Skip to content

Instantly share code, notes, and snippets.

@thypon

thypon/qpwn.sh

Created December 17, 2019 09:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thypon/aff81f4ea2aca18ac4756a7ce5da5cb8 to your computer and use it in GitHub Desktop.
Save thypon/aff81f4ea2aca18ac4756a7ce5da5cb8 to your computer and use it in GitHub Desktop.
Download ZIP
Small (non fully original) script to randomize IMEI and unlock LTE bands
Raw
qpwn.sh
#!/system/bin/busybox sh
# Usage: qpwn.sh [sim number] [new IMEI - 15 decimals]
# Use SIM number 9 to switch to band unlocking mode instead
rnd_imei() {
echo -n $((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))$((RANDOM%10))
}
OPDIR=$(mktemp -d)
BLKPREF=/dev/block/bootdevice/by-name
SIMINDEX=$1
TARGETNAME=nvm/num/550
# Unlock all LTEs bands if 9, otherwise change/randomize the IMEI
if [ "$SIMINDEX" = 9 ]; then
TARGETNAME=nvm/num/6828
TARGETNAME2=nvm/num/6829
PREP="\xff\x3f\xff\xff\xff\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
else
if [ "$SIMINDEX" = 2 ]; then
TARGETNAME=nvm/context1/550
fi
IMEI="80a${2:-$(rnd_imei)}"
PREP="$(echo -n $IMEI | busybox sed -re 's/([a0-9])([a0-9])/\\x\2\1/g')"
TARGETNAME2=$TARGETNAME
fi
cd $OPDIR
echo "Reading tunning partition..."
busybox tar xf $BLKPREF/tunning
echo -ne "$PREP" > $TARGETNAME
echo -ne "$PREP" > $TARGETNAME2
echo "Writing tunning partition..."
busybox tar cf - . > $BLKPREF/tunning
echo "Formatting modemst1 and modemst2..."
dd if=/dev/zero of=$BLKPREF/modemst1
dd if=/dev/zero of=$BLKPREF/modemst2
echo "IMEI changed, reboot to apply"
cd
rm -r $OPDIR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment