Lenovo T99W175 / Foxconn SDX55 update on LVFS breaks FCC unlock

Bjørn Mork bjorn at mork.no
Mon May 9 20:32:09 UTC 2022 

Thilo-Alexander Ginkel <thilo at ginkel.com> writes:

> Hello again,
>
> quick update if anyone wants to have a look before I find time to do so:
> The unlock is most probably in SIMService.exe, which contains the magic
> string "KHOIHGIUCCHHII" that is checked for in DMI and also used by the
> unlocking Snap...


I believe you're right.  Tried to compare the 4 versions I found
available for the X1 Nano, and note that the 3 most recent ones have a
GobiDLL::SetRadioFlagNew reference:

bjorn at miraculix:/tmp$ strings  /home/bjorn/.wine/fake_windows/DRIVERS/WIN/QCSDX55/20220905.22073777/Src/QUD_GNSS/SIMService/SIMService.exe|grep SetRadioFlag
Get mpFnDMSSetRadioFlag API address fail.
GobiDLL::SetRadioFlag
%s, %d: mpFnDMSSetRadioFlag success.
%s, %d: mpFnDMSSetRadioFlag fail.Error:%d
GobiDLL::SetRadioFlagNew

Which does not exist in the oldest version:

bjorn at miraculix:/tmp$ strings  /home/bjorn/.wine/fake_windows/DRIVERS/WIN/QCSDX55/20211105.10364130/Src/QUD_GNSS/SIMService/SIMService.exe|grep SetRadioFlag
Get mpFnDMSSetRadioFlag API address fail.
GobiDLL::SetRadioFlag
%s, %d: mpFnDMSSetRadioFlag success.
%s, %d: mpFnDMSSetRadioFlag fail.Error:%d

So maybe look into that function?

There also seems to be a lot of SAR related magic there. Won't affect
the CE declaration of conformity AFAIK.


There are also references to a number of low level QMI requests.   Some
of these look quite interesting for other purposes as well.  Like the
DMS{S,G}etEFSNVValue - I guess that's generally useful.

UIMEventRegistration
UIMGetCardStatus
UIMReadTransparent
DMSSetPCPlatformSystemID
DMSGetFWVersion
DMSGetDeviceRevision
DMSGetFWSwitchingLock
DMSSetFWSwitchingLock
ChangeDeviceDownLoadMode
DMSSetEFSNVValue
DMSGetEFSNVValue
DMSSetBiosFlag
DMSGetOperatingMode
DMSSetOperatingMode
WDSModifyProfileaa
WDSGetProfileSettings
WDSModifyProfile
NASGetSystemInfo
NASSetRegistrationEventReport
NASGetSystemSelectionPref
NASSetSystemSelectionPref
DMSGetDeviceSerialNumbers
DMSSetDPRInfo
DMSGetDPRInfo
DMSGetFastWriteDPR
DMSSetFastWriteDPR




Bjørn

More information about the ModemManager-devel mailing list