[Q] G2 won't connect to cell network after unlocking

Search This thread

guhl99

Senior Member
Aug 25, 2010
459
581
logcat of radio from boot on

Attached you can find the logcats of radio from boot on.

The lc_radio.txt has been created with the PIN-input enabled, the other one with the PIN-input disabled.

Could somebody please do the same thing with a phone that still registers on a network? (of course it would be best with an unlocked phone, but also a normal T-Mobile registration would be interesting)

Thanks
 

Attachments

  • lc_radio.txt
    70.2 KB · Views: 152
  • lc_radio_nopin.txt
    51.4 KB · Views: 83

bluemoko

Member
Jun 29, 2010
49
10
Mine too, now all the way from eBay to me and the unlock block network signal >.<

Already try flash original IMG but nothing change..
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
Could somebody please do the same thing with a phone that still registers on a network? (of course it would be best with an unlocked phone, but also a normal T-Mobile registration would be interesting)


Here's a log of an unlocked G2 connecting to T-Mo US from init to a stable state. I edited out my personal data with tildes. An eleven tilde redaction indicates a phone number. Fifteen tilde redactions are IMEI. "310260~~~~~~~~~" are IMSI. Hope it helps.
 

Attachments

  • lc_radio.txt
    77.5 KB · Views: 78

gpou

Senior Member
Sep 18, 2007
160
3
Kalamata
Here's a log of an unlocked G2 connecting to T-Mo US from init to a stable state. I edited out my personal data with tildes. An eleven tilde redaction indicates a phone number. Fifteen tilde redactions are IMEI. "310260~~~~~~~~~" are IMSI. Hope it helps.

Does anybody know where the file holding info about cid and mcc mnc is located in android filesystem. Maybe this file corrupted after unlocking.
 

bluemoko

Member
Jun 29, 2010
49
10
Does anybody know where the file holding info about cid and mcc mnc is located in android filesystem. Maybe this file corrupted after unlocking.

I don't think is is about the corrupt file. Since after I unlock and lose cell connection I have find a complete ROM and flash it on top and nothing change. The phone still not function.

Right now I just hope that the solution is in some area we can touch or flash. Not deep down in some un-flashable or sign with some special key.
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
Does anybody know where the file holding info about cid and mcc mnc is located in android filesystem. Maybe this file corrupted after unlocking.
The CID information is probably held in the baseband's storage. MCC/MNC info is held in a variety of places, but the one you are missing is also likely in the baseband.

I'm wondering if it isn't a problem with your sim cards. Could you guys try using a T-mo US sim and checking logcat?
 

gpou

Senior Member
Sep 18, 2007
160
3
Kalamata
The CID information is probably held in the baseband's storage. MCC/MNC info is held in a variety of places, but the one you are missing is also likely in the baseband.

I'm wondering if it isn't a problem with your sim cards. Could you guys try using a T-mo US sim and checking logcat?

The logcat provided is with a T-mo sim.
Also after talking with the htc suport through their ticketing system they didnt help me at all. all they could do is offer me advices of how to hard reset my device.
Anyway the baseband files is in the filesystem??
Can we see or modify them through ADB?
 

gpou

Senior Member
Sep 18, 2007
160
3
Kalamata
I don't think is is about the corrupt file. Since after I unlock and lose cell connection I have find a complete ROM and flash it on top and nothing change. The phone still not function.

Right now I just hope that the solution is in some area we can touch or flash. Not deep down in some un-flashable or sign with some special key.

Apparently the problem is a corrupted baseband file. I believe that tha firmware we have just hasn't that files
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
The logcat provided is with a T-mo sim.
Also after talking with the htc suport through their ticketing system they didnt help me at all. all they could do is offer me advices of how to hard reset my device.
Anyway the baseband files is in the filesystem??
Can we see or modify them through ADB?
It is not in the Linux filesystem at all. All the stuff pertaining to the radio (including the storage of settings like CID and subsidy lock) are controlled and stored by the baseband processor and baseband software (collectively known as the "radio").
 

gpou

Senior Member
Sep 18, 2007
160
3
Kalamata
It is not in the Linux filesystem at all. All the stuff pertaining to the radio (including the storage of settings like CID and subsidy lock) are controlled and stored by the baseband processor and baseband software (collectively known as the "radio").

So unless we get a new radio update its difficult to do something :confused:
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
Here is a comparison of where our two radio logs diverge (I'm referencing your no-sim log):

http://gist.github.com/626698

Short snippets:

My successful radio association
Code:
D/RILJ    ( 1549): [0004]< BASEBAND_VERSION 12.22.60.09bU_26.02.01.15_M2
D/HTC_RIL ( 1359): (t=1287044490)<< ~~~~~~~~~~~~~~~01\r\n0\r
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CGSN\r
D/RILJ    ( 1549): [0005]< GET_IMEI 
D/HTC_RIL ( 1359): (t=1287044490)<< ~~~~~~~~~~~~~~~01\r\n0\r
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CPMS="SM","SM","SM"\r
D/RILJ    ( 1549): [0006]< GET_IMEISV 
D/HTC_RIL ( 1359): (t=1287044490)<< +CPMS: 11,30,11,30,11,30\r\n0\r
D/RILJ    ( 1549): [0007]> OPERATOR
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CPIN?\r
D/HTC_RIL ( 1359): (t=1287044490)<< +CPIN: READY\r\n0\r
D/HTC_RIL ( 1359): ril_func_get_imsi():called
D/HTC_RIL ( 1359): ril_func_chk_pb_state_until_ready():called
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CIMI\r
D/HTC_RIL ( 1359): ril_func_get_curr_operator_name():called
D/HTC_RIL ( 1359): (t=1287044490)<< 310260~~~~~~~~~\r\n0\r
D/HTC_RIL ( 1359): ril_func_get_msisdn():called
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CRSM=192,28480,0,0,0\r
D/RILJ    ( 1549): [0008]> GPRS_REGISTRATION_STATE
D/HTC_RIL ( 1359): ril_func_get_gprs_reg_state():called
D/RILJ    ( 1549): [0009]> REGISTRATION_STATE
D/HTC_RIL ( 1359): ril_func_get_gsm_cdma_reg_state():called
D/RILJ    ( 1549): [0010]> QUERY_NETWORK_SELECTION_MODE
D/HTC_RIL ( 1359): ril_func_get_network_select_mode():called
D/RILJ    ( 1549): [0011]> GET_CURRENT_CALLS
D/HTC_RIL ( 1359): ril_func_get_call_list():called
D/GSM     ( 1549): Baseband version: 12.22.60.09bU_26.02.01.15_M2
D/HTC_RIL ( 1359): (t=1287044490)<< +CRSM: 144,0,000000786F40040011F5550102011E\r\n0\r
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CRSM=178,28480,1,4,30\r
D/HTC_RIL ( 1359): (t=1287044490)<< +CRSM: 144,0,4D736973646E31FFFFFFFFFFFFFFFFFF078~~~~~~~~~~~F7FFFFFFFFFFFF\r\n0\r
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CPBS="SM"\r
D/HTC_RIL ( 1359): (t=1287044490)<< 0\r
D/HTC_RIL ( 1359): (t=1287044490)>> AT+CPBS?\r
D/HTC_RIL ( 1359): (t=1287044490)<< +CPBS: "SM",15,250\r\n0\r
E/HTC_RIL ( 1359): cust_table_create():failed to open customized operator name table
D/HTC_RIL ( 1359): ril_func_chk_eons():called
D/HTC_RIL ( 1359): ril_func_chk_cphs_ons():called
D/RILB    ( 1549): Notifying: SIM ready
D/RILJ    ( 1549): [UNSL]< UNSOL_RESPONSE_RADIO_STATE_CHANGED SIM_READY
D/RILJ    ( 1549): [0012]> OPERATOR
D/RILJ    ( 1549): [0013]> GPRS_REGISTRATION_STATE
Failed radio association
Code:
D/RILJ    ( 1535): [0004]< BASEBAND_VERSION 12.22.60.09bU_26.02.01.15_M2
D/HTC_RIL ( 1359): (t=1287010699)<< ~~~~~~~~~~~~~~~01\r\n0\r
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CGSN\r
D/RILJ    ( 1535): [0005]< GET_IMEI 
D/HTC_RIL ( 1359): (t=1287010699)<< ~~~~~~~~~~~~~~~01\r\n0\r
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CPMS="SM","SM","SM"\r
D/RILJ    ( 1535): [0006]< GET_IMEISV 
D/HTC_RIL ( 1359): (t=1287010699)<< +CMS ERROR: 500\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 1-th retries
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CPIN?\r
D/HTC_RIL ( 1359): (t=1287010699)<< +CPIN: READY\r\n0\r
D/HTC_RIL ( 1359): ril_func_get_imsi():called
D/HTC_RIL ( 1359): ril_func_chk_pb_state_until_ready():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CIMI\r
D/HTC_RIL ( 1359): (t=1287010699)<< +CME ERROR: 14\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 1-th retries
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CPBS="SM"\r
D/HTC_RIL ( 1359): (t=1287010699)<< 0\r
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CPBS?\r
D/HTC_RIL ( 1359): (t=1287010699)<< 0\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 1-th retries
D/STK     ( 1535): StkService: ril message arrived
D/STK     ( 1535): CommandParamsFactory: process SelectItem
D/RILJ    ( 1535): [0007]> OPERATOR
D/HTC_RIL ( 1359): ril_func_get_curr_operator_name():called
D/RILJ    ( 1535): [0007]< OPERATOR error: com.android.internal.telephony.CommandException: OP_NOT_ALLOWED_BEFORE_REG_NW
D/RILJ    ( 1535): [0008]> GPRS_REGISTRATION_STATE
D/HTC_RIL ( 1359): ril_func_get_gprs_reg_state():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CGREG?\r
D/HTC_RIL ( 1359): (t=1287010699)<< +CGREG: 1,0\r\n0\r
D/RILJ    ( 1535): [0009]> REGISTRATION_STATE
D/RILJ    ( 1535): [0008]< GPRS_REGISTRATION_STATE {0, null, null, 0}
D/HTC_RIL ( 1359): ril_func_get_gsm_cdma_reg_state():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CREG?\r
D/RILJ    ( 1535): [0010]> QUERY_NETWORK_SELECTION_MODE
D/HTC_RIL ( 1359): (t=1287010699)<< +CREG: 2,0\r\n0\r
D/HTC_RIL ( 1359): ril_func_get_network_select_mode():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+COPS=3,2;+COPS?\r
D/RILJ    ( 1535): [0009]< REGISTRATION_STATE {0, null, null, 0, null, null, null, null, null, null, null, null, null, null, null}
D/HTC_RIL ( 1359): (t=1287010699)<< +CME ERROR: 30\r
D/RILJ    ( 1535): [0011]> GET_CURRENT_CALLS
D/HTC_RIL ( 1359): get_nwsel_mode_rsp_handler():fail to get network select mode!
D/RILJ    ( 1535): [0010]< QUERY_NETWORK_SELECTION_MODE error: com.android.internal.telephony.CommandException: OP_NOT_ALLOWED_BEFORE_REG_NW
D/HTC_RIL ( 1359): ril_func_get_call_list():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+CLCC\r
D/HTC_RIL ( 1359): (t=1287010699)<< 0\r
D/RILJ    ( 1535): [0011]< GET_CURRENT_CALLS  
D/GSM     ( 1535): Baseband version: 12.22.60.09bU_26.02.01.15_M2
D/STK     ( 1535): StkService: SET_UP_MENU
D/STK     ( 1535): StkService: TERMINAL RESPONSE: 810301250082028281830100
D/RILJ    ( 1535): [0012]> REQUEST_STK_SEND_TERMINAL_RESPONSE
D/HTC_RIL ( 1359): ril_func_stk_send_terminal_response():called
D/HTC_RIL ( 1359): (t=1287010699)>> AT+GTKR=810301250082028281830100\r
D/HTC_RIL ( 1359): (t=1287010699)<< 0\r
D/RILJ    ( 1535): [0012]< REQUEST_STK_SEND_TERMINAL_RESPONSE 
E/GSM     ( 1535): Wrong network type: 0
E/GSM     ( 1535): Wrong network type: 0
D/GSM     ( 1535): Poll ServiceState done:  oldSS=[3 home null null null  Unknown CSS not supported -1 -1RoamInd: -1DefRoamInd: -1EmergOnly: false] newSS=[1 home null null null  Unknown CSS not supported -1 -1RoamInd: -1DefRoamInd: -1EmergOnly: false] oldGprs=1 newGprs=1 oldType=unknown newType=unknown
D/HTC_RIL ( 1359): (t=1287010699)%% +GTKI: \r\n
D/RILJ    ( 1535): [UNSL]< UNSOL_STK_SESSION_END
D/STK     ( 1535): StkService: ril message arrived
D/STK     ( 1535): StkService: SESSION END
D/HTC_RIL ( 1359): (t=1287010700)>> AT+CPMS="SM","SM","SM"\r
D/HTC_RIL ( 1359): (t=1287010700)<< +CMS ERROR: 500\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 2-th retries
D/HTC_RIL ( 1359): (t=1287010700)>> AT+CIMI\r
D/HTC_RIL ( 1359): (t=1287010700)<< +CME ERROR: 14\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 2-th retries
D/HTC_RIL ( 1359): (t=1287010700)>> AT+CPBS="SM"\r
D/HTC_RIL ( 1359): (t=1287010700)<< 0\r
D/HTC_RIL ( 1359): (t=1287010700)>> AT+CPBS?\r
D/HTC_RIL ( 1359): (t=1287010700)<< 0\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 2-th retries
D/HTC_RIL ( 1359): (t=1287010701)%% +CREG: 3\r\n
D/HTC_RIL ( 1359): (t=1287010701)%% +CGREG: 3\r\n
D/HTC_RIL ( 1359): (t=1287010701)>> AT+UPSC\r
D/RILJ    ( 1535): [UNSL]< UNSOL_RESPONSE_NETWORK_STATE_CHANGED

One thing I noticed is your log has a lot of STK (sim toolkit) entries, particularly unsolicited STK messages. Is this a brand new t-mo sim you are using? Was it ever activated on the t-mo network?
 
Last edited:

guhl99

Senior Member
Aug 25, 2010
459
581
One thing I noticed is your log has a lot of STK (sim toolkit) entries, particularly unsolicited STK messages. Is this a brand new t-mo sim you are using? Was it ever activated on the t-mo network?

The SIM is an Austrian mobilkom SIM that I normally use with the mobilkom A1 network.
It works in my G1.
 

ekwon

Member
Jun 7, 2007
13
1
madrid
Hi

I see an another difference between failed file and success one

When it try to get IMEISV (
Retrieves the International Mobile Equipment Identity and Software Version (IMEISV) of the device)

On failed file: +CMS ERROR: 500\r (unknown error ) and +CME ERROR: 14\r (sim busy status)

On Success file : +CPMS: 11,30,11,30,11,30\r\n0\r (+CPMS use to define sms storage on simcard with "SM" parameters and numbers is used space for sms on simcard )

So i think that it failed because radio baseband doesn't read correctly simcard
I hope that a radio update or a custom radio baseband solve this issue ?

All AT commands has been found with google ;-)

This website is very interesting
http://www.developershome.com/sms/
 
Last edited:

guhl99

Senior Member
Aug 25, 2010
459
581
Just by the way:

Using a none identified Italian prepaid SIM I tried to call an emergency number (911).

This actually works !
 

guhl99

Senior Member
Aug 25, 2010
459
581
Other things that I found out:

In the failing logcats there as these commands that fail:
Code:
D/HTC_RIL ( 1354): (t=1287095267)>> AT+CRSM=192,28421,0,0,15\r
D/HTC_RIL ( 1354): (t=1287095267)<< +CME ERROR: 13\r
D/HTC_RIL ( 1354): ril_func_chk_preferred_language():called
...
D/HTC_RIL ( 1354): (t=1287095267)>> AT+CRSM=192,12037,0,0,15\r
D/HTC_RIL ( 1354): (t=1287095267)<< +CME ERROR: 13\r
The CRSM is a restricted SIM access where 192 means "Get response" and the next number is the file ID.
Code:
28421 = 0x6F05 = TAPI_SIM_EFILE_USIM_LI     Language Indication
12037 = 0x2F05 = TAPI_SIM_EFILE_LP          the Language Preference file

This does not look to critical to me but maybe it is?!

I never thought that I once will be learning GSM specifications :)
 

guhl99

Senior Member
Aug 25, 2010
459
581
Maybe by the end of all this you can qualify for a job in the mobile telecommunications industry. :D

Well ...
I used to be member of the board of a telecommunications company, but this was the main reason for the "burn-out" that I had 10 years ago so I really do not want to go back to this industry!
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
Well ...
I used to be member of the board of a telecommunications company, but this was the main reason for the "burn-out" that I had 10 years ago so I really do not want to go back to this industry!
Ah, so you would be the one to give me a job in the industry then. ;)

By the way welcome to xda
 

guhl99

Senior Member
Aug 25, 2010
459
581
Hi
When it try to get IMEISV (
Retrieves the International Mobile Equipment Identity and Software Version (IMEISV) of the device)

On failed file: +CMS ERROR: 500\r (unknown error ) and +CME ERROR: 14\r (sim busy status)

On Success file : +CPMS: 11,30,11,30,11,30\r\n0\r (+CPMS use to define sms storage on simcard with "SM" parameters and numbers is used space for sms on simcard )
You seam to be right this the problem.
Code:
D/HTC_RIL ( 1359): (t=1287010701)>> AT+CPMS="SM","SM","SM"\r
D/HTC_RIL ( 1359): (t=1287010701)<< +CMS ERROR: 500\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 3-th retries
D/HTC_RIL ( 1359): (t=1287010701)>> AT+CIMI\r
D/HTC_RIL ( 1359): (t=1287010701)<< +CME ERROR: 14\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 3-th retries
D/HTC_RIL ( 1359): (t=1287010701)>> AT+CPBS="SM"\r
D/HTC_RIL ( 1359): (t=1287010701)<< 0\r
D/HTC_RIL ( 1359): (t=1287010701)>> AT+CPBS?\r
D/HTC_RIL ( 1359): (t=1287010701)<< 0\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 3-th retries
D/HTC_RIL ( 1359): (t=1287010702)>> AT+CPMS="SM","SM","SM"\r
D/HTC_RIL ( 1359): (t=1287010702)<< +CMS ERROR: 500\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 4-th retries
D/HTC_RIL ( 1359): (t=1287010702)>> AT+CIMI\r
D/HTC_RIL ( 1359): (t=1287010702)<< +CME ERROR: 14\r
D/HTC_RIL ( 1359): req_rsp_pair_retry_default():(0, 0x00000000) 4-th retries
...
This sequence is our problem
The AT+CIMI should get the IMSI (where the first 3 characters are the MCC and the next 2 or 3 are the MNC) but it gets and CME ERROR: 14 which means "SIM busy" and the SIM is busy because the previous command AT+CPMS="SM","SM","SM" gets an CMS ERROR: 500 which is an unknown error. And this loops and creates a dead lock.

And no MCC/MNC -> no registration!

At least in my documentation the syntax for the AT+CPMS is
+CPMS=<mem1>,[<mem2>]
where
<mem1> is the memory to read, list and delete messages (SMS) and
<mem2> is the memory to write and send messages

So maybe the TMO SIM has 3 memory areas and ours don't because it also responds with 3 pairs of numbers.
(the numbers are strange though because each pair should be the <messages stored>,<total messages possible> in the memory area so 11,30 for all 3 areas looks strange to me ???)

If this is true we will not be able to do anything about this but report this as a bug to HTC.

I will do the following things next:
1. When I am back home tomorrow there is a registered US T-Mobile SIM that I normally use when I am in the USA -> I will try this one.
2. I will try to contact an old friend of mine who worked (or works) as a SIM application developer - he should know
3. Contact HTC and tell them our findings
 

jashsu

Senior Member
Nov 15, 2008
1,849
20
So maybe the TMO SIM has 3 memory areas and ours don't because it also responds with 3 pairs of numbers.
(the numbers are strange though because each pair should be the <messages stored>,<total messages possible> in the memory area so 11,30 for all 3 areas looks strange to me ???)
I doubt it, but anyway didn't you test the phone with the included t-mo usa sim?