Hello,
This is my first post on XDA.
I have successfully gotten passive IMSI catching to work on my Nokia 1 which uses a Mediatek MT6737M as the baseband processor.
All I had to do was open the firmware image in Ghidra, use a custom script to populate function names from the debug symbol file under /system/etc/mddb, and apply patches to dump paging request messages.
With this method, you don't need any type of SDR for sniffing GSM.
It's also theoretically possible to sniff calls/SMS by making more modifications to the baseband.
You may grab a copy of the hacked baseband image (only working on Nokia 1 atm, root is required) under the Github username Irdev110
I will be working on releasing an actual app which automatically patches any compatible baseband image.
Sample output/demo:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Related
Hi,
I am currently developping a small utility that is supposed to give you some informations about your device, allow you to easily navigate through your contacts ...
This is a alpha release it doesnt' mean there big bugs or memory leaks it means that lots of menu are not handled, picture are poor qualities ...
It will be be plugin-based and the next version will add the following module :
Smartphone version
More device info
OpenGL ES info and benchmark
Message handling(SMS,MMS, Outlook)
File association in Explorer
I would like your feedback to know what you would like to get implemented.
Application works on Windows Mobile 5/6 on Pocket PC platform and is available here : mobidjinn_alpha.zip
some screenshots :
ModuleView
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
InfoView:
ExplorerView:
ContactView:
OMAProvisioning:
Samsung Note 4 N910C
I have installed custom roms on my device. There are 2 Build numbers in one, normal production number is in the other and it says rom name. How can we delete ?
How can we delete it as seen in the picture below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You might try editing Build Info with a Buildprop editor apk but I would definitely make a backup beforehand just to be safe. If you are unable to find this in buildprops then it may be a part of sec.settings or system.ui. In which case it will be necessary to reverse engineer the system app/priv-app by use of ApkTool app.
This one has always worked for me.
https://androidfilehost.com/?fid=24572369242686015
Be aware that modify syatem apps is risky and may cause permanent damage. The term hard brickeding is a definite possibly. Hopefully its in build prop tweeks, Good luck.
I do not master English very well and I believe that I am publishing in the wrong way, I would just like to share the firmware of this watch that I received by email when I requested it on the SPC support page, I could not find it anywhere on the internet and that is why it would be interesting to make it available here, it is possible to customize it with a Java program that I also make available for download, although I would like to do some kind of tutorial to edit images and sounds, I would not be able to explain very well to you, the program presents some errors but with patience you can avoid it, to apply use FlashTool_v5.1612.00.
-By Google translate
* I cannot publish links because I am a new user (EDIT HT TPS to HTTPS)*
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Firmware Download:
ht tps://drive.google.com/file/d/1i1LvymQwzdhSvIA_chI5g1_hq8KjtsCV/view?usp=sharing
Firmware tool:
ht tps://drive.google.com/file/d/1-bav3IjPSwG-Y8kaZohz0Ojd6NrKQTGs/view?usp=sharing
Hi all,
I managed to get VoLTE working on the latest stock rom making some changes to the build.prop. Unfortunately it has problems negotiating the correct codec with my carrier O2/Telefonica Germany, so the caller sounds like a robot. (see https://hilfe.o2online.de/mobilfunk...te-mit-xiaomi-a1-seit-dem-4-9-gestoert-543567 )This only happens for some calls, depending on the counterpart device.
I tried changing the modem profile with Qualcomm's PDC tool. Using VoLTE_CU I can properly use VoLTE with my carrier:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Unfortunately this disables VoWifi for me. I've had another look and many people uploaded their .mbn modem profiles for Telefonica Germany. How can I inject this using PDC? When clicking "Load", I can select the .mbn but it won't appear in the list.
Thanks
Giegl
Hi there!
This is my first post on xda, but I've come out with some fun findings.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The method of disabling secure boot is kind of complicated, and requires desoldering the BIOS chip and writing to the NVRAM data, however, it's a simple 1 byte entry called "SecureBootEnable".
There's also NVRAM variables listed "AntiRollBack", "KfAntiRollBack", and "OsAntiRollBack", and those can be disabled as well.
The BIOS is heavily stripped down and contains no setup menu, nor can I find a way to do USB boot as of yet.
The fork of Android is "Android-IA" (i.e. Intel's atom based android fork) and it calls an EFI file on the MMC for the bootloader.
I'm not sure if this unlocks the bootloader to custom roms as of yet, since after reflowing the bios chip a couple too many times I ripped one of the pads off and am waiting for a replacement.