Hovatek Forum MOBILE Android A125W keeps losing IMEI/Baseband
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


A125W keeps losing IMEI/Baseband

A125W keeps losing IMEI/Baseband

Pages (2): 1 2 Next
preacher23
preacher23
preacher23
Enthusiastic Member
7
22-09-2021, 08:54 AM
#1



Greetings,

I have a few questions about the symptoms I'm having with this phone (A125W)

I have, 1 phone that is working well, it was successfully rooted via magisk, and is running the latest update A125WOYV2AUG5.

Using this phone, I took a complete backup (Chimera Tool MTK Mode):

Calibration files (nvram, protect1, protect2, seccfg, misc, nvcfg, nvdata, proinfo)
Firmware files (efs, sec_efs, steady, spmfw, etc)
Miscellaneous (cache, userdata)
Special (partition_table, secondary_partition_table, region-0x0, etc)

Then i have a second phone same model, same fw and I took a full backup of it as well (Chimera Tool MTK Mode)

The symptom i'm having is when the user makes the first phone call which works fine and indicates there is no hardware problem, or modem firmware problem, after the phone call ends (user hangs up) 2 seconds later the IMEI and BASEBAND show UNKNOWN.

I factory reset it, the IMEI and BASEBAND come back, then I make a phone call and lose them again, over and over.

I tried flashing original Factory FW A125WOYV2AUFA (previous to this one) via odin same results

I even try to flash everything (Chimera Tool MTK MODE) from the working phone to the broken phone, but when doing that, the baseband is unknown and imei blank no matter what i do so there must be a mechanism that prevents (cloning)

This symptom began when the user programmed the phone using ODIN incorrectly by selecting the fifth checkmark (USERDATA) and flashing:
HOME_CSC_OMC_OYV_A125WOYV2AUG5_CL21871223_QB419499 25_REV00_user_low_ship_MULTI_CERT in it.

So basically the user selected BL, AP, CP, CSC but additionaly loaded the HOME_CSC into the USERDATA checkbox in odin and flashed them.

The phone shows:
FRP LOCK OFF
OEM LOCK OFF (U)
KG STATUS: CHECKING
MTK SECURE BOOT: ENABLE(0)
SECURE DOWNLOAD: ENABLE

I managed to figure out that the nvdata partition is what is being "corrupted" or "modified" by the system. Because when the IMEI/BASEBAND become unknown, I flashed back just nvdata (Chimera Tool MTK Mode) and they came back, make a phone call, hangup, gone again, flash it back, and again IMEI is back.

Does anyone known what is causing this issue? is there a security mechanism? What must I do to restore this phone to working order.

If anyone can shed some light on this issue, it would be greatly appreciated.
X3non
X3non
X3non
Recognized Contributor
22,062
23-09-2021, 10:15 AM
#2
(22-09-2021, 08:54 AM)preacher23 ...

the backup you made from this phone with the issue, did you make this before or after the problem?
in chimera, are you able to do format all + download? if yes, then you can try flashing your backup without userdata and cache, then boot to recovery mode and factory reset the device before booting to homescreen

the backup from the second working phone, is it from a similar A125W? if yes, then after flashing it, boot to recovery mode and factory reset then boot to homescreen and confirm if baseband is available
BTW what key/key combo did you hold to get chimera to detect this phone?
This post was last modified: 23-09-2021, 10:56 AM by X3non.
preacher23
preacher23
preacher23
Enthusiastic Member
7
24-09-2021, 01:40 AM
#3
Unfortunately I tried all key combo's and was not able to get it into Boot Rom mode

I had to take it apart and ground the test point to get it into boot rom mode.

The backup i took was after the problem occurred.

I don't have the original backup from the broken phone.

Question:
Could the vbmeta be the problem?
I have tried many ways to program this device and was not able to "clone" working device to the broken device. What mechanism is in place that prevents me to clone the working device into the non working device? I want to know if it's a hardware problem with the broken device that is causing it to constantly wipe baseband/imei making them unknown after the first phone call.

Also, why do we have to have a sim card in the device when we are using odin to flash it?

I noticed KG was prenormal, and used unlockertool to switch it to Complete, but that did not fix anything, same symptom.
preacher23
preacher23
preacher23
Enthusiastic Member
7
24-09-2021, 02:03 AM
#4
i would like to add one more thing,

when the imei is wiped after the phone call, the KG status goes to prenormal, is kg the problem?

the device was brand new, just programmed incorrectly
X3non
X3non
X3non
Recognized Contributor
22,062
24-09-2021, 11:58 AM
#5



(24-09-2021, 01:40 AM)preacher23 Unfortunately I tried all key combo's and was not able to get it into Boot Rom mode
I had to take it apart and ground the test point to get it into boot rom mode.

thanks for confirming, we had suspected it'll come down to this
can you share a picture of the test points? it might help anybody else with the same model


(24-09-2021, 01:40 AM)preacher23 Could the vbmeta be the problem?

unlikely, otherwise the device would get stuck at red state boot and won't boot further


(24-09-2021, 01:40 AM)preacher23 I have tried many ways to program this device and was not able to "clone" working device to the broken device. What mechanism is in place that prevents me to clone the working device into the non working device? I want to know if it's a hardware problem with the broken device that is causing it to constantly wipe baseband/imei making them unknown after the first phone call.

i doubt that there's anything preventing you from flashing the other firmware other than maybe both phone not for the same region, seeing as you are able to flash and boot up the device without getting hard bricked.
did you try the suggestions from my previous reply?
how about you flash the firmware from phone 2 (ie the working phone), then include modem files from phone 1 backup (ie efs, etc)


(24-09-2021, 01:40 AM)preacher23 Also, why do we have to have a sim card in the device when we are using odin to flash it?

you can flash with or without sim


(24-09-2021, 01:40 AM)preacher23 I noticed KG was prenormal, and used unlockertool to switch it to Complete, but that did not fix anything, same symptom.

if anything, i'd say the lost of imei triggered prenormal kg rather than prenormal kg been the cause of loss of imei
This post was last modified: 24-09-2021, 12:33 PM by X3non.
preacher23
preacher23
preacher23
Enthusiastic Member
7
26-09-2021, 03:15 AM
#6
Okay, I just took a picture of the A12 Test Point
Attached Files
.jpg
A12 Test Point.jpg
Size: 1,019.5 KB / Downloads: 3
preacher23
preacher23
preacher23
Enthusiastic Member
7
26-09-2021, 03:19 AM
#7
I recently purchased two brand new A125W and before turning on, I took "virgin" dumps using MTK mode in Chimera, so a full backup of each one (to compare the difference)

I then took a full backup of the broken one, What I know so far, the IMEI and IMEI CERT are good (on the broken one)

The phones are the exact same, carrier code (XAC) model, everything.
Can I switch them to the virgin backup and flash that?

Where's the IMEI cert, I figured out where the IMEI locations are (compared the two virgin backups for differences in hex editor compare tool)
but I haven't figured out where the IMEI cert is, I have all the partitions and compared them all, what would I be looking for though?
This post was last modified: 26-09-2021, 03:21 AM by preacher23. Edit Reason: clarity
X3non
X3non
X3non
Recognized Contributor
22,062
28-09-2021, 10:42 AM
#8
(26-09-2021, 03:19 AM)preacher23 ...
The phones are the exact same, carrier code (XAC) model, everything.
Can I switch them to the virgin backup and flash that?

you mean flashing the broken phone with the virigin firmware? if yes, then it's worth the trial


(26-09-2021, 03:19 AM)preacher23 Where's the IMEI cert, I figured out where the IMEI locations are (compared the two virgin backups for differences in hex editor compare tool)
but I haven't figured out where the IMEI cert is, I have all the partitions and compared them all, what would I be looking for though?

not sure where you'd find that or what importance it holds to writing imei back permanently
preacher23
preacher23
preacher23
Enthusiastic Member
7
03-10-2021, 03:48 AM
#9
I tried flashing protect1, protect2, nvram, nvdata, proinfo

from donor device but the device won't work.

I looked at btd.img and noticed it has a list of partitions just like the vbmeta.img

Are we supposed to patch btd image as well as nvram in order for it to work ?
preacher23
preacher23
preacher23
Enthusiastic Member
7
04-10-2021, 05:32 AM
#10



I attached a picture of NVRAM img comparison between good one, and corrupted one

Can anyone shed some light on the differences ?

For example WIFI_CUSTOM
why there's two pairs of hex different between the two?

EE 01 00 00 06 00
VS
02 08 00 00 06 00

Or why the last 4 pairs are different on the first line of the nvram file?
EF D2 9C 57
VS
B6 AB 90 F6

Is there a tool that could help make sense of all this?

I can't seem to mount this img in linux as a partition.

Is it because NVRAM is a database ?
Attached Files
.png
NVRAM.png
Size: 55.37 KB / Downloads: 1
Pages (2): 1 2 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram