Motorola Photon Q (on Sprint?) plugged into your computer and appropriate drivers installed (if needed--not sure)
USB Debugging is enabled on your device
You know what a terminal is, or at least how to use one
You are in the current directory of adb. If it's in your path, omit the "./"
Make sure your computer sees your phone
Code:
./adb devices
You should see something like
Code:
List of devices attached
T*******Y device
where *'s are numbers. If you don't see any devices, make sure nothing else is interfering (tethering apps on computer, etc)
Now, go to the dialer on your phone, and dial ##DATA#. A menu should pop up, tap on Data Profile, then the three dots at the top right, and finally Edit. Enter 6 random digits, and click Verify.
Now go back to your computer and run this
Code:
./adb logcat -b radio -d | grep "grde"
Hopefully you'll only see one line. If there's more than one, look for one that looks like this
Code:
09-21 21:56:38.837 360 360 E RIL-MOTEXT: NV Read 32, length 6, data length 6, grde - 313934333230
The last set of numbers is what we care about. Your MSL is encoded in the even digits (in counting i.e. 2, 4 ,6 ,8 ..). Mine happened to be hidden in some 3's. So this phone's MSL is 194320.
Test it out by going back to your phone and typing it in.
This worked for me, and I haven't found anywhere else that talked about doing it for the Photon Q, so please correct any incorrect information.
Click to expand...
Click to collapse
The first command works..Recognizes dev, then the logcat command works ONLY when i leave off at the -d. When i do the process i see the RI-MOTEXTem Hook header type 0, requestcode 0x2000016...blah blah blah..how do i write the second part of the comand..?
msl
I ran into that error- OEMRequestunlock thingy.... I tried looking through myself with alogcat, but nothing... at the time I thought I fixed it by downgrading the android OS... then the .bat still didn't work... I figured out that that was because of the path statement not including the location of findstr.exe (grep in this linux example) but now I think that maybe the .bat file didn't work originally because of the path statement and I maybe didn't have to downgrade the OS, but if you're straight up doing it by typing the command into terminal and with grep no less and encountering the problem, then I'll bet it was necessary to downgrade the OS.
So what I'm saying is- you probably have to downgrade the Android OS to one that has the MSL in the ril. Also, it might not be showing up in aLogcat because you'd have to tell it to read the radio log (which is what the -radio switch does)
Hope this helps
I made one phone call to Sprint tech support and simply asked for my MSL, and the lady gave it to me. No questions asked.
Related
I need to know more about ADB I guess, like how to get it to stay open when I double click the app if thats even how I open it. Instead the window keeps closing as soon as it opens.
My friend (the one who owns this forum account) just downgraded my G1 from RC33 to 29 and now its asking me to sign in but I can't. Apparently my girlfriend can't either on her phone and we didn't do anything with hers but I just signed her in through wifi since it wasn't on the setup screen like mine was. I on the otherhand am stuck at the beginning and need a way to get around it, I don't know why we lost the data plan we had all of a sudden but I'm not going to bother with that and instead will keep moving forward with an alternative.
I'm completely noob to all things command promp so I don't know what an SDK is, just found out what the ADB is and dled that and the drivers but can't start anything up as of yet. I know my android is at RC29 because of the reboot test on the how to bypass the registration thread.
EDIT: Lmfao I guess I picked a bad time to modify my G1, at the time of this post there is a global outage of T-mobile's internet, everything west of the mississippi river is out so thats why I couldn't sign in before, if this thread gets locked or ignored then its ok, I can just wait it out, but just goes to show murphy's law is the real deal, the day I decide to finally start editing stuff this happens.
I'm not really an expert and I had to learn as I went, but here's how I went through the same problem.
Basically, you don't run ADB as a normal program, you open a command prompt (for vista and xp go to run and type cmd) and then you have to navigate to the folder that ADB is in, so if you have the SDK on your desktop youd type something like
"cd c:\users\yourusername\desktop\SDK\tools" (for vista)
yours will probably differ, but use "cd" to navigate to the folder ADB is in. Then assuming you have your phone and the drivers setup properly, when you're navigated to that folder you can type commands that start with adb or whatever and they should work.
If that doesn't work then your phone may not be setup properly, in which case you need to follow the steps in the registering without a data plan thread, although I had a sim so I skipped the disabling of the insert sim screen. The rest is fairly simple, assuming you've got past the insert sim screen somehow you need to type on your phone
<enter>setprop persist.service.adb.enable 1<enter>
I did this in the email box of the signup so you can actually see what you've typed because you won't know if it's worked until you actually try it. After that again type
<enter>telnetd<enter>
which will allow you to get root access to the phone temporarily, then we connect to your phone from your computer.
In a command prompt on your computer do what I said up top by navigating to the folder ADB is in (c:\users\yourname\desktop\sdk\tools or whatever depending on which version of windows you're on and where the SDK is) and type
adb shell
this will probably say the daemon is not currently running, start the daemon etc.... this is good. If it then gives you a hash (#) at the start of the line you are now accessing your phone from your computer. If not, type
adb devices
and see if it gives you anything under where it says "List of devices attached" in the command prompt. If not it's not recognising your phone so you need to get it to do that first.
Last step when you have this, on your computer type
am start -a android.intent.action.MAIN -n com.android.settings/.Settings
which should bring up the page on your phone to enable and manage wifi connections... Connect to your wifi like normal, check it says connected on the settings page and press back and you can register over your wifi.
Hope this helps, I'm no pro but this is how I did it and it worked fine.
It took me forever to piece together how to do this will all the pc forums so I decided to write up one specifically for mac.
First your phone has to be rc29 or rooted. please go to http://androidandme.com/2009/05/gui...r-rooting-your-android-g1-to-install-cupcake/ for the best way to do this. To find out if your phone has this hit enter type reboot and hit enter again. If it reboots you are in go shape.
Second you need download a couple of this to your computer.
Android-sdk-mac http://developer.android.com/sdk/download.html?v=android-sdk_r3-mac.zip
and adb http://android.googlecode.com/issues/attachment?aid=2845842048498102014&name=adb.zip
Unzip both files and then place adb in android-sdk-mac/tools folder
Now back to your phone. press enter then setprop persist.service.adb.enable 1 and then enter again.
It should say something like this is not an emergency number.
Now back to your computer. Open your terminal and then go to you finder and find android-sdk-mac. Click tools and then drag adb to your terminal and type shell after it and hit enter. If you get a permission denied type sudo and then drag adb over again.
You should get daemon started successfully and then next line $
type am start -a android.intent.action.MAIN -n com.android.settings/.Settings and hit enter.
Now look at your phone. It should have popped up a screen letting you in to wireless connections.
I hope this helps
nice work ;]
Ok so I started this thread about 3 months ago. I got one nice work...yay for me....but that was it I would really like to know if this is working everyone. I know it is mac based and you can probably figure it out from the windows based ones but I do want to make sure it is working for everyone so if you use this please let me know if it worked or any that should be added to it by posting a reply. Thank you
this is exactly the same as jf's tutorial...
i am not as good with computers and trying to figure out the mac steps using a windows guide took me forever. I was just trying to help anyone else in my same situation.
Awesome!
It works great! After spending 2 days uninstalling, reinstalling and generally fighting with Windows 7's automatic driver installation I borrowed my room-mate's mac and got this done in less than 15 minutes! Incredibly refreshing. Thanks!
...
Wonderful! It worked like a charm.... I just have a problem with the Cupcake interface, I like the Donut much better, is there a way to do this on that interface? And if not is there a way to get the Donut market place?
Apparently a number of folks lost their 4G keys. Kinda sucks when you are in a 4G market, and cannot take advantage since your 4G keys are hosed. Redsolar came up with a process for moving/editing your 4G key to a hobbled phone.
Further reading..
http://forum.xda-developers.com/showthread.php?t=716694
Some discussion made that once a phone is sent into either Sprint or Insurance for replacement the 4G keywould be rendered useless by Sprint. In a way I doubt that. It would be more prudent to invalidate the MAC address than the key. Since Wimax keys are generally used to en/decrypt the data. I believe that authentication fails because the network handshake is encrypted. But the initial connection is granted via the MAC address, then validation via the encrypted handshake. It would be easier to invalidate a MAC address than it is to do that with using the actual key (MAC=96 bits vs RAS key=2048). Hence smaller/faster hash table.
What I propose is that someone who has a rooted Evo that has either "lost", or severely damaged (but still accessable via USB by fastboot) their phone that will be going back to Insurance to pull their 4G key by redsolar's process. I in turn will hexedit the key to reflect my MAC address, load it on my borked phone, and see if once Sprint deactivates the phone donor if I would still have 4G. At that point we will know if Sprint is using the MAC address, or the actual key to allow/deny access to Wimax.
The thing is if it works it will have to be one donor key, to one borked phone. Redsolar already proved that two keys operating at the same time will not work. Maybe a repository? We have alot to gain and nothing to lose.
Anyone up for this?
Discuss.
I have a smashed evo that still can be accessed via ADB, even better, I never used 4G on it because at the time there was no 4G here. I am not sure about fastboot access at this time, but as I said ADB worked so I figure fastboot prolly does too. I work 48 hours this week, so not sure when I could try it.
SteelH said:
I have a smashed evo that still can be accessed via ADB, even better, I never used 4G on it because at the time there was no 4G here. I am not sure about fastboot access at this time, but as I said ADB worked so I figure fastboot prolly does too. I work 48 hours this week, so not sure when I could try it.
Click to expand...
Click to collapse
Awesome. If adb works so will fastboot, you just have to boot into bootloader.
Thanks!
That's easy enough then. I'll have to charge up a battery and go read that other post, unless you want to p[aste the commands I need to do in here.
Here you go!
1. Open command line window (cmd)
2. Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
3. Power down your phone
4. Power it up while holding down the Volume Down key
5. HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
6. Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
7. Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
8. The FASTBOOT mode will switch to FASTBOOT USB (that's good)
9. Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
10. If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
11. Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
12. Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
13. Reboot your phone
14. Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
PM me when you do it. I'll set up an account on my FTP box for you so you can upload it.
One major flaw to this attempt
0. The public/private keypair contains your phone's MAC address as part of your certificate's Common Name (CN), which is also most likely validated against the current mac on your phone
1 (corollary of 0). The phone must be an "activated and in service" phone for this to work. So if someone is keeping their broken paperweight and paying sprint the monthly fee for it - sure, this will work
2 (corollary of 1). Using a pair of keys from a deactivated phone will not allow you 4G access, sorry .
If through some miracle of Sprint's negligence the above is not true, I will tip my hat off to you
The negligence would mean that they are not checking anything but whether your public key is signed by HTC, and are happy with the actual MAC address that your phone provides them during authentication. That would be a major major flaw, since MAC address is so easy to change in fastboot.
If you read redsolar's thread, you'll see that I've tried this. It's worth it to try again, but for reference purposes, I have tried and failed.
Here's what I've tried:
I've cloned a friend's wimax certs, changed the mac to mine. It worked. Downfall, is that only one of us can be on 4G at a time. (There doesn't seem to be any checking of mac address vs wimax cert)
I actually purchased someone's wimax certs from a phone that is no longer in service, and changed the mac to mine. Didn't work. Flashed back my friend's certs, worked.
Conclusion, the certs are most likely blacklisted if the phone is not in service.
and cannot take advantage since your 4G keys are hosed.
Click to expand...
Click to collapse
Just curious as I no longer live in a 4G area. What causes this "hosing of keys"?
Most of us who lost it did it through a botched wimax update. It's believed to have originally been released by revoked and circulated for a while during the last Eclair update for evo (1.47)
When wimax was initially a pain to flash. It used a write_raw_image command which overwrote wimax partition and in most cases did so over the unrecoverable SSL key pair.
Sent from my PC36100 using XDA App
Hmmm.. I would be using my valid MAC address. Usually it is the MAC since like IP's only one can exist on a network. Though it is quite probable that Sprint's implementation of Wimax does do a key hash. From the original spec of Wimax, the MAC authentication is done first at connection, then an encrypted handshake follows. The only way to see that is by using a Service Monitor, and watch the transaction. But you can't see what happens after the encryption starts (but you can watch what goes on before and after). HTC can't recreate your Wimax keys because Verisign's algorithm uses a random seed generator. So even if you where to get the keys from both the proceeding, and post MAC addresses to do a compare the RSG would be different on all three keys. Verisign made it easy for makers of electronics that use key encryption, it's just a simple web interface that in the case of cellphone the engineer plugs in a starting MAC address, and the number of keys to produce, and the computer just spits them out to the flash table.
I'm still willing to try. Can't screw up my Wimax anymore than what it is.
redsolar said:
Most of us who lost it did it through a botched wimax update. It's believed to have originally been released by revoked and circulated for a while during the last Eclair update for evo (1.47)
When wimax was initially a pain to flash. It used a write_raw_image command which overwrote wimax partition and in most cases did so over the unrecoverable SSL key pair.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Very interesting. I lost mine on 1.47.651. Never used Unrevoke. Thats besides the point. I have a question which I'm sure I have asked before, but just want to make sure that the info I received was accurate.
I have backed up my Wimax partions (I have a wimax.bin that is around 8MB and another wimax.bin that is 12MB). If I ever lost or hosed my wimax, could I just push this partition backup onto the phone and I should get my wimax up and running again?
Thanks for any info!
wsantiagow said:
Very interesting. I lost mine on 1.47.651. Never used Unrevoke. Thats besides the point. I have a question which I'm sure I have asked before, but just want to make sure that the info I received was accurate.
I have backed up my Wimax partions (I have a wimax.bin that is around 8MB and another wimax.bin that is 12MB). If I ever lost or hosed my wimax, could I just push this partition backup onto the phone and I should get my wimax up and running again?
Thanks for any info!
Click to expand...
Click to collapse
If you followed redsolar's procedure, yes.
I would guess they are using a CRL (Certificate Revoked List) that is probably added once you deactivate the phone. I really hate that they didn't store the certs in a cert8.db and key3.db file on /system or something...
When I adb shell from windows command prompt, I get some type of encoding symbols, I think colors or something, making it pretty much unusable. I've used it before and this didn't happen, so perhaps something in the CM version I'm using, or perhaps some windows setting I accidentally changed.
Any help would be appreciated.
I'm using CM11-20150809-UNOFFOCIAL-moto_msm8960_jbbl with mionica's kernel.
I suspect you are correct - if you used a linux command prompt, it would probably be fine...
You could try changing to UTF-8. In cmd:
Check what it's set to currently:
Code:
chcp
Mine is 437. Try changing to 65001
Code:
chcp 65001
Found this info here:
http://www.javawebdevelop.com/2824222/
Hopefully it helps, never had this issue myself before.
arrrghhh said:
You could try changing to UTF-8. In cmd:
Check what it's set to currently:
Code:
chcp
Mine is 437. Try changing to 65001
.
Click to expand...
Click to collapse
Thanks for reply. I was 437, tried 65001, no luck. It did change things very slightly, the backwards arrows now come out as square boxes, but all the rest of the codes still there.
I've also searched for solution myself. One was to open adb shell from a cygwin shell piped thru cat (adb shell | cat) , which kinda works. It hides the color codes, but other things don't work exactly right, like prompt jumps to top of page when I login or su, but without clearing the screen, so it's overwriting existing text, and other weird things not spacing themselves right, etc... also up/down arrows don't respond right in nano text editor.
I used to be able to just adb shell from regular command prompt and everything worked fine, so I suspect the change in behavior is either my cm version, kernel version, or less likely something I changed in windows or phone settings.
I tried ansicon, that made things worse.
I also read something about busybox settings, but I don't have busybox installed so not sure if it's related.
I wrote the method in 1 II for your reference.
The Qualcomm Diagnostic Port command in Xperia 1&5 is as follows.
(setprop sys.usb.config rndis,eng_mode,adb)
And use the EFSTOols.exe program.
It's easier than I mk2.
Screenshot is
1&5 and 1 MK2
Hello Xperia users! In the meantime, I finally solved the VOLTE problem! I approached Qualcomm's diagnostic port-active-efsExplorer and solved the problem by inserting a VOLTE profile from my carrier
Sorry, this is Korea and I am Korean.
However, I will write down the method in English.
Unlike previous 1&5, Qualcomm's diagnostic port cannot be opened.
opening command
I don't even know. I don't think so.
So it's a little different from before.
I tried to force it open.
debugging connection
Open the Command Proposal window.
adb shell input
su input
Do you want to allow shell on your phone?
prompt acceptance of permission
Then the $ shape changes to #.
Now
setprop persist.usb.eng 1
Copy paste entry. Please enter
And you're gonna be out there during tethering.
In My Computer Item
View Device Manager.
Please turn debugging back on.
Of course, no access.
If you turn on debugging again,
I've already set it up, so it looks like that.
Among them, there is a product model named XQ-AT52.
There are four yellow exclamation points in total.
Manually update driver Press [port] to list the manufacturers
It's called Qualcomm hs-usb-diagh and 9091. with this
I need a manual update. gogo
Now run the EFS Express.
Press 0 on the ROW and OK.
(ROW or SF_Default)
Oh, it takes a long time. I thought it stopped.
It opens if you stay still. LOL
It's open. How nice to see you here!
I am the Korean telecommunication company EFS file extracted from xperia1.
I used it. If you need VOLTE,
XPERIA1 (Modem).Extract from SIN file
I will use the Korean communication file.
Just drag it and put it in a folder.
v check and Yes
There'll be folders that don't exist while you're pulling them in.
Then make it and put the file in.
In the folder where you can view this red file,
Drag and drop the file twice.
The reason is that once you do it, you just go in.
The red file is not updated.
That's how the numbers at the back change when you renew.
So make sure to put it in twice.
Files beginning with NV do not have folders.
Put it on top.
It's over now!
Volte Success ^0^ About IMS
VOLTE OK
Confirm Video Calls
It was such a hard time for me!
I was sad because I couldn't get help.
With 5G mobile phones in 2020,
It was terrible to be on the 3G phone.
If there's someone like me,
This information will help you a lot.
Finally, Marktu
Buy! Buy two! I love it.
Interesting. I wonder if the OpenDevice Modem on AOSP works without that Hack in the same Way. Would be cool to know... Pixel Experience for Example enabled VoLTE, Wifi Calling and Video Calls over Carriers on My Xperia 5 without any additions or extra work. It detects the SIM and loads the needed Configs for it on the Modem. Pretty handy hack from the SONY Community to get extended functionality over AOSP or GSIs