Jump to content


Photo

[Need helpers!] Searching for keyword "simlock" in "mmcblk0" shows things...

- - - - -

  • Please log in to reply
34 replies to this topic

#21
brokebloke

brokebloke

    Newbie

  • Members
  • Pip
  • 23 posts
  • Gender:Male
  • Devices:ZTE Blade, Orange San Diego

OK, I've got the file and now need some way of reading it to compare to Glossywhites output, is there any relatively simple way to do this on Windows? I've tried a command line tool from SysInternals called strings(surprise, surprise) which has thrown up an interesting line "SI_SIM_UNLOCK_DISABLED" although this may be in every instance.
I do have a small 60GB HD that I could clear for a Linux install but I'm trying to avoid that if possible.
Any suggestions?



You could always use a live cd or usb version of linux, i.e. knoppix or an ubuntu in try out mode, no need to install.

  • 1

#22
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,805 posts

You could always use a live cd or usb version of linux, i.e. knoppix or an ubuntu in try out mode, no need to install.


Indeed. I was going to suggest that also.

  • 0

#23
BlueMoonRising

BlueMoonRising

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,472 posts
  • Gender:Male
  • Location:Here, there and everywhere...
  • Devices:Orange San Diego, OSF

You could always use a live cd or usb version of linux, i.e. knoppix or an ubuntu in try out mode, no need to install.

Thanks, I've been looking at the Ubuntu site and will try the Windows installed version or perhaps the dual boot method. Is there any difference between the 2?
It's been a long time since I installed Linux, it certainly wasn't as easy as it seems to be now.

  • 0
Whoever exalts himself will be humbled, and whoever humbles himself will be exalted.

Matthew 23:12

#24
markhuges

markhuges

    Enthusiast

  • Members
  • PipPipPip
  • 165 posts

Thanks, I've been looking at the Ubuntu site and will try the Windows installed version or perhaps the dual boot method. Is there any difference between the 2?
It's been a long time since I installed Linux, it certainly wasn't as easy as it seems to be now.


Hello, The Windows Installation method "Wubi" is much easier, quicker and simpler, it is very similar to installing a normal program. and easier to remove./ uninstall. Its for Noobs (like me:P) whho want to play around with ubunutu, the good thing is that the dual boot will be created automatically :) and will be a very simple process.
The good is that if you choose this, its quicker and simpler also you will NOT have to create a separate hard drive partition. you can simply install it on your main drive like a additional program.

BUT IF You take this method DO Choose a appropriate installation size WHEN FIRST USING THE SETUP, as after its create it is possible but quite difficult to re size the installation hard disk disk size. Which is a drawback

The normal dual boot method will require a longer time to set up, and you have to adjust your bootloader. from what i have heard, this method is better if you want to use ubunut for a long period of time, also it is easier to re size the partion on this if you would like more space compared to the Wubi installer.

From my limited knowledge( im a noob so double check, also i use the WUbi installer method but with the Old 10.04 Verison which works perfectly. ) i Think thats the difference, but please also ask advice for other members. Thanks

Edited by markhuges, 09 April 2013 - 09:18 AM.

  • 0

#25
BlueMoonRising

BlueMoonRising

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,472 posts
  • Gender:Male
  • Location:Here, there and everywhere...
  • Devices:Orange San Diego, OSF

Hello, The Windows Installation method "Wubi" is much easier, quicker and simpler, it is very similar to installing a normal program. and easier to remove./ uninstall. Its for Noobs (like me:P) whho want to play around with ubunutu, the good thing is that the dual boot will be created automatically :) and will be a very simple process.
The good is that if you choose this, its quicker and simpler also you will NOT have to create a separate hard drive partition. you can simply install it on your main drive like a additional program.

BUT IF You take this method DO Choose a appropriate installation size WHEN FIRST USING THE SETUP, as after its create it is possible but quite difficult to re size the installation hard disk disk size. Which is a drawback

The normal dual boot method will require a longer time to set up, and you have to adjust your bootloader. from what i have heard, this method is better if you want to use ubunut for a long period of time, also it is easier to re size the partion on this if you would like more space compared to the Wubi installer.

From my limited knowledge( im a noob so double check, also i use the WUbi installer method but with the Old 10.04 Verison which works perfectly. ) i Think thats the difference, but please also ask advice for other members. Thanks

Thanks for that.

  • 0
Whoever exalts himself will be humbled, and whoever humbles himself will be exalted.

Matthew 23:12

#26
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,805 posts
You'd do well to download the ISO and install it inside Oracle Virtualbox, so long as you have >4Gb ram. Virtualbox is free, and means you can run the OS inside a window instead of needing to reboot.

  • 0

#27
intheblue

intheblue

    Newbie

  • Members
  • Pip
  • 30 posts
Just found this thread.

In my quest to unlock, I searched through the available partitions a few months ago and I can confirm that the unlock code can not be found in its complete string in any of the available partitions (i.e. unencrypted). It may be there in a coded form but I would think it is in one of the raw partitions if anywhere.

You could always use a live cd or usb version of linux, i.e. knoppix or an ubuntu in try out mode, no need to install.



You don’t need to pull the partition to search or use linux, you can just use the shell i.e.

adb shell
su
strings /dev/block/mmcblk0 | grep “your_chosen_search_term”



There are some clues from logs of commands run on the modem but I haven’t had luck to get a proper modem interface & even if I could, I still don’t think it would let you lock that easily.

I’ve got an unlock code for my device & I haven’t used it yet. So when I do, I’ll simultaneous run a logcat and AT interface log and post the result.

I’m not confident there will be that many clues but someone else may wish to use it. As despite several hours effort, unlocking this phone without a code is all beyond me...

Edited by intheblue, 10 April 2013 - 07:54 PM.

  • 0

#28
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,805 posts
Latest strings:

strings --print-file-name mmcblk0p* | grep fastboot
mmcblk0p2: fastboot
mmcblk0p2: fastboot
mmcblk0p2: fastboot
mmcblk0p2: fastboot: cmd_getvar %s
mmcblk0p2: fastboot got command: %s
mmcblk0p2: fastboot: oops!
mmcblk0p2: /cache/fastboot.tmp
mmcblk0p2: fastboot: processing commands
mmcblk0p2: E:scratch malloc of %u failed in fastboot. Unable to continue.
mmcblk0p2: scratch malloc of %u failed in fastboot. Unable to continue.
mmcblk0p2: fastboot: cmd_download %d bytes
mmcblk0p2: E:fastboot: cmd_download error only got %d bytes
mmcblk0p2: fastboot: cmd_download error only got %d bytes
mmcblk0p2: Listening for the fastboot protocol over USB.
mmcblk0p2: fastboot_state
mmcblk0p2: fastboot_command_loop
mmcblk0p2: fastboot_handler
mmcblk0p2: fastboot_thread
mmcblk0p2: flash_fastboot_kernel
mmcblk0p2: fastboot_info
mmcblk0p2: fastboot_ack
mmcblk0p2: fastboot_okay
mmcblk0p2: fastboot_init
mmcblk0p2: fastboot_publish
mmcblk0p2: fastboot_register
mmcblk0p2: fastboot_fail
mmcblk0p8: 01-03 20:54:52.405	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota
mmcblk0p8: 04-01 00:15:58.685	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fastboot
mmcblk0p8: 04-01 00:15:58.669    86    96 I droidboot: Listening for the fastboot protocol over USB.
mmcblk0p8: 04-01 00:15:58.856	 0	 0 W Kernel-Dmesg: <6>[    7.453337] fastboot mode
mmcblk0p8: 04-01 00:15:58.979    86    96 D fastboot: fastboot: processing commands
mmcblk0p8: 03-31 21:56:30.738	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fastboot
mmcblk0p8: 03-31 21:56:30.729    84    92 I droidboot: Listening for the fastboot protocol over USB.
mmcblk0p8: 03-31 21:56:30.912	 0	 0 W Kernel-Dmesg: <6>[    6.513414] fastboot mode
mmcblk0p8: 03-31 21:56:31.039    84    92 D fastboot: fastboot: processing commands
mmcblk0p8: 03-31 22:03:49.447	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota
mmcblk0p8: 03-31 01:55:30.268	 0	 0 W Kernel-Dmesg: ootmedia=sdcard androidboot.hardware=mfld_pr2 emmc_ipanic.ipanic_part_number=6 g_android.fastboot=1 droidboot.scratch=512 androidboot.wakesrc=05 androidboot.mode=fota
mmcblk0p9: 01-04 20:30:46.815	 0	 0 W Kernel-Dmesg: <6>[    2.082609] fastboot mode
mmcblk0p9: 01-04 20:30:53.042	 0	 0 W Kernel-Dmesg: <6>[   30.992277] fastboot mode
mmcblk0p9: 01-04 20:30:53.137	 0	 0 W Kernel-Dmesg: <6>[   31.081176] fastboot mode
mmcblk0p9: 01-04 20:30:56.289  1272  1294 I Recovery: Listening for the fastboot protocol on the USB OTG.
mmcblk0p9: 01-04 20:30:56.399  1272  1294 I Recovery: fastboot: ready for commands. Power + VolUp goto Recovery
mmcblk0p9: 01-04 20:30:56.399  1272  1294 I Recovery: fastboot: getvar:version
mmcblk0p9: 01-04 20:30:56.409  1272  1294 I Recovery: fastboot: oem image_switch ftm
mmcblk0p9: 01-02 00:02:53.110  1263  1285 I Recovery: fastboot: oem image_switch ftm
mmcblk0p9: 01-02 00:02:53.160  1263  1285 I Recovery: fastboot: getvar:version
mmcblk0p9: 01-02 00:02:53.170  1263  1285 I Recovery: fastboot: download:0000000e
mmcblk0p9: 01-02 00:02:53.550  1263  1285 I Recovery: fastboot: flash:/config/cfgdata/Mac_Pid.txt
mmcblk0p9: 01-02 00:02:54.120  1263  1285 I Recovery: fastboot: oem system "sync"
mmcblk0p9: fastboot.img
mmcblk0p9: fastboot.imgPK

  • 0

#29
rickywyatt

rickywyatt

    Hardcore

  • MoDaCo Silver
  • PipPipPipPipPipPip
  • 1,484 posts
  • Gender:Male
  • Location:London UK
  • Interests:Android
    Rom Modding &
    MoDaCo moderator
  • Devices:OneX Samsung S3 LTE Nexus 7
  • Twitter:@rickywyatt1982
I did this before and it came to me that mmcblk0 did not contain any unlock code

  • 0
Remember to read the fourm rules<br /><br />Maker of the AIO tool for Orange San Diego here<br />and the maker of the Motorola Razr I AIO tools here

#30
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,805 posts
Hey hackers, do this:

./adb pull /system/etc/firmware/modem/radio_firmware.bin

... then have a "strings radio_* | grep flash" or do a hexdump -c on it (Linux).

Seems to be much simlock and IMEI data in there:

strings radio_firmware.bin | grep flash
Committed to NVM flash...
Failed to set startup mode to %s%s%s (%d) in flash
Failed to read startup mode in flash
Failed to set startup mode to %s%s%s (%d) in flash
Failed to read startup mode in flash
`Error reading IMEI and signature from flash
`Error reading lock_id %d from flash
`Error cannot read GLOB_DATA_MASTERCTRL from flash
`Cannot write GLOB_DATA_MASTERCTRL to flash
Error reading the system test ticket from flash
Error reading the bootcore ticket from flash
Error reading the security module ticket from flash
Performing validation of flash
Error validating flash content
`Error reading MID certificate from flash
Error writing imei to otp flash
sec_opcode_flashio_data
Error reading data from flash
Error: Cannot read HW details from flash
Enter: func_ata_flash_io
Exit: func_ata_flash_io
\Yap[YaError reading encrypted lock data from flash
`Error reading simlock signature from flash
`Error reading IMEI and signature from flash
Error reading encrypted lock data from flash
Error reading encrypted lock data from flash
`Error reading ticket id 0x%08x data from flash
Storing ticket in flash
`Error reading RnD certificate from flash
`Error reading the master control profile from flash
Error storing master control profile to flash
Error writing to flash
`Error reading RnD certificate from flash
`Error reading RnD certificate from flash
Enter: func_fetch_imei_from_flash
Error reading encrypted IMEI from flash
Exit: func_fetch_imei_from_flash
Error reading the ticket from flash
maybe no CDS_IF build or not flashed
../../mhw_drv_src/power_control/ebu/src/xgold626/ebu_flash.c
Verify if CDS image is flashed
used_flash
used_eeflash
Writes the startup mode to flash.
Reads the startup mode from flash.
Commit registry values to flash.
Writes the startup pmode to flash.
Reads the startup pmode from flash.
flash_io
psi_flash_signed.fls

Edited by glossywhite, 13 April 2013 - 11:24 PM.

  • 0

#31
shootomanUK

shootomanUK

    Diehard

  • Members
  • PipPipPipPip
  • 454 posts
  • Gender:Male
  • Location:Salford, Manchester
  • Devices:AZ210A , WT19i , DynaTAC 8000X
  • Twitter:@not got one

Okay, so this string seems to bring up some results:

$ strings mmcblk0 | grep ticket

Shows...



M`Security ticket: %s
Security ticket: Undefined name for security ticket (%d)
Error validating phonelock ticket 0x%08x
Enter: func_system_tickets_written
Error reading the system test ticket from flash
No test ticket definition available
Error reading the bootcore ticket from flash
No bootcore ticket definition available
Error reading the security module ticket from flash
No security module ticket definition available
Exit: func_system_tickets_written
Enter: func_systicket_count_minute
`Global system ticket reset
M`%s[10]:sec_ticket
Enter: func_systicket_data_clear
;N`Exit: func_systicket_data_clear
Enter: func_systicket_count_reset
`Exit: func_systicket_count_reset
Access denied in sec_opcode_flush (ticket 0x%08x)
Access denied in sec_opcode_program (ticket 0x%08x)
Error validating ticket for id %08x
Access denied in sec_opcode_get_hw_details (ticket 0x%08x)
Access denied in sec_opcode_freeze_imei (ticket 0x%08x)
Access denied in sec_opcode_freeze_imiei (ticket 0x%08x)
Access denied in sec_opcode_store_soft_imei (ticket 0x%08x)
Access denied in sec_opcode_clear_sec_area (ticket 0x%08x)
Enter: func_systicket_count_pwrup
Error: Cannot remove ticket
Exit: func_systicket_count_pwrup
Enter: func_systicket_clear_code
Exit: func_systicket_verify_code
Error reseting system ticket counter
Error clearing system ticket data
Enter: func_systicket_verify_code
Error: Wrong ticket id 0x%08x
Exit: func_systicket_verify_code
`Error validating ticket for id %08x
s_valid_system_ticket
Enter: func_si_chk_valid_system_ticket
Enter: func_si_chk_ticket_sm
Exit: func_si_chk_ticket_sm
Enter: func_si_chk_ticket_cp
Exit: func_si_chk_ticket_cp
Enter: func_si_chk_ticket_sp
Exit: func_si_chk_ticket_sp
Enter: func_si_chk_ticket_ns
Exit: func_si_chk_ticket_ns
Enter: func_si_chk_ticket_no
Exit: func_si_chk_ticket_no
Enter: func_si_chk_ticket_sec
Exit: func_si_chk_ticket_sec
Enter: func_si_chk_ticket_boot
Exit: func_si_chk_ticket_boot
Enter: func_si_chk_ticket_test
Exit: func_si_chk_ticket_test
Invalid tickets. Service mode set to SEC_SERVICE_FACTORY.
`Error reading ticket id 0x%08x data from flash
Error, ticket is invalid due to (0xFFFFFFFF)
;N`Exit: func_verify_ticket
Expected ticket id different from ticket id 0x%08x , 0x%08x
Storing ticket in flash
9IaFunction is deprecated - Use [email protected]_ticket? instead.
Enter: func_simlock_tickets_written
Error reading the ticket from flash
No ticket definition available
Exit: func_simlock_tickets_written
Access denied in sec_opcode_verify_fuseregisters and sec_opcode_set_fuseregisters (ticket 0x%08x)
Enter: func_verify_ticket (input ticket 0x%08x) (Present ticket 0x%08x)
Exit: func_systicket_count_minute (minutes back %d before reset)
tls1_process_ticket
SSL_set_session_ticket_ext_cb
SSL_set_session_ticket_ext
ssl3_get_new_session_ticket
SSL_set_session_ticket_ext
invalid ticket keys length
krb5 server bad ticket
ssl3_get_new_session_ticket
tls1_process_ticket
invalid ticket keys length
krb5 server bad ticket


~~~ ALSO ~~~


strings mmcblk0 | grep func_
Error: func_id has been tampered
SaEnter: func_validate_cert
Exit: func_validate_cert
func_sec_process entering while(1) loop
func_process_running: UtaOsThreadGetCurrent(...) returned %d.
Error: NULL pointer send func_id.
Enter: func_pkcs_validate
Exit: func_pkcs_validate
Enter: func_rsa_decrypt
Exit: func_rsa_decrypt
Enter: func_read_data_pointer
Exit: func_read_data_pointer
func_ThreadDeletedHandler: UtaOsSemRelease(Done) returned %d.
Enter: func_get_lock_profiles
`Exit: func_get_lock_profiles
Enter: func_get_file_profile file_id %d
`Exit: func_get_file_profile
Enter: func_compare_lock_data
`Exit: func_compare_lock_data
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Enter: func_byte_reverse
Exit: func_byte_reverse
@~SaEnter: func_utasec_rsa_pub
Exit: func_utasec_rsa_pub
X~SaEnter: func_utasec_hash
Exit: func_utasec_hash
Enter: func_pkcs_der_type
}SaExit: func_pkcs_der_type
Enter: func_verify_cert_data
Exit: func_verify_cert_data
Enter: func_put_to_lock_action_list
Exit: func_put_to_lock_action_list
`Enter: func_test_sim_inserted
{SaExit: func_test_sim_inserted
Enter: func_req_data_present_on_sim
Exit: func_req_data_present_on_sim
Enter: func_perform_lock_data_cmp
Exit: func_perform_lock_data_cmp
Enter: func_change_control_key
`Exit: func_change_control_key
Enter: func_ptst_lock_control tag 0x%xl
`Exit: func_ptst_lock_control
Enter: func_calculate_tickkey
Exit: func_calculate_tickkey
Enter: func_system_tickets_written
Exit: func_system_tickets_written
Enter: func_systicket_count_minute
Enter: func_minute_tick
`Exit: func_minute_tick
Enter: func_module_test_func opcode %d
Exit: func_module_test_func
Terminating func_sec_process
Enter: func_handle_no_comp
Exit: func_handle_no_comp
Enter: func_store_armed_code_groups
`Exit: func_store_armed_code_groups
Enter: func_perform_control_key_verification
Exit: func_perform_control_key_verification
Enter: func_perform_control_key_change
SaExit: func_perform_control_key_change
Enter: func_handle_sm_comp
Exit: func_handle_sm_comp
Enter: func_imei_virgin_extension
Exit: func_imei_virgin_extension
Enter: func_simlock_virgin_extension
Exit: func_simlock_virgin_extension
Enter: func_create_hmac
Error: func_utasec_sha1_hash failed!
Error: func_utasec_wrap_data failed!
Exit: func_create_hmac
Enter: func_validate_hmac
Error: func_create_hmac failed!
Exit: func_validate_hmac
Enter: func_TLV_read
Exit: func_TLV_read
Enter: func_tag_id_to_path
Exit: func_tag_id_to_path
func_sec_init: UtaOsThreadGetCurrent(...) returned %d.
`func_sec_init: UtaOsThreadDelete(...) returned %d.
Enter: func_comp_no_data
Exit: func_comp_no_data
Enter: func_handle_sp_comp
Exit: func_handle_sp_comp
Enter: func_handle_ns_comp
Exit: func_handle_ns_comp
Enter: func_comp_sm_data
Exit: func_comp_sm_data
Enter: func_init_storage
Exit: func_init_storage
Enter: func_systicket_data_clear
;N`Exit: func_systicket_data_clear
Enter: func_systicket_count_reset
`Exit: func_systicket_count_reset
}SaEnter: func_utasec_sha1_hash
Exit: func_utasec_sha1_hash
~SaEnter: func_utasec_wrap_data
Exit: func_utasec_wrap_data
~SaEnter: func_utasec_make_hmac
Exit: func_utasec_make_hmac
Enter: func_imei_read_ascii
Exit: func_imei_read_ascii
Enter: func_imei_read
`Exit: func_imei_read
Enter: func_hwid_baseband
SaExit: func_hwid_baseband
Enter: func_signature_check_at_if
Exit: func_signature_check_at_if
Enter: func_new_concept_func
Warning: Security data invalid (func_new_concept_func)
Error func_update_data_begin
Error func_buffer_sec_data
Error func_update_data_completed
`Exit: func_new_concept_func
Enter: func_tlv_iterator_validate_hw_details
Exit: func_tlv_iterator_validate_hw_details
Enter: func_tlv_iterator_setup_and_validate
Exit: func_tlv_iterator_setup_and_validate
Enter: func_comp_ns_data
Exit: func_comp_ns_data
Enter: func_handle_cp_comp
Enter: func_comp_sp_data
Exit: func_comp_sp_data
Enter: func_systicket_count_pwrup
Exit: func_systicket_count_pwrup
Enter/Exit: func_ata_sec_init
Enter/Exit: func_ata_sec_kill
Enter: func_init_storage_extension
Exit: func_init_storage
Enter: func_systicket_clear_code
Exit: func_systicket_verify_code
Error func_update_data_begin
Error func_buffer_sec_data
Enter: func_imei_read_ascii_mult
Exit: func_imei_read_ascii_mult
Enter: func_imei_read_mult
`Exit: func_imei_read_mult
Enter: func_comp_cp_data
Exit: func_comp_cp_data
Enter: func_systicket_verify_code
Exit: func_systicket_verify_code
Enter: func_validate_pre_program
Exit: func_validate_pre_program
Enter: func_ata_create_var
`Exit: func_ata_create_var
Enter: func_ata_set_format
Exit: func_ata_set_format
Enter: func_ata_code_verify
Exit: func_ata_code_verify
Enter: func_ata_code_clear
Exit: func_ata_code_clear
Enter: func_ata_imei_read
Exit: func_ata_imei_read
Enter: func_ata_imei_label
Exit: func_ata_imei_label
Enter: func_ata_hw_details
Exit: func_ata_hw_details
Enter: func_ata_status_info
Exit: func_ata_status_info
Enter: func_ata_state_info
Exit: func_ata_state_info
Enter: func_ata_flash_io
Exit: func_ata_flash_io
Enter: func_ata_ptest_generic
Exit: func_ata_ptest_generic
Enter: func_ata_module_test
Exit: func_ata_module_test
Enter: func_ata_fus_script
Exit: func_ata_fus_script
Enter: func_ata_imei_read
Exit: func_ata_imei_read
Enter: func_si_chks
Exit: func_si_chks
Enter: func_secblk_available_length
Exit: func_secblk_available_length
Enter: func_secblk_read
Exit: func_secblk_read
Enter: func_secblk_write
Exit: func_secblk_write
Enter: func_si_chk_virgin
Enter: func_si_chk_valid_system_ticket
Enter: func_si_chk_rnd
Exit: func_si_chk_rnd
Enter: func_si_chk_mid
Exit: func_si_chk_mid
Enter: func_si_chk_simlock
Exit: func_si_chk_simlock
Enter: func_si_chk_ticket_sm
Exit: func_si_chk_ticket_sm
Enter: func_si_chk_ticket_cp
Exit: func_si_chk_ticket_cp
Enter: func_si_chk_ticket_sp
Exit: func_si_chk_ticket_sp
Enter: func_si_chk_ticket_ns
Exit: func_si_chk_ticket_ns
Enter: func_si_chk_ticket_no
Exit: func_si_chk_ticket_no
Enter: func_si_chk_imei
Exit: func_si_chk_imei
Enter: func_si_chk_ticket_sec
Exit: func_si_chk_ticket_sec
Enter: func_si_chk_ticket_boot
Exit: func_si_chk_ticket_boot
Enter: func_si_chk_ticket_test
Exit: func_si_chk_ticket_test
Enter: func_si_chks_extension
Exit: func_si_chks_extension
Enter: func_si_chk_restricted_mode
Exit: func_si_chk_restricted_mode
func_process_running: UtaOsThreadGetCurrent(...) returned %d.
func_process_running: UtaOsThreadGetName(...) returned %d.
func_exec_function: UtaOsThreadGetCurrent(...) returned %d.
func_exec_function: UtaOsThreadGetName(...) returned %d.
`func_exec_function: UtaOsSemObtain(call) returned %d.
`func_exec_function: UtaOsSemRelease(call) returned %d.
Error: func_id has been tampered
Enter: func_system_access_level
`Exit: func_system_access_level
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Error: func_id has been tampered
Enter: func_glob_sec_init
SaExit: func_glob_sec_init
Enter: func_simlock_virgin
Error: func_simlock_virgin_extension failed.
Exit: func_simlock_virgin
Enter: func_update_data_begin
Exit: func_update_data_begin
Enter: func_get_data_block
Exit: func_get_data_block
Enter: func_get_block_info
Exit: func_get_block_info(id=%02x,offset=0x%x,length=0x%x)
;N`Exit: func_verify_ticket
Enter: func_init_lock_action
`Exit: func_init_lock_action
Enter: func_get_from_lock_action_list
`Exit: func_get_from_lock_action_list
Enter: func_update_data_completed
Exit: func_update_data_completed
Enter: func_store_data_block
Exit: func_store_data_block
Enter: func_get_hwids
Exit: func_get_hwids
Enter: func_verify_MID_cert_data
Exit: func_verify_MID_cert_data
Enter: func_validate_signature
Exit: func_validate_signature
func_malloc(...) failed.
func_create_thread: UtaOsSemCreate(done) returned %d.
func_create_thread: UtaOsThreadCreate(...) returned %d.
func_create_thread: UtaOsThreadStart(...) returned %d.
func_create_thread: UtaOsSemObtain(done) returned %d.
func_create_thread: UtaOsSemDelete(func) returned %d.
Enter: func_verify_control_key
`Exit: func_verify_control_key
Enter: func_get_symkey
Exit: func_get_symkey
Enter: func_write_dyn_sta_block block_id(0x%x)
Exit: func_write_dyn_sta_block
Enter: func_read_dyn_sta_block block_id(0x%x)
Exit: func_read_dyn_sta_block
Enter: func_eep_get_sec_status
Exit: func_eep_get_sec_status
Enter: func_eep_store_sec_status
exit: func_eep_store_sec_status
Enter: func_get_nof_imeis
Exit: func_get_nof_imeis
Enter: func_get_data_offset_length
Exit: func_get_data_offset_length
Enter: func_failsafe_imei_prepare
{SaExit: func_failsafe_imei_prepare
Enter: func_buffer_sec_data
Exit: func_buffer_sec_data
Enter: func_get_MID_imei
Exit: func_get_MID_imei
Enter: func_get_system_access_level
SaExit: func_get_system_access_level
Enter: func_imei_virgin
Error: func_imei_virgin_extension failed.
Exit: func_imei_virgin
Enter: func_fetch_imei_from_flash
Exit: func_fetch_imei_from_flash
Enter: func_ata_switch_process
Error: func_id has been tampered
Exit: func_ata_switch_process
Enter: func_ata_approve_access
Exit: func_ata_approve_access
Enter: func_ata_print_bin_data
Exit: func_ata_print_bin_data
Enter: func_simlock_tickets_written
Exit: func_simlock_tickets_written
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_build_mac_cfg_func_ehs.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
i`urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_trch_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
urrcdc:urrcdc_db_cfg_phych_func_edch.c
func_hwid_baseband: scu_feat_serial_number_get(...) returned %d.
Error starting write session to data buffer (func_update_data_begin)
func_malloc: malloc(%d) failed.
func_create_thread: UtaOsThreadRegisterDeletedHandler(...) returned %d.
Enter: func_verify_ticket (input ticket 0x%08x) (Present ticket 0x%08x)
Exit: func_systicket_count_minute (minutes back %d before reset)
android.app.func_name
ERR_func_error_string
Unable to seek to export_func_name_list section for writing.
Unable to write export_func_name_list section to cache file.
Unable to allocate for export_func_name_list
Unable to seek to export_func_name_list section
Unable to read export_func_name_list.
GL_ARB_blend_func_extended
return this.func_;
ERR_func_error_string
services4/srvclient/env/linux/common/osfunc_um.c



i seem to see 0x%08x a lot in these strings could this be the address where its looking for the valid key ?
would we find anything with a hex editor ?

also how big was the mmcblk0 file you pulled, i tried to get it last night but it was taking hours so i left it lol

  • 0

#32
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,805 posts
I've no idea how big it was, as I have deleted the folder since then (it was a sub-dir of android SDK, which I had to re-setup).

The one vital clue you are missing, is the address portion referenced by the variable container "%" ... which could be any value.


May be prudent not to quote *such* a long post, next time :)

Edited by glossywhite, 22 April 2013 - 12:26 AM.

  • 0

#33
BlueMoonRising

BlueMoonRising

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,472 posts
  • Gender:Male
  • Location:Here, there and everywhere...
  • Devices:Orange San Diego, OSF

also how big was the mmcblk0 file you pulled, i tried to get it last night but it was taking hours so i left it lol

I think it was something stupid like 1.5GB in size.

  • 0
Whoever exalts himself will be humbled, and whoever humbles himself will be exalted.

Matthew 23:12

#34
shootomanUK

shootomanUK

    Diehard

  • Members
  • PipPipPipPip
  • 454 posts
  • Gender:Male
  • Location:Salford, Manchester
  • Devices:AZ210A , WT19i , DynaTAC 8000X
  • Twitter:@not got one
1.5GB lol mine was 13GB and still going, definately something wrong there, I did delete my phones partitions through adb I hope that has nowt to do with it :|

  • 0

#35
Darael

Darael

    Newbie

  • Members
  • Pip
  • 22 posts
  • Gender:Male
  • Devices:San Diego: Xolo ICS
  • Twitter:@Meliral

Just want to say that while my skills are sketchy at best, I'm entirely willing to help provide data - you need the output from any of these things from a still-sim-locked device with the 58MiB patch applied and then rerooted, I'm your man.  Just say what you want so I don't flood with useless things!

 

Also possibly "Aha!" moments like the one that lead to regaining root after applying the 58MiB patch, but no promises there.


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users