Getting access to recovery combination(FTM mod)

[yulbax]

* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.

This is instruction is for carrier devices that have disabled button combo's.

Prerequisites:
1) Knowledge
2) Unlocked bootloader
3) Write down your IMEI and SN somewhere
4) QPST

How to check NT Code:
1) In dialer call *#546368#*model#. Put your model number instead 'model'. Example *#546368#*500# for V500N
2) Go SVC Menu -> Version info.
3) Write down your NT Code

Booting into EDL mode:
1) Plug in your turned on phone to PC
2) Press and hold Power+Volume Down
3) As soon as your screen is blank, rapidly start pressing Volume Up.
4) If you've successfully booted into EDL, your screen will be completely blank and the device manager will show (Under COM Ports): Qualcomm HS-USB QDLoader 9008

Backing up stock FTM:
1) Open QFIL
2) Select build type - Flat build
3) Storage type - UFS (Right corner at the bottom)
4) Programmer path - choose firehose that you downloaded from attachments
5) Go Tools->Partition Manager->OK
6) Press right mouse button at FTM -> Manage Partition Date -> Read Data
7) Look for backup folder in log and copy your ReadData*.bin file into another folder. Rename it to make it easier

Modifying FTM:
1) Download and install HxD from attachments
2) Download and open ftm_v50_mod.bin
3) At the offset 0000D000 put your IMEI. You won't miss it, you'll see IMEIIMEIIMEIIME at decoded side)
4) At the offset 00012000 put your SN. You won't miss it, you'll see SNSNSNSNSNSNSN at decoded side)
5) At the offset 00014000 put your NT code's last number instead of both 'xx' at decoded side
6) Flash it back. Repeat steps of backing up part, but this time choose Load Data instead of Read Data then pick your modified file.

Congrats! You get back recovery button combo

People who helped me with that:
vl48
@SGCMarkus
@Awesomeslayerg

 

[zigiz1]

This is instruction is for carrier devices that have disabled button combo's.

Prerequisites:
1) Knowledge
2) Unlocked bootloader
3) Write down your IMEI and SN somewhere
4) QPST

How to check NT Code:
1) In dialer call *#546368#*model#. Put your model number instead 'model'. Example *#546368#*500# for V500N
2) Go SVC Menu -> Version info.
3) Write down your NT Code

Booting into EDL mode:
1) Plug in your turned on phone to PC
2) Press and hold Power+Volume Down
3) As soon as your screen is blank, rapidly start pressing Volume Up.
4) If you've successfully booted into EDL, your screen will be completely blank and the device manager will show (Under COM Ports): Qualcomm HS-USB QDLoader 9008

Backing up stock FTM:
1) Open QFIL
2) Select build type - Flat build
3) Storage type - UFS (Right corner at the bottom)
4) Programmer path - choose firehose that you downloaded from attachments
5) Go Tools->Partition Manager->OK
6) Press right mouse button at FTM -> Manage Partition Date -> Read Data
7) Look for backup folder in log and copy your ReadData*.bin file into another folder. Rename it to make it easier

Modifying FTM:
1) Download and install HxD from attachments
2) Download and open ftm_v50_mod.bin
3) At the offset 0000D000 put your IMEI. You won't miss it, you'll see IMEIIMEIIMEIIME at decoded side)
4) At the offset 00012000 put your SN. You won't miss it, you'll see SNSNSNSNSNSNSN at decoded side)
5) At the offset 00014000 put your NT code's last number instead of both 'xx' at decoded side
6) Flash it back. Repeat steps of backing up part, but this time choose Load Data instead of Read Data then pick your modified file.

Congrats! You get back recovery button combo

People who helped me with that:
vl48
@SGCMarkus
@Awesomeslayerg

For correct work in my LMV500EM need repeat NT code's last number in offset 00014020 - where was "xx"

 

[Mr.PvT]

It can't use for imei recording, please don't try imei recording, imei won't work

 

[paul_zm]

I can enter fastboot after flash different Android version kernel

 

[yulbax]

It can't use for imei recording, please don't try imei recording, imei won't work

This guide was not for changing IMEI, read article. If you won't write down your imei you'll lose your reception

 

[chauduc1113]

can fix imei 0??

 

[rikita]

How to check NT Code:
1) In dialer call *#546368#*model#. Put your model number instead 'model'. Example *#546368#*500# for V500N
2) Go SVC Menu -> Version info.
3) Write down your NT Code

This does not make NT code available in Verizon LM-V450VM.
I can get a Hidden Menu using **228378 but it does not have "Version info"

Any ideas?

 

[Anhlaaizai]

can you help me fix CSN v500n =((

 

[Duonglong93vl]

i'm try but not working

 

[Vladischeto]

Hello. I have a lg v60 att mobile, I crossflahed it with android 12 v30c, everything worked fine, only there was no nt code. I decided to flash pdm with lg up and it stuck on blue screen. Then I put it into Qualcomm 9008 mode and accidentally deleted all the files. Then they restored it with medusa pro direct v30c eu and now I have no baseband imei and serial number. Can anyone help ?

 

[Bug725]

can you please explain what last part xx of NT Code means? My version Info keeps crashing but shows should be implemented. I took a screen of startup nt mismatch. I read somewhere this info can be used. Should or could I copy and paste from a different ftm file that doesn't have error? I see 15 listed in the ftm that gives no error and "15" listed in one that gives error. I did notice that the bands are available in the error one and not in the no code throwing nt code ftm file.
No Error Code has :
"15","310,410,FFFFFFFF,FFFFFFFF,FF","310,150,FFFFFFFF,FFFFFFFF,FF","310,170,FFFFFFFF,FFFFFFFF,FF","311,180,FFFFFFFF,FFFFFFFF,FF","310,560,FFFFFFFF,FFFFFFFF,FF","310,030,FFFFFFFF,FFFFFFFF,FF","310,280,FFFFFFFF,FFFFFFFF,FF","310,950,FFFFFFFF,FFFFFFFF,FF","313,100,FFFFFFFF,FFFFFFFF,FF","312,670,FFFFFFFF,FFFFFFFF,FF","313,110,FFFFFFFF,FFFFFFFF,FF","313,120,FFFFFFFF,FFFFFFFF,FF","313,130,FFFFFFFF,FFFFFFFF,FF","313,140,FFFFFFFF,FFFFFFFF,FF","901,44F,FFFFFFFF,FFFFFFFF,FF"

FTM With Error Code has:
"15","310,260,FFFFFFFF,FFFFFFFF,FF","310,310,FFFFFFFF,FFFFFFFF,FF","310,490,FFFFFFFF,FFFFFFFF,FF","310,660,FFFFFFFF,FFFFFFFF,FF","310,800,FFFFFFFF,FFFFFFFF,FF","310,200,FFFFFFFF,FFFFFFFF,FF","310,210,FFFFFFFF,FFFFFFFF,FF","310,220,FFFFFFFF,FFFFFFFF,FF","310,230,FFFFFFFF,FFFFFFFF,FF","310,240,FFFFFFFF,FFFFFFFF,FF","310,250,FFFFFFFF,FFFFFFFF,FF","310,160,FFFFFFFF,FFFFFFFF,FF","310,270,FFFFFFFF,FFFFFFFF,FF","310,120,FFFFFFFF,FFFFFFFF,FF","312,530,FFFFFFFF,FFFFFFFF,FF"

Thanks in advance

 

[YB123]

This does not make NT code available in Verizon LM-V450VM.
I can get a Hidden Menu using **228378 but it does not have "Version info"

Any ideas?

none of the secret codes work on my device. How to check NT Code ?

 

[YB123]

o i fix nt but have imei 0

 

[YB123]

может исправить imei 0??

can fix imei 0??

did you manage to fix imei?

 

[zigiz1]

Model LM-V500EM. After upgrading from V500EM20q_00_OPEN_EU_OP_0318 to V500EM30b_00_OPEN_EEA_OP_1025 disappeared Serial No. and NT code. I had backup ftm from V500EM20q. According instruction "Modifying FTM" below copied Serial No. and NT code from ftm V500EM20q to ftm V500EM30b. For me copied NT code was "1","FFF,FFF,FFFFFFFF,FFFFFFFF,19" Now it's all right.