!!!___ I HAVE NVITEMS READ FROM OMC, IN FTM MODE__!!!

[Guest glossywhite]

Found this in the NV filesystem:

ALSO... found this on Google, from a previous ZTE model unlock:

http://codepad.org/ZCsLZuyF

~EFSmmgsdi_perso_perso.txt

Edited October 21, 2011 by glossywhite

[Guest unrandomsam]

Any idea what this code could be for the OMC? What was it for the OSF?

The OSF didn't appear to need one at all (Which is somewhat uncommon) or it was set to the default (so qpst just worked at least to a point).

If its hardcoded (Which is possible) then if one person read the code over jtag then anyone could use it.

but it might be device specific (Which is also possible).

[Guest glossywhite]

I think my attached "perso.txt" holds the clues... have a look!

[Guest Navie]

I think my attached "perso.txt" holds the clues... have a look!

What are the strange marking/lines? Do you have to use something to uncode them? As for the numbers...not really sure yet to be honest.

[Guest yaylol]

I think my attached "perso.txt" holds the clues... have a look!

How did you manage to read out these numbers? Is one of them the unlock code?

[Guest glossywhite]

How did you manage to read out these numbers? Is one of them the unlock code?

If I knew that, I'd broadcast it! I read this out with EFS explorer in QPST. However, it seems unlock codes are 16 digits, and I have failed for 3 attempts, and only have 7 tries left, so I am not gonna waste them.

Edited October 22, 2011 by glossywhite

[Guest glossywhite]

It appears that "perso.txt" is encrypted. I tried to decrypt it using revskills, but the feature is "government only" - oh how very convenient! LOL!

[Guest unrandomsam]

Have you tried using the V880 tool to backup :

RF / BT / IMEI / unLock info

(Probably won't work)

http://www.mediafire...m1wd4ktfkbd5amh

Perhaps there is a way to get the cefs.mbn also with that tool (As long as you don't write anything should be safe).

I believe cpg managed to patch armprgZTE.bin to allow reading the entire blade flash somehow.

The newest armprgZTE.bin we have is attached to this post (you can choose to load it using the v880 tool or PSAS (after you use the generic 72xx loader I think).

(ZTE has used the same loader for more than one device before).

Maybe there is a way to do something prior to starting appsboot (Like copy all the nvitems byte for byte into the OEM partition).

armprgZTE.zip

Edited October 22, 2011 by unrandomsam

[Guest glossywhite]

I think I messed up my OMC :'(

I pressed something while in "restore" mode and now it just has a black screen with backlight on. Fortunately I backed up nvitems.... help!! :(

[Guest unrandomsam]

Can download mode work ?

Take battery out

Hold both volume buttons and plug it in

Should get a com port (and it appear in QPST configuration as an option) it will say download mode.

[Guest glossywhite]

Can download mode work ?

Take battery out

Hold both volume buttons and plug it in

Should get a com port (and it appear in QPST configuration as an option) it will say download mode.

Yes, download mode works... why? What to do next?