• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE][UPDATED] Unlocking JioFi 3 JMR540 & JMR541 for all networks

Search This thread

abhimortal6

Senior Member
Mar 6, 2014
171
215
Gwalior
How were you able to dump rom partitions?
Please answer if you are willing to share that info. I can try other models if possible.
Please...
Honestly it's nothing new or something which is not available publicly. If you'll search on this same thread you'll find the same question been answered multiple times.

Get an entry point: In this case it's UART it's root shell. That's all, you've got root on a machine running linux(Android). Dumping, extracting, repacking are the easy parts Mapping and Reverse engineering the firmware is the one where either you run out of coffee or coffee run out of you.

I apologise but I can't write a step by step guide it'll take weeks also I have a day job and hope you understand I get nothing out of this :). So I'll list out the points for anyone who is willing to learn.

1. TTL, UART - Basic level communication b/w machines- For establishing communication channel
2. Linux CLI basic file system commands will do- For firmware dumping, repacking - UBI reader
3. ARM assembly- For actual reverse engineering. Important files names - 'simlock', all files with prefix 'FX'

Required hardware:
1. PC that can run IDA PRO and Ghidra - Mine's 9 year old - i3 2100 4GB RAM and I still love her
2. USB to TTL - Arduino will do.
 
Last edited:

mr.sociopath

New member
Oct 20, 2021
1
0
Unlocked Firmware for JioFi 3 JMR540 & JMR541

Disclaimer
I am not responsible for any kind of damage to your device.
Use this firmware at your own risk
Post is for educational purpose only.


ONLY FOR JMR 540 & JMR 541


I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.

UPDATE 17-10-21: Jio pushed a firmware update which is locking boot loader. If your device is not updated yet it is advised to re-flash your firmware with patched image given below which basically disables auto updates. If you're already locked out, currently there's no easy fix for that.

If you haven't used your device from a long time or you're still on lower or equal version than below it is advised not to use JioFi with SIM, flash this firmware first if you want to test SIM unlock.




Guide

Make sure you're on same firmware version
  • JMR 540 - FXN_JMR540_R6.16
  • JMR 541 - FXN_JMR541_R3.10
If not please use the device for sometime it'll autoupdate.


1. Locate your device model and download the respective Firmware and extract it to a known location


2. Install drivers and tools (skip if already installed)

  • Install Fastboot drivers ( google it for mac and linux it's easy to find)
  • Install Fastboot ( google it for mac and linux it's easy to find)

3. Prepare device

  • Remove battery from JioFi 3
  • Locate reset pin hole button
  • Lay down JioFi 3
  • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
  • Keep pressing button down and insert USB cable
  • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

4. Flashing Unlocked Firmware

  • Open adb and fastboot tools terminal
  • Enter following to check if device is connected

  • fastboot devices

  • It will return something like this
  • baxxxxx fastboot

  • This means device is connected. If your device doesn't show up here please check drivers in Device manager
  • Now first erase the system partition

  • fastboot erase system

  • It will return something like this
  • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

  • Now flash the firmware
  • fastboot flash system "D:\system.img" ( replace path )

  • It should return something like this
  • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

  • Now send reboot command to device
  • fastboot reboot

  • You'll notice device will reboot normally now you can unplug the cable.

Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

Firmware will take long time than usual to boot do not panic.

4. Changing APN
  • Insert SIM connect with JioFi 3 wait it to intialize
  • Open Web UI from browser (http://jiofi.local.html/)
  • Now login (default username/pwd is administrator/administrator)
  • In Network Tab you'll find setting for changing APN
  • Put it on manual and enter "internet" as APN (without quotes)
  • Hit apply/save device will reboot again automatically and it'll auto connect
  • Just wait patience is the key here it'll connect.

If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


Original backup




FAQs

  1. Q. My device is not visible in fastboot devices
    A. Confirm driver installation a faulty cable can also be the issue.
    .
  2. Q. Everything went well but still no changes in dashboard
    A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
    fastboot erase recoveryfs
    fastboot flash recoveryfs "D:\system.img"
    .


  3. Q. After resetting device from pin hole button it shows INVALID SIM.
    A. This is supposed to happen just reboot the device it'll work again.
    .
  4. Q. Can I undo all this and get back to original firmware
    A. Yes just flash the original firmware provided in post and reset the device.
    .
  5. Q. FAILED: (remote: Image is locked) issue while erasing/flashing image
    A. Jio recently pushed an firmware update which re-locks simlock and bootloader which basically means you can't flash unsigned/custom firmware. Currently there is no fix.







Mentions:
Thanks to
Karuppusamy for testing it on JMR541.


What about JioFi 2, 4, 5, 6?
Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



Well, bad things happend ,got locked out , is there any way to unlock it ( jiofi3)
 

net8

Senior Member
Feb 18, 2012
53
17
Honestly it's nothing new or something which is not available publicly. If you'll search on this same thread you'll find the same question been answered multiple times.

Get an entry point: In this case it's UART it's root shell. That's all, you've got root on a machine running linux(Android). Dumping, extracting, repacking are the easy parts Mapping and Reverse engineering the firmware is the one where either you run out of coffee or coffee run out of you.

I apologise but I can't write a step by step guide it'll take weeks also I have a day job and hope you understand I get nothing out of this :). So I'll list out the points for anyone who is willing to learn.

1. TTL, UART - Basic level communication b/w machines- For establishing communication channel
2. Linux CLI basic file system commands will do- For firmware dumping, repacking - UBI reader
3. ARM assembly- For actual reverse engineering. Important files names - 'simlock', all files with prefix 'FX'

Required hardware:
1. PC that can run IDA PRO and Ghidra - Mine's 9 year old - i3 2100 4GB RAM and I still love her
2. USB to TTL - Arduino will do.
Agreed.
However, I needed to know If it was such straightforward way to dump.
Even before thinking about reverse engineering a new device, Just needed to make sure about restoring a rom back to its original state, as things are not easy - as rightly mentioned by you.
Thank you
 

Ayush4351

New member
Jan 20, 2018
1
0
Hi abhi, I have JioFi 3 and Airtel Fiber Connection, and I want to use JioFi 3 as Wifi extender, i know it is not possible with original firmware but can you enable it in hacked firmware just like Airtel 4G Hotspot modem, because airtel has this feature in original firmware, i think JioFi 3 must be capable of this thing
 

Zrk29

New member
Oct 20, 2021
2
0
Thanks bro.
I successfully unblocked my jiofi JMR541 device and tested Airtel and Vi, Working successfully. I also need not to change apn second when I changed the SIM cards. At the time flashing unlocked my device’s firmware was JMR 541 - FXN_JMR541_R3.10 and I only flashed your unlocked firmware. I want to understand can my device be locked again by jio? And which patch file you are talking about to block the update, I did not understand, can please explain?

thanks again
 

abhimortal6

Senior Member
Mar 6, 2014
171
215
Gwalior
Thanks bro.
I successfully unblocked my jiofi JMR541 device and tested Airtel and Vi, Working successfully. I also need not to change apn second when I changed the SIM cards. At the time flashing unlocked my device’s firmware was JMR 541 - FXN_JMR541_R3.10 and I only flashed your unlocked firmware. I want to understand can my device be locked again by jio? And which patch file you are talking about to block the update, I did not understand, can please explain?

thanks again
If you've flashed recently from this guide then it should be already patched to confirm you can check the file name you downloaded it'll have 'patched' word in it
 

abhimortal6

Senior Member
Mar 6, 2014
171
215
Gwalior
Agreed.
However, I needed to know If it was such straightforward way to dump.
Even before thinking about reverse engineering a new device, Just needed to make sure about restoring a rom back to its original state, as things are not easy - as rightly mentioned by you.
Thank you
Oh okay I misunderstood, you only wanted to know entry point apologies. Thanks for understanding though.
 

Zrk29

New member
Oct 20, 2021
2
0
If you've flashed recently from this guide then it should be already patched to confirm you can check the file name you downloaded it'll have 'patched' word in it
Thanks for responding.
Yes it has the “patched” word. So now I need not to worry that jio will lock it again with an update, right?
 

ravi.vamos

Member
Jul 2, 2013
11
1
Bhimavaram,Hyderabad
Current Software Version:FXN_JMR540_R6.20
Can i proceed with flash or am i too late?
Dont have access to a pc for the time being to check the image lock..pls let me know if someone went through.
EDIT: I understood i am tad bit late but am going to manually flash the nand...ewww you jio peeo
 
Last edited:
Honestly it's nothing new or something which is not available publicly. If you'll search on this same thread you'll find the same question been answered multiple times.

Get an entry point: In this case it's UART it's root shell. That's all, you've got root on a machine running linux(Android). Dumping, extracting, repacking are the easy parts Mapping and Reverse engineering the firmware is the one where either you run out of coffee or coffee run out of you.

I apologise but I can't write a step by step guide it'll take weeks also I have a day job and hope you understand I get nothing out of this :). So I'll list out the points for anyone who is willing to learn.

1. TTL, UART - Basic level communication b/w machines- For establishing communication channel
2. Linux CLI basic file system commands will do- For firmware dumping, repacking - UBI reader
3. ARM assembly- For actual reverse engineering. Important files names - 'simlock', all files with prefix 'FX'

Required hardware:
1. PC that can run IDA PRO and Ghidra - Mine's 9 year old - i3 2100 4GB RAM and I still love her
2. USB to TTL - Arduino will do.
Hello thanks for unlocking jiofi 3 both versions
kindly share wiring diagram especially orange and black jumper cable attached to Arduino
Also share cables connected to which Test points of JioFi MoBo. (Rx, Tx, and GND)

Thank You
 

sudhiryadav

Member
Oct 9, 2017
21
5
I am unable to erase my system it says image is locked
Bash:
erasing 'system'...
FAILED (remote: Image is locked)
finished. total time: 0.000s
 

jacky701

New member
Oct 25, 2021
3
1
Thanks bruh for your great work. My jiofi was lying around uselesswithout battery for atleast 4years. Now its running again all because of you❤️. You have put a great effort to unlock firmware. Keep up your work bruh.
 

MKSXDA

Member
Oct 24, 2021
7
0
1. Please modify JioCall.apk download it from play store . So that it can be use for call & sms purpose in vi & Airtel sim in jiofi Jmr541.

2. FAILED: (remote: Image is locked)
Can you Find out This problem Solution Thought Boot Short Method In JioFi Jmr541.
 
Last edited:

MKSXDA

Member
Oct 24, 2021
7
0
.
 

Attachments

  • Screenshot_2021-10-26-10-24-09-21_40deb401b9ffe8e1df2f1cc5ba480b12.jpg
    Screenshot_2021-10-26-10-24-09-21_40deb401b9ffe8e1df2f1cc5ba480b12.jpg
    186.3 KB · Views: 34
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Please tell me the whole process of shell access
    You're not follwing the thread, the sole purpose of this 'unlocking simlock' was only to unlock the simlock, not modifying 'Jio4G Voice Call APK' app modification (lol) and making it available for vodafone and airtel and bsnl and all the other networks, or getting shell access and changing it's bandwith or using it as a wifi extender or attaching a camera and using it as CCTV camera and etc etc.
    Yes, all those things (except modifying jiocall apk) are possible (as the developer said) but somebody needs to work on those things to make it work but clearly he said he has no time for all of these and he's not getting anything out of this. So, as of now your only option to use it as a unlocked 4G Hotspot and nothing else.
    1
    HI one question About a month ago my modem was automatically upgraded to the hacked firmware but unfortunately I accidentally selected "restore to original firmware" option and it reverted back to the original locked firmware.
    How can I change the firmware back to the hacked version? If I wait will it be upgrade itself to the hacked firmware?
    No you have to flash modified firmware again, but before that check your current FW version if it is 3.20 then you cannot flash modified FW
    1
    my device is not even getting detected in the fastboot menu
    Use google platform tools. Download from Here. Extract it to D drive and copy extracted location path.
    Add this path in Environment Variable -> System variable ->Path.
    Then it will detect in fastboot.
    Always open CMD from Platform tools folder.
    1
    please

    FAQs 6

    1. Q. FAILED: (remote: Image is locked) issue while erasing/flashing image

    2. A. Jio recently pushed an firmware update which re-locks simlock and bootloader which basically means you can't flash unsigned/custom firmware. Currently there is no fix.
    1
    please

    FAQs 6

    1. Q. FAILED: (remote: Image is locked) issue while erasing/flashing image

    2. A. Jio recently pushed an firmware update which re-locks simlock and bootloader which basically means you can't flash unsigned/custom firmware. Currently there is no fix.
    I think your JMR541 has been updated to 3.16. 😢😢
    AS OP @abhimortal6 mentioned in 1st post that default firmware version was quoted below
    Make sure you're on same or lower firmware version

    • JMR 540 - FXN_JMR540_R6.16
    • JMR 541 - FXN_JMR541_R3.10
  • 40
    Unlocked Firmware for JioFi 3 JMR540 & JMR541

    Disclaimer
    I am not responsible for any kind of damage to your device.
    Use this firmware at your own risk
    Post is for educational purpose only.


    ONLY FOR JMR 540 & JMR 541


    I was able to dump and reverse engineer JioFi 3's firmware to see if I can unlock the SIM restrictions. JioFi 3 is designed by Foxconn it uses generic firmware. Unlocking took time though. Tested with Vi, Airtel.

    UPDATE 17-10-21: Jio pushed a firmware update which is locking boot loader. If your device is not updated yet it is advised to re-flash your firmware with patched image given below which basically disables auto updates. If you're already locked out, currently there's no easy fix for that.

    If you haven't used your device from a long time or you're still on lower or equal version than below it is advised not to use JioFi with SIM, flash this firmware first if you want to test SIM unlock.




    Guide

    Make sure you're on same or lower firmware version
    • JMR 540 - FXN_JMR540_R6.16
    • JMR 541 - FXN_JMR541_R3.10
    If not please use the device for sometime it'll autoupdate.


    1. Locate your device model and download the respective Firmware and extract it to a known location


    2. Install drivers and tools (skip if already installed)

    • Install Fastboot drivers ( google it for mac and linux it's easy to find)
    • Install Fastboot ( google it for mac and linux it's easy to find)

    3. Prepare device

    • Remove battery from JioFi 3
    • Locate reset pin hole button
    • Lay down JioFi 3
    • Use Paper Clip / SIM Ejector Tool to press button inside (using sharp object is not recommended)
    • Keep pressing button down and insert USB cable
    • Release button as soon as all the LEDs in Display turns RED. This means device is in boot loader mode

    4. Flashing Unlocked Firmware

    • Open adb and fastboot tools terminal
    • Enter following to check if device is connected

    • fastboot devices

    • It will return something like this
    • baxxxxx fastboot

    • This means device is connected. If your device doesn't show up here please check drivers in Device manager
    • Now first erase the system partition

    • fastboot erase system

    • It will return something like this
    • erasing 'system'... OKAY [ 1.104s] finished. total time: 1.105s

    • Now flash the firmware
    • fastboot flash system "D:\system.img" ( replace path )

    • It should return something like this
    • sending 'system' (34306 KB)... OKAY [ 1.276s] writing 'system'... OKAY [ 9.462s] finished. total time: 10.741s

    • Now send reboot command to device
    • fastboot reboot

    • You'll notice device will reboot normally now you can unplug the cable.

    Congratulations your device is now unlocked and you can reinsert battery and another SIM for testing.

    Firmware will take long time than usual to boot do not panic.

    4. Changing APN
    • Insert SIM connect with JioFi 3 wait it to intialize
    • Open Web UI from browser (http://jiofi.local.html/)
    • Now login (default username/pwd is administrator/administrator)
    • In Network Tab you'll find setting for changing APN
    • Put it on manual and enter "internet" as APN (without quotes)
    • Hit apply/save device will reboot again automatically and it'll auto connect
    • Just wait patience is the key here it'll connect.

    If something goes WRONG or you want to UNDO you can re flash original firmware which is provided in this post.


    Original backup




    FAQs

    1. Q. My device is not visible in fastboot devices
      A. Confirm driver installation a faulty cable can also be the issue.
      .
    2. Q. Everything went well but still no changes in dashboard
      A. After successful flash if you still don't see the changes your device is probably booting from recovery partition. Try flashing recovery partition by
      fastboot erase recoveryfs
      fastboot flash recoveryfs "D:\system.img"
      .


    3. Q. After resetting device from pin hole button it shows INVALID SIM.
      A. This is supposed to happen just reboot the device it'll work again.
      .
    4. Q. Can I undo all this and get back to original firmware
      A. Yes just flash the original firmware provided in post and reset the device.
      .
    5. Q. I 'accidentally' flashed my recovery and boot partition
      A. Well accidentally I've backed up recovery and boot download from below

      1.
      JMR540_boot_recovery.rar
      2. JMR541_boot_recovery.rar
      .
    6. Q. FAILED: (remote: Image is locked) issue while erasing/flashing image
      A. Jio recently pushed an firmware update which re-locks simlock and bootloader which basically means you can't flash unsigned/custom firmware. Currently there is no fix.







    Mentions:
    Thanks to
    Karuppusamy for testing it on JMR541.


    What about JioFi 2, 4, 5, 6?
    Reverse Engineering takes lot of time and coffee. Until I get physical access to device I won't be able to unlock it. I'm constantly searching them on OLX as soon as I get hands on I'll surely try to RE and unlock it. I'll update the same here if there is no update here at the time of your reading then I haven't got the device yet so please don't spam for update hope you understand that I don't get anything by doing these things, I do it for liberation of locked hardware to meet it's real destiny and of course for the people. I also have a day job so no I cannot guide or teach you, hope you understand why.



    3
    after knowing from u guys about recent update pushed by jio my device wasn't updated so i instantly removed the sim and waiting for update from abhi
    For Jio --- guys u have stopped selling this or selling in 5k -6k like black marketing and nor your devices are built well, if someone has unlocked it what's the problem you have not pushed any update to other models which were previously unlocked now those devices are being sold at higher prices. I am happy that airtel and vi are here otherwise your greediness to capture everything would have led us to ______ no words to describe'
    You can install and test patched firmware auto updates are patched and disabled now, link is in original post. Devices which are already updated, there is no easy fix for them right now. Jio loves their users aww ( throws JioFi in space ).
    3
    bro is unlocking more 4g bands or manual selection of bands can be done ?
    Totally possible even 3G but it can't be done through WebUI it'll requires shell access.
    2
    Working fine but only one issue that it is auto updating to official firmware within couple of days and we need to redo the entire process again.
    Any way to stop the auto update of firmware
    2
    1622625406032.jpeg

    This is completely genius! I am now able to use Airtel sim on my JioFi! Thanks!