Thilo-Alexander Ginkel <th...@ginkel.com> writes: > Hello again, > > quick update if anyone wants to have a look before I find time to do so: > The unlock is most probably in SIMService.exe, which contains the magic > string "KHOIHGIUCCHHII" that is checked for in DMI and also used by the > unlocking Snap...
I believe you're right. Tried to compare the 4 versions I found available for the X1 Nano, and note that the 3 most recent ones have a GobiDLL::SetRadioFlagNew reference: bjorn@miraculix:/tmp$ strings /home/bjorn/.wine/fake_windows/DRIVERS/WIN/QCSDX55/20220905.22073777/Src/QUD_GNSS/SIMService/SIMService.exe|grep SetRadioFlag Get mpFnDMSSetRadioFlag API address fail. GobiDLL::SetRadioFlag %s, %d: mpFnDMSSetRadioFlag success. %s, %d: mpFnDMSSetRadioFlag fail.Error:%d GobiDLL::SetRadioFlagNew Which does not exist in the oldest version: bjorn@miraculix:/tmp$ strings /home/bjorn/.wine/fake_windows/DRIVERS/WIN/QCSDX55/20211105.10364130/Src/QUD_GNSS/SIMService/SIMService.exe|grep SetRadioFlag Get mpFnDMSSetRadioFlag API address fail. GobiDLL::SetRadioFlag %s, %d: mpFnDMSSetRadioFlag success. %s, %d: mpFnDMSSetRadioFlag fail.Error:%d So maybe look into that function? There also seems to be a lot of SAR related magic there. Won't affect the CE declaration of conformity AFAIK. There are also references to a number of low level QMI requests. Some of these look quite interesting for other purposes as well. Like the DMS{S,G}etEFSNVValue - I guess that's generally useful. UIMEventRegistration UIMGetCardStatus UIMReadTransparent DMSSetPCPlatformSystemID DMSGetFWVersion DMSGetDeviceRevision DMSGetFWSwitchingLock DMSSetFWSwitchingLock ChangeDeviceDownLoadMode DMSSetEFSNVValue DMSGetEFSNVValue DMSSetBiosFlag DMSGetOperatingMode DMSSetOperatingMode WDSModifyProfileaa WDSGetProfileSettings WDSModifyProfile NASGetSystemInfo NASSetRegistrationEventReport NASGetSystemSelectionPref NASSetSystemSelectionPref DMSGetDeviceSerialNumbers DMSSetDPRInfo DMSGetDPRInfo DMSGetFastWriteDPR DMSSetFastWriteDPR Bjørn