• darthLevel 6 - Platinum Elite Member

    • Post #135

    Biden2020prez I agree that root access should definitely be the goal here. I just cant get the phone into download mode. Does anyone here have experience shorting pcb boards into download mode?

        • TechgenLevel 6 - Platinum Elite Member

        • Post #138
        • Edited

        Biden2020prez
        darth
        lgexalter1
        So I guess that's not really a great option. Sounds like Suspend is a better option. I've never heard of suspend, what does it do, is it similar to disable-user? Can it be "unsuspended" through adb?

              lgexalter1 Yeah yeah, I wasn't knocking it that it can be undone with adb (on the phone itself is a much bigger problem) I was just trying to figure out what the suspend command is for.

                9 days later

                lgexalter1 ah i see. That's right. Although it was backported to 4.14, it's not expected to work before 5.8. I bought this on accident thinking it was the KaiOS phone but hopefully if we get apps or root it'll be better.

                    Apps4Flip-Admin what was used to decompile? I'm only getting bytecode back for preparePackageLI which makes it hard to follow. was trying to see what is going on with mIsMPBranch as well.

                      [Login to see the link] so I was using jadx-gui and I checked off the box in preferences titled "show inconsistent code". If you don't check that box then you can't view the code properly of the preparePackageLI method

                      looks like all the good stuff is read-only. after poking around for a day I did find one useful thing:

                      settings put global hotspot_entitlement_check_mode 0

                      That let me turn on hotspot.

                      *#*#9663223#*#* enables editing APN

                      Biden2020prez the kaios phone had google assistant, maps, facebook, youtube, and some info already found. This had none of that. but if i get root this will be better. I haven't messed with mediatek before. I'm not sure if it's had it's usb values changed either but don't think I am getting into preloader.. It's more than I bargained for but at least can hotspot once 60 days unlock is an option..

                          neutronscott I hear. It's funny because in back of the phone (by the battery), it says spd, but the phone is really mediatek.

                            I got home from vacation and could open this phone up.

                            Bad news is none of the test pads booted into brom when grounded. I don't have a magnifying glass to reliably probe the SMD components near the CPU.

                            Good news is the phone still works after prodding it.

                              • darthLevel 6 - Platinum Elite Member

                                • Post #164
                                • Edited

                                neutronscott I have been trying and have the same results as you. I dont have much experience trying to short test points, which components near the CPU should I try shorting? I have a multimeter, is there anything specific I should look for? [Login to see the link] Also what have you been using as ground? I have been using point 1 in my pic.

                                  I have no experience with these as well but I have made a jtag in the past for routers and xbox.

                                  I only twisted 30awg wire to the radio shield above cpu and touched a bunch of stuff nearby. No dice. At first I used the battery ground pin. I think I found some emmc pins. I read you may end up with brom if its clk is grounded but it just delayed the preloader device from showing up.

                                  I am tempted to buy another and remove the eMMC and CPU to find jtag/debug pins. At the very least I should end up with a full rom dump.

                                  But next step I am trying to see if the USB port also works as TTL serial. I tried to tie to a raspberry pi clone board I had handy but I had wrong OS and the serial port was not available. I have old Nokia cables somewhere in the attic I will dig out next.