Hex editing radio firmware for band modification help

Kgr

I have a flip phone that doesn't really work in America too well, SM-G1650 galaxy folder 2. I read somewhere that you can hex edit the radio firmware for some qualcom chip devices to use some bands that arent being used. Does anybody know if there is a way to do it on my device, and if its doable for somebody who isn't really familiar with hex editing?

Jumptoheaven

Kgr can you provide a link for that

Kgr

Jumptoheaven For what

Jumptoheaven

Kgr you wrote that you read somewhere...

Kgr

Jumptoheaven In [Login to see the link] as well as others.

Jumptoheaven

Kgr thanks

Kgr

Jumptoheaven Any updates, do you understand it?

Jumptoheaven

Kgr I don't claim to have any expertise in this...
that thread mentions different things depending on the chip type.

One of the later posts seems really intriguing for those who want a qin f21 pro with us bands, but aren't sure if its permitted to use files pulled from an f30.

Biden2020prez

Jumptoheaven [Login to see the link]

Jumptoheaven

Jumptoheaven Specifically [Login to see the link]

@Didex65 wrote; Some progress

Hello everyone, today I discovered a method of unlocking LTE bands on a MT6735M based phone (Alcatel One Touch PIXI 4). This might work on other MTK devices, but I have no way to test.

Everything you do is at your own risk and I'm not responsible if you brick your device! Always have the ROM backed up!

To perform this you need:
MTK EngineerMode access
SP FlashTool
Copy of the phone's stock ROM

A hex editor (I use HxD)

How to change the LTE unlocked bands:

In your phone's stock ROM folder, there should be a file called "nvram.bin" open it in a hex editor.
In the hex editor, go to offset 00021920 (other SoCs might have a completely different offset for the LTE bands values, some might not even have the NVRAM file!)
That will look something like this:
00021920 FF FF FF FF FF FF FF FF FB FB 01 00 00 00 01 00
00021930 00 00 03 00 00 00 04 00 00 00 07 00 00 0D 00
00021940 00 00 11 00 00 00 14 00 00 00 05 00 00 00 08 00

I made the values for LTE band bold to make it easier to see, however in the hex editor you have to find the start and end yourself depending on the bands your phone has already unlocked.
In my case the unlocked bands are: 01, 03, 04, 07, 0D, 11, 14 or in decimal 1, 3, 4, 7, 13, 17, 20.

All you have to do is change those values. Remember it's in hexadecimal, so if you want to unlock for example band 28, you don't write 28, but 1C. Also don't add any extra to the file, just overwrite values.
After changing the bands, just save the file and flash it with SP FlashTool. (Load scatter file, only select nvram and select the location of the file you edited, then flash.)

Then in MTK Engineer Mode check if you succeeded by going to tab telephony, select BandMode and scroll down to LTE.

This worked for me, however i can't guarantee that it wil work for you as well.

How can you find the right values in the NVRAM file? I personally spent about 40 minutes searching through the file to find these, though there might be a more efficient method.

I hope i can make this into an application which does everything automatically and for as many SoCs as possible, I'll give updates if i make any more progress on this.

Techgen

Biden2020prez He knows about that, he's saying that it's not simple it's Halachically permissible to use those files since they're pulled from the F30, but if you can modify it yourself then that changes things.

Kgr

Techgen Right so i want to modify it myself but i dont practically know how.

Biden2020prez

Jumptoheaven Techgen Oh I understand now. Just curious: Would people have the same question to take from one oneplus phone for use on another, or specifically the f30?

Kgr

Jumptoheaven Yes that is what i saw a while back, do you think it will work on my galaxy folder 2? Also where do i find my phones stock ROM folder to find the NVRAM file, the one i have is samsung's divided into AP,BL etc.?

Kgr

Kgr I found a root file manager app but still cant find the .Nvram, anybody know where its located so i can pull it?

whynot

Kgr nvram is a separate partition (root file explorer allows you access to the system partition, nothing else) you will need to dump the nvram image, edit it with a hex editor and flash it back to your phone. You won't need mtk engineer mode (your device probably doesn't support it anyway).

Jumptoheaven

Biden2020prez personaly, I would think there's only (possibly) an issue with the f30.

Kgr

whynot Ok so i have a root file explorer how do i dump the nvram, i cant find it.

whynot

Kgr sorry if I wasn't so clear in my previous post. Root file explorer won't help you because it only gives access to the system.img while nvram is a separate image. How did you root this phone? Did you use a tool to pull boot.img? If you did you could use it to pull nvram.img . Or if you got the stock rom you could open it and find nvram.img

Kgr

whynot So i rooted it with magisk. The Stock Rom i downloaded to patch and root isnt really openable, since this is a samsung device and its stock ROM is split into .md5 files.

Kgr

whynot Update i have full access to the stock rom files however i can't find nvram.