Hello everyone
So I have this $200 Xiaomi Redmi Pro (MT6797) on which I was trying to unlock LTE Bands.
I hooked it up to MAUI Meta and fiddled with nvram settings, trying to stay logical where possible... that's to say I've paid attention at indices, changed at all occurrences of settings, etc (I'm a programmer after all).
Nevertheless , after the N-th dry run, I've managed to touch the "right" value and now Android says no sim inserted (baseband version unknown in system info).
More importantly, I thought I could simply revert the changes, as I have kept track of them, but MAUI Meta now balks with a big red flashing MODEM Exception message, and will not connect.
Most importantly though, I have no nvram backup.
What are my options to revive this thing?
Will it go away with a factory reset, or are nvram changes done with MAUI Meta real?
Any TWRP options? (i.e. http://forum.xda-developers.com/showthread.php?t=2594364 )
Is it feasible to just flash someone else's Redmi Pro nvram backup (...yeah I know I must change IMEI's).
thanks a lot!
I have root access to the /NVRAM folder with a lot of files named MT03_000, xxxx_000 etc.
It would be wonderful if the specific file and offsets for all settings could be extrapolated from a nvram database file...
(The settings I've changed with MAUI Meta are NVRAM_EF_EL1_ANT_PDATABASE, NVRAM_EF_EL1_BAND_INDICATOR, and NVRAM_EF_EL1_MPRADJTBL)
Related
I need a short help, for crosschecking a problem!
I use a old 1.27.xx.xx Radio for changing NV Item.
My Device is SuperCID and secure onlocked in the Bootloader.
I can read my Radio Ram and dump it with the QPST Tools ... that means ... i know the most things!
BUT
With the NV Item Manager, i can read out but not change! If i want write this item, i doesnt get a success message and it doesnt write it.
It means ... i read out again ... same value!
My question ... what radios can change it? Can some body tell me how i do this, to see what error i make?
Don't worry NetRunnerAT, I will get back to you
You say me how connect Kaiser to COM port, please and I say you how change NV Items.
Already I know how connect Kaiser (WM Qualcomm) over COM port (QPST server) .
NV Items it is possible edit over QXDM (Qualcomm eXtensible Diagnostic Monitor - NV Browser ) or QPST - Software Download -> Backup-> edit-> Restore.
What QXDM Version you have? My write MSM License error. Have you a different version?
My is QXDM 3.09.16 PRO
[edit] now we need the NV-Item Password! Its 16 digi in hex -_____-° 0000 doesnt work!
[edit2] we need a full Kaiser qcn dump! For some GPS and Wifi offset value and items!
I am using QXDM 3.09.10 (edited licence), version valid for 31.1.2100 .
This version is OK for this procesor (Kaiser - MSM7200) also: SURF7200, sw version: M7200B-SDCCAAZD-2.2.8011018T, Phone model:206.
Change NV Items over NV browser QXDM works fine. For example change NV Item 148 no problem.
But change NV Item 550 (IMEI) does not working. This NV Item is only for read.
My Kaiser has SPC:000000.
I have full: 00000000_0.qcn - no problem.
File Version: Major 1, Minor 0, Revision 0
File Summary:
Phone Model: 206 [SURF7200], Configuration Name: default, Total NV Item Count: 795
Phone Model 206 [SURF7200] Configurations:
Configuration Name: default
Mobile Properties:
ESN: 0x00000000
Phone Model: 206 [SURF7200]
NV Major: 0
NV Minor: 0
SW Version: M7200B-SDCCAAZD-2.2.801018T
Client Name: QPST Software Download 2.7.0.264
jirkab said:
I am using QXDM 3.09.10 (edited licence), version valid for 31.1.2100 .
This version is OK for this procesor (Kaiser - MSM7200) also: SURF7200, sw version: M7200B-SDCCAAZD-2.2.8011018T, Phone model:206.
Change NV Items over NV browser QXDM works fine. For example change NV Item 148 no problem.
But change NV Item 550 (IMEI) does not working. This NV Item is only for read.
My Kaiser has SPC:000000.
I have full: 00000000_0.qcn - no problem.
File Version: Major 1, Minor 0, Revision 0
File Summary:
Phone Model: 206 [SURF7200], Configuration Name: default, Total NV Item Count: 795
Phone Model 206 [SURF7200] Configurations:
Configuration Name: default
Mobile Properties:
ESN: 0x00000000
Phone Model: 206 [SURF7200]
NV Major: 0
NV Minor: 0
SW Version: M7200B-SDCCAAZD-2.2.801018T
Client Name: QPST Software Download 2.7.0.264
Click to expand...
Click to collapse
where can we download this? will it work with Niki?
ZhenMing said:
where can we download this? will it work with Niki?
Click to expand...
Click to collapse
what you mean? the tool or his qcn file? for tool ... look in my shared folder!
@jirkab ... can you send me your qcn file? i need some value! i will handle it carefull and i dont publish it. i need it for some HTC Nike GPS unlock tests.
Yes, this tool (QPST, QXDM) is working for all Qualcomm chips in Diagnostic Interface/NMEA Interface/Modem mode(emulation USB to Com port/s mode).
You must have WM PPC (Qualcomm) SuperCID and Security Unlocked + HardSPL with AT command mode support. Over MTTY.exe connect device as modem - com port.
To NetrunnerAT: Check your e-mail ([email protected]). I Sent you .qcn file from Kaiser Radio ROM 1.27.15.32 (NV Item 550 with IMEI and 923 with IMSI is changed ). Send me password for your "Public shared Folder", for next file upload.
Has Nike antenna for GPS?
i have ... super-cid, secure unlocked, at commands and rtask, hard spl, but i cant edit the items i need!
htc use new security functions! qpst and qxdm is useless! we try some dirty reverse enginered tools for siemens phonse ... same error! i cant edit the most items ... next ... i cant access the bootloader and radiobootloader via keys.
some nike are very secure -_____-°
about antennas ... i think they exist! antenna have every time a special look. wifi antenna use the most time the same dipol construction. i can see 3 different types of antennas inside the nike. two different RF connector for externals antennas. one connecter i have messure a GSM signal. the other is death in the moment.
I am using standard Q utilities and all works ok with Kaiser (change NV Items and structures). Mistake maybe in Matrix .
no ... the nv-items are secure protected on a htc nike. possible some items change back, if some special items are not present or set right.
Same problem here
I have the same problem here, when I try to change a NV Item with QPST, it says that the item is read-only and cannot be changed!
What is the procedure to make an NV Item RW ?
Thanks a lot for your help.
What is the procedure to make an NV Item RW ?
Click to expand...
Click to collapse
This is an really really good Question.
NV items are stored as files in folder NVM.
If folder NVM is secured/locked...
There are different ways to force NV item change, without access to NVM through BitPim or EFS Explorer...
But you need to find them.
1 funny way is to dump CEFS and manipulate NV items "OFFLINE" on PC instead on high secured mobile.
But the problem is, to identify the NV items in Dump...
2. way is to make NVM folder visible.
Different methods on different mobiles...
But if u can dump CEFS, u can rename some NVM Strings... write back CEFS...
To dump CEFS look into QPST... Gang Bang uups I mean Gang Flash Image App...
But before check, if an folder NVM exists... But I think yes. Because this is an Qualcomm Standard thingie...
NOT tested, NOT confirmed on MSM7200. Need to be tested... on your mobile...
Best Regards to jirkab
Sorry for the noob question, but I can't find any thread where it tells me how to activate the comm port with my HTC AT&T Tilt so I can use QPST and QXDM wile the phone is running (not in the tri-color bootloader screen).
I can get netmonitor started and that is a useful tool for me. I've tried ##3424#, *#*#3424#*#* and get nothing. Is there a way to get QPST and QXDM to run when it's booted (like I can do with a CDMA phone)?
Thanks
Hello xda
first, i searched the forum and other sources for solution and didn't found any help
-My phone is Lenovo A319 dual sim
-i download the latest stock firmware for it from 4PDA
-then before flash i select the scatter in sp flash tool and did format all except bootloader.
-then flashed the firmware and everything done well.
-after powering on my phone with sim card it didn't recognize it (Both sim 1 and sim 2) - no imei - no serial number - baseband is ok.
-i fixed all of this and after some tries the phone recognize both sim(s) but just 1 bar signal in sim 2 (2G) out of 5
-and sim 1 keep doing searching and no service and randomly get network (G) and sometimes (3G) but can't make calls, ussid ... etc
*Things i have tried*
1-fixed imei with SN & IMEI Writer. (Done!.)
2-fixed SN with Maui META 3g and ini config file that i have found on the internet that supposed to fix 3g but it only fix SN:nullnull to SNNxxxxxxxxxx (where x is some letters and numbers). (Done!.)
3-flashed another secro.bin from another MT6572 device(original secro.bin from stock firmware a319 flashed already). (No Luck with network)
4-changed TX settings in RF Tool in Maui META 3g [ GSM900=TX:-13 - 1800=TX:-10].(No Luck with network)
5-some other playing in Eng. Menu (*#*#3646633#*#*).(No Luck with network)
Notice:
-firmware i have downloaded has a folder Called "APDB" that contains database files for my device and a file called "catcher_filter_1_wg_n.bin".
-firmware dosn't have nvram.img.
-i have no backup.
-i'm sure that is the problem can be solved by changing band settings in Maui META 3g in RF Tool but i have no idea how to accomplish such thing.
-i guess the problem i because the firmware is Russian and my phone work in Egypt so the band settings is vary from here to there.
i hope i can get some help, and sorry for my bad english
BR.
i found a stock rom for lenovo a319 that sim works with my sim perfectly.
now i want to move from stock to CM12.1.
cm12.1 has the same issue because of modem things.
-how can i change modem from the stock i have to work with Russian unofficial CM?
Update
after flashing cm 12.1 the signal gone again, when i try go back to it no signal too :\
bump!
iguess The Problem is in RF Data but i have no idea how to set it correctly
any help?
please tell me where you find the solution for sn repair, please pm it to me
privatezs said:
Hello xda
first, i searched the forum and other sources for solution and didn't found any help
-My phone is Lenovo A319 dual sim
-i download the latest stock firmware for it from 4PDA
-then before flash i select the scatter in sp flash tool and did format all except bootloader.
-then flashed the firmware and everything done well.
-after powering on my phone with sim card it didn't recognize it (Both sim 1 and sim 2) - no imei - no serial number - baseband is ok.
-i fixed all of this and after some tries the phone recognize both sim(s) but just 1 bar signal in sim 2 (2G) out of 5
-and sim 1 keep doing searching and no service and randomly get network (G) and sometimes (3G) but can't make calls, ussid ... etc
*Things i have tried*
1-fixed imei with SN & IMEI Writer. (Done!.)
2-fixed SN with Maui META 3g and ini config file that i have found on the internet that supposed to fix 3g but it only fix SN:nullnull to SNNxxxxxxxxxx (where x is some letters and numbers). (Done!.)
3-flashed another secro.bin from another MT6572 device(original secro.bin from stock firmware a319 flashed already). (No Luck with network)
4-changed TX settings in RF Tool in Maui META 3g [ GSM900=TX:-13 - 1800=TX:-10].(No Luck with network)
5-some other playing in Eng. Menu (*#*#3646633#*#*).(No Luck with network)
Notice:
-firmware i have downloaded has a folder Called "APDB" that contains database files for my device and a file called "catcher_filter_1_wg_n.bin".
-firmware dosn't have nvram.img.
-i have no backup.
-i'm sure that is the problem can be solved by changing band settings in Maui META 3g in RF Tool but i have no idea how to accomplish such thing.
-i guess the problem i because the firmware is Russian and my phone work in Egypt so the band settings is vary from here to there.
i hope i can get some help, and sorry for my bad english
BR.
Click to expand...
Click to collapse
please provide a link it would be helpful
Any solution? Since my Lenovo A319 has the same problem. Sometimes no network, EDGE, 3G or even H+. Hopefully someone already have the solution.
I'm in Indonesia, already using A319_ROW_DS_S318_150615 with Baseband Version MOLY_WR8_W1315_MD_WG_MP_V43_P2_2015/01/13
AbuIgras said:
Any solution? Since my Lenovo A319 has the same problem. Sometimes no network, EDGE, 3G or even H+. Hopefully someone already have the solution.
I'm in Indonesia, already using A319_ROW_DS_S318_150615 with Baseband Version MOLY_WR8_W1315_MD_WG_MP_V43_P2_2015/01/13
Click to expand...
Click to collapse
hello
iam not an expert but i had some problems the same way with 3g and gsm by seeking some infos in this fourms and others
i found that u can easly extract ur device modem data base by the following command "under adb "
" adb pull /etc/mddb C:/adb " notice that c:\adb is going to be the extraction destination
so u v just got ur own modem database
easly i guess u can extract similar working device modem and just go to Maui META v 9.1604.02.00 then load it there and apply it to ur own device by selecting Rf and then 3g settings also change ur imei to ur original ones
---------------
i hope that i'am saying a good and useful stuff or some one can correct the mistakes 4 me
** sorry that i was here for long time just learning without trying to give or share i hope that one day i will have some info to share..
dial *#06#.. if you got invalid imei, then...write down your both imei (you can see at the back of your phone) download and install chamelephon, open and write down both imei. apply and restart your device. enjoy
Hi,
I bought an IMEI changed Samsung Galaxy Note 9. Its rooted using Magisk, I m not a familiar with android ROM installations.
I want to upgrade android version from currently running 9 to android 10. But I dont want to loose the Changed IMEI.
What will happen if I flash official android 10 ROM onto my device, will the IMEI be changed to the factory one?
Thanks
Backup /EFS partition before changing ROM.
FYI:
EFS stands for Encrypted File System. Imagine the EFS as a big folder containing all of the important stuff that makes the "phone" part of your phone (i.e. what lets you communicate from one person with a phone to another) tick. It contains your IMEI, lots of files revolving around your SIM card and Wifi/Bluetooth (this includes your MAC address for all the radios of your phone), and lots of other things that should never ever under any circumstance be deleted or touched. It's sensitive, it's devastatingly important, and it's a huge pain. If you lose your EFS folder, you lose pretty much any chance of your phone being able to use data, Wifi, Bluetooth, and ( probaby) your phone will just not want to respond and reboot quite a lot.
Hey Guys,
So along with my struggle of loading MBN files, I eventually used a Xiaomi Mi 11 Ultra (Global Edition) for a few days. This is another device that runs on the Same Snapdragon 888 SOC, and has the exact same Modem (Codename Lahaina). On the Mi 11 Ultra, Both my carriers have 5G / VoLTE working perfectly fine and had no issues whatsoever.
I opened up both the modem.img files (Can be viewed with 7Zip) and even the file structure is identical including the codenames, with the difference Xiaomi modem having more MBN files for many more carriers (I posted the MBN file extracted over here), (including the two MBN files my carriers use). On the other hand ASUS Modem.img has a very limited number of MBN files, which looks like they haven't updated it since the summer of 1969.
This is the Xiaomi Mi 11 Ultra Modem.img
File on MEGA
mega.nz
This is the ZS673KS (ROG 5) Modem.img
File on MEGA
mega.nz
Since there is no way to upload MBN files to the ROG 5 - Does anyone know whether we can fastboot flash the Modem image ?
Edl try
Akkaya34 said:
Edl try
Click to expand...
Click to collapse
Modem can be flashed over Fastboot.
Not required EDL.
But need to verify whether this has any risks. Only the chip (SOC) brand is same, but internally there might be other differences, and the image sizes are not the same either. So worried of hard brick.
BLOB images have the same code but very different interface to the kernel in most cases, so it's not likely anything will work
yurishouse said:
BLOB images have the same code but very different interface to the kernel in most cases, so it's not likely anything will work
Click to expand...
Click to collapse
Thanks a lot of the headsup !
Would the idea work better with rog 5 u.s modem blob?
Heero0101 said:
Would the idea work better with rog 5 u.s modem blob?
Click to expand...
Click to collapse
US version might have hardware differences .. So im not really sure.
Confirmed not working, restored partitions previously backed up for next surgical op.
katalinscrob said:
Confirmed not working, restored partitions previously backed up for next surgical op.
Click to expand...
Click to collapse
Thanks a lot for trying! Much appreciated!!
No pb! The main issue now that I have volte working along real 5G on both sim slots, is vowifi... PDC was the ideal method, but if sysprop vendor.usb.diag 1 command triggers correct diag mode, then for sure is another issue here, A11 related I guess...
katalinscrob said:
No pb! The main issue now that I have volte working along real 5G on both sim slots, is vowifi... PDC was the ideal method, but if sysprop vendor.usb.diag 1 command triggers correct diag mode, then for sure is another issue here, A11 related I guess...
Click to expand...
Click to collapse
How did you get VoLTE working?
Did you have the MBN inside already?
PDC is sadly blocked in A11 OS mode. However OnePlus Users They have a FTM mode - Which allows Efs tools / PDC to communicate. Hopefully something should come around for Asus.
You need root first of all.
There are 2 ways for permanent volte/vowifi toggle menus:
1. *#*#4636#*#*, set preffered network type NR/LTE, then back to original.
2. Magisk module Pixel5_VoWIFI.VoLTE_magisk_module_V1-MINI.zip (search github)
After this, via EfsTools method just copy to NV your carrier mbn from attached folder, reboot. Tried all of them until found compatible one from my carrier but no VoWIFI sadly.
katalinscrob said:
After this, via EfsTools method just copy to NV your carrier mbn from attached folder, reboot. Tried all of them until found compatible one from my carrier but no VoWIFI sadly.
Click to expand...
Click to collapse
Which thread did you follow?
I had a problem with my device not connecting via WIFI.
Full support 5G+VoLTE+VoWIFI:
1. Flash last A11 firmware WW-18.0840.2201.229 and root it.
2. Through QPST and AsusVOLTE apk, connect via wifi /same IP option ( I used IPV4+IPV6).
3. Download and unrar attached EfsTools, which contains the mcfg.mbn** and load it to NV.
4. Flash A12 firmware WW-31.0810.1226.57.
5. Root again, install voenabler*** module in magisk, restart.
**A11 banner mbn in .rar is for GermanyVodafone.
*** voenabler or any other method you agree with for enabling 4G/VOWIFI menus in settings.
In A12 banner is HW_DEFAULT instead any previous A11 carrier specific mbn, which means that ASUS finally resolved this problem for good.
Later edit: will try to extract and upload modem.img already modded for easy fix this entire stupid issue which Asus could have been more responsive to buyer's needs ...
Enjoy!
Since after .77 update lost again volte and vowifi, so disapointed... Respawned .mbn and voila, back in time with only volte capability, no vowifi.
Because I don't want to get through previous posted procedure, as I would be stuck in .57 basically, I found an alternative solution that could offer updates advantages and minimum-hassle procedure for regaining volte/vowifi, which basically is copying working mbn unpacked files to efs partition via efsExplorer in QPST. I tried mbn from an identical X60 qualcomm/lahaina chipset (found on xiaomi12t) and volte/vowifi working again, but no 5G this time. Anyway, is a matter of pacience and time for testing.
Another solution would be modifying modem.img extracted from Asus payload.bin but I didn't found an easy way to unpack/repack, only managed to open it through 7zip and get some resources. If you can find a solution to this, I think this would be the most elegant way for us to have all modem's capabilities activated, by simply restore modified-modem.img after every update.
And yes, tried AIK, various .img unpackers etc...
Hi all,
Just wanted to give a background story as to why I formatted the Flash by accident on my device. I received the phone not too long ago and was excited to venture into the possibilities of testing and trying out different images. Unfortunately without backing up the device I kind of jump the gun and formatted the drive after I ran into some issues thinking I could restore it with the Stock ROM files. To my horror I found out that not all ROMs were included when reimaging the Stock Roms.
So, here I am. The device is working ok, but these are the issues I'm facing below:
- Partially lost of cellular signals - (Flashing "Modem.bin could resolve this, but don't know where to flash it or what folder structure)
- Wifi working inconsistently - (Stock Roms, does include a "Modem_bin" folder with the files, but again don't know where to flash it)
- Don't have all the calibrations files (Maybe I do, but don't have the correct partition or where it would be placed)
- The Databases were also included, but again don't know where to flash it
- Lost IMEI/BaseBand - (Fixed by flashing IMEI numbers through SN Writer Tool)
- Lost Google Device certification - (Fixed by flashing Attestation files with SN writer tool)
Few things I need help with:
- Does anyone have the full structure of their Doogee V20 phone that does not mind pointing me in the right direction of where to flash the Modem.bin files to?
- Also, if IMEI and SN is corrected, does it means now that the NvRam and NvData info is all there or partially there?
Thanks in advance and hope my insights or issues helps other to avoid my mistakes.
I have attached the scatter files and stock roms if you have any way of extracting what I need from them I would highly appreciated it.
Scatter files : attached
Stock rom : Here