-
-
Save doak/a67628bf9b99b7d1bd7186cbabee131f to your computer and use it in GitHub Desktop.
Very raw EMR120R-GL FCC unlock https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/402#note_1064882
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ARGS=( | |
| -D MBIM_DEVICE_PATH='"/dev/wwan0mbim0"' | |
| -D MBIM2SAR_SO_PATH='"/mnt/usr/lib/mbim2sar.so"' | |
| ) | |
| gcc "${ARGS[@]}" -o fcc-unlock fcc-unlock.c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <syslog.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| typedef struct FCC_OPS FCC_OPS; | |
| typedef void *HDMOVERMBIMTOSARHANDLE; | |
| typedef int BOOL; | |
| struct FCC_OPS { | |
| int version; | |
| int size; | |
| int (*Init)(char *); | |
| void (*UnInit)(void); | |
| int (*GetIsMbimReady)(HDMOVERMBIMTOSARHANDLE, BOOL *); | |
| int (*FccUnlock)(void); | |
| }; | |
| FCC_OPS *fcc_ops; | |
| #ifndef MBIM_DEVICE_PATH | |
| #define MBIM_DEVICE_PATH "/dev/wwan0mbim0" | |
| #endif | |
| #ifndef MBIM2SAR_SO_PATH | |
| #define MBIM2SAR_SO_PATH "/home/joar/ghidra/r2/lenovo-wwan-dpr_3.snap.squashfs/usr/lib/mbim2sar.so" | |
| #endif | |
| static char * DEVICE_PATH = MBIM_DEVICE_PATH; | |
| int main() { | |
| void *dlHandle = dlopen(MBIM2SAR_SO_PATH, 1); | |
| if (dlHandle == 0) { | |
| fprintf(stderr, "dlopen(%s) failed\n", MBIM2SAR_SO_PATH); | |
| return 1; | |
| } | |
| fcc_ops = dlsym(dlHandle, "fcc_ops"); | |
| if (fcc_ops == 0) { | |
| dlclose(dlHandle); | |
| fprintf(stderr, "dlsym(): could not get 'fcc_ops'\n"); | |
| return 1; | |
| } | |
| fcc_ops->Init(DEVICE_PATH); | |
| int isReady; | |
| int err = fcc_ops->GetIsMbimReady(0, &isReady); | |
| for (int i = 0; (err != 0 && (i < 10)); i = i + 1) { | |
| fprintf(stderr, "fcc_ops->GetIsMbimReady(): err=%d. Retrying in 10 seconds...\n", err); | |
| sleep(10); | |
| err = fcc_ops->GetIsMbimReady(0, &isReady); | |
| } | |
| if (err != 0) { | |
| fprintf(stderr, "fcc_ops-GetISMbimReady() err=%d\n", err); | |
| goto err_exit; | |
| } | |
| if (isReady == 0) { | |
| fprintf(stderr, "fcc_ops->GetIsMbimReady(): never was\n"); | |
| goto err_exit; | |
| } | |
| err = fcc_ops->FccUnlock(); | |
| if (err != 0) { | |
| fprintf(stderr, "fcc_ops->FccUnlock() err=%d\n", err); | |
| fprintf(stderr, "FCC unlock failed\n"); | |
| goto err_exit; | |
| } | |
| printf("FCC unlock completed successfully\n"); | |
| fcc_ops->UnInit(); | |
| if (dlHandle != 0) { | |
| dlclose(dlHandle); | |
| dlHandle = 0; | |
| } | |
| return 0; | |
| err_exit: | |
| fcc_ops->UnInit(); | |
| if (dlHandle != 0) { | |
| dlclose(dlHandle); | |
| dlHandle = 0; | |
| } | |
| return 1; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo env VERBOSE=1 ./fcc_unlock_v2 | |
| [09-22_09:30:08:264] mbim_proxy_connect('mbim-proxy') = 5 | |
| [09-22_09:30:08:264] mbim_read_thread is created | |
| [09-22_09:30:08:264] > 03:00:00:00:5A:00:00:00:01:00:00:00:01:00:00:00:00:00:00:00:83:8C:F7:FB:8D:0D:4D:7F:87:1E:D7:1D:BE:FB:B3:9B:01:00:00:00:01:00:00:00:2A:00:00:00:0C:00:00:00:1E:00:00:00:0F:00:00:00:2F:00:64:00:65:00:76:00:2F:00:77:00:77:00:61:00:6E:00:30:00:6D:00:62:00:69:00:6D:00:30:00: | |
| [09-22_09:30:08:264] > Header: | |
| [09-22_09:30:08:264] > MessageLength = 90 | |
| [09-22_09:30:08:264] > MessageType = MBIM_COMMAND_MSG (0x00000003) | |
| [09-22_09:30:08:264] > TransactionId = 1 | |
| [09-22_09:30:08:264] > Contents: | |
| [09-22_09:30:08:264] > DeviceServiceId = 838cf7fb-8d0d-4d7f-871e-d71dbefbb39b (838cf7fb-8d0d-4d7f-871e-d71dbefbb39b) | |
| [09-22_09:30:08:265] > CID = MBIM_CID_PROXY_CONTROL_CONFIGURATION (1) | |
| [09-22_09:30:08:265] > CommandType = set (1) | |
| [09-22_09:30:08:265] > InformationBufferLength = 42 | |
| [09-22_09:30:08:589] < 03:00:00:80:30:00:00:00:01:00:00:00:01:00:00:00:00:00:00:00:83:8C:F7:FB:8D:0D:4D:7F:87:1E:D7:1D:BE:FB:B3:9B:01:00:00:00:00:00:00:00:00:00:00:00: | |
| [09-22_09:30:08:589] < Header: | |
| [09-22_09:30:08:589] < MessageLength = 48 | |
| [09-22_09:30:08:589] < MessageType = MBIM_COMMAND_DONE (0x80000003) | |
| [09-22_09:30:08:589] < TransactionId = 1 | |
| [09-22_09:30:08:589] < Contents: | |
| [09-22_09:30:08:589] < DeviceServiceId = 838cf7fb-8d0d-4d7f-871e-d71dbefbb39b (838cf7fb-8d0d-4d7f-871e-d71dbefbb39b) | |
| [09-22_09:30:08:589] < CID = MBIM_CID_PROXY_CONTROL_CONFIGURATION (1) | |
| [09-22_09:30:08:589] < Status = 0 | |
| [09-22_09:30:08:589] < InformationBufferLength = 0 | |
| [09-22_09:30:08:589] GetIsMbimReady err=0, bValue=1 | |
| [09-22_09:30:08:589] mbim_device_service_subscribe_list_set(uuid=2d0c12c9-0e6a-495a-915c-8d174fe5d63c) | |
| [09-22_09:30:08:589] > 03:00:00:00:64:00:00:00:02:00:00:00:01:00:00:00:00:00:00:00:A2:89:CC:33:BC:BB:8B:4F:B6:B0:13:3E:C2:AA:E6:DF:13:00:00:00:01:00:00:00:34:00:00:00:01:00:00:00:0C:00:00:00:28:00:00:00:2D:0C:12:C9:0E:6A:49:5A:91:5C:8D:17:4F:E5:D6:3C:05:00:00:00:01:00:00:00:02:00:00:00:03:00:00:00:04:00:00:00:05:00:00:00: | |
| [09-22_09:30:08:589] > Header: | |
| [09-22_09:30:08:589] > MessageLength = 100 | |
| [09-22_09:30:08:589] > MessageType = MBIM_COMMAND_MSG (0x00000003) | |
| [09-22_09:30:08:589] > TransactionId = 2 | |
| [09-22_09:30:08:589] > Contents: | |
| [09-22_09:30:08:590] > DeviceServiceId = UUID_BASIC_CONNECT (a289cc33-bcbb-8b4f-b6b0-133ec2aae6df) | |
| [09-22_09:30:08:590] > CID = MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST (19) | |
| [09-22_09:30:08:590] > CommandType = set (1) | |
| [09-22_09:30:08:590] > InformationBufferLength = 52 | |
| [09-22_09:30:08:594] < 03:00:00:80:64:00:00:00:02:00:00:00:01:00:00:00:00:00:00:00:A2:89:CC:33:BC:BB:8B:4F:B6:B0:13:3E:C2:AA:E6:DF:13:00:00:00:00:00:00:00:34:00:00:00:01:00:00:00:0C:00:00:00:28:00:00:00:2D:0C:12:C9:0E:6A:49:5A:91:5C:8D:17:4F:E5:D6:3C:05:00:00:00:01:00:00:00:02:00:00:00:03:00:00:00:04:00:00:00:05:00:00:00: | |
| [09-22_09:30:08:594] < Header: | |
| [09-22_09:30:08:594] < MessageLength = 100 | |
| [09-22_09:30:08:594] < MessageType = MBIM_COMMAND_DONE (0x80000003) | |
| [09-22_09:30:08:594] < TransactionId = 2 | |
| [09-22_09:30:08:594] < Contents: | |
| [09-22_09:30:08:594] < DeviceServiceId = UUID_BASIC_CONNECT (a289cc33-bcbb-8b4f-b6b0-133ec2aae6df) | |
| [09-22_09:30:08:594] < CID = MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST (19) | |
| [09-22_09:30:08:594] < Status = 0 | |
| [09-22_09:30:08:594] < InformationBufferLength = 52 | |
| [09-22_09:30:08:594] FccUnlock | |
| [09-22_09:30:08:594] SMBIOS 3.2.0 present. | |
| [09-22_09:30:08:594] Table at 0x90CA4000. | |
| [09-22_09:30:08:594] Handle 0x0030, DMI type 133, 5 bytes | |
| [09-22_09:30:08:594] String 1 | |
| [09-22_09:30:08:594] KHOIHGIUCCHHII | |
| [09-22_09:30:08:594] mbim_radio_state_query() | |
| [09-22_09:30:08:594] > 03:00:00:00:30:00:00:00:03:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:00:00:00:00:00:00:00:00: | |
| [09-22_09:30:08:594] > Header: | |
| [09-22_09:30:08:594] > MessageLength = 48 | |
| [09-22_09:30:08:594] > MessageType = MBIM_COMMAND_MSG (0x00000003) | |
| [09-22_09:30:08:594] > TransactionId = 3 | |
| [09-22_09:30:08:594] > Contents: | |
| [09-22_09:30:08:594] > DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:594] > CID = Unknow (1) | |
| [09-22_09:30:08:594] > CommandType = query (0) | |
| [09-22_09:30:08:594] > InformationBufferLength = 0 | |
| [09-22_09:30:08:606] < 03:00:00:80:34:00:00:00:03:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:00:00:00:00:04:00:00:00:04:00:00:00: | |
| [09-22_09:30:08:606] < Header: | |
| [09-22_09:30:08:606] < MessageLength = 52 | |
| [09-22_09:30:08:606] < MessageType = MBIM_COMMAND_DONE (0x80000003) | |
| [09-22_09:30:08:606] < TransactionId = 3 | |
| [09-22_09:30:08:606] < Contents: | |
| [09-22_09:30:08:606] < DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:606] < CID = Unknow (1) | |
| [09-22_09:30:08:606] < Status = 0 | |
| [09-22_09:30:08:606] < InformationBufferLength = 4 | |
| [09-22_09:30:08:606] HwRadioState: 4, SwRadioState: 0 | |
| [09-22_09:30:08:606] mbim_radio_state_set( 1 ) | |
| [09-22_09:30:08:606] > 03:00:00:00:34:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:01:00:00:00:04:00:00:00:01:00:00:00: | |
| [09-22_09:30:08:606] > Header: | |
| [09-22_09:30:08:606] > MessageLength = 52 | |
| [09-22_09:30:08:606] > MessageType = MBIM_COMMAND_MSG (0x00000003) | |
| [09-22_09:30:08:606] > TransactionId = 4 | |
| [09-22_09:30:08:606] > Contents: | |
| [09-22_09:30:08:606] > DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:606] > CID = Unknow (1) | |
| [09-22_09:30:08:606] > CommandType = set (1) | |
| [09-22_09:30:08:606] > InformationBufferLength = 4 | |
| [09-22_09:30:08:615] < 03:00:00:80:30:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:00:00:00:00:00:00:00:00: | |
| [09-22_09:30:08:615] < Header: | |
| [09-22_09:30:08:615] < MessageLength = 48 | |
| [09-22_09:30:08:615] < MessageType = MBIM_COMMAND_DONE (0x80000003) | |
| [09-22_09:30:08:615] < TransactionId = 4 | |
| [09-22_09:30:08:615] < Contents: | |
| [09-22_09:30:08:615] < DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:615] < CID = Unknow (1) | |
| [09-22_09:30:08:615] < Status = 0 | |
| [09-22_09:30:08:615] < InformationBufferLength = 0 | |
| [09-22_09:30:08:615] mbim_radio_state_query() | |
| [09-22_09:30:08:615] > 03:00:00:00:30:00:00:00:05:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:00:00:00:00:00:00:00:00: | |
| [09-22_09:30:08:615] > Header: | |
| [09-22_09:30:08:615] > MessageLength = 48 | |
| [09-22_09:30:08:615] > MessageType = MBIM_COMMAND_MSG (0x00000003) | |
| [09-22_09:30:08:615] > TransactionId = 5 | |
| [09-22_09:30:08:615] > Contents: | |
| [09-22_09:30:08:615] > DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:615] > CID = Unknow (1) | |
| [09-22_09:30:08:615] > CommandType = query (0) | |
| [09-22_09:30:08:615] > InformationBufferLength = 0 | |
| [09-22_09:30:08:627] < 03:00:00:80:34:00:00:00:05:00:00:00:01:00:00:00:00:00:00:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:11:01:00:00:00:00:00:00:00:04:00:00:00:01:00:00:00: | |
| [09-22_09:30:08:627] < Header: | |
| [09-22_09:30:08:627] < MessageLength = 52 | |
| [09-22_09:30:08:627] < MessageType = MBIM_COMMAND_DONE (0x80000003) | |
| [09-22_09:30:08:627] < TransactionId = 5 | |
| [09-22_09:30:08:627] < Contents: | |
| [09-22_09:30:08:627] < DeviceServiceId = 11223344-5566-7788-99aa-bbccddeeff11 (11223344-5566-7788-99aa-bbccddeeff11) | |
| [09-22_09:30:08:627] < CID = Unknow (1) | |
| [09-22_09:30:08:627] < Status = 0 | |
| [09-22_09:30:08:627] < InformationBufferLength = 4 | |
| [09-22_09:30:08:627] HwRadioState: 1, SwRadioState: 0 | |
| [09-22_09:30:08:627] FccUnlock err=0 | |
| FCC unlock completed successfully | |
| [09-22_09:30:08:627] mbim_read_thread exit | |
| [09-22_09:30:08:627] UnInit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment