[DEVS] Unlocking OMC progress: I HAVE READ ALL NVITEMS!!!

[Guest glossywhite]

Hi guys. See what you can do with these. I decompiled qcnvitems.odex and compiled it into a .jar file, whilst keeping the .smali directory (also attached). What you should find inside this ZIP, is a jar file with all callable classes needed to create the unlock code generator. I am not sure what to do next, as my Eclipse IDE keeps throwing errors, and I don't have any more time (spent 2 hrs!).

I hope you can make something from these. :)

I HAVE SOME NEWS TO ANNOUNCE: USING QPST VERSION 2.7, BUILD 362, I HAVE READ AND BACKED UP "NVITEMS" FROM A BRAND NEW, UNMODDED & UNTOUCHED ORANGE "MONTE CARLO" PHONE!

I PUT THE HANDSET INTO "FTM MODE" (HOLD DOWN VOL MINUS WHILST QUICKLY PRESSING POWER, UNTIL YOU SEE A BLACK SCREEN WITH A WHITE RECTANGLE INSIDE IT, WITH "FTM" DISPLAYED INSIDE THE WHITE RECTANGLE.) NEXT, CONNECT VIA QPST AND SELECT "EFS EXPLORER", AND READ OUT THOSE ITEMS!

NOW, QPST SEES AND READS MY OMC! - WOOOT

If you want backups of my nvitems to analyse, pm me and I'll send to trusted parties

Resources_qualcomm.zip

Edited October 21, 2011 by glossywhite

[Guest glossywhite]

Come on you guys! If eight of you (so far) have downloaded this, at least ONE of you must have something to say about it, surely. I don't expect a thank you, but at least say what you're thinking! :)

[Guest TouchyAndalou]

What's that virtue you so often preach on this forum, Glossywhite?

Patience, Padawan, patience.

[Guest glossywhite]

ALL IMAGES DISPLAYED IN ORDER OF SOURCE CODE LISTINGS:

Okay, making some real progress now. I have this working:

package com.hope.is;


import android.app.Activity;

import android.os.Bundle;

import android.widget.TextView;

import com.android.qualcomm.qcnvitems.*;


import java.io.IOException;




public class unlockthisnow extends Activity {

   	/** Called when the activity is first created. */

   	@Override

   	public void onCreate(Bundle savedInstanceState) {

   		super.onCreate(savedInstanceState);

   		TextView tv = new TextView(this);

   		QcNvItems newqc = new QcNvItems();


			try {

				tv.setText (newqc.get_nv_sys_sw_ver());

			} catch (IOException e) {

				// TODO Auto-generated catch block

				e.printStackTrace();

			}


   		setContentView(tv);

   	}

	}

So something is working, from that QcNvItems and its' classes! Also, this code:

package com.hope.is;


import android.app.Activity;

import android.os.Bundle;

import android.widget.TextView;

import com.android.qualcomm.qcnvitems.*;


import java.io.IOException;




public class unlockthisnow extends Activity {

   	/** Called when the activity is first created. */

   	@Override

   	public void onCreate(Bundle savedInstanceState) {

   		super.onCreate(savedInstanceState);

   		TextView tv = new TextView(this);

   		QcNvItems newqc = new QcNvItems();


			try {

				tv.setText (newqc.getBand());

			} catch (IOException e) {

				// TODO Auto-generated catch block

				e.printStackTrace();

			}


   		setContentView(tv);

   	}

	}

And this...

package com.hope.is;


import android.app.Activity;

import android.os.Bundle;

import android.widget.TextView;

import com.android.qualcomm.qcnvitems.*;


import java.io.IOException;




public class unlockthisnow extends Activity {

       /** Called when the activity is first created. */

       @Override

       public void onCreate(Bundle savedInstanceState) {

       	super.onCreate(savedInstanceState);

       	TextView tv = new TextView(this);

       	QcNvItems newqc = new QcNvItems();


			try {

				tv.setText (newqc.getemmanufactoryInfo());

			} catch (IOException e) {

				// TODO Auto-generated catch block

				e.printStackTrace();

			}


       	setContentView(tv);

       }

	}

Updates as and when they come... :P

Edited October 19, 2011 by glossywhite

[Guest Navie]

What is that code on the 3rd picture? I mean number.

Edited October 19, 2011 by Navie

[Guest glossywhite]

What is that code on the 3rd picture? I mean number.

newqc.getemmanufactoryInfo

[Guest Navie]

Are you able to get an sort of numbers out from what you are doing? Which you think may link to an unlock code?

[Guest tilal6991]

Try getlockcode or get_lock_code - does it work?

[Guest glossywhite]

Try getlockcode or get_lock_code - does it work?

getLockCode()

returns nothing - blank, but I won't give up! :D

[Guest tilal6991]

getLockCode()

returns nothing - blank, but I won't give up! :D

Try all variations - getlockcode get_lock_code getLock_code etc.

[Guest glossywhite]

Try all variations - getlockcode get_lock_code getLock_code etc.

I am, don't you worry! Peace be with you, I'm working hard on this.

[Guest Navie]

To be honest i'm amazed how you guys know how to do this kind of stuff :lol:

Glossy may I ask how you are doing this?...i'm no phone hacker so I have no idea.

Edited October 19, 2011 by Navie

[Guest glossywhite]

To be honest i'm amazed how you guys know how to do this kind of stuff :lol:

Glossy may I ask how you are doing this?...i'm no phone hacker so I have no idea.

Nor am I! I'm relatively new to Android dev & Java, but I am just using common sense... hard to explain experience, without you experiencing it... sorry!

[Guest tilal6991]

Nor am I! I'm relatively new to Android dev & Java, but I am just using common sense... hard to explain experience, without you experiencing it... sorry!

I'm just super excited that's all - could you be the person that finally creates the unlock code generator?

[Guest glossywhite]

I'm just super excited that's all - could you be the person that finally creates the unlock code generator?

Wouldn't that be nice! If I do, it's gonna be a freebie! :)

[Guest tilal6991]

Wouldn't that be nice! If I do, it's gonna be a freebie! :)

Well thank god for that :)

[Guest philmein]

Wouldn't that be nice! If I do, it's gonna be a freebie! :)

i wish you every success hate orange

Edited October 19, 2011 by philmein

[Guest glossywhite]

LogCat output for any developers that can help, while calling getLockCode()

It seems an error is preventing nv items being read... but why?

[Guest tilal6991]

LogCat output for any developers that can help, while calling getLockCode()

It seems an error is preventing nv items being read... but why?

What ROM are you using?

[Guest glossywhite]

What ROM are you using?

I am using BlueMonte - why?

[Guest tilal6991]

I am using BlueMonte - why?

I would return to stock odexed orange - the error seems to be in RIL and could have been caused by a mod tillaz made.

[Guest glossywhite]

I would return to stock odexed orange - the error seems to be in RIL and could have been caused by a mod tillaz made.

Would you tell me if I can temporarily revert to this using clockworkmod, and point me to the correct ROM file please? Thanks! :)

[Guest tilal6991]

Would you tell me if I can temporarily revert to this using clockworkmod, and point me to the correct ROM file please? Thanks! :)

In CWM do a backup before flashing http://loadbalancing.modaco.com/download.php?url=mf/?gbdaqo33olngwqo.

[Guest glossywhite]

In CWM do a backup before flashing http://loadbalancing...bdaqo33olngwqo.

Thanks dude! Will keep you posted :)

[EDIT]

PS: What is "RIL"?

Edited October 19, 2011 by glossywhite

[Guest glossywhite]

matt@(none):~/Downloads/android-sdk-linux_x86/platform-tools/smalietc$ java -jar baksmali-1.2.8.jar -x -d framework -o out qcnvitems.odex 

Error while disassembling method Lcom/android/qualcomm/qcnvitems/QcNvItems;->doNvRead(I)[B. Continuing.

org.jf.dexlib.Code.Analysis.ValidationException: class Lcom/android/qualcomm/qcrilhook/QcRilHook; cannot be resolved.

	at org.jf.dexlib.Code.Analysis.ClassPath$UnresolvedClassDef.unresolvedValidationException(ClassPath.java:535)

	at org.jf.dexlib.Code.Analysis.ClassPath$UnresolvedClassDef.getClassDepth(ClassPath.java:543)

	at org.jf.dexlib.Code.Analysis.ClassPath.getCommonSuperclass(ClassPath.java:383)

	at org.jf.dexlib.Code.Analysis.RegisterType.merge(RegisterType.java:275)

	at org.jf.dexlib.Code.Analysis.AnalyzedInstruction.mergeRegister(AnalyzedInstruction.java:185)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.propagateRegisterToSuccessors(MethodAnalyzer.java:444)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.setPostRegisterTypeAndPropagateChanges(MethodAnalyzer.java:424)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.setDestinationRegisterTypeAndPropagateChanges(MethodAnalyzer.java:396)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.analyzeIgetWideObject(MethodAnalyzer.java:2601)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.analyzeInstruction(MethodAnalyzer.java:776)

	at org.jf.dexlib.Code.Analysis.MethodAnalyzer.analyze(MethodAnalyzer.java:208)

	at org.jf.baksmali.Adaptors.MethodDefinition.addAnalyzedInstructionMethodItems(MethodDefinition.java:370)

	at org.jf.baksmali.Adaptors.MethodDefinition.getMethodItems(MethodDefinition.java:292)

	at org.jf.baksmali.Adaptors.MethodDefinition.writeTo(MethodDefinition.java:132)

	at org.jf.baksmali.Adaptors.ClassDefinition.writeMethods(ClassDefinition.java:323)

	at org.jf.baksmali.Adaptors.ClassDefinition.writeDirectMethods(ClassDefinition.java:292)

	at org.jf.baksmali.Adaptors.ClassDefinition.writeTo(ClassDefinition.java:136)

	at org.jf.baksmali.baksmali.disassembleDexFile(baksmali.java:201)

	at org.jf.baksmali.main.main(main.java:282)

opcode: iget-object

CodeAddress: 11

It looks like Qualcomm radio interface layer (qcrilhook) is either missing, broken, not seen or something else... ideas?

Edited October 19, 2011 by glossywhite