• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.
Sign in to follow this  
Followers 0

[Need helpers!] Searching for keyword "simlock" in "mmcblk0" shows things...

35 posts in this topic

Posted · Report post

You'd do well to download the ISO and install it inside Oracle Virtualbox, so long as you have >4Gb ram. Virtualbox is free, and means you can run the OS inside a window instead of needing to reboot.

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Just found this thread.

In my quest to unlock, I searched through the available partitions a few months ago and I can confirm that the unlock code can not be found in its complete string in any of the available partitions (i.e. unencrypted). It may be there in a coded form but I would think it is in one of the raw partitions if anywhere.

You could always use a live cd or usb version of linux, i.e. knoppix or an ubuntu in try out mode, no need to install.

You don’t need to pull the partition to search or use linux, you can just use the shell i.e.

adb shell

su

strings /dev/block/mmcblk0 | grep “your_chosen_search_term”

There are some clues from logs of commands run on the modem but I haven’t had luck to get a proper modem interface & even if I could, I still don’t think it would let you lock that easily.

I’ve got an unlock code for my device & I haven’t used it yet. So when I do, I’ll simultaneous run a logcat and AT interface log and post the result.

I’m not confident there will be that many clues but someone else may wish to use it. As despite several hours effort, unlocking this phone without a code is all beyond me...

Edited by intheblue
0

Share this post


Link to post
Share on other sites

Posted · Report post

Latest strings:


strings --print-file-name mmcblk0p* | grep fastboot

mmcblk0p2: fastboot

mmcblk0p2: fastboot

mmcblk0p2: fastboot

mmcblk0p2: fastboot: cmd_getvar %s

mmcblk0p2: fastboot got command: %s

mmcblk0p2: fastboot: oops!

mmcblk0p2: /cache/fastboot.tmp

mmcblk0p2: fastboot: processing commands

mmcblk0p2: E:scratch malloc of %u failed in fastboot. Unable to continue.

mmcblk0p2: scratch malloc of %u failed in fastboot. Unable to continue.

mmcblk0p2: fastboot: cmd_download %d bytes

mmcblk0p2: E:fastboot: cmd_download error only got %d bytes

mmcblk0p2: fastboot: cmd_download error only got %d bytes

mmcblk0p2: Listening for the fastboot protocol over USB.

mmcblk0p2: fastboot_state

mmcblk0p2: fastboot_command_loop

mmcblk0p2: fastboot_handler

mmcblk0p2: fastboot_thread

mmcblk0p2: flash_fastboot_kernel

mmcblk0p2: fastboot_info

mmcblk0p2: fastboot_ack

mmcblk0p2: fastboot_okay

mmcblk0p2: fastboot_init

mmcblk0p2: fastboot_publish

mmcblk0p2: fastboot_register

mmcblk0p2: fastboot_fail

mmcblk0p8: 01-03 20:54:52.405	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota

mmcblk0p8: 04-01 00:15:58.685	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fastboot

mmcblk0p8: 04-01 00:15:58.669    86    96 I droidboot: Listening for the fastboot protocol over USB.

mmcblk0p8: 04-01 00:15:58.856	 0	 0 W Kernel-Dmesg: <6>[    7.453337] fastboot mode

mmcblk0p8: 04-01 00:15:58.979    86    96 D fastboot: fastboot: processing commands

mmcblk0p8: 03-31 21:56:30.738	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fastboot

mmcblk0p8: 03-31 21:56:30.729    84    92 I droidboot: Listening for the fastboot protocol over USB.

mmcblk0p8: 03-31 21:56:30.912	 0	 0 W Kernel-Dmesg: <6>[    6.513414] fastboot mode

mmcblk0p8: 03-31 21:56:31.039    84    92 D fastboot: fastboot: processing commands

mmcblk0p8: 03-31 22:03:49.447	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota

mmcblk0p8: 03-31 01:55:30.268	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota

mmcblk0p9: 01-04 20:30:46.815	 0	 0 W Kernel-Dmesg: <6>[    2.082609] fastboot mode

mmcblk0p9: 01-04 20:30:53.042	 0	 0 W Kernel-Dmesg: <6>[   30.992277] fastboot mode

mmcblk0p9: 01-04 20:30:53.137	 0	 0 W Kernel-Dmesg: <6>[   31.081176] fastboot mode

mmcblk0p9: 01-04 20:30:56.289  1272  1294 I Recovery: Listening for the fastboot protocol on the USB OTG.

mmcblk0p9: 01-04 20:30:56.399  1272  1294 I Recovery: fastboot: ready for commands. Power + VolUp goto Recovery

mmcblk0p9: 01-04 20:30:56.399  1272  1294 I Recovery: fastboot: getvar:version

mmcblk0p9: 01-04 20:30:56.409  1272  1294 I Recovery: fastboot: oem image_switch ftm

mmcblk0p9: 01-02 00:02:53.110  1263  1285 I Recovery: fastboot: oem image_switch ftm

mmcblk0p9: 01-02 00:02:53.160  1263  1285 I Recovery: fastboot: getvar:version

mmcblk0p9: 01-02 00:02:53.170  1263  1285 I Recovery: fastboot: download:0000000e

mmcblk0p9: 01-02 00:02:53.550  1263  1285 I Recovery: fastboot: flash:/config/cfgdata/Mac_Pid.txt

mmcblk0p9: 01-02 00:02:54.120  1263  1285 I Recovery: fastboot: oem system "sync"

mmcblk0p9: fastboot.img

mmcblk0p9: fastboot.imgPK

0

Share this post


Link to post
Share on other sites

Posted · Report post

I did this before and it came to me that mmcblk0 did not contain any unlock code

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Hey hackers, do this:


./adb pull /system/etc/firmware/modem/radio_firmware.bin

... then have a "strings radio_* | grep flash" or do a hexdump -c on it (Linux). Seems to be much simlock and IMEI data in there:

strings radio_firmware.bin | grep flash

Committed to NVM flash...

Failed to set startup mode to %s%s%s (%d) in flash

Failed to read startup mode in flash

Failed to set startup mode to %s%s%s (%d) in flash

Failed to read startup mode in flash

`Error reading IMEI and signature from flash

`Error reading lock_id %d from flash

`Error cannot read GLOB_DATA_MASTERCTRL from flash

`Cannot write GLOB_DATA_MASTERCTRL to flash

Error reading the system test ticket from flash

Error reading the bootcore ticket from flash

Error reading the security module ticket from flash

Performing validation of flash

Error validating flash content

`Error reading MID certificate from flash

Error writing imei to otp flash

sec_opcode_flashio_data

Error reading data from flash

Error: Cannot read HW details from flash

Enter: func_ata_flash_io

Exit: func_ata_flash_io

\Yap[YaError reading encrypted lock data from flash

`Error reading simlock signature from flash

`Error reading IMEI and signature from flash

Error reading encrypted lock data from flash

Error reading encrypted lock data from flash

`Error reading ticket id 0x%08x data from flash

Storing ticket in flash

`Error reading RnD certificate from flash

`Error reading the master control profile from flash

Error storing master control profile to flash

Error writing to flash

`Error reading RnD certificate from flash

`Error reading RnD certificate from flash

Enter: func_fetch_imei_from_flash

Error reading encrypted IMEI from flash

Exit: func_fetch_imei_from_flash

Error reading the ticket from flash

maybe no CDS_IF build or not flashed

../../mhw_drv_src/power_control/ebu/src/xgold626/ebu_flash.c

Verify if CDS image is flashed

used_flash

used_eeflash

Writes the startup mode to flash.

Reads the startup mode from flash.

Commit registry values to flash.

Writes the startup pmode to flash.

Reads the startup pmode from flash.

flash_io

psi_flash_signed.fls

Edited by glossywhite
0

Share this post


Link to post
Share on other sites

Posted · Report post

Okay, so this string seems to bring up some results:

$ strings mmcblk0 | grep ticket
Shows...



M`Security ticket: %s

Security ticket: Undefined name for security ticket (%d)

Error validating phonelock ticket 0x%08x

Enter: func_system_tickets_written

Error reading the system test ticket from flash

No test ticket definition available

Error reading the bootcore ticket from flash

No bootcore ticket definition available

Error reading the security module ticket from flash

No security module ticket definition available

Exit: func_system_tickets_written

Enter: func_systicket_count_minute

`Global system ticket reset

M`%s[10]:sec_ticket

Enter: func_systicket_data_clear

;N`Exit: func_systicket_data_clear

Enter: func_systicket_count_reset

`Exit: func_systicket_count_reset

Access denied in sec_opcode_flush (ticket 0x%08x)

Access denied in sec_opcode_program (ticket 0x%08x)

Error validating ticket for id %08x

Access denied in sec_opcode_get_hw_details (ticket 0x%08x)

Access denied in sec_opcode_freeze_imei (ticket 0x%08x)

Access denied in sec_opcode_freeze_imiei (ticket 0x%08x)

Access denied in sec_opcode_store_soft_imei (ticket 0x%08x)

Access denied in sec_opcode_clear_sec_area (ticket 0x%08x)

Enter: func_systicket_count_pwrup

Error: Cannot remove ticket

Exit: func_systicket_count_pwrup

Enter: func_systicket_clear_code

Exit: func_systicket_verify_code

Error reseting system ticket counter

Error clearing system ticket data

Enter: func_systicket_verify_code

Error: Wrong ticket id 0x%08x

Exit: func_systicket_verify_code

`Error validating ticket for id %08x

s_valid_system_ticket

Enter: func_si_chk_valid_system_ticket

Enter: func_si_chk_ticket_sm

Exit: func_si_chk_ticket_sm

Enter: func_si_chk_ticket_cp

Exit: func_si_chk_ticket_cp

Enter: func_si_chk_ticket_sp

Exit: func_si_chk_ticket_sp

Enter: func_si_chk_ticket_ns

Exit: func_si_chk_ticket_ns

Enter: func_si_chk_ticket_no

Exit: func_si_chk_ticket_no

Enter: func_si_chk_ticket_sec

Exit: func_si_chk_ticket_sec

Enter: func_si_chk_ticket_boot

Exit: func_si_chk_ticket_boot

Enter: func_si_chk_ticket_test

Exit: func_si_chk_ticket_test

Invalid tickets. Service mode set to SEC_SERVICE_FACTORY.

`Error reading ticket id 0x%08x data from flash

Error, ticket is invalid due to (0xFFFFFFFF)

;N`Exit: func_verify_ticket

Expected ticket id different from ticket id 0x%08x , 0x%08x

Storing ticket in flash

9IaFunction is deprecated - Use [email protected]_ticket? instead.

Enter: func_simlock_tickets_written

Error reading the ticket from flash

No ticket definition available

Exit: func_simlock_tickets_written

Access denied in sec_opcode_verify_fuseregisters and sec_opcode_set_fuseregisters (ticket 0x%08x)

Enter: func_verify_ticket (input ticket 0x%08x) (Present ticket 0x%08x)

Exit: func_systicket_count_minute (minutes back %d before reset)

tls1_process_ticket

SSL_set_session_ticket_ext_cb

SSL_set_session_ticket_ext

ssl3_get_new_session_ticket

SSL_set_session_ticket_ext

invalid ticket keys length

krb5 server bad ticket

ssl3_get_new_session_ticket

tls1_process_ticket

invalid ticket keys length

krb5 server bad ticket

~~~ ALSO ~~~


strings mmcblk0 | grep func_

Error: func_id has been tampered

SaEnter: func_validate_cert

Exit: func_validate_cert

func_sec_process entering while(1) loop

func_process_running: UtaOsThreadGetCurrent(...) returned %d.

Error: NULL pointer send func_id.

Enter: func_pkcs_validate

Exit: func_pkcs_validate

Enter: func_rsa_decrypt

Exit: func_rsa_decrypt

Enter: func_read_data_pointer

Exit: func_read_data_pointer

func_ThreadDeletedHandler: UtaOsSemRelease(Done) returned %d.

Enter: func_get_lock_profiles

`Exit: func_get_lock_profiles

Enter: func_get_file_profile file_id %d

`Exit: func_get_file_profile

Enter: func_compare_lock_data

`Exit: func_compare_lock_data

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Enter: func_byte_reverse

Exit: func_byte_reverse

@~SaEnter: func_utasec_rsa_pub

Exit: func_utasec_rsa_pub

X~SaEnter: func_utasec_hash

Exit: func_utasec_hash

Enter: func_pkcs_der_type

}SaExit: func_pkcs_der_type

Enter: func_verify_cert_data

Exit: func_verify_cert_data

Enter: func_put_to_lock_action_list

Exit: func_put_to_lock_action_list

`Enter: func_test_sim_inserted

{SaExit: func_test_sim_inserted

Enter: func_req_data_present_on_sim

Exit: func_req_data_present_on_sim

Enter: func_perform_lock_data_cmp

Exit: func_perform_lock_data_cmp

Enter: func_change_control_key

`Exit: func_change_control_key

Enter: func_ptst_lock_control tag 0x%xl

`Exit: func_ptst_lock_control

Enter: func_calculate_tickkey

Exit: func_calculate_tickkey

Enter: func_system_tickets_written

Exit: func_system_tickets_written

Enter: func_systicket_count_minute

Enter: func_minute_tick

`Exit: func_minute_tick

Enter: func_module_test_func opcode %d

Exit: func_module_test_func

Terminating func_sec_process

Enter: func_handle_no_comp

Exit: func_handle_no_comp

Enter: func_store_armed_code_groups

`Exit: func_store_armed_code_groups

Enter: func_perform_control_key_verification

Exit: func_perform_control_key_verification

Enter: func_perform_control_key_change

SaExit: func_perform_control_key_change

Enter: func_handle_sm_comp

Exit: func_handle_sm_comp

Enter: func_imei_virgin_extension

Exit: func_imei_virgin_extension

Enter: func_simlock_virgin_extension

Exit: func_simlock_virgin_extension

Enter: func_create_hmac

Error: func_utasec_sha1_hash failed!

Error: func_utasec_wrap_data failed!

Exit: func_create_hmac

Enter: func_validate_hmac

Error: func_create_hmac failed!

Exit: func_validate_hmac

Enter: func_TLV_read

Exit: func_TLV_read

Enter: func_tag_id_to_path

Exit: func_tag_id_to_path

func_sec_init: UtaOsThreadGetCurrent(...) returned %d.

`func_sec_init: UtaOsThreadDelete(...) returned %d.

Enter: func_comp_no_data

Exit: func_comp_no_data

Enter: func_handle_sp_comp

Exit: func_handle_sp_comp

Enter: func_handle_ns_comp

Exit: func_handle_ns_comp

Enter: func_comp_sm_data

Exit: func_comp_sm_data

Enter: func_init_storage

Exit: func_init_storage

Enter: func_systicket_data_clear

;N`Exit: func_systicket_data_clear

Enter: func_systicket_count_reset

`Exit: func_systicket_count_reset

}SaEnter: func_utasec_sha1_hash

Exit: func_utasec_sha1_hash

~SaEnter: func_utasec_wrap_data

Exit: func_utasec_wrap_data

~SaEnter: func_utasec_make_hmac

Exit: func_utasec_make_hmac

Enter: func_imei_read_ascii

Exit: func_imei_read_ascii

Enter: func_imei_read

`Exit: func_imei_read

Enter: func_hwid_baseband

SaExit: func_hwid_baseband

Enter: func_signature_check_at_if

Exit: func_signature_check_at_if

Enter: func_new_concept_func

Warning: Security data invalid (func_new_concept_func)

Error func_update_data_begin

Error func_buffer_sec_data

Error func_update_data_completed

`Exit: func_new_concept_func

Enter: func_tlv_iterator_validate_hw_details

Exit: func_tlv_iterator_validate_hw_details

Enter: func_tlv_iterator_setup_and_validate

Exit: func_tlv_iterator_setup_and_validate

Enter: func_comp_ns_data

Exit: func_comp_ns_data

Enter: func_handle_cp_comp

Enter: func_comp_sp_data

Exit: func_comp_sp_data

Enter: func_systicket_count_pwrup

Exit: func_systicket_count_pwrup

Enter/Exit: func_ata_sec_init

Enter/Exit: func_ata_sec_kill

Enter: func_init_storage_extension

Exit: func_init_storage

Enter: func_systicket_clear_code

Exit: func_systicket_verify_code

Error func_update_data_begin

Error func_buffer_sec_data

Enter: func_imei_read_ascii_mult

Exit: func_imei_read_ascii_mult

Enter: func_imei_read_mult

`Exit: func_imei_read_mult

Enter: func_comp_cp_data

Exit: func_comp_cp_data

Enter: func_systicket_verify_code

Exit: func_systicket_verify_code

Enter: func_validate_pre_program

Exit: func_validate_pre_program

Enter: func_ata_create_var

`Exit: func_ata_create_var

Enter: func_ata_set_format

Exit: func_ata_set_format

Enter: func_ata_code_verify

Exit: func_ata_code_verify

Enter: func_ata_code_clear

Exit: func_ata_code_clear

Enter: func_ata_imei_read

Exit: func_ata_imei_read

Enter: func_ata_imei_label

Exit: func_ata_imei_label

Enter: func_ata_hw_details

Exit: func_ata_hw_details

Enter: func_ata_status_info

Exit: func_ata_status_info

Enter: func_ata_state_info

Exit: func_ata_state_info

Enter: func_ata_flash_io

Exit: func_ata_flash_io

Enter: func_ata_ptest_generic

Exit: func_ata_ptest_generic

Enter: func_ata_module_test

Exit: func_ata_module_test

Enter: func_ata_fus_script

Exit: func_ata_fus_script

Enter: func_ata_imei_read

Exit: func_ata_imei_read

Enter: func_si_chks

Exit: func_si_chks

Enter: func_secblk_available_length

Exit: func_secblk_available_length

Enter: func_secblk_read

Exit: func_secblk_read

Enter: func_secblk_write

Exit: func_secblk_write

Enter: func_si_chk_virgin

Enter: func_si_chk_valid_system_ticket

Enter: func_si_chk_rnd

Exit: func_si_chk_rnd

Enter: func_si_chk_mid

Exit: func_si_chk_mid

Enter: func_si_chk_simlock

Exit: func_si_chk_simlock

Enter: func_si_chk_ticket_sm

Exit: func_si_chk_ticket_sm

Enter: func_si_chk_ticket_cp

Exit: func_si_chk_ticket_cp

Enter: func_si_chk_ticket_sp

Exit: func_si_chk_ticket_sp

Enter: func_si_chk_ticket_ns

Exit: func_si_chk_ticket_ns

Enter: func_si_chk_ticket_no

Exit: func_si_chk_ticket_no

Enter: func_si_chk_imei

Exit: func_si_chk_imei

Enter: func_si_chk_ticket_sec

Exit: func_si_chk_ticket_sec

Enter: func_si_chk_ticket_boot

Exit: func_si_chk_ticket_boot

Enter: func_si_chk_ticket_test

Exit: func_si_chk_ticket_test

Enter: func_si_chks_extension

Exit: func_si_chks_extension

Enter: func_si_chk_restricted_mode

Exit: func_si_chk_restricted_mode

func_process_running: UtaOsThreadGetCurrent(...) returned %d.

func_process_running: UtaOsThreadGetName(...) returned %d.

func_exec_function: UtaOsThreadGetCurrent(...) returned %d.

func_exec_function: UtaOsThreadGetName(...) returned %d.

`func_exec_function: UtaOsSemObtain(call) returned %d.

`func_exec_function: UtaOsSemRelease(call) returned %d.

Error: func_id has been tampered

Enter: func_system_access_level

`Exit: func_system_access_level

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Error: func_id has been tampered

Enter: func_glob_sec_init

SaExit: func_glob_sec_init

Enter: func_simlock_virgin

Error: func_simlock_virgin_extension failed.

Exit: func_simlock_virgin

Enter: func_update_data_begin

Exit: func_update_data_begin

Enter: func_get_data_block

Exit: func_get_data_block

Enter: func_get_block_info

Exit: func_get_block_info(id=%02x,offset=0x%x,length=0x%x)

;N`Exit: func_verify_ticket

Enter: func_init_lock_action

`Exit: func_init_lock_action

Enter: func_get_from_lock_action_list

`Exit: func_get_from_lock_action_list

Enter: func_update_data_completed

Exit: func_update_data_completed

Enter: func_store_data_block

Exit: func_store_data_block

Enter: func_get_hwids

Exit: func_get_hwids

Enter: func_verify_MID_cert_data

Exit: func_verify_MID_cert_data

Enter: func_validate_signature

Exit: func_validate_signature

func_malloc(...) failed.

func_create_thread: UtaOsSemCreate(done) returned %d.

func_create_thread: UtaOsThreadCreate(...) returned %d.

func_create_thread: UtaOsThreadStart(...) returned %d.

func_create_thread: UtaOsSemObtain(done) returned %d.

func_create_thread: UtaOsSemDelete(func) returned %d.

Enter: func_verify_control_key

`Exit: func_verify_control_key

Enter: func_get_symkey

Exit: func_get_symkey

Enter: func_write_dyn_sta_block block_id(0x%x)

Exit: func_write_dyn_sta_block

Enter: func_read_dyn_sta_block block_id(0x%x)

Exit: func_read_dyn_sta_block

Enter: func_eep_get_sec_status

Exit: func_eep_get_sec_status

Enter: func_eep_store_sec_status

exit: func_eep_store_sec_status

Enter: func_get_nof_imeis

Exit: func_get_nof_imeis

Enter: func_get_data_offset_length

Exit: func_get_data_offset_length

Enter: func_failsafe_imei_prepare

{SaExit: func_failsafe_imei_prepare

Enter: func_buffer_sec_data

Exit: func_buffer_sec_data

Enter: func_get_MID_imei

Exit: func_get_MID_imei

Enter: func_get_system_access_level

SaExit: func_get_system_access_level

Enter: func_imei_virgin

Error: func_imei_virgin_extension failed.

Exit: func_imei_virgin

Enter: func_fetch_imei_from_flash

Exit: func_fetch_imei_from_flash

Enter: func_ata_switch_process

Error: func_id has been tampered

Exit: func_ata_switch_process

Enter: func_ata_approve_access

Exit: func_ata_approve_access

Enter: func_ata_print_bin_data

Exit: func_ata_print_bin_data

Enter: func_simlock_tickets_written

Exit: func_simlock_tickets_written

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_build_mac_cfg_func_ehs.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

i`urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_trch_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

urrcdc:urrcdc_db_cfg_phych_func_edch.c

func_hwid_baseband: scu_feat_serial_number_get(...) returned %d.

Error starting write session to data buffer (func_update_data_begin)

func_malloc: malloc(%d) failed.

func_create_thread: UtaOsThreadRegisterDeletedHandler(...) returned %d.

Enter: func_verify_ticket (input ticket 0x%08x) (Present ticket 0x%08x)

Exit: func_systicket_count_minute (minutes back %d before reset)

android.app.func_name

ERR_func_error_string

Unable to seek to export_func_name_list section for writing.

Unable to write export_func_name_list section to cache file.

Unable to allocate for export_func_name_list

Unable to seek to export_func_name_list section

Unable to read export_func_name_list.

GL_ARB_blend_func_extended

return this.func_;

ERR_func_error_string

services4/srvclient/env/linux/common/osfunc_um.c

i seem to see 0x%08x a lot in these strings could this be the address where its looking for the valid key ?

would we find anything with a hex editor ?

also how big was the mmcblk0 file you pulled, i tried to get it last night but it was taking hours so i left it lol

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

I've no idea how big it was, as I have deleted the folder since then (it was a sub-dir of android SDK, which I had to re-setup).

The one vital clue you are missing, is the address portion referenced by the variable container "%" ... which could be any value.

May be prudent not to quote *such* a long post, next time :)

Edited by glossywhite
0

Share this post


Link to post
Share on other sites

Posted · Report post

also how big was the mmcblk0 file you pulled, i tried to get it last night but it was taking hours so i left it lol

I think it was something stupid like 1.5GB in size.
0

Share this post


Link to post
Share on other sites

Posted · Report post

1.5GB lol mine was 13GB and still going, definately something wrong there, I did delete my phones partitions through adb I hope that has nowt to do with it :|

0

Share this post


Link to post
Share on other sites

Posted · Report post

Just want to say that while my skills are sketchy at best, I'm entirely willing to help provide data - you need the output from any of these things from a still-sim-locked device with the 58MiB patch applied and then rerooted, I'm your man.  Just say what you want so I don't flood with useless things!

 

Also possibly "Aha!" moments like the one that lead to regaining root after applying the 58MiB patch, but no promises there.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.