Better Mobile App

[DEV][SIMLOCK] Developing a free sim-unlock for the Galaxy Ace 2(X)

Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.

This is a REALLY interesting thread. We need more of these! I know that to unlock my good old Galaxy Gio, you had to pull the bml5 partition and look at it with a hex editor to find 8 digits surrounded by nonsense symbols. Unlocking this device is gonna be MUCH harder, but maybe we just need to look at one of the 5 partitions you mentioned with a hex editor? I have no need of unlocking my device, nor have I ever actually tried it, but I'd like to get involved in this. Tell me, what happens when you insert a foreign sim card into your Ace II X (then you power it on or reboot it)? Does a dialog pop up asking for a code?

Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.

For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.

Szaby59 said:
For i8160/p/l (and for all phones with novathor soc) the imei, serial and simlock data is on cspsa_fs that's 100%, but it's encrypted and I think there is a hash check or something similar because if you edit something (no matter what) in cspsa partition dump after reflashing the modem completely stops working - no signal, no imei.
Click to expand...
Click to collapse
angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.

angrybb said:
Dont bother with tools from market, they are made for units with samsung and qualcomm cpus. Ace2/S3 mini/S Advance/Xperia Sola/Xperia U and few others use NovaThor cpu from ST-Ericsson. So you should look in that direction. I have posted partition info here http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22
You should also look those threads about partitions and some other info:
http://forum.xda-developers.com/showthread.php?t=2145464
http://forum.xda-developers.com/showthread.php?t=2352064
http://forum.xda-developers.com/showthread.php?t=2389395
http://forum.xda-developers.com/showthread.php?t=2132670
IIRC imei is most likely in cspsa partition, but encrypted. Search also for binaries in /system/lib/tee.
Some things i think may help further:
- gap betwwen partitions
- serial number is not encrypted, you can find it by searching the dump
If you want you can buy development board for NovaThor pretty cheap at http://shop.strato.com/epages/61428605.sf/en_GB/?ViewObjectID=11538 as this platform seems dead since ST-Ericsson split and so is with price of the board.
Click to expand...
Click to collapse
wrong thread dude..
---------- Post added at 08:59 PM ---------- Previous post was at 08:59 PM ----------
Codename13 said:
You guys are mistaken. The device being discussed is not the Ace II, but instead the Ace II X (same as S7560 Galaxy Trend or S7562 S Duos but with single sim). It does have a Snapdragon S1 clocked to 1 GHz (MSM7227A) with an Adreno 200 GPU. @op maybe you should modify the thread name to Ace II X instead of Ace 2 (X). It makes it less misleading.
Click to expand...
Click to collapse
they should read the entire thread first right?(first post) see how observent they are

Is this thread dead?

Codename13 said:
Is this thread dead?
Click to expand...
Click to collapse
I think so
---------- Post added at 09:21 PM ---------- Previous post was at 08:35 PM ----------
krazykipa said:
Hello,
I am starting this thread in the hopes of spurring some investigation into how to unlock the Samsung Galaxy Ace 2(X) without paying for an unlock code or for a service box such as Octoplus etc. All other methods for unlocking Samsung devices (dialer code, nv_data etc) do not work on this device.
I have made a little bit of progress on my own device, the GT-S7560m or Galaxy Ace 2X, outlined here. Unfortunately, I cannot provide a method to unlock as of yet, as the method I currently have found will replace the target device IMEI with the IMEI of the 'donor' device. I have not found a way to change the IMEI back (yet).
First, what I did was simple: Root the phone and backup all partitions other than /system, /data, /cache (/dev/block/mmcblk0pX) I did this a couple of times in between reboots and factory resets to have multiple backups as well as to see if any partitions change after reboots or resets.
It turns out that there are five partitions which change (slightly or drastically) after reboots/resets. These are:
mmcblk0p9
mmcblk0p10
mmcblk0p11
mmcblk0p13
mmcblk0p19 (/efs, found via mount command)
Since the S7560M does not have a GPT partition table, I can't find the labels for what these partitions actually are. 11,13 and 19 are mostly blank, while 9 and 10 are chock full.
Next, I bought an unlock service on eBay. Once unlocked, I took another image of all the partitions, and compared which ones were changed (locked vs unlocked). Unsurprisingly, the same five partitions were different.
To narrow it down, I the flashed back the locked versions of these partitions until my simlock returned.
mmcblk0p9 is the partition that holds the simlock data
I tested flashing only p9 and, indeed, simlock disappeared and reappeared according to the version being flashed. I have multiple devices to test with at the moment, so I took the unlocked p9 from Phone A and flashed it to Phone B, and sure enough, Phone B could then accept foreign SIM cards.
Unfortunately, this also changed Phone B's IMEI to that of Phone A
I tried various tools to attempt to zero out the IMEI (so that the partition image can be shared between devices and the end-user can then restore their proper IMEI) to no avail. It seems the NV items on this device are locked or read-only for some reason.
CDMA Workshop, NV Items Reader-Writer, QPST, QXDM, all these tools are able to read NV items fine, but when trying to write back NV item 550 ue_imei it inevitably fails. In QPST an unknown error (0x80004005) is thrown when writing, whereas in QXDM the program states "No DIAG response received" when attempting to write the NV item. I tried multiple phones, PCs and versions of Windows with the same error.
You'll recall that on other devices such as the GS3, QPST/QXDM/etc works perfectly fine to restore the IMEI through NV editing.
I believe mmcblk0p9 is the 'real' EFS partition, holding the NV items for the device. It also seems to be encrypted, since I cannot find the IMEI in hex nor decimal format inside it, yet the IMEI is changed when the partition is cross-flashed. Across phones and even simply rebooting, the partition almost completely changes, save for a header and a couple of other bytes.
In order to unlock the device freely, I believe the next step is to either decrypt mmcblk0p9, or find a way to get QPST/QXDM to write to the phone
If you have any thoughts/experience, feel free to post below! I am sort of stuck here.
Click to expand...
Click to collapse
Can you post a zip file op your efs folder?
Thanks in advance.

Hello all,
Unfortunately at this point I have sold all the Ace 2X units I had previously. I wasn't really getting anywhere anyway and ended up buying a Z3X box. Thread can be closed, or feel free to continue in my absence. Good luck!

I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?

Codename13 said:
I'd like if we, as developers working together, could get this done. Just a question: Is there an issue if we share the same IMEI? Why can't one of us pay to unlock our device, then share our mmcblk0p9 with others? Would it cause problems if others flashed our efs partition to their device?
Click to expand...
Click to collapse
1- multiple phones with the same IMEI on the same network cause problems for all other (the only reason this can normally happen is your phone losing signal or crashing then reconnecting, so it's reasonable for the phone company to drop all other active links when it connects again)
2- on the U8500 Sonys, the role of CSPSA, EFS and some other firmware partitions is done by the "TA" partition. We know parts of it are signed (with different keys, some specific to the individual hardware) and changing them results in hard bricks... not terribly related to this phone, but the moral is that without knowledge about this undocumented binary sequence that is partition 9 (probably requiring a JTAG backup and trial and error) we common mortals can't afford to experiment blindly

Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.

krazykipa said:
Hello,
An S7560M came through my hands again, and I've taken the time to capture the data that is sent to the proprietary Z3X server for generating the unlock codes. The tool bypasses the MSL, reads some data from the modem, sends it to the server for analysis, and sends back your unlock code(s). If anybody is good at cryptography or data analysis, feel free to analyze the Wireshark dump that contains all the data. Somehow, the unlock code shown in the screenshot is attainable with only that data.
I myself have no idea how to get from there to an unlock code on my own. The only modification I've made is removing the serial number of my Z3X equipment in the dump for security. The IMEI and SN do not appear to be transmitted in the dump, but I've removed them from the screenshot.
Hope this helps, good luck.
Click to expand...
Click to collapse
Not sure how to help, but this is some serious looking stuff! I downloaded your attachment, extracted S7560M.pcapng and I converted it to S7560M.pcap using this guide. I then tried opening it and Ubuntu searched for a program that could open it. I got Wireshark and was able to open it. I'm guessing that's no such sort of hacking, right? Anyways, I'd like to help out. In the image you uploaded in that 7z archive, what is the unlock code? I want to scour the data in the Wireshark dump and see if I can find any correlations between the data in the image and the data in the dump. All I have to guess at this time is that all the code is hex, and it probably translates to decimal.

In the screenshot the unlock code is the NET lock code. The other numbers and * # are dialer codes (for unlocking direct from dialer without inserting a foreign SIM) but the actual code is 30385735.

If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?

imei
the unlock code is based on the imei..
somebody unlocked his phone based just on his imei and the name of his carrier over the internet..

Anas Karbila said:
If i understand it right the sim-partition is 9?
Why whe can't just share that partition from someone who payed for unlocking his device and changing imei (there are some tuts on xda)?
Click to expand...
Click to collapse
I'll say this again, Partition 9 is unique to each phone. Another way of seeing it is: two people own the same car, when one person is driving the car, the other person can't drive the car, vice versa. You can't duplicate that car, because each numberplate is specific to one car.
Likewise, you can't copy partition 9 to another phone, because it would be the same as using the same numberplate on two different cars. The partition 9 includes the IMEI, if you will, the "numberplate" of the phone.

Mod Edit
Changing imei numbers is illegal.
Any such discussion is not allowed on XDA
Thread closed
malybru
Forum Moderator

Debrick SPH-L600 sprint mega SOLVED

Guys i have bricked my phone by restoring MK1 efs backup created with efs professional tool. Few days ago i upgraded it with android 4.4 version with ota. I restored all partitions with efs pro tool except user data and system. Now it's in qhsusb_dload mode. I tried i9205 debrick image from this forum and it's not working. I do not know how to make debrick image form stock rom or any other way. Can anyone help me to fix this?
Thanks
Finally unbricked it with DarkAngel's help. Many thanks to him.
For unbrick your phone please read all post's by DarkAngel.

ashikrobi said:
Guys i have bricked my phone by restoring MK1 efs backup created with efs professional tool. Few days ago i upgraded it with android 4.4 version with ota. I restored all partitions with efs pro tool except user data and system. Now it's in qhsusb_dload mode. I tried i9205 debrick image from this forum and it's not working. I do not know how to make debrick image form stock rom or any other way. Can anyone help me to fix this?
Thanks
Click to expand...
Click to collapse
Have you tried to Odin the Official Firmware available for the L600? It can be done via Kies as well.
L600VPUBNE4

I tried odin and kies
DarkAngel said:
Have you tried to Odin the Official Firmware available for the L600? It can be done via Kies as well.
L600VPUBNE4
Click to expand...
Click to collapse
Yes i tried but in qhsusb_dload mode odin cannot find the phone. It cannot be powered up bro so how can kies detect it? Do you know how to fix this issue? Please help.

ashikrobi said:
Yes i tried but in qhsusb_dload mode odin cannot find the phone. It cannot be powered up bro so how can kies detect it? Do you know how to fix this issue? Please help.
Click to expand...
Click to collapse
Which version of Odin are you using?

odin 3.09 and 3.04
DarkAngel said:
Which version of Odin are you using?
Click to expand...
Click to collapse
I tried with these versions. They do not detect the device. If you have a working phone, you can make a debrick image for me. Please install busybox and a terminal emulator. Then issue this command from the terminal and you will get the debrick image in your sd card.
su
busybox dd if=/dev/block/mmcblk0 of=/sdcard/debrick.img bs=1M count=128
Make sure you have SPH-L600 and android version 4.4 or the image will not work for me.
Please upload
Thanks

installed automatic upgrade stuck in boot loop
I have a Galaxy Mega SPH-L600 and i replaced the screen about a week ago and it was running fine opened it up 2 days ago and there was an update said needed to be done so hit ok and installed update it went to 100% and shut off and turned back on went to Samsung splash screen and shut off and turned back on did this for about a half hour so i tried to do the hard boot with power button,volume up and home button droid comes up and it says installing upgrade and goes back ito boot loop tried to hook up to laptop but can not get it to show up on my Windows 7 unit tried alot of stuff nothing works need some help from anyone that can point me in the right direction and thank you in advance

ashikrobi said:
I tried with these versions. They do not detect the device. If you have a working phone, you can make a debrick image for me. Please install busybox and a terminal emulator. Then issue this command from the terminal and you will get the debrick image in your sd card.
su
busybox dd if=/dev/block/mmcblk0 of=/sdcard/debrick.img bs=1M count=128
Make sure you have SPH-L600 and android version 4.4 or the image will not work for me.
Please upload
Thanks
Click to expand...
Click to collapse
The only problem I have with the debrick image is if the 128mb will include my EFS information. I have to mount it to an extra SDcard I have and check it's content before I give it out or post it up for grabs.
Thank you for the how too but I am familiar with making a debrick image using TE. I have one made for all my devices although I haven't bothered checking to see what was exactly on this one being it is at 128mb ( as my SGS3 needs only just about half of the requested to work ) so I can provide the needed files.
Just to make things clear not all images being from other carriers will work on other devices of the same model. They may be partitioned a different way than the L600. Also you PM'd me that you tried to recover your EFS info using the created backup from one of a MK1. I wouldn't have tried that. You already upgraded to 4.4 and have the newest Knox bootloader which will not allow you to downgrade the Bootloader at all.

Thanks for the reply
DarkAngel said:
The only problem I have with the debrick image is if the 128mb will include my EFS information. I have to mount it to an extra SDcard I have and check it's content before I give it out or post it up for grabs.
Thank you for the how too but I am familiar with making a debrick image using TE. I have one made for all my devices although I haven't bothered checking to see what was exactly on this one being it is at 128mb ( as my SGS3 needs only just about half of the requested to work ) so I can provide the needed files.
Just to make things clear not all images being from other carriers will work on other devices of the same model. They may be partitioned a different way than the L600. Also you PM'd me that you tried to recover your EFS info using the created backup from one of a MK1. I wouldn't have tried that. You already upgraded to 4.4 and have the newest Knox bootloader which will not allow you to downgrade the Bootloader at all.
Click to expand...
Click to collapse
Thanks DarkAngel for your reply. My sprint mega was reprogrammed by myself with dfs tool. I didn't provisioned it with any commercial way. I just changed it to use uim to get operator information and it was working. But after i changed the rom to slimkat i lost esn from efs. That's why i tried to restore efs backup after 4.4 ota update.
I knew you are an expert or an android developer so i requested help from you. Because you have some threads that maybe possible by a developer. I am in a horrible situation. I took my phone the other day to my local jtag repair center an they failed to repair it. They said there is no support for this phone still now. Brother please help me to fix my phone. Thanks.

ashikrobi said:
Thanks DarkAngel for your reply. My sprint mega was reprogrammed by myself with dfs tool. I didn't provisioned it with any commercial way. I just changed it to use uim to get operator information and it was working. But after i changed the rom to slimkat i lost esn from efs. That's why i tried to restore efs backup after 4.4 ota update.
I knew you are an expert or an android developer so i requested help from you. Because you have some threads that maybe possible by a developer. I am in a horrible situation. I took my phone the other day to my local jtag repair center an they failed to repair it. They said there is no support for this phone still now. Brother please help me to fix my phone. Thanks.
Click to expand...
Click to collapse
Well not an expert but I read a lot on here and do what I can when I can.
This is what I got from my Mega:
Code:
L600 Output
====================
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
[U]
Number Start End Size File system Name Flags[/U]
[B] 1 4194kB 67.1MB 62.9MB modem
2 67.1MB 67.2MB 131kB sbl1
3 67.2MB 67.5MB 262kB sbl2
4 67.5MB 68.0MB 524kB sbl3
5 68.0MB 70.1MB 2097kB aboot
6 70.1MB 70.6MB 524kB rpm
7 70.6MB 71.2MB 524kB tz
8 71.2MB 84.3MB 13.1MB pad
9 84.3MB 92.7MB 8389kB param[/B]
[COLOR=Red][B]10 92.7MB 107MB 14.3MB ext4 efs[/B][/COLOR]
11 107MB 110MB 3146kB modemst1
12 110MB 113MB 3146kB modemst2
13 113MB 124MB 10.5MB boot
14 124MB 134MB 10.5MB recovery
15 134MB 145MB 10.5MB fota
16 145MB 152MB 7332kB backup
17 152MB 155MB 3146kB fsg
18 155MB 155MB 8192B ssd
19 155MB 164MB 8389kB ext4 persist
20 164MB 176MB 12.6MB ext4 persdata
21 176MB 2324MB 2147MB ext4 system
22 2324MB 3058MB 734MB ext4 cache
23 3058MB 3079MB 21.0MB ext4 carrier
24 3079MB 15.8GB 12.7GB ext4 userdata

pit file of my mega
DarkAngel said:
Well not an expert but I read a lot on here and do what I can when I can.
This is what I got from my Mega:
Code:
L600 Output
====================
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
[U]
Number Start End Size File system Name Flags[/U]
[B] 1 4194kB 67.1MB 62.9MB modem
2 67.1MB 67.2MB 131kB sbl1
3 67.2MB 67.5MB 262kB sbl2
4 67.5MB 68.0MB 524kB sbl3
5 68.0MB 70.1MB 2097kB aboot
6 70.1MB 70.6MB 524kB rpm
7 70.6MB 71.2MB 524kB tz
8 71.2MB 84.3MB 13.1MB pad
9 84.3MB 92.7MB 8389kB param[/B]
[COLOR=Red][B]10 92.7MB 107MB 14.3MB ext4 efs[/B][/COLOR]
11 107MB 110MB 3146kB modemst1
12 110MB 113MB 3146kB modemst2
13 113MB 124MB 10.5MB boot
14 124MB 134MB 10.5MB recovery
15 134MB 145MB 10.5MB fota
16 145MB 152MB 7332kB backup
17 152MB 155MB 3146kB fsg
18 155MB 155MB 8192B ssd
19 155MB 164MB 8389kB ext4 persist
20 164MB 176MB 12.6MB ext4 persdata
21 176MB 2324MB 2147MB ext4 system
22 2324MB 3058MB 734MB ext4 cache
23 3058MB 3079MB 21.0MB ext4 carrier
24 3079MB 15.8GB 12.7GB ext4 userdata
Click to expand...
Click to collapse
Take a loot at my pit file previously created with efs professional tool. Same like yours. I hope your debrick image will work for my mega. Please upload when possible. Do not worry about efs partition. I have my efs backup. I will restore mine. I have a question, if my phone becomes useable after using your debrick image and i restore only efs partition from efs backup will it brick again?
Thanks.

SPH-L600 sprint mega bad ESN
so as not to make a new topic, I decided to write here
I recently bought SPH-L600 sprint mega with a bad ESN, he came to me activated on Sprint and Sprint have sim I played settings and activation dropped sprint
but I live in another country and I can not activate it!
help somehow activate it! I bought an unlock code network, but said that he needed seller activation sprint!
any help would be much appreciated!

ashikrobi said:
Take a loot at my pit file previously created with efs professional tool. Same like yours. I hope your debrick image will work for my mega. Please upload when possible. Do not worry about efs partition. I have my efs backup. I will restore mine. I have a question, if my phone becomes useable after using your debrick image and i restore only efs partition from efs backup will it brick again?
Thanks.
Click to expand...
Click to collapse
Yes, they should be the same thing as we both have L600's. I didn't have a chance to look it over but I will try and get it to you later on today.
All you need is for your Mega to be able to get to Download Mode. Then and only then you will have to Odin a copy of the Official Firmware L600VPUBNE4 for it not to stay bricked but you probably already know that. As far as becoming usable that would be up to you, being able to restore your EFS data. In theory it should not brick but you need to only restore the EFS portion of the data.
Here is all the info I gathered from using Terminal Emulator in case you need it for file locations:
EFS is located: /dev/block/mmcblkop10
As you can see msm_sdcc.1 is specific to our device ( I noticed that it was the same on my SGS3 but not my SGN2 on KitKat ) so one can locate the by-name file to get the list below.
The second picture shows GNU Parted being run in my Terminal Emulator. You would need the Parted Binary file located here at the end of the Original Post.
Just extract the parted binary manually and then copy and paste it to the /system/bin folder with any File Explorer with Root access. After you paste the binary you will need to set the permissions to the parted binary you pasted to rwxr-xr-x or (0755). You can do this to any device you have and run it either in Terminal Emulator and even via ADB on your computer. Really handy to have sometimes.
Once you get the debrick image, below are two guides that I saved in my subscriptions that may help you. You may have them already.
deBricker
gTan64
---------- Post added at 05:31 AM ---------- Previous post was at 05:29 AM ----------
Ura535 said:
so as not to make a new topic, I decided to write here
I recently bought SPH-L600 sprint mega with a bad ESN, he came to me activated on Sprint and Sprint have sim I played settings and activation dropped sprint
but I live in another country and I can not activate it!
help somehow activate it! I bought an unlock code network, but said that he needed seller activation sprint!
any help would be much appreciated!
Click to expand...
Click to collapse
Actually this is an entirely different topic from Debricking a phone. You have a phone with a bad ESN. With that I can not help. If the previous owner ( or seller in your case ) "maybe" did not pay his bill, then your phone is locked out until it is released from his/her account by Sprint. If there is a way around this, I may not know.
I had this happen to me once before with my wife's Sprint SGS4. It was a pain but eventually two days later the seller finally came through and the phone was released for activation.
You should start a separate thread to see if you can get the right help and not get your question lost in this thread. I am sorry I couldn't help you any further.

Sorry you misunderstood
DarkAngel said:
Yes, they should be the same thing as we both have L600's. I didn't have a chance to look it over but I will try and get it to you later on today.
All you need is for your Mega to be able to get to Download Mode. Then and only then you will have to Odin a copy of the Official Firmware L600VPUBNE4 for it not to stay bricked but you probably already know that. As far as becoming usable that would be up to you, being able to restore your EFS data. In theory it should not brick but you need to only restore the EFS portion of the data.
Here is all the info I gathered from using Terminal Emulator in case you need it for file locations:
EFS is located: /dev/block/mmcblkop10
As you can see msm_sdcc.1 is specific to our device ( I noticed that it was the same on my SGS3 but not my SGN2 on KitKat ) so one can locate the by-name file to get the list below.
The second picture shows GNU Parted being run in my Terminal Emulator. You would need the Parted Binary file located here at the end of the Original Post.
Just extract the parted binary manually and then copy and paste it to the /system/bin folder with any File Explorer with Root access. After you paste the binary you will need to set the permissions to the parted binary you pasted to rwxr-xr-x or (0755). You can do this to any device you have and run it either in Terminal Emulator and even via ADB on your computer. Really handy to have sometimes.
Once you get the debrick image, below are two guides that I saved in my subscriptions that may help you. You may have them already.
deBricker
gTan64
---------- Post added at 05:31 AM ---------- Previous post was at 05:29 AM ----------
Actually this is an entirely different topic from Debricking a phone and on yours, you have a bad ESN. With that I can not help. If the previous owner ( or seller in your case ) "maybe" did not pay his bill, then your phone is locked out until it is released from his/her account by Sprint. If there is a way around this, I may not know.
I had this happen to me once before with my wife's Sprint SGS4. It was a pain but eventually two days later the seller finally came through and the phone was released for activation.
You should start a separate thread to see if you can get the right help and not get your question lost in this thread. I am sorry I couldn't help you any further.
Click to expand...
Click to collapse
Dark Angel you misunderstood my message i don't have bad esn. I lost esn number or corrupt it with dfs cdma tool. Dfs shows my esn but status from efs shows cps_na error. I didn't bought this phone second hand. My cousin send it from USA and she bought it new.
Thanks and i am waiting for your reply.

Off Topic Post / Misunderstanding .....
ashikrobi said:
Dark Angel you misunderstood my message i don't have bad esn. I lost esn number or corrupt it with dfs cdma tool. Dfs shows my esn but status from efs shows cps_na error. I didn't bought this phone second hand. My cousin send it from USA and she bought it new.
Thanks and i am waiting for your reply.
Click to expand...
Click to collapse
Yes I know, please disregard the quote and answer from the previous person responding above my post, right after the pictures I posted ( you will see the quote ). It was an off topic post and the forum combined them for some reason in the response for you ( probably because they were so close in time frame when I posted ) ..... I tried separating them in different posts but it still combined them together.
That is why off topic posts should be posted in a new thread/topic to avoid confusion......

DarkAngel said:
Yes I know, please disregard the quote and answer from the previous person responding above my post, right after the pictures I posted ( you will see the quote ). It was an off topic post and the forum combined them for some reason in the response for you ( probably because they were so close in time frame when I posted ) ..... I tried separating them in different posts but it still combined them together.
That is why off topic posts should be posted in a new thread/topic to avoid confusion......
Click to expand...
Click to collapse
Wow!!! Dark Angel, you are the man i was looking for. You know linux like a pro. Linux is my favorite operating system. I didn't know parted was available for android also. How do you learn these things?
By the way sorry, i though your message about bad esn was for me.
Thanks

ashikrobi said:
Wow!!! Dark Angel, you are the man i was looking for. You know linux like a pro. Linux is my favorite operating system. I didn't know parted was available for android also. How do you learn these things?
By the way sorry, i though your message about bad esn was for me.
Thanks
Click to expand...
Click to collapse
Well not a Pro..... I still have much more to learn but Linux is my favorite OS to use for anything Android related. A lot I still do on Windows.

Debrick Image......
Okay try this image.......
I burnt this image several time over on a class 4, 8 gig card and it wrote the image on it perfect. I don't know if you will have to use a 16gig card for your Mega or not but try what you have 16 gig or less. Trial and error at this point.
You can probably add more to it if need be from the Official Firmware by dragging and dropping ( if I am not mistaken ) by just opening ( and not extracting ) the tar.md5 with WinRAR or 7zip. I can't remember if one was able to do this.......
L600 Debrick Image

Not working
DarkAngel said:
Okay try this image.......
I burnt this image several time over on a class 4, 8 gig card and it wrote the image on it perfect. I don't know if you will have to use a 16gig card for your Mega or not but try what you have 16 gig or less. Trial and error at this point.
You can probably add more to it if need be from the Official Firmware by dragging and dropping ( if I am not mistaken ) by just opening the tar.md5 with WinRAR or 7zip. I can't remember.
L600 Debrick Image
Click to expand...
Click to collapse
DarkAngel I wrote the img file to a 16gb sdcard and tried to boot my phone but it's not working. I waited 5 min and tried several times. I also used a usbjig to boot into download mode but failed.
Have a look these terminal output:
sudo dd if=/home/tails/Downloads/debrick.img of=/dev/sdc
174080+0 records in
174080+0 records out
89128960 bytes (89 MB) copied, 75.5075 s, 1.2 MB/s
[email protected]:~/Downloads$ sudo parted /dev/sdc print
Error: Invalid argument during seek for read on /dev/sdc
Retry/Ignore/Cancel? Ignore
Error: The backup GPT table is corrupt, but the primary appears OK, so that will be used.
OK/Cancel? ok
Backtrace has 8 calls on stack:
8: /lib/i386-linux-gnu/libparted.so.0(ped_assert+0x29) [0xb773ad19]
7: /lib/i386-linux-gnu/libparted.so.0(+0x4649c) [0xb777749c]
6: /lib/i386-linux-gnu/libparted.so.0(ped_disk_new+0x55) [0xb7742275]
5: parted() [0x804ea2b]
4: parted(non_interactive_mode+0x8c) [0x8055c4c]
3: parted(main+0x1970) [0x804d5b0]
2: /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0xb753aa83]
1: parted() [0x804d6e2]
You found a bug in GNU Parted! Here's what you have to do:
Don't panic! The bug has most likely not affected any of your data.
Help us to fix this bug by doing the following:
Check whether the bug has already been fixed by checking
the last version of GNU Parted that you can find at:
http://ftp.gnu.org/gnu/parted/
Please check this version prior to bug reporting.
If this has not been fixed yet or if you don't know how to check,
please visit the GNU Parted website:
http://www.gnu.org/software/parted
for further information.
Your report should contain the version of this release (2.3)
along with the error message below, the output of
parted DEVICE unit co print unit s print
and the following history of commands you entered.
Also include any additional information about your setup you
consider important.
Assertion (last_usable <= disk->dev->length) at ../../../libparted/labels/gpt.c:994 in function _parse_header() failed.
By the way is there any other way to recover from this state? I found qpst finds my phone after installing qhsusb_dload driver. Please help me.
Thanks

You are using an installed version of Linux correct? Are you on 13.04? Well I know the GNU Parted is just the program from Linux but the image still wrote on the SD card.
After the image was written to the SDcard, were you able to see the image content inside? For me it showed about 60MB of actual space written from the 85mb image. After it wrote, I just wrote over it and wrote over it and wrote over it again. Funny thing is I could not see the image at first so I then removed the card from my computer and re-inserted it and was then able to see it. I even inserted it on a Windows 8 tablet I have from a co-worker and it read it fine.
I did this while just using the "Install CD" and trying Ubuntu ( don't have it re-installed yet on my Notebook yet ). I did it using 14.04 LTS though. Try updating your GNU Parted ( your at 2.3 ), if it hasn't already been done, to the most current and re-write the image again.

DarkAngel said:
You are using an installed version of Linux correct? Are you on 13.04? Well I know the GNU Parted is just the program from Linux but the image still wrote on the SD card.
After the image was written to the SDcard, were you able to see the image content inside? For me it showed about 60MB of actual space written from the 85mb image. After it wrote, I just wrote over it and wrote over it and wrote over it again. Funny thing is I could not see the image at first so I then removed the card from my computer and re-inserted it and was then able to see it. I even inserted it on a Windows 8 tablet I have from a co-worker and it read it fine.
I did this while just using the "Install CD" and trying Ubuntu ( don't have it re-installed yet on my Notebook yet ). I did it using 14.04 LTS though. Try updating your GNU Parted ( your at 2.3 ), if it hasn't already been done, to the most current and re-write the image again.
Click to expand...
Click to collapse
Yes i am using an installed version of ubuntu 14.04. I was also not able to view partitions after i wrote the image to sdcard. But after i reinsert the card it showed all partitions and maybe mounted modem partition contents. I could view partitions with windows 7 also.
But when i try to boot the phone with this sdcard nothing happened. I tried several times but failed. What can i do now? DarkAngel please tell me a way to unbrick my phone.
Thanks

[Ask Any Question] Clone Phone Question Thread [Newbie Friendly]

This is a question thread for people who have Clone Phones by HDC, Goophone, Tengda, iHD, and other manufacturers' phones that are based upon an existing phone by a major manufacturer.
The design of this thread is equal to this
Make sure to read the Forum Rules before posting
Anyone can answer.
All questions are welcome!

Hardware: MT6572 (MTK6595 IS FAKE) MODEL :S960c
Hi Xda,
I have a fake Lenovo S960c (didn't knew before i purchased it) , after i rooted it with kingo user, because there was a malware which was located only by rooting . the malware was removed , but after few months the same type of malware came again but this time there was two or three malware which was causing my battery to drain and i couldn't charge my phone battery to 100% . My Antivirus Showed my Mediatek file had a malware , i didnt know so i uninstalled that file after my phone restarted it is caught in bootloop and won't go beyond the lenovo logo.
Please advise how can i solve this problem as i have been scammed when i bought this phone from Aliexpress,
thinking this was a real MTK6595 MODEL original Lenovo phone. I have written below my phone's real spec which
i got using Mtk droid tools for your reference. please advise how can i fix my phone again.
Hardware: Mtk6572 (Mtk6595 is fake)
Model: S960c
Build Number : S5_JB3_3G_EMMC_QHD_32_4_XLD_Z12_LENO
Build Date : 20150417-064045
Andriod v: 4.4.3
Baseband: ____
Kernel v: 3.4.5([email protected])(gcc version 4.6x-google 20120106 (prerelease)(GCC)#1 SMP Fri Apr 17
18:02:31 CST 2015

sufyan nuhammad said:
Hi Xda,
I have a fake Lenovo S960c (didn't knew before i purchased it) , after i rooted it with kingo user, because there was a malware which was located only by rooting . the malware was removed , but after few months the same type of malware came again but this time there was two or three malware which was causing my battery to drain and i couldn't charge my phone battery to 100% . My Antivirus Showed my Mediatek file had a malware , i didnt know so i uninstalled that file after my phone restarted it is caught in bootloop and won't go beyond the lenovo logo.
Please advise how can i solve this problem as i have been scammed when i bought this phone from Aliexpress,
thinking this was a real MTK6595 MODEL original Lenovo phone. I have written below my phone's real spec which
i got using Mtk droid tools for your reference. please advise how can i fix my phone again.
Hardware: Mtk6572 (Mtk6595 is fake)
Model: S960c
Build Number : S5_JB3_3G_EMMC_QHD_32_4_XLD_Z12_LENO
Build Date : 20150417-064045
Andriod v: 4.4.3
Baseband: ____
Kernel v: 3.4.5([email protected])(gcc version 4.6x-google 20120106 (prerelease)(GCC)#1 SMP Fri Apr 17
18:02:31 CST 2015
Click to expand...
Click to collapse
Most likely, the malware was caused by a required system app. Maybe the dialer, MMS, or search app? Whenever the app sweeps your phone to check and sees there is no malware app, it connects to a server and, unbeknownst to you, installs it as a system app.
Do you know the actual manufacturer? In antutu it would show Zen, Alps, Wen, Next, or another OEM name. If so, that helps a lot in recovering your OEM mtk phone.
Your phone is recognized by mtk droid tools right? If so, you should be able to go into recovery as well. Even make cwm which should help
Sent from my SGH-M919 using XDA Free mobile app

Hardware: MT6572 (MTK6595 IS FAKE) MODEL :S960c
Qiangong2 said:
Most likely, the malware was caused by a required system app. Maybe the dialer, MMS, or search app? Whenever the app sweeps your phone to check and sees there is no malware app, it connects to a server and, unbeknownst to you, installs it as a system app.
Do you know the actual manufacturer? In antutu it would show Zen, Alps, Wen, Next, or another OEM name. If so, that helps a lot in recovering your OEM mtk phone.
Your phone is recognized by mtk droid tools right? If so, you should be able to go into recovery as well. Even make cwm which should help
Sent from my SGH-M919 using XDA Free mobile app
Click to expand...
Click to collapse
First of all thanks for your kind Reply , really appreciated , when its comes to android, I am a toddler , not much experience in installing or flashing roms or making recoveries either. Please guide me step by step way , like a child
how to fix my phone again , as my hard earned money will go down the drain. if try to flash or do something else,
already i made it stuck on boot loop.
:good::good:
Regards
Sufyan

sufyan nuhammad said:
First of all thanks for your kind Reply , really appreciated , when its comes to android, I am a toddler , not much experience in installing or flashing roms or making recoveries either. Please guide me step by step way , like a child
how to fix my phone again , as my hard earned money will go down the drain. if try to flash or do something else,
already i made it stuck on boot loop.
:good::good:
Regards
Sufyan
Click to expand...
Click to collapse
No problem, I'm happy to help.
1. Is your phone still recognized when you plug it in to mtk droid tools?
2. Do you know what the actual manufacturer of your phone? If so, what?
3. What was the name of the file you deleted? (not needed, but it might help)
Qiangong2

Hardware: MT6572 (MTK6595 IS FAKE) MODEL :S960c
Qiangong2 said:
No problem, I'm happy to help.
1. Is your phone still recognized when you plug it in to mtk droid tools?
2. Do you know what the actual manufacturer of your phone? If so, what?
3. What was the name of the file you deleted? (not needed, but it might help)
Qiangong2
Click to expand...
Click to collapse
Yes , its does when i connect it to the droid tools it says in the message window,
Attention fake hardware in kernel or firmware doesn't correspond to phone
Attention File/system/Recovery-from-boot-p which restore factory recovery in case of phone
switching on in a normal mode is found.
also in left side menu the beside yellow light there is a message which says ,
S960c system/bin/su is found! Via root button it is possible to get root shell.
then when i press root button this message appears ,
to try to receive root shell through already established su .
I press yes to the button, after a while this error pop's up ,
Loss of communication with the device! the program will be closed.
I press OK then the software window is gone.
I am sorry, really don't know the actual manufacturer of the phone , i even did an tutu test but really , i only remember is the fake specs that mesmerized me a lot nothing else ,
The Files I deleted where Mediatek file , i bingo as the Anti Virus showed serious Malware in them.

sufyan nuhammad said:
Yes , its does when i connect it to the droid tools it says in the message window,
Attention fake hardware in kernel or firmware doesn't correspond to phone
Attention File/system/Recovery-from-boot-p which restore factory recovery in case of phone
switching on in a normal mode is found.
Click to expand...
Click to collapse
The first "Attention" shouldn't matter, it's just reading the build.prop which claims that it is an MT6595 instead of an MT6572. The second "Attention" is more interesting. I've actually never seen that one before, but it seems like there was some error in the ROM, and (when there is) it defaults to booting to factory/stock recovery.
also in left side menu the beside yellow light there is a message which says ,
S960c system/bin/su is found! Via root button it is possible to get root shell.
then when i press root button this message appears ,
to try to receive root shell through already established su .
I press yes to the button, after a while this error pop's up ,
Loss of communication with the device! the program will be closed.
I press OK then the software window is gone.
Click to expand...
Click to collapse
You may already have root, or it may not be there anymore. Try opening adb (from the adb button) and type:
Code:
adb devices
If your phone is recognized, type:
Code:
adb shell
Then (if it works) type:
Code:
su
if you see a # sign right next to where you type, then you have root.
I am sorry, really don't know the actual manufacturer of the phone , i even did an tutu test but really , i only remember is the fake specs that mesmerized me a lot nothing else ,
Click to expand...
Click to collapse
That's okay, it will just be harder to find information about your device firmware, not impossible though.
The Files I deleted where Mediatek file , i bingo as the Anti Virus showed serious Malware in them.
Click to expand...
Click to collapse
That should be fine... Mediatek files can be required or useless. Most of the time they only activate if you enter factory test mode. Since they had malware in them, they shouldn't be needed.

Qiangong2 said:
The first "Attention" shouldn't matter, it's just reading the build.prop which claims that it is an MT6595 instead of an MT6572. The second "Attention" is more interesting. I've actually never seen that one before, but it seems like there was some error in the ROM, and (when there is) it defaults to booting to factory/stock recovery.
You may already have root, or it may not be there anymore. Try opening adb (from the adb button) and type:
Code:
adb devices
If your phone is recognized, type:
Code:
adb shell
Then (if it works) type:
Code:
su
if you see a # sign right next to where you type, then you have root.
That's okay, it will just be harder to find information about your device firmware, not impossible though.
That should be fine... Mediatek files can be required or useless. Most of the time they only activate if you enter factory test mode. Since they had malware in them, they shouldn't be needed.
Click to expand...
Click to collapse
Sorry i forgot to tell you that when my phone was in OK condition , i did root it with kingo root , so do you think , it
is still rooted while caught in boot loop. sorry for not telling you the complete details. So should i follow the above mentioned details , also where would i find the adb button , is it when i connect the phone through droid tools it will appear there or you are talking about phone recovery menu.
---------- Post added at 11:29 AM ---------- Previous post was at 11:22 AM ----------
sufyan nuhammad said:
Sorry i forgot to tell you that when my phone was in OK condition , i did root it with kingo root , so do you think , it
is still rooted while caught in boot loop. sorry for not telling you the complete details. So should i follow the above mentioned details , also where would i find the adb button , is it when i connect the phone through droid tools it will appear there or you are talking about phone recovery menu.
Click to expand...
Click to collapse
i tried all your commands mentioned above while pressing Adb Terminal Buttton, in the end the command line showed # as you have mentioned , now what should i do please advise. once again thanks for your efforts brother.

sufyan nuhammad said:
Sorry i forgot to tell you that when my phone was in OK condition , i did root it with kingo root , so do you think , it
is still rooted while caught in boot loop. sorry for not telling you the complete details. So should i follow the above mentioned details , also where would i find the adb button , is it when i connect the phone through droid tools it will appear there or you are talking about phone recovery menu.
---------- Post added at 11:29 AM ---------- Previous post was at 11:22 AM ----------
i tried all your commands mentioned above while pressing Adb Terminal Buttton, in the end the command line showed # as you have mentioned , now what should i do please advise. once again thanks for your efforts brother.
Click to expand...
Click to collapse
You have root so you are stuck in bootloop. The bootloop seems to be caused by mediatek file now...
Have you removed any other files? Also, where was the file placed that you removed?

Qiangong2 said:
You have root so you are stuck in bootloop. The bootloop seems to be caused by mediatek file now...
Have you removed any other files? Also, where was the file placed that you removed?
Click to expand...
Click to collapse
As i mentioned before i only removed the file from settings, then click app, then all files , from there i uninstalled mediatek file and iBingo file nothing else. . Please advise what to do now.

sufyan nuhammad said:
As i mentioned before i only removed the file from settings, then click app, then all files , from there i uninstalled mediatek file and iBingo file nothing else. . Please advise what to do now.
Click to expand...
Click to collapse
The mediatek file is the problem then. We need to figure out what exactly the file is and also whether it is a customised file or a generic. If it is generic, then we can just copy it from another MT6572 phone with the same screen aspect ratio. If it is customised, then we need to somehow recover the file, or just get a copy of the stock firmware from the manufacturer.
On a side note: have you tried pulling a copy of your stock ROM out using adb? It may be able to shine some light onto what exactly the file affected. If you can't, that's fine. We'll just move on

Qiangong2 said:
The mediatek file is the problem then. We need to figure out what exactly the file is and also whether it is a customised file or a generic. If it is generic, then we can just copy it from another MT6572 phone with the same screen aspect ratio. If it is customised, then we need to somehow recover the file, or just get a copy of the stock firmware from the manufacturer.
On a side note: have you tried pulling a copy of your stock ROM out using adb? It may be able to shine some light onto what exactly the file affected. If you can't, that's fine. We'll just move on
Click to expand...
Click to collapse
Sorry, Brother i don't really know if the file is generic or Customised one, i only remember when i uninstalled mediatek and i bingo , the first error which came up was some google gaaps type error , it asked me to repair it i clicked OK , then my phone restarted and when into boot loop. I wish i new how to do adb backup and copy my stock ROM , as i said earlier not a pro , not even a rookie , just a dumb toddler who doesn't know much about android apps and system mechanics . sorry to put you in a mess brother. thanks for your cooperation

sufyan nuhammad said:
Sorry, Brother i don't really know if the file is generic or Customised one, i only remember when i uninstalled mediatek and i bingo , the first error which came up was some google gaaps type error , it asked me to repair it i clicked OK , then my phone restarted and when into boot loop. I wish i new how to do adb backup and copy my stock ROM , as i said earlier not a pro , not even a rookie , just a dumb toddler who doesn't know much about android apps and system mechanics . sorry to put you in a mess brother. thanks for your cooperation
Click to expand...
Click to collapse
Okay, go into adb from mtk droid tools, and type:
Code:
adb shell
Then (once it connects) type:
Code:
su
Now you have root. Next type this:
Code:
cat /proc/partitions
To find out which partition contains your system.img, your boot.img, and your data.img.
If none of the partitions say system or boot. Then make a copy of the partition list and upload it. We'll go from there.

Qiangong2 said:
Okay, go into adb from mtk droid tools, and type:
Code:
adb shell
Then (once it connects) type:
Code:
su
Now you have root. Next type this:
Code:
cat /proc/partitions
To find out which partition contains your system.img, your boot.img, and your data.img.
If none of the partitions say system or boot. Then make a copy of the partition list and upload it. We'll go from there.
Click to expand...
Click to collapse
i followed the instructions and type the command adb shell , from there , the com and line became like this
[email protected]:/$ when i typed su beside this this error came {-} connection to ui timed out , i still went with the last command and when i wrote cat /proc/partitions , this is whats happened afterwards,
major minor #blocks name
7 0 1254 loop0
179 0 3795968 mmcblk0
179 1 1 mmcblk0p1
179 2 10240 mmcblk0p2
179 3 10240 mmcblk0p3
179 4 665600 mmcblk0p4
179 5 385024 mmcblk0p5
179 6 1355776 mmcblk0p6
179 7 1332992 mmcblk0p7
179 64 4096 mmcblk0boot1
179 32 4096 mmcblk0boot0
179 96 3933184 mmcblk1
179 97 3929088 mmcblk1p1
[email protected]:/ $ mmc
Did i do something wrong or is this what you are looking for , please advise me .

sufyan nuhammad said:
i followed the instructions and type the command adb shell , from there , the com and line became like this
[email protected]:/$ when i typed su beside this this error came {-} connection to ui timed out , i still went with the last command and when i wrote cat /proc/partitions , this is whats happened afterwards,
major minor #blocks name
7 0 1254 loop0
179 0 3795968 mmcblk0
179 1 1 mmcblk0p1
179 2 10240 mmcblk0p2
179 3 10240 mmcblk0p3
179 4 665600 mmcblk0p4
179 5 385024 mmcblk0p5
179 6 1355776 mmcblk0p6
179 7 1332992 mmcblk0p7
179 64 4096 mmcblk0boot1
179 32 4096 mmcblk0boot0
179 96 3933184 mmcblk1
179 97 3929088 mmcblk1p1
[email protected]:/ $ mmc
Did i do something wrong or is this what you are looking for , please advise me .
Click to expand...
Click to collapse
This is what we're looking for. mmcblk0 is the entire device. it seems like mmcblk0p4 is the system.img as it is the largest partition within device mmcblk0.
use this:
Code:
cat dev/block/mmcblk0p4 /sdcard/system.img
Which should save your system partition as a .img file on your sdcard which, once transferred to your computer, you can open with the applications ext2read and ext2explore (both on sourceforge)
Repeat previous code, replacing mmcblk0p4 with: mmcblk0p6, mmcblk0p7, and mmcblk0p5. those should bring out your boot.img and your recovery.img at least. use the perl scripts I've attached to unpack those. the instructions are in the readme file.

You are gonna be hard pressed to learn android on a knock off device. No real developer will even touch it.

Qiangong2 said:
This is what we're looking for. mmcblk0 is the entire device. it seems like mmcblk0p4 is the system.img as it is the largest partition within device mmcblk0.
use this:
Code:
cat dev/block/mmcblk0p4 /sdcard/system.img
Which should save your system partition as a .img file on your sdcard which, once transferred to your computer, you can open with the applications ext2read and ext2explore (both on sourceforge)
Repeat previous code, replacing mmcblk0p4 with: mmcblk0p6, mmcblk0p7, and mmcblk0p5. those should bring out your boot.img and your recovery.img at least. use the perl scripts I've attached to unpack those. the instructions are in the readme file.
Click to expand...
Click to collapse
i started in adb, then command line by typing cat dev/block/mmcblk0p4 /sdcard/system.img but it said
'cat' is not a recognized as an internal or external command, operable program or batch file.
then i retyped adb shell , then su then i typed this cat dev/block/mmcblk0p4 /sdcard/system.img
this error show up
/system/bin/sh: cat: dev/block/mmcblk0p4 / permission denied
/system/bin/sh: cat: /sdcard/system.img / no such file or directory
1 :[email protected]:/ $
now what should i do , please advise.

sufyan nuhammad said:
i started in adb, then command line by typing cat dev/block/mmcblk0p4 /sdcard/system.img but it said
'cat' is not a recognized as an internal or external command, operable program or batch file.
then i retyped adb shell , then su then i typed this cat dev/block/mmcblk0p4 /sdcard/system.img
this error show up
/system/bin/sh: cat: dev/block/mmcblk0p4 / permission denied
/system/bin/sh: cat: /sdcard/system.img / no such file or directory
1 :[email protected]:/ $
now what should i do , please advise.
Click to expand...
Click to collapse
You could always just do a backup in mtk droid tools.
To do this,
1) connect your phone to the computer
2) open mtk droid tools
3) when the information shows up, click root button to get root shell (if you don't already have root shell). Then, click the root, backup, and recovery tab.
4) click backup. It is now starting to backup your phone. It doesn't matter if you pack it or not at the end.
All of the files should be in the mtk droid tools backup folder.

Qiangong2 said:
You could always just do a backup in mtk droid tools.
To do this,
1) connect your phone to the computer
2) open mtk droid tools
3) when the information shows up, click root button to get root shell (if you don't already have root shell). Then, click the root, backup, and recovery tab.
4) click backup. It is now starting to backup your phone. It doesn't matter if you pack it or not at the end.
All of the files should be in the mtk droid tools backup folder.
Click to expand...
Click to collapse
when i click root in droidtools . this message then this message shows up
to try to receive root shel through already established su? i clicked yes , after a while in the left side message screen it shows : error su inaccessible . i retried again this time i click no , but this time in the message screen there was a different message :
Through CWM it is possible to get root on this phone! Look URLs :
http://forum.china-iphone.ru/viewtopic.php?p=502084#p502084
please tell what to do .
---------- Post added at 05:50 PM ---------- Previous post was at 05:49 PM ----------
sufyan nuhammad said:
when i click root in droidtools . this message then this message shows up
to try to receive root shel through already established su? i clicked yes , after a while in the left side message screen it shows : error su inaccessible . i retried again this time i click no , but this time in the message screen there was a different message :
Through CWM it is possible to get root on this phone! Look URLs :
http://forum.china-iphone.ru/viewtopic.php?p=502084#p502084
http://forum.xda-developers.com/showpost.php?p=38337401&postcount=5
please tell what to do .
Click to expand...
Click to collapse
also this message was included
http://forum.xda-developers.com/showpost.php?p=38337401&postcount=5

sufyan nuhammad said:
when i click root in droidtools . this message then this message shows up
to try to receive root shel through already established su? i clicked yes , after a while in the left side message screen it shows : error su inaccessible . i retried again this time i click no , but this time in the message screen there was a different message :
Through CWM it is possible to get root on this phone! Look URLs :
http://forum.china-iphone.ru/viewtopic.php?p=502084#p502084
please tell what to do .
---------- Post added at 05:50 PM ---------- Previous post was at 05:49 PM ----------
also this message was included
http://forum.xda-developers.com/showpost.php?p=38337401&postcount=5
Click to expand...
Click to collapse
please help me if you are not busy, waiting for your reply.

IMEI Change on new Xiaomi MTK Devices

Hi,
On Redmi 6 i noticed, that IMEI is stored in different way than in previous Xiaomi models. File MD0B_001 does not exist, instead we have LD0B_001. File format for sure has changed. New file has 384B while old one had as i remember 32B(?).
Is there any known way to change IMEI on this device? Replacing LD file with old MD does not produce any good results. Something is restoring LD01_001 on reboot if you will replace it inside /vendor/nvdata/md/NVRAM/NVD_IMEI. Tried after remounting, in TWRP, etc. Result is always the same. Probably u have to replace both nvdata and nvram.
For sure AT+EGMR method does not work either (tested on Treble rom). On this device im receiving just ERROR when im executing AT command to /dev/radio/pttycmd1
MAUI 10 is unable to connect to this device. Computer is for sure configured correctly and has proper drivers (im using couple phones and others connecting).
Any one tried to change IMEI on new Xiaomi Treble ready MTK phones? Does any1 managed to find method how to change IMEIs on those devices?
Best regards

Daveron81 said:
Hi,
On Redmi 6 i noticed, that IMEI is stored in different way than in previous Xiaomi models. File MD0B_001 does not exist, instead we have LD0B_001. File format for sure has changed. New file has 384B while old one had as i remember 32B(?).
Is there any known way to change IMEI on this device? Replacing LD file with old MD does not produce any good results. Something is restoring LD01_001 on reboot if you will replace it inside /vendor/nvdata/md/NVRAM/NVD_IMEI. Tried after remounting, in TWRP, etc. Result is always the same. Probably u have to replace both nvdata and nvram.
For sure AT+EGMR method does not work either (tested on Treble rom). On this device im receiving just ERROR when im executing AT command to /dev/radio/pttycmd1
MAUI 10 is unable to connect to this device. Computer is for sure configured correctly and has proper drivers (im using couple phones and others connecting).
Any one tried to change IMEI on new Xiaomi Treble ready MTK phones? Does any1 managed to find method how to change IMEIs on those devices?
Best regards
Click to expand...
Click to collapse
Please I need change my device IMIE

[SOLVED} Help: IMEI disappeared after partitions disaster (LineageOS 17.1 on SM-A320FL)

Hello guys, first of all: thank you very much for your Forum; I'm learning a lot even if I remain a complete noob!
I'm trying to use LineageOS 17.1 (lineage-17.1-20210118-UNOFFICIAL-a3y17lte, recovery OrangeFox 11.01) on Galaxy A3 2017 (SM-A320FL), and I did something really stupid trying to make Link2App work.
I had problems to format properly the miniSD using Android's apps, and I could not remove the card from the phone (the slot's opening is damaged). So then I tried to format the card using ADB + BusyBox + fdisk, BUT I did it while I was distracted by other job's issues, and I didn't realize I was working on the internal SD instead of on the removable card (yes, complete idiot...).
Result: a brand new empty partition table in my phone, permanently stuck in Download mode (impossible even to power off it).
I tried to restore the phone using this procedure, but it failed midway. By the way, I could Odin-flash TWRP and then restore the partitions using the repartion script. Eventually, I fleshed my OrangeFox and LineageOS: the system is now perfectly working, but the phone doesn't recognize any more my SIM and IMEI (dialing: *#06#) is blank.
I had a Fox's "light" backup, but it didn't solve anything.
I'm still having the original box with the IMEI number on the label, but I didn't find a suitable procedure to use it.
Kies3: the SM-A320 phone seems too old to allow the Initialization procedure described here (yes, the phone was unplugged)
There are many apps promising miracles (for instance: ToolHero, MTK Engineering Mode, IMEI Generator Pro, EFT Dongle...); however, I tried some, and they seem to me just ****ty pieces of software, requiring the original system or dubious paid services.
Dialing codes* procedure (like Method 1 here). I cannot remove SIM or battery to complete the procedure. Besides, my phone doesn't react to the code; probably they are country or SIM specific...
Line command (terminal emulator or ADB): this seems to be the most promising method; however, the line
Code:
echo 'AT +EGMR=1,7,"MY_IMEI_NUMBER"'>/dev/pttycmd1
doesn't do anything on my device
IMEI generator: I tried to generate a new MP0B_001 file using this guide. The download link is broken, then I downloaded the files from another source, and I prefer to add to my system just the MPB_001, without flashing the "repair" tool. Besides, I don't have any /nvram folder in my $root/data/ directory... (the only IMEI related folder is in $root/eps/).
Any suggestion to solve this mess? Thank you very much!
Daniele
* EDIT: after typing *#*#197328640#*#* the phone window closes.

Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com

jwoegerbauer said:
Look inside here:
3 METHODS to restore your IMEI number on Android
Most people face a common issue with IMEI number that is losing them. Particularly, it happens when you get a locked second-hand mobile or in Mediatek devices.
www.gizmogo.com
Click to expand...
Click to collapse
Thank you very much for your answer! The 2-3 methods seem promising; however, I isolated the problem and solved it before receiving your message.
The problem: after messing with the partitions, I tried to restore my system, downloading the files via Freja. However, I select the wrong CSC, using my SIM provider code (TIM) instead of the generic code for Italy (ITV).
I noticed it exploring the light backup I had done in TWRP (only System partition): a CSC_version.txt was there, pointing to A320FLOXA9CTK1 (ITV version, while I restored using A320FLTIM8CTH1, TIM carrier version). ITV was also mentioned in the file $ROOT/eps/imei/mps_code.dat (dunno if this is relevant)
Solution: Odin + the right firmware did the trick. I had my IMEI back and the phone working, then I came back flashing TWRP, Orangefox and, eventually, LineageOS.
Everything is working now, and, of course, I backed up EPS partition (now).
Many thanks!
daniele