• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE][UPDATED] Unlocking JioFi 3 JMR540 & JMR541 for all networks

Search This thread
Jan 8, 2018
5
2
You need to flash your recovery partition as well. Check FAQs of the article.
Q. Everything went well but still no changes in dashboard
A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition b
fastboot erase recoveryfs
fastboot flash recoveryfs "D:\system.img" y

You need to flash your recovery partition as well. Check FAQs of the article.
Q. Everything went well but still no changes in dashboard
A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition b
fastboot erase recoveryfs
fastboot flash recoveryfs "D:\system.img" y
Thanks bro it works
 
Last edited:
  • Like
Reactions: chaitanyakorde

RazZ1812626

New member
Sep 17, 2021
1
0
Unlocked Firmware for JioFi 3 JMR540 & JMR541

Disclaimer
I am not responsible for any kind of damage to your device.
Use this firmware at your own risk
Post is for educational purpose only.


ONLY FOR JMR 540 & JMR 541


I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.



Guide

Make sure you're on same firmware version
  • JMR 540 - FXN_JMR540_R6.16
  • JMR 541 - FXN_JMR541_R3.10
If not please use the device for sometime it'll autoupdate.


1. Locate your device model and download the respective Firmware and extract it to a known location


2. Install drivers and tools (skip if already installed)

  • Install Fastboot drivers ( google it for mac and linux it's easy to find)
  • Install Fastboot ( google it for mac and linux it's easy to find)

3. Prepare device

  • Remove battery from JioFi 3
  • Locate reset pin hole button
  • Lay down JioFi 3
  • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
  • Keep pressing button down and insert USB cable
  • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

4. Flashing Unlocked Firmware

  • Open adb and fastboot tools terminal
  • Enter following to check if device is connected

  • fastboot devices

  • It will return something like this
  • baxxxxx fastboot

  • This means device is connected. If your device doesn't show up here please check drivers in Device manager
  • Now first erase the system partition

  • fastboot erase system

  • It will return something like this
  • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

  • Now flash the firmware
  • fastboot flash system "D:\system.img" ( replace path )

  • It should return something like this
  • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

  • Now send reboot command to device
  • fastboot reboot

  • You'll notice device will reboot normally now you can unplug the cable.

Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

Firmware will take long time than usual to boot do not panic.

4. Changing APN
  • Insert SIM connect with JioFi 3 wait it to intialize
  • Open Web UI from browser (http://jiofi.local.html/)
  • Now login (default username/pwd is administrator/administrator)
  • In Network Tab you'll find setting for changing APN
  • Put it on manual and enter "internet" as APN (without quotes)
  • Hit apply/save device will reboot again automatically and it'll auto connect
  • Just wait patience is the key here it'll connect.

If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


Original backup




FAQs

  1. Q. My device is not visible in fastboot devices
    A. Confirm driver installation a faulty cable can also be the issue.
    .
  2. Q. Everything went well but still no changes in dashboard
    A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
    fastboot erase recoveryfs
    fastboot flash recoveryfs "D:\system.img"
    .


  3. Q. After resetting device from pin hole button it shows INVALID SIM.
    A. This is supposed to happen just reboot the device it'll work again.
    .
  4. Q. Can I undo all this and get back to original firmware
    A. Yes just flash the original firmware provided in post and reset the device.







Mentions:
Thanks to
Karuppusamy for testing it on JMR541.


What about JioFi 2, 4, 5, 6?
Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



Well done Sir, not working for Postpaid Sim, only for Prepaid Sim
 

tarunbhardwaj28

New member
Nov 6, 2006
2
0
Unlocked Firmware for JioFi 3 JMR540 & JMR541

Disclaimer
I am not responsible for any kind of damage to your device.
Use this firmware at your own risk
Post is for educational purpose only.


ONLY FOR JMR 540 & JMR 541


I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.



Guide

Make sure you're on same firmware version
  • JMR 540 - FXN_JMR540_R6.16
  • JMR 541 - FXN_JMR541_R3.10
If not please use the device for sometime it'll autoupdate.


1. Locate your device model and download the respective Firmware and extract it to a known location


2. Install drivers and tools (skip if already installed)

  • Install Fastboot drivers ( google it for mac and linux it's easy to find)
  • Install Fastboot ( google it for mac and linux it's easy to find)

3. Prepare device

  • Remove battery from JioFi 3
  • Locate reset pin hole button
  • Lay down JioFi 3
  • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
  • Keep pressing button down and insert USB cable
  • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

4. Flashing Unlocked Firmware

  • Open adb and fastboot tools terminal
  • Enter following to check if device is connected

  • fastboot devices

  • It will return something like this
  • baxxxxx fastboot

  • This means device is connected. If your device doesn't show up here please check drivers in Device manager
  • Now first erase the system partition

  • fastboot erase system

  • It will return something like this
  • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

  • Now flash the firmware
  • fastboot flash system "D:\system.img" ( replace path )

  • It should return something like this
  • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

  • Now send reboot command to device
  • fastboot reboot

  • You'll notice device will reboot normally now you can unplug the cable.

Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

Firmware will take long time than usual to boot do not panic.

4. Changing APN
  • Insert SIM connect with JioFi 3 wait it to intialize
  • Open Web UI from browser (http://jiofi.local.html/)
  • Now login (default username/pwd is administrator/administrator)
  • In Network Tab you'll find setting for changing APN
  • Put it on manual and enter "internet" as APN (without quotes)
  • Hit apply/save device will reboot again automatically and it'll auto connect
  • Just wait patience is the key here it'll connect.

If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


Original backup




FAQs

  1. Q. My device is not visible in fastboot devices
    A. Confirm driver installation a faulty cable can also be the issue.
    .
  2. Q. Everything went well but still no changes in dashboard
    A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
    fastboot erase recoveryfs
    fastboot flash recoveryfs "D:\system.img"
    .


  3. Q. After resetting device from pin hole button it shows INVALID SIM.
    A. This is supposed to happen just reboot the device it'll work again.
    .
  4. Q. Can I undo all this and get back to original firmware
    A. Yes just flash the original firmware provided in post and reset the device.







Mentions:
Thanks to
Karuppusamy for testing it on JMR541.


What about JioFi 2, 4, 5, 6?
Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



Are we able to select bands
i have b310s firmware by Huawei RELOADED 2020 by jhowel22 and something like that would be great on this little lte device
 

ryoka_13r

New member
Dec 16, 2017
2
1
Hello,

abhimortal6

I can't thank you enough for the hard work and effort you put into this project.​

I myself searched for 2 years😥 for a solution to this problem but finally I'm glad that I came across this forum.​

All the instructions are simple to follow. (And let me tell you I'm a doctor and have zero computer knowledge and i was still able to follow every step effortlessly)​

I got my jiofi - JMR 540 working with an airtel postpaid sim with automatic API settings which amazed me.​


I will be forever greatfull to you.
You have my respect.
WE NEED MORE PEOPLE LIKE YOU IN THIS WORLD. :)
 
Last edited:
  • Like
Reactions: abhimortal6
Oct 6, 2010
25
4
ahmedabad
Steps to backup firmware by hardware hacking method :

1 Open device (jiofi m2s) to find tx rx gnd pins.
2.use "UART to USB" pcb to connect pins to pc ( revers connect tx rx pins )
3 get root shell access !
4 enable adb , backup stock firmware
5 modify stock firmware to unlocked firmware
6 flash unlocked firmware
7 enjoy all network
i dont have knowledge to modify firmware if u have modified then i can try it,,
 

ShahoKomar

New member
Sep 17, 2021
2
0
Unlocked Firmware for JioFi 3 JMR540 & JMR541

Disclaimer
I am not responsible for any kind of damage to your device.
Use this firmware at your own risk
Post is for educational purpose only.


ONLY FOR JMR 540 & JMR 541


I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.



Guide

Make sure you're on same firmware version
  • JMR 540 - FXN_JMR540_R6.16
  • JMR 541 - FXN_JMR541_R3.10
If not please use the device for sometime it'll autoupdate.


1. Locate your device model and download the respective Firmware and extract it to a known location


2. Install drivers and tools (skip if already installed)

  • Install Fastboot drivers ( google it for mac and linux it's easy to find)
  • Install Fastboot ( google it for mac and linux it's easy to find)

3. Prepare device

  • Remove battery from JioFi 3
  • Locate reset pin hole button
  • Lay down JioFi 3
  • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
  • Keep pressing button down and insert USB cable
  • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

4. Flashing Unlocked Firmware

  • Open adb and fastboot tools terminal
  • Enter following to check if device is connected

  • fastboot devices

  • It will return something like this
  • baxxxxx fastboot

  • This means device is connected. If your device doesn't show up here please check drivers in Device manager
  • Now first erase the system partition

  • fastboot erase system

  • It will return something like this
  • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

  • Now flash the firmware
  • fastboot flash system "D:\system.img" ( replace path )

  • It should return something like this
  • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

  • Now send reboot command to device
  • fastboot reboot

  • You'll notice device will reboot normally now you can unplug the cable.

Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

Firmware will take long time than usual to boot do not panic.

4. Changing APN
  • Insert SIM connect with JioFi 3 wait it to intialize
  • Open Web UI from browser (http://jiofi.local.html/)
  • Now login (default username/pwd is administrator/administrator)
  • In Network Tab you'll find setting for changing APN
  • Put it on manual and enter "internet" as APN (without quotes)
  • Hit apply/save device will reboot again automatically and it'll auto connect
  • Just wait patience is the key here it'll connect.

If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


Original backup




FAQs

  1. Q. My device is not visible in fastboot devices
    A. Confirm driver installation a faulty cable can also be the issue.
    .
  2. Q. Everything went well but still no changes in dashboard
    A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
    fastboot erase recoveryfs
    fastboot flash recoveryfs "D:\system.img"
    .


  3. Q. After resetting device from pin hole button it shows INVALID SIM.
    A. This is supposed to happen just reboot the device it'll work again.
    .
  4. Q. Can I undo all this and get back to original firmware
    A. Yes just flash the original firmware provided in post and reset the device.







Mentions:
Thanks to
Karuppusamy for testing it on JMR541.


What about JioFi 2, 4, 5, 6?
Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



Hello Brother
I went through all the steps you mentioned but my modem was unlocked
Where is my problem? Can you help me?
 

k_taresh

Senior Member
Jun 23, 2012
130
22
Pune
Working fine but only one issue that it is auto updating to official firmware within couple of days and we need to redo the entire process again.
Any way to stop the auto update of firmware
I am also facing same issue. For me its after couple of reboots as I am not using with the battery, so after few reboots it gets back to original firmware.
@abhimortal6 any guesses what could issue since I have formatted recoveryfs as well
 
  • Like
Reactions: Kanak Vala

SweenWolf

Senior Member
Mar 18, 2016
544
385
Paradise
Amazon Fire TV
Hi @abhimortal6
Recently i got a JMR1140 from a friend, i wanted to change few things on it so i decided to edit the firmware on it.
It doesn't have a fastboot mode, just Qualcomm's EDL mode. I opened it just to find that it has JTAG pins instead of UART.
Then i decided to edit the UBI image.
If i create a UBI image from the unmodified rootfs then the device boots just fine. But if i repack the UBIFS image with or without any modifications the device refuses to boot. Any idea?

I edit the image without unpacking (hex edit) i was able to edit that. But UBIFS repack isn't working for me. Don't know what I'm going wrong. Size and all are all correct.
 
Last edited:

kamleshkuk17

New member
Sep 28, 2021
1
0
hello, first of all thankyou so much for such great help, your process to unlock properly worked up,
but, after using for month, now on 24th Sep 2021, my device isn't showing signal, than i went through the same process again, it was successfully done , but it showing only original firmware only, I try it for more than 3 time in different pc also, but didnt get it unlocked, heyyyyyy help out.
thankyou
 

mourip

New member
Feb 5, 2017
2
0
1632848962846.png

Please help!
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    after knowing from u guys about recent update pushed by jio my device wasn't updated so i instantly removed the sim and waiting for update from abhi
    For Jio --- guys u have stopped selling this or selling in 5k -6k like black marketing and nor your devices are built well, if someone has unlocked it what's the problem you have not pushed any update to other models which were previously unlocked now those devices are being sold at higher prices. I am happy that airtel and vi are here otherwise your greediness to capture everything would have led us to ______ no words to describe'
    You can install and test patched firmware auto updates are patched and disabled now, link is in original post. Devices which are already updated, there is no easy fix for them right now. Jio loves their users aww ( throws JioFi in space ).
    2
    Working fine but only one issue that it is auto updating to official firmware within couple of days and we need to redo the entire process again.
    Any way to stop the auto update of firmware
    2
    You can install and test patched firmware auto updates are patched and disabled now, link is in original post. Devices which are already updated, there is no easy fix for them right now. Jio loves their users aww ( throws JioFi in space ).
    Could you please teach us how to patch such roms. specially fiofi roms so entire community will rip this fio monopoly.
    1
    Working fine but only one issue that it is auto updating to official firmware within couple of days and we need to redo the entire process again.
    Any way to stop the auto update of firmware
    I am also facing same issue. For me its after couple of reboots as I am not using with the battery, so after few reboots it gets back to original firmware.
    @abhimortal6 any guesses what could issue since I have formatted recoveryfs as well
    1
    How were you able to dump rom partitions?
    Please answer if you are willing to share that info. I can try other models if possible.
    Please...
    Honestly it's nothing new or something which is not available publicly. If you'll search on this same thread you'll find the same question been answered multiple times.

    Get an entry point: In this case it's UART it's root shell. That's all, you've got root on a machine running linux(Android). Dumping, extracting, repacking are the easy parts Mapping and Reverse engineering the firmware is the one where either you run out of coffee or coffee run out of you.

    I apologise but I can't write a step by step guide it'll take weeks also I have a day job and hope you understand I get nothing out of this :). So I'll list out the points for anyone who is willing to learn.

    1. TTL, UART - Basic level communication b/w machines- For establishing communication channel
    2. Linux CLI basic file system commands will do- For firmware dumping, repacking - UBI reader
    3. ARM assembly- For actual reverse engineering. Important files names - 'simlock', all files with prefix 'FX'

    Required hardware:
    1. PC that can run IDA PRO and Ghidra - Mine's 9 year old - i3 2100 4GB RAM and I still love her
    2. USB to TTL - Arduino will do.
  • 37
    Unlocked Firmware for JioFi 3 JMR540 & JMR541

    Disclaimer
    I am not responsible for any kind of damage to your device.
    Use this firmware at your own risk
    Post is for educational purpose only.


    ONLY FOR JMR 540 & JMR 541


    I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.

    UPDATE 17-10-21: Jio pushed a firmware update which is locking boot loader. If your device is not updated yet it is advised to re-flash your firmware with patched image given below which basically disables auto updates. If you're already locked out, currently there's no easy fix for that.

    If you haven't used your device from a long time or you're still on lower or equal version than below it is advised not to use JioFi with SIM, flash this firmware first if you want to test SIM unlock.




    Guide

    Make sure you're on same firmware version
    • JMR 540 - FXN_JMR540_R6.16
    • JMR 541 - FXN_JMR541_R3.10
    If not please use the device for sometime it'll autoupdate.


    1. Locate your device model and download the respective Firmware and extract it to a known location


    2. Install drivers and tools (skip if already installed)

    • Install Fastboot drivers ( google it for mac and linux it's easy to find)
    • Install Fastboot ( google it for mac and linux it's easy to find)

    3. Prepare device

    • Remove battery from JioFi 3
    • Locate reset pin hole button
    • Lay down JioFi 3
    • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
    • Keep pressing button down and insert USB cable
    • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

    4. Flashing Unlocked Firmware

    • Open adb and fastboot tools terminal
    • Enter following to check if device is connected

    • fastboot devices

    • It will return something like this
    • baxxxxx fastboot

    • This means device is connected. If your device doesn't show up here please check drivers in Device manager
    • Now first erase the system partition

    • fastboot erase system

    • It will return something like this
    • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

    • Now flash the firmware
    • fastboot flash system "D:\system.img" ( replace path )

    • It should return something like this
    • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

    • Now send reboot command to device
    • fastboot reboot

    • You'll notice device will reboot normally now you can unplug the cable.

    Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

    Firmware will take long time than usual to boot do not panic.

    4. Changing APN
    • Insert SIM connect with JioFi 3 wait it to intialize
    • Open Web UI from browser (http://jiofi.local.html/)
    • Now login (default username/pwd is administrator/administrator)
    • In Network Tab you'll find setting for changing APN
    • Put it on manual and enter "internet" as APN (without quotes)
    • Hit apply/save device will reboot again automatically and it'll auto connect
    • Just wait patience is the key here it'll connect.

    If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


    Original backup




    FAQs

    1. Q. My device is not visible in fastboot devices
      A. Confirm driver installation a faulty cable can also be the issue.
      .
    2. Q. Everything went well but still no changes in dashboard
      A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
      fastboot erase recoveryfs
      fastboot flash recoveryfs "D:\system.img"
      .


    3. Q. After resetting device from pin hole button it shows INVALID SIM.
      A. This is supposed to happen just reboot the device it'll work again.
      .
    4. Q. Can I undo all this and get back to original firmware
      A. Yes just flash the original firmware provided in post and reset the device.
      .
    5. Q. I 'accidentally' flashed my recovery and boot partition
      A. Well accidentally I've backed up recovery and boot download from below

      1.
      JMR540_boot_recovery.rar
      2. JMR541_boot_recovery.rar
      .
    6. Q. FAILED: (remote: Image is locked) issue while erasing/flashing image
      A. Jio recently pushed an firmware update which re-locks simlock and bootloader which basically means you can't flash unsigned/custom firmware. Currently there is no fix.







    Mentions:
    Thanks to
    Karuppusamy for testing it on JMR541.


    What about JioFi 2, 4, 5, 6?
    Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



    3
    after knowing from u guys about recent update pushed by jio my device wasn't updated so i instantly removed the sim and waiting for update from abhi
    For Jio --- guys u have stopped selling this or selling in 5k -6k like black marketing and nor your devices are built well, if someone has unlocked it what's the problem you have not pushed any update to other models which were previously unlocked now those devices are being sold at higher prices. I am happy that airtel and vi are here otherwise your greediness to capture everything would have led us to ______ no words to describe'
    You can install and test patched firmware auto updates are patched and disabled now, link is in original post. Devices which are already updated, there is no easy fix for them right now. Jio loves their users aww ( throws JioFi in space ).
    3
    bro is unlocking more 4g bands or manual selection of bands can be done ?
    Totally possible even 3G but it can't be done through WebUI it'll requires shell access.
    2
    Working fine but only one issue that it is auto updating to official firmware within couple of days and we need to redo the entire process again.
    Any way to stop the auto update of firmware
    2
    1622625406032.jpeg

    This is completely genius! I am now able to use Airtel sim on my JioFi! Thanks!