Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Sprzęt / Hardware → Modem od routera MF286D
Strony Poprzednia 1 … 11 12 13 14 15 … 36 Następna
Zaloguj się lub zarejestruj by napisać odpowiedź
in meantime... i've attached the modem to a Linux VM, but I see only ttyUSB0, 1 (that is the AT port) and 2. Using ADB doesn't display anything..
i think that all "ZTE" proprietary stuff is lost, so the modem startup as simple one. I'll try to connect this evening the working module on the Linux VM to understand how is working
I wonder if you could put it back in the router, with stock router firmware, and then run the ZTE update framework thing to reflash it again from scratch. Such bundle is in that MEGA folder, for example "zte mf286d Nordic to Nordic_B11 192.168.32.1 pw admin.rar".
Regarding ADB, maybe you need some more udev rules. Can you show output of 'cat /sys/kernel/debug/usb/devices'?
I forgot that I have something like that added to /etc/udev/rules.d/51-android.rules
# These rules refer: https://developer.android.com/studio/run/device.html
# and include many suggestions from Arch Linux, GitHub and other Communities.
# Latest version can be found at: https://github.com/M0Rf30/android-udev-rules
# check the syntax of this file using:
# grep -v '^#' 51-android.rules \
# | grep -Ev '^$' \
# | grep -Ev '^SUBSYSTEM=="usb", ATTR{idVendor}=="[0-9a-f]{4}", ATTR{idProduct}=="[0-9a-f]{4}", ENV{adb_user}="yes"$' \
# | grep -Ev '^SUBSYSTEM=="usb", ATTR{idVendor}=="[0-9a-f]{4}", ENV{adb_user}="yes"$'
# Skip this section below if this device is not connected by USB
SUBSYSTEM!="usb", GOTO="android_usb_rules_end"
LABEL="android_usb_rules_begin"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1432", ENV{adb_user}="yes"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1485", ENV{adb_user}="yes"
# Enable device as a user device if found
ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess"
LABEL="android_usb_rules_end"OpenWrt doesn't seem to need them, perhaps adb package handles that out of box, well - because OpenWrt does not use udev :-D
After adding that, either reboot or execute
sudo udevadm control reload-rules; sudo udevadm triggerI wonder if you could put it back in the router, with stock router firmware, and then run the ZTE update framework thing to reflash it again from scratch. Such bundle is in that MEGA folder, for example "zte mf286d Nordic to Nordic_B11 192.168.32.1 pw admin.rar".
i've already tried, but the framework doesn't see the router..
@stich86, see the udev rules above.
I guess I'll have to try with a fresh VM once again - big thanks for the compilation of the tools. And I'll have to look at the testpoints for a different console output with a o'scope - glad I have one on my desk :-D
@stich86, see the udev rules above.
I guess I'll have to try with a fresh VM once again - big thanks for the compilation of the tools. And I'll have to look at the testpoints for a different console output with a o'scope - glad I have one on my desk :-D
let me know if you found something 
One more useful role for ModemManager users, to not interfere with "ZTE download port". Put in /etc/udev/rules.d/77-mm-qdl-device-blacklist.rules
ACTION!="add|change", GOTO="mm_qdl_device_blacklist_end"
# ZTE Gobi QDL device
ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0076", ENV{ID_MM_DEVICE_IGNORE}="1"
LABEL="mm_qdl_device_blacklist_end"Gotta upstream that.
ok i've taken a look to the working modem.. and there is a big world behind.
As expected adb server is started by the system, and then there are other zte_* services that emulate the device correctly.
So I think at the moment my modem is booting like a normal Qualcomm device without any personalization. I need to understand which partition is missing, because everything is overlayed by UBIFS and not real partition.
If we can make QLIF working, when can dump the whole modem and write back on the briked one, like one user has done on the MF286A module..
But QLIF needs a lot of information and i'm not sure that we have firehourse to write on that card
If you find the UART1 let me know, with that console we can see what's going on the OS side
what do you think if we create a Discord channel to discuss each other?
I think we can share ideas and have a better communcation, then we can share useful information on the forum
Let me know
so I've investigated a little bit on the working modem (i'll solder the TTL in the next days). I think the device cannot boot into the UBIFS and start from recovery-fs which doesn't have all the ZTE stuff
Now the problem may be can be the flash procedure of system, because this modem use UBI as container for all partition
About IMEI
"Ok so changing the IMEI on basically any Qualcomm device is just a matter of modifying index 550 in the NVRam? Fantastic"
About IMEI
"Ok so changing the IMEI on basically any Qualcomm device is just a matter of modifying index 550 in the NVRam? Fantastic"
Yea with Qualcomm NV tools or Revskills, using DIAG interface you can easily change IMEI
some updates. I've played with "partition_nand.xml" for upload all other partitions (modem\system\boot\recovery and so on) directly with SB3.0 so I can skip fastboot and be able to write also efs.mbn into EFS2/EFSBK partitions.
Now the modem seems more "complete", but still missing some parts. Good news:
i've login's prompt on console (so HSL0 is the one on top of the module), but input is not accepted. I'm using 3.3v TTL adapter, i've order one at 1.8v and should get it tomorrow from AMNZ.
Here is the current state of the module:
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1-00311
S - IMAGE_VARIANT_STRING=MAATANAZA
S - OEM_IMAGE_VERSION_STRING=scl_xa242_062
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000000a1
S - JTAG ID @ 0x000a607c = 0x100320e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0x19146b45
S - OEM Config Row 0 @ 0x000a4150 = 0x0900000000000000
S - OEM Config Row 1 @ 0x000a4158 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4160 = 0x14000000000009a0
S - Feature Config Row 1 @ 0x000a4168 = 0x0342f80200000005
B - 3343 - PBL, Start
B - 6753 - bootable_media_detect_entry, Start
B - 8082 - bootable_media_detect_success, Start
B - 8087 - elf_loader_entry, Start
B - 11496 - auth_hash_seg_entry, Start
B - 11751 - auth_hash_seg_exit, Start
B - 60263 - elf_segs_hash_verify_entry, Start
B - 112860 - PBL, End
B - 127368 - SBL1, Start
B - 221399 - pm_device_init, Start
B - 282064 - PM_SET_VAL:Skip
D - 59566 - pm_device_init, Delta
B - 283223 - usb: usb: hs_phy_nondrive_start
B - 287218 - usb: usb: hs_phy_nondrive_finish
B - 290604 - boot_config_data_table_init, Start
D - 0 - boot_config_data_table_init, Delta - (0 Bytes)
B - 300730 - CDT Version:3,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B - 307440 - sbl1_ddr_set_params, Start
D - 30 - sbl1_ddr_set_params, Delta
B - 314943 - Pre_DDR_clock_init, Start
D - 366 - Pre_DDR_clock_init, Delta
B - 329949 - pm_driver_init, Start
D - 1799 - pm_driver_init, Delta
B - 331809 - clock_init, Start
D - 183 - clock_init, Delta
B - 336476 - boot_flash_init, Start
D - 31323 - boot_flash_init, Delta
B - 445849 - Image Load, Start
D - 39345 - QSEE Image Loaded, Delta - (394044 Bytes)
B - 485224 - QSEE Execution, Start
D - 65941 - QSEE Execution, Delta
D - 213 - boot_pm_post_tz_device_init, Delta
B - 554764 - Image Load, Start
D - 19520 - RPM Image Loaded, Delta - (161732 Bytes)
B - 727089 - ZTE_POWER_ON_NORMAL
B - 779031 - Image Load, Start
D - 37942 - APPSBL Image Loaded, Delta - (426228 Bytes)
B - 817003 - sbl1_efs_handle_cookies, Start
D - 0 - sbl1_efs_handle_cookies, Delta
B - 824354 - SBL1, End
D - 699243 - SBL1, Delta
S - Throughput, 10000 KB/s (982068 Bytes, 93688 us)
S - DDR Frequency, 518 MHz
S - Core 0 Frequency, 1190 MHz
Android Bootloader - UART_DM Initialized!!!
[0] welcome to lk[0] SCM call: 0x2000601 failed with :fffffffc
[0] Failed to initialize SCM
[10] platform_init()
[10] target_init()
[10] Waiting for the RPM to populate smd channel table
[10] smem ptable found: ver: 4 len: 17
[20] ERROR: No devinfo partition found
[20] Neither 'config' nor 'frp' partition found
[20] zte_power_on_ctrl no operation
[30] ----fota cookie is [0xffffffff]----
[30] smem_power->efs_crash = 0x0
[30] zte_crash_flag not found
[40] Loading (boot) image (8941568): start
[870] Loading (boot) image (8941568): done
[870] Authenticating boot image (8941568): start
[950] Authenticating boot image: done return value = 1
[990] DTB Total entry: 170, DTB version: 3
[990] Using DTB entry 0x0000011b/00010001/0x00000008/0 for device 0x0000011b/00010001/0x00010008/0
[1000] cmdline: noinitrd rw console=ttyHSL0,115200,n8 androidboot.hardware=qcom ehci-hcd.park=3 msm_rtb.filter=0x37 lpm_levels.sleep_disabled=1 earlycon=msm_hsl_uart,0x78b1000 androidboot.serialno=19146b45 androidboot.authorized_kernel=true androidboot.baseba[1020] Updating device tree: start
[1080] Updating device tree: done
[1090] Channel alloc freed
[1100] booting linux @ 0x80008000, ramdisk @ 0x80008000 (0), tags/device tree @ 0x82000000
[ 23.675937] console [ttyHSL0] enabled
[ 23.691308] msm_serial_hsl_init: driver initialized
[ 23.699841] cnss_pinctrl_init: Can not get active pin state!
[ 23.720176] cnss_probe: Failed to enable PCIe RC0!msm 201911020732 mdm9650 /dev/ttyHSL0
mdm9650 login:
On the AT COM, to ATI command now reports better information:
ati
Manufacturer: ZTE CORPORATION
Model: MF286DMODULE
Revision: BD_TELIAMF286DV1.0.0B02
SVN: 01
IMEI: 86xxxxxxxxxxxxxxxxxxx
+GCAP: +CGSM,+DS
In the mega folder you will found the new partition_nand.xml that can be used to upload whole stuff. A note.. if your modem is stick with just one port (ZTE Diagnostic), here is the procedure to put it in 9008 and write with SB3.0:
X = your port COM number
qdload.exe -k12 -q -pX
qcommand.exe -pX -c "m 193d100 1"
qcommand.exe -pX -c "d 7980000 4" <-- stop this one when the modem switch to 9008 device, usally just two printed outputs
If you have a semi-worked modem like me, to enter EDL mode (and run the above commands) just send this one, try twice if on the first attempt doesn't work:
X = your ZTE Diagnostic port number
qcommand.exe -pX -e -c "c 3a"
Hi everyone! Hope I'm not offtopic. I installed openwrt on a raspberry pi 3b + and connected the modem of the zte mf286d via an adapter.
It is recognized, but I cannot find the qmi interface.
Obviously I installed the packages recommended by openwrt, but nothing.
Solutions?
Thank you very much and I apologize for the translation, I'm Italian
Hi everyone! Hope I'm not offtopic. I installed openwrt on a raspberry pi 3b + and connected the modem of the zte mf286d via an adapter.
It is recognized, but I cannot find the qmi interface.
Obviously I installed the packages recommended by openwrt, but nothing.
Solutions?
Thank you very much and I apologize for the translation, I'm Italian
Are you the man on FibraClick?
Hi everyone! Hope I'm not offtopic. I installed openwrt on a raspberry pi 3b + and connected the modem of the zte mf286d via an adapter.
It is recognized, but I cannot find the qmi interface.
Obviously I installed the packages recommended by openwrt, but nothing.
Solutions?
Thank you very much and I apologize for the translation, I'm Italian
Please, don't spam across topic. Read the previous post you wrote.
someonethtuknw napisał/a:Hi everyone! Hope I'm not offtopic. I installed openwrt on a raspberry pi 3b + and connected the modem of the zte mf286d via an adapter.
It is recognized, but I cannot find the qmi interface.
Obviously I installed the packages recommended by openwrt, but nothing.
Solutions?
Thank you very much and I apologize for the translation, I'm Italian
Are you the man on FibraClick?
yesss I'am ahahah
someonethtuknw napisał/a:Hi everyone! Hope I'm not offtopic. I installed openwrt on a raspberry pi 3b + and connected the modem of the zte mf286d via an adapter.
It is recognized, but I cannot find the qmi interface.
Obviously I installed the packages recommended by openwrt, but nothing.
Solutions?
Thank you very much and I apologize for the translation, I'm Italian
Please, don't spam across topic. Read the previous post you wrote.
Okay, I'm really sorry. I will immediately try to do what you advised to me.
I did a try on TTL with 1.8v adapter but without success 
@smereka @Leo-PL
are you get input read on TTL console of the modem? Just to understand if it's my module broken or it's disabled by kernel\boot
EDIT: bad news.. i've soldered the TTL to the working modem and RX is working, so may be the other module has been fried by 3.3v TTL
thx
In first post you have pinout uart which work on my died modem.l use cp2102 work good
In first post you have pinout uart which work i my died modem.U use cp2102 work good
Yea but in that modem RX pin doesn’t respond… I don’t know if the problem was related to my older adapter that has broken the line
Used new adapter that support 1.8v works.. but I don’t know the root password yet
Looks like the modem doesn’t run some unit init (so adb and qmi interface are not initialized). I’ve found a python script on edl’s git repos that should enable ADB over AT commands… hope it works
So digging on the working module, may be i've found why the bad one is working in this strange way.
All the stuff (QMI, ADB, VID/PID) are launched by script /etc/init.d/misc-daemon, I think the part that is not working is this one:
case "$1" in
start)
echo -n "Starting modem dependent daemons: "
search_dir="/sys/bus/msm_subsys/devices/"
for entry in `ls $search_dir`
do
subsys_temp=`cat $search_dir/$entry/name`
if [ "$subsys_temp" == "modem" ]
then
break
fi
done
sh /etc/rcS-zte-before-modem &
if the script found "modem" too early stop to do other action.. still don't understand why, because the AT command and RF search on the modem works, so it not broken
any suggestion?
Work in progress 
This evening I’ll put the module back into router and check if it’s working. Obviously I need to write back original IMEI (now EFS is the one of working modem)
Once you do all this, please write a detailed instruction on how to get it all. I'll edit the first post and put in what you did. If there will be changes later, we will change it. At the moment, you are the person who pushed the topic forward the farthest
Once you do all this, please write a detailed instruction on how to get it all. I'll edit the first post and put in what you did. If there will be changes later, we will change it. At the moment, you are the person who pushed the topic forward the farthest
Of course! But don’t want claim victory until I see the connection up on the router
here we go!
it's working
Now i've to modify XQCN file to write back it's original IMEI
Strony Poprzednia 1 … 11 12 13 14 15 … 36 Następna
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Sprzęt / Hardware → Modem od routera MF286D
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc