Some details about Pandora's Box. - Page 5 - GSM-Forum

Z3X · 08-17-2021, 17:26

Quote:

Originally Posted by somedays

Mi account solution available? Without relock?

Currently there is no software solution for permament unlock mi account if find device ON.

KrzychuG · 08-17-2021, 17:57

Quote:

Originally Posted by Z3X

Currently there is no software solution for permament unlock mi account if find device ON.

Since it's related with RPMB, can't it be done similar to KG Lock, by wiping, or changing a part of the data, like a serial number or whatever is being sent to Xiaomi servers to verify if lock is active?

Z3X · 08-18-2021, 18:42

Quote:

Originally Posted by KrzychuG

Since it's related with RPMB, can't it be done similar to KG Lock, by wiping, or changing a part of the data, like a serial number or whatever is being sent to Xiaomi servers to verify if lock is active?

No, this data stored not in rpmb.

KrzychuG · 08-19-2021, 17:40

Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so.

Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

KrzychuG · 08-19-2021, 17:40

Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so.

Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

Z3X · 08-19-2021, 19:28

Quote:

Originally Posted by KrzychuG

Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so.

Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

No, xiaomi server detects xiaomi qualcomm phone via cpu

KrzychuG · 08-19-2021, 20:15

Quote:

Originally Posted by Z3X

No, xiaomi server detects xiaomi qualcomm phone via cpu

Those Xiaomi bastards ;-)

babu786 · 08-28-2021, 22:26

Hello team can u please add samsung a326b kg lock and frp support, i have phone in hand

guljee786 · 09-18-2021, 12:00

Please add convert frimware opstions like opf etc to scator ,
also we face losts problem in meta mode no found mobile,
please make a vedio or give me link how to conect samsung new mobiles in meta mode use download mode or volium keys or adb or test point and with drivers, new models imei also sported but not detect in meta mode , most peoples not know about this new type hardware box...

guljee786 · 09-18-2021, 14:00

Quote:

Originally Posted by blang

Some photos and details are here: https://z3x-team.com/products/pandora/

Some videos:

Flashing:

Unlock bootloader without WIPE:

more:

i have purchase pandora box special for (Jazz digit 4g) unlocking includ
but unfounatly its have bugs when unlock with pandora box jazz digit show cracked error on display after 5 sec and restart plz fix the bugs i have a mobile in my hand..

mdronyc · 09-27-2021, 10:11

Selected model: OPPO CPH2179 (Oppo A15s)
Operation: Unlock network
Software version: 2.5

Host Power Off... OK
Switch virtual port to USB... OK
Connect Type-C to BOX... OK
Host Power On... OK
Wait for device... OK
Read usbhost speed... HIGH
Read Device Descriptor...
Get VID/PID...0E8D/0003
Send start cmd... OK
Get HW code from device... 0766
Get HW & SW version from device... OK
HW VER: CA00, SW VER: 0000, HW SUB CODE: 8A00
Detect chip [MT6765]
Get sec config... OK [000000E5]
Active sec flags: [SBC DAA]
Advanced Bypass Security... OK
Disconnect virtual port... OK
Connect Type-C to HUB... OK
Wait for device connecting... OK
Driver: [MediaTek Inc.,wdm_usb,MediaTek USB Port_V1632,usb2ser.sys,3.0.1504.0]
Device found at COM102 [BROM]
Open port... OK
Send start cmd... OK
Get HW code from device... 0766
Get HW & SW version from device... OK
HW VER: CA00, SW VER: 0000, HW SUB CODE: 8A00
Detect chip [MT6765]
Library Version [2]
Select platform... OK
Init BROM... OK
Force Charge... OK
Disable WatchDog Timer... OK
Reopen port for libver2... OK
Get ME ID... OK
ME_ID = 0xDF358C1D, 0xB7E08185, 0x8F3BCA5F, 0xEECF18E9
Get Chip ID... [MT6765]
Get SOC ID... [A2028995F9C133A02010C59CA7138B40ED7FB6B1A1C7A7B1E5 E08E5913E5A4FF]
Get sec config... OK [000000E0]
Load DownloadAgent... OK
Search DA... OK [23]
Send preloader... OK
Start preloader... OK
Check preloader answer... OK
Send bootloader... OK
Start bootloader... OK
Wait for answer from bootloader... OK
Send SYNC signal... OK
Setup device enviroment... OK
Setup device parametres... OK
Receive DA SYNC signal... OK
Set DA parametres... OK
Get device connection agent... [BROM]
Get device info... OK
EMMC_ID: 0x90014A68433861503E03103E0DB27875
Load EMI from phone... OK
Parse EMI config... OK
Init EXT RAM... OK
Send 2nd DA... OK
Get device info... OK
EMMC INFO:
EMMC_ID : 0x90014A68433861503E03103E0DB27875
EMMC_BOOT1: 0x0000400000 (4.00Mb)
EMMC_BOOT2: 0x0000400000 (4.00Mb)
EMMC_RPMB : 0x0001000000 (16.00Mb)
EMMC_USER : 0x0E8F800000 (58.24Gb)
RAM INFO:
INT_SRAM: 0x000003A000 (232.00Kb)
EXT_RAM : 0x0100000000 (4.00Gb)
Check USB status... USB_HIGH_SPEED
Read partitions info from phone... OK
Read security partition from phone... OK
Read security files... OK
Read security files... OK
Read lock info... OK
Write lock info... OK
Write security partition to phone... OK
Network Unlock done!

but hand set not unlock
plz help me

zeewildpk · 09-29-2021, 20:27

I request to team please add remove screen lock without data loose ...

Sourovgsm · 10-04-2021, 15:55

Pandora Box Can I Active Z3X Box???

Z3X · 10-04-2021, 17:35

Quote:

Originally Posted by Sourovgsm

Pandora Box Can I Active Z3X Box???

Hello, no you cannot. Pandora works via own unique hardware.

ayaz_far · 10-04-2021, 19:54

Plz add Huawei ID remove for all Huawei and Honor (MediaTek) based phones. And make firmware download available via Pandora Box.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-19-2021, 17:40	#64 (permalink)
KrzychuG No Life Poster Join Date: Apr 2003 Location: Torun, Poland Age: 41 Posts: 1,236 Member: 25996 Status: Offline Thanks Meter: 277	Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so. Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

08-19-2021, 17:40	#65 (permalink)
KrzychuG No Life Poster Join Date: Apr 2003 Location: Torun, Poland Age: 41 Posts: 1,236 Member: 25996 Status: Offline Thanks Meter: 277	Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so. Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

08-28-2021, 22:26	#68 (permalink)
babu786 Freak Poster Join Date: Aug 2011 Location: pretoria Posts: 215 Member: 1636627 Status: Offline Thanks Meter: 24	Hello team can u please add samsung a326b kg lock and frp support, i have phone in hand

09-18-2021, 12:00	#69 (permalink)
guljee786 No Life Poster Join Date: Apr 2008 Location: Heart of Islam Age: 42 Posts: 2,220 Member: 762034 Status: Offline Sonork: 100.1585274 Thanks Meter: 1,451	Please add convert frimware opstions like opf etc to scator , also we face losts problem in meta mode no found mobile, please make a vedio or give me link how to conect samsung new mobiles in meta mode use download mode or volium keys or adb or test point and with drivers, new models imei also sported but not detect in meta mode , most peoples not know about this new type hardware box...

09-27-2021, 10:11	#71 (permalink)
mdronyc Insane Poster Join Date: Oct 2016 Location: Dhaka Posts: 64 Member: 2635591 Status: Offline Thanks Meter: 27	Selected model: OPPO CPH2179 (Oppo A15s) Operation: Unlock network Software version: 2.5 Host Power Off... OK Switch virtual port to USB... OK Connect Type-C to BOX... OK Host Power On... OK Wait for device... OK Read usbhost speed... HIGH Read Device Descriptor... Get VID/PID...0E8D/0003 Send start cmd... OK Get HW code from device... 0766 Get HW & SW version from device... OK HW VER: CA00, SW VER: 0000, HW SUB CODE: 8A00 Detect chip [MT6765] Get sec config... OK [000000E5] Active sec flags: [SBC DAA] Advanced Bypass Security... OK Disconnect virtual port... OK Connect Type-C to HUB... OK Wait for device connecting... OK Driver: [MediaTek Inc.,wdm_usb,MediaTek USB Port_V1632,usb2ser.sys,3.0.1504.0] Device found at COM102 [BROM] Open port... OK Send start cmd... OK Get HW code from device... 0766 Get HW & SW version from device... OK HW VER: CA00, SW VER: 0000, HW SUB CODE: 8A00 Detect chip [MT6765] Library Version [2] Select platform... OK Init BROM... OK Force Charge... OK Disable WatchDog Timer... OK Reopen port for libver2... OK Get ME ID... OK ME_ID = 0xDF358C1D, 0xB7E08185, 0x8F3BCA5F, 0xEECF18E9 Get Chip ID... [MT6765] Get SOC ID... [A2028995F9C133A02010C59CA7138B40ED7FB6B1A1C7A7B1E5 E08E5913E5A4FF] Get sec config... OK [000000E0] Load DownloadAgent... OK Search DA... OK [23] Send preloader... OK Start preloader... OK Check preloader answer... OK Send bootloader... OK Start bootloader... OK Wait for answer from bootloader... OK Send SYNC signal... OK Setup device enviroment... OK Setup device parametres... OK Receive DA SYNC signal... OK Set DA parametres... OK Get device connection agent... [BROM] Get device info... OK EMMC_ID: 0x90014A68433861503E03103E0DB27875 Load EMI from phone... OK Parse EMI config... OK Init EXT RAM... OK Send 2nd DA... OK Get device info... OK EMMC INFO: EMMC_ID : 0x90014A68433861503E03103E0DB27875 EMMC_BOOT1: 0x0000400000 (4.00Mb) EMMC_BOOT2: 0x0000400000 (4.00Mb) EMMC_RPMB : 0x0001000000 (16.00Mb) EMMC_USER : 0x0E8F800000 (58.24Gb) RAM INFO: INT_SRAM: 0x000003A000 (232.00Kb) EXT_RAM : 0x0100000000 (4.00Gb) Check USB status... USB_HIGH_SPEED Read partitions info from phone... OK Read security partition from phone... OK Read security files... OK Read security files... OK Read lock info... OK Write lock info... OK Write security partition to phone... OK Network Unlock done! but hand set not unlock plz help me

09-29-2021, 20:27	#72 (permalink)
zeewildpk Freak Poster Join Date: Feb 2008 Location: PAKISTAN Age: 41 Posts: 144 Member: 696424 Status: Offline Sonork: 100.1623404 Thanks Meter: 24	I request to team please add remove screen lock without data loose ...

10-04-2021, 15:55	#73 (permalink)
Sourovgsm Product Supporter Join Date: Apr 2016 Location: India Posts: 147 Member: 2562751 Status: Offline Thanks Meter: 60	Pandora Box Can I Active Z3X Box???

10-04-2021, 19:54	#75 (permalink)
ayaz_far Freak Poster Join Date: Oct 2017 Location: KSA Posts: 106 Member: 2772838 Status: Offline Thanks Meter: 38	Plz add Huawei ID remove for all Huawei and Honor (MediaTek) based phones. And make firmware download available via Pandora Box.