glossywhite

!!!___ I HAVE NVITEMS READ FROM OMC, IN FTM MODE__!!!

36 posts in this topic

Any idea what this code could be for the OMC? What was it for the OSF?

The OSF didn't appear to need one at all (Which is somewhat uncommon) or it was set to the default (so qpst just worked at least to a point).

If its hardcoded (Which is possible) then if one person read the code over jtag then anyone could use it.

but it might be device specific (Which is also possible).

1

Share this post


Link to post
Share on other sites

I think my attached "perso.txt" holds the clues... have a look!

What are the strange marking/lines? Do you have to use something to uncode them? As for the numbers...not really sure yet to be honest.

0

Share this post


Link to post
Share on other sites

I think my attached "perso.txt" holds the clues... have a look!

How did you manage to read out these numbers? Is one of them the unlock code?

0

Share this post


Link to post
Share on other sites

How did you manage to read out these numbers? Is one of them the unlock code?

If I knew that, I'd broadcast it! I read this out with EFS explorer in QPST. However, it seems unlock codes are 16 digits, and I have failed for 3 attempts, and only have 7 tries left, so I am not gonna waste them.

Edited by glossywhite
1

Share this post


Link to post
Share on other sites

It appears that "perso.txt" is encrypted. I tried to decrypt it using revskills, but the feature is "government only" - oh how very convenient! LOL!

1

Share this post


Link to post
Share on other sites

Have you tried using the V880 tool to backup :

RF / BT / IMEI / unLock info

(Probably won't work)

http://www.mediafire...m1wd4ktfkbd5amh

Perhaps there is a way to get the cefs.mbn also with that tool (As long as you don't write anything should be safe).

I believe cpg managed to patch armprgZTE.bin to allow reading the entire blade flash somehow.

The newest armprgZTE.bin we have is attached to this post (you can choose to load it using the v880 tool or PSAS (after you use the generic 72xx loader I think).

(ZTE has used the same loader for more than one device before).

Maybe there is a way to do something prior to starting appsboot (Like copy all the nvitems byte for byte into the OEM partition).

armprgZTE.zip

Edited by unrandomsam
2

Share this post


Link to post
Share on other sites

I think I messed up my OMC :'(

I pressed something while in "restore" mode and now it just has a black screen with backlight on. Fortunately I backed up nvitems.... help!! :(

0

Share this post


Link to post
Share on other sites

Can download mode work ?

Take battery out

Hold both volume buttons and plug it in

Should get a com port (and it appear in QPST configuration as an option) it will say download mode.

0

Share this post


Link to post
Share on other sites

Can download mode work ?

Take battery out

Hold both volume buttons and plug it in

Should get a com port (and it appear in QPST configuration as an option) it will say download mode.

Yes, download mode works... why? What to do next?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2016. MoDaCo uses IntelliTxt technology.