Jump to content


Photo

UNLOCKING: HOW TO PREVENT WIFI MAC AND NVITEMS LOSS

- - - - -

  • Please log in to reply
62 replies to this topic

#1
John W

John W

    Newbie

  • Members
  • Pip
  • 27 posts
Quick heads up,

If you want to prevent the loss of your WIFI mac address and probably other NV items that we don't yet know about then there's a working method. This isn't a tutorial just a heads up to those writing the tutorials that they can incorporate.

If you can locate a copy of QPST v2.7_366 via Google, and run the included utility "Software download", use the BACKUP tab with the default options to save your phone's non volatile memory state into a QCN file (with all default options), then run the Unlock process according to existing tutorials, then go back into "Software download" and use the Restore tab to restore the saved QCN file, you will find that you have avoided losing your MAC address (Losing the MAC address is probably no big issue, though to me it seems incredibly unlikely statistically that that is all we've lost from the existing unlocking process, and my concern is there are most likely other items that we may discover have been lost later on such as radio calibration data etc)

Edited by John W, 13 November 2011 - 01:25 AM.

  • 3

#2
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts

Quick heads up,

If you want to prevent the loss of your WIFI mac address and probably other NV items that we don't yet know about then there's a working method. This isn't a tutorial just a heads up to those writing the tutorials that they can incorporate.

If you can locate a copy of QPST v2.7_366 via Google, and run the included utility "Software download", use the BACKUP tab with the default options to save your phone's non volatile memory state into a QCN file (with all default options), then run the Unlock process according to existing tutorials, then go back into "Software download" and use the Restore tab to restore the saved QCN file, you will find that you have avoided losing your MAC address (Losing the MAC address is probably no big issue, though to me it seems incredibly unlikely statistically that that is all we've lost from the existing unlocking process, and my concern is there are most likely other items that we may discover have been lost later on such as radio calibration data etc)


Doesn't Channel1.nvm contain this info?

  • 0

#3
John W

John W

    Newbie

  • Members
  • Pip
  • 27 posts

Doesn't Channel1.nvm contain this info?


I thought it did, BUT when I try doing an A/B comparison between restoring Channel1.nvm and the QCN file, QCN works, Channel1.nvm doesn't. The QCN file is much bigger than Channel1.nvm and I suspect contains more than it (rather than just being in a less efficient format).

  • 0

#4
xiaoyaoswim

xiaoyaoswim

    Diehard

  • Members
  • PipPipPipPip
  • 365 posts
  • Gender:Male
  • Devices:ZTE Skate

Quick heads up,

If you want to prevent the loss of your WIFI mac address and probably other NV items that we don't yet know about then there's a working method. This isn't a tutorial just a heads up to those writing the tutorials that they can incorporate.

If you can locate a copy of QPST v2.7_366 via Google, and run the included utility "Software download", use the BACKUP tab with the default options to save your phone's non volatile memory state into a QCN file (with all default options), then run the Unlock process according to existing tutorials, then go back into "Software download" and use the Restore tab to restore the saved QCN file, you will find that you have avoided losing your MAC address (Losing the MAC address is probably no big issue, though to me it seems incredibly unlikely statistically that that is all we've lost from the existing unlocking process, and my concern is there are most likely other items that we may discover have been lost later on such as radio calibration data etc)


Well done John, that's really a brilliant finding! Hope this could finally make a perfect solution.
Could someone pls try and confirm this?

  • 0

#5
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts
Wish I had known this before unlocking, LOL!

  • 0

#6
kevwales

kevwales

    Newbie

  • Members
  • Pip
  • 30 posts
  • Gender:Male
  • Devices:ZTE Skate (OMC) - ZTE BLADE

Well done John, that's really a brilliant finding! Hope this could finally make a perfect solution.
Could someone pls try and confirm this?


Confirmed.

About re-locking, I flashed the files: GB_P743FV1.0.0B05 and OUK_P743TV1.0.0B18 from hecatae. Using FTM flash tools.

Results were: still unlocked, I think the xcsp_eclib.dll file is guilty! So i was thinking of using QPST to flash the above files.
But i have had a few to many drinks to do tonight :blink:

  • 2

#7
xiaoyaoswim

xiaoyaoswim

    Diehard

  • Members
  • PipPipPipPip
  • 365 posts
  • Gender:Male
  • Devices:ZTE Skate

Confirmed.

About re-locking, I flashed the files: GB_P743FV1.0.0B05 and OUK_P743TV1.0.0B18 from hecatae. Using FTM flash tools.

Results were: still unlocked, I think the xcsp_eclib.dll file is guilty! So i was thinking of using QPST to flash the above files.
But i have had a few to many drinks to do tonight :blink:


Exciting news!
Saturday night = drinking nightPosted Image

  • 0

#8
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts
It seems the WiFi MAC address resides in NV_ITEMS.

I TPT'd my OMC back to Stock Orange UK, entered FTM mode, then switched to Windows and fired up QPST. Next, I took a *.QCN backup of my NV_ITEMS, went back to Ubuntu, looked at it in a hex editor ("hexdump -c <somefilename.qcn>")...

matt@matt-Aspire-X3950:~/Desktop/NOV_OMC_QPST_NVITEMS$ hexdump -C NVITEMS_OMC_MY_NOV_2011.qcn | grep "11 22"
00001e00  88 00 01 00 83 00 00 00  11 22 33 44 55 66 00 00  |........."3DUf..|

... and whaddaYaKnow! There's that default, placeholder "11:22:33:44:55:66" MAC address!

It seems that the nv_4319 which holds our ORIGINAL, pre-unlocked, factory MAC, conflicts with the one held in NV_ITEMS, hence the popup!

We need to hexedit the NV_ITEMS *QCN backup, so that it holds our WiFi MAC address. Also, I did a hexedit of the "Channel1.nvm" which the new unlock method backs up for you when you flash the unlock, and ONLY THE BLUETOOTH MAC WAS IN THERE.

Summary: Hexedit needed, I think.

Edited by glossywhite, 13 November 2011 - 03:18 AM.

  • 2

#9
xiaoyaoswim

xiaoyaoswim

    Diehard

  • Members
  • PipPipPipPip
  • 365 posts
  • Gender:Male
  • Devices:ZTE Skate

It seems the WiFi MAC address resides in NV_ITEMS.

I TPT'd my OMC back to Stock Orange UK, entered FTM mode, then switched to Windows and fired up QPST. Next, I took a *.QCN backup of my NV_ITEMS, went back to Ubuntu, looked at it in a hex editor ("hexdump -c <somefilename.qcn>")...

matt@matt-Aspire-X3950:~/Desktop/NOV_OMC_QPST_NVITEMS$ hexdump -C NVITEMS_OMC_MY_NOV_2011.qcn | grep "11 22"
00001e00  88 00 01 00 83 00 00 00  11 22 33 44 55 66 00 00  |........."3DUf..|

... and whaddaYaKnow! There's that default, placeholder "11:22:33:44:55:66" MAC address!

It seems that the nv_4319 which holds our ORIGINAL, pre-unlocked, factory MAC, conflicts with the one held in NV_ITEMS, hence the popup!

We need to hexedit the NV_ITEMS *QCN backup, so that it holds our WiFi MAC address. Also, I did a hexedit of the "Channel1.nvm" which the new unlock method backs up for you when you flash the unlock, and ONLY THE BLUETOOTH MAC WAS IN THERE.

Summary: Hexedit needed, I think.


Good job! For those who have done unlocking & suffer the loss of MAC, to hex edit the QCN file and restore is a good idea. But as John pointed out, there is potentially other loss of NV items, which could be hard to manually modify.

As to Channel1.nvm, I once noticed on a Chinese forum that, some guy working on another ZTE Android handset found IMEI and BT MAC in it, but no WLAN MAC.

I think the most exciting thing is that more and more bright people are joining to make the unlocking solution better and better.

  • 0

#10
tillaz

tillaz

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 5,853 posts
  • Gender:Male
  • Location:Rockstar North
  • Interests:Alien Life
  • Devices:Nexus 4

It seems the WiFi MAC address resides in NV_ITEMS.

I TPT'd my OMC back to Stock Orange UK, entered FTM mode, then switched to Windows and fired up QPST. Next, I took a *.QCN backup of my NV_ITEMS, went back to Ubuntu, looked at it in a hex editor ("hexdump -c <somefilename.qcn>")...

matt@matt-Aspire-X3950:~/Desktop/NOV_OMC_QPST_NVITEMS$ hexdump -C NVITEMS_OMC_MY_NOV_2011.qcn | grep "11 22"
00001e00  88 00 01 00 83 00 00 00  11 22 33 44 55 66 00 00  |........."3DUf..|

... and whaddaYaKnow! There's that default, placeholder "11:22:33:44:55:66" MAC address!

It seems that the nv_4319 which holds our ORIGINAL, pre-unlocked, factory MAC, conflicts with the one held in NV_ITEMS, hence the popup!

We need to hexedit the NV_ITEMS *QCN backup, so that it holds our WiFi MAC address. Also, I did a hexedit of the "Channel1.nvm" which the new unlock method backs up for you when you flash the unlock, and ONLY THE BLUETOOTH MAC WAS IN THERE.

Summary: Hexedit needed, I think.


so have you managed to get rid off the pop up ?

  • 0

#11
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts

so have you managed to get rid off the pop up ?



############# MAC POPUP BANISHED!!!! MAC FIXED PERMANENTLY, ACROSS ROMS ETC!!!!! ####################

On Stock Orange, after I hex-edited my ORIGINAL MAC into the *.QCN backup of my NV_ITEMS, flashed my hex-edited *.QCN back to the phone using QPST in FTM mode, and rebooted, there was my ORIGINAL MAC (which I had inserted in place of the template 112233445566, using hexeditor). Restoring my BlueMonte Now, no reason to doubt it will be sitting there waiting for me :D


I'm not scared, it's just a phone! :P

[UPDATE]

That fixes it! There was my MAC, waiting for me! No more popup!

WooHoo! lol

The /etc/nv_4319, after restoration of my CWM backup, still says "11:22:33:44:55:66" in the un-commented line, but I have a feeling the HARDWARE flashed MAC overrides this.

Edited by glossywhite, 13 November 2011 - 04:08 AM.

  • 3

#12
xavk

xavk

    Newbie

  • Members
  • Pip
  • 3 posts
  • Devices:San Francisco
Really nice to see such rapid progress! Can someone please advise how I can get QPST to recognise my Skate? I cant seem to get it to enter Diagnostic mode.

Thanks!

  • 0

#13
tilal6991

tilal6991

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 3,781 posts
  • Gender:Male
  • Devices:ZTE Skate, Huawei U8150
Great work. Will now include this in my tutorial. :)

  • 0
If you like my work or if I helped, click the Plus button.

#14
Droid 007

Droid 007

    Newbie

  • Members
  • Pip
  • 32 posts

Quick heads up,

If you want to prevent the loss of your WIFI mac address and probably other NV items that we don't yet know about then there's a working method. This isn't a tutorial just a heads up to those writing the tutorials that they can incorporate.

If you can locate a copy of QPST v2.7_366 via Google, and run the included utility "Software download", use the BACKUP tab with the default options to save your phone's non volatile memory state into a QCN file (with all default options), then run the Unlock process according to existing tutorials, then go back into "Software download" and use the Restore tab to restore the saved QCN file, you will find that you have avoided losing your MAC address (Losing the MAC address is probably no big issue, though to me it seems incredibly unlikely statistically that that is all we've lost from the existing unlocking process, and my concern is there are most likely other items that we may discover have been lost later on such as radio calibration data etc)


Unfortunately these instructions were not available when I unlocked. So, I do not have QCN file to start with. Now my phone is unlocked. I have written down the MAC address for it, but trying out various forum suggestions to update it on the phone, but no success.

Is there a software/app that could be used fix the MAC address?

  • 0

#15
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts

Unfortunately these instructions were not available when I unlocked. So, I do not have QCN file to start with. Now my phone is unlocked. I have written down the MAC address for it, but trying out various forum suggestions to update it on the phone, but no success.

Is there a software/app that could be used fix the MAC address?


Yes. You download a backup of the .QCN using QPST tool, hex-edit your MAC into it (search for 11 22 33 44 55 66 and replace with your mac, using the same format), then flash it back in, using QPST. If you're unsure DO NOT ATTEMPT, as you'll brick the OMC, quite possibly.

Will try and do screenshots sometime.

  • 0

#16
Droid 007

Droid 007

    Newbie

  • Members
  • Pip
  • 32 posts

Yes. You download a backup of the .QCN using QPST tool, hex-edit your MAC into it (search for 11 22 33 44 55 66 and replace with your mac, using the same format), then flash it back in, using QPST. If you're unsure DO NOT ATTEMPT, as you'll brick the OMC, quite possibly.

Will try and do screenshots sometime.


I cannot afford to brick. I will wait until you have step by step instructions with screenshots.

  • 0

#17
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,878 posts

I cannot afford to brick. I will wait until you have step by step instructions with screenshots.


I don't have time to do the whole QPST backup sequence. Hopefully someone else will. But I have made a video which shows the important part; how to edit your MAC address in the *.QCN backup of NVITEMS, and save it, ready for flashing:


http://www.youtube.com/watch?v=n89J4nSENgw

  • 0

#18
BustaRhymes+

BustaRhymes+

    Newbie

  • Members
  • Pip
  • 7 posts
  • Devices:zte skate
I cant get QPST to recognise my skate....keep getting atlas server error HR=0x800702e4 and no phone connected message ?

Thanks

  • 0

#19
tilal6991

tilal6991

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 3,781 posts
  • Gender:Male
  • Devices:ZTE Skate, Huawei U8150

I cant get QPST to recognise my skate....keep getting atlas server error HR=0x800702e4 and no phone connected message ?

Thanks


Have a look at my tut here

  • 1
If you like my work or if I helped, click the Plus button.

#20
BustaRhymes+

BustaRhymes+

    Newbie

  • Members
  • Pip
  • 7 posts
  • Devices:zte skate
Cheers Tilal well I wasnt putting it into ftm mode but now I have I stil cant get it to recognise my phone...same error, I was tempted to just unlock it without saving my mac and other items but I guess that would be kinda stupid.

Im a bit of a rookie when it comes to things like this lol

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users