• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

JioFi 2 M2S 4G router unlock R&D

Search This thread

YOURKIN

Member
May 12, 2015
34
6
i need help who have usb ttl converter and jiofi m2s
and have little knowledge about it .
DM me for helping me

then we backup the firmware. I need help because my jiofi boot is damaged .
 
Last edited:

YOURKIN

Member
May 12, 2015
34
6
Great

Mine looks dead. Device showing it is plugged in but not turning on.

It will be helpful if you share pins location so I can check if it is just a boot issue or the hardware
is your device on normally or what happen , if your device normally working then we can backup your firmware and i can fix my jiofi m2s boot.img , if it's working then i tell you the process to get shell access after that we modify the firmware then i post all processes , with different from i show all port and connation list DM me if your devices is working .


i also searching this devices new or old one if i find then i can fix my old one also
 

YOURKIN

Member
May 12, 2015
34
6
this is the pin out i found but no TX pin not found. JioFi 2 m2s model
ApplicationFrameHost_oz9PTsfJi0.png
putty_vJy6XZkOxY.png
 
Last edited:

YOURKIN

Member
May 12, 2015
34
6
I connected my Jiofi 6 with serial connection using UART. But I don't know how to stick or hold the wires at UART till I turn on ADB.
you need to connect using putty then select serial then type your uart converter usb port and type band wide 115200 then click open , all you did after connecting uart device after that you can connect jiofi power cable .
serial_putty.png
 

subhash_india

Member
Jul 1, 2021
20
2
Send your bricked jiofi m2 to @abhimortal6 @ab_hi_j he will able to unlock firmware
this is the pin out i found but no TX pin not found. JioFi 2 m2s modelView attachment 5371853View attachment 5371319

View attachment 5370087
I found the way for JIOFI M2S Qualcomm mode
You should enter into DIAGNOSTIC Mode to backup firmware,

it should be visible as " Qualcomm HS-USB android DIAG 9008/901D/902D (com X) " in Ports section of Device Manager
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Hello friends,
    I have recently bought a new JioFi 2 M2S device and was trying to unlock it somehow.
    After lots of trying I am able to figure out few things that I think can be helpful for unlocking by senior and experienced developers.

    1. After logging in the Web Admin if we go to a page 192.168.1.1/engineer.html it asks for some engineer key which might open up some hidden settings of the router.
    2. I have tried to figure out the javascript and it is some kind of md5 algorithm
    3. On googling I found a post which says
    a. Device made by Pegasus Telecom (Raysan technology) which is subdivision of Haier
    b. Same device as Smartfren Andromax M2Y (Indonesian).
    c. Also same as Beeline Uzbekistan Mobile router
    d. Runs an embedded linux webserver: Boa version 0.94.14rc21
    4. There is a directory of xml files if it helps at 192.168.1.1/wxml/
    5. The device supports fastboot mode by pressing WPS button and power button fo 3 secs

    Please experienced developers and geeks see if you can do something to unlock.Best of luck :good:
    If you find anything please reply back or PM me

    PEG_M2_B04 FIRMWARE LINK

    Click here
    All Credits To @sydikm
    Decompress the file and use the bin file to upgrade from the web ui
    Please note that this firmware is not unlocked. I am trying and it may be available in next few days.
    Also try not to downgrade the firmware. Check your version before updating.
    AND I AM NOT RESPONSIBLE FOR ANY BRICKED DEVICE
    2
    Bro the firmware provided by @upi-turin has adb access as he himself extracted the firmware using adb. But I am unable to flash the zip through the fastboot mode. If we can somehow make a bin file and upgrade through the web UI maybe we get adb access.
    I don't use special software for those links. They are just hit and trial results and some through burpsuite spider.
    Also the engineer key page uses anti-csrf tokens so it becomes more difficult to attack. The password length is not necessarily 12 as it is first encoded using md5 and a substring is chosen. This substring is then further encoded using the character set of 15 and posted in HTML request along with anti-csrf token.
    Do you know how to decompile or open a firmware bin file?

    If you carefully read the JS code, the ultimate length of encrypted password is 12 and it comes only from the characters in 15 length character set. It's still a probability game, who knows if JioFi manufacturers have made the JS look like that, to waste the reverse engineer's time.

    For the system folder part from the gdrive, it is still debatable. It's not sure enough for me, that guy has accessed the device through ADB and providing the original files, or just some other files from unlocked firmwares of previous JioFi.

    The firmware bin file is mostly just a zip file, if security aware, a magic hashed zip file. If you're using Linux, try binwalker it will tell you exactly the file type, even if it's magic hashed.
    2
    I went to Jio Centre and thanks to the warranty they replaced the whole motherboard of the device free of cost. It now uses firmware version PEG_M2_B20
    UPDATE : @sydikm shared a firmware file with me which is exactly meant for our JIOFI 2. I will share its in OP. Its version is PEG_M2_B04 All credits to @sydikm
    2
    I've managed it to reverse engineer and unlock JioFi3 JMR 540. Enabled diagnostic mode and adb. Custom firmwares are possible in this devices. Once modified firmware can be flashed via fastboot mode which is easily accessible without any modification.
    Check my Twitter thread here
    1
    https://www.4shared.com/rar/PUBIz_dzba/SOFTWARE_ANDROMAX_M2S.html

    i just update my m2s black rauter from this link via fastboot its got bricked
    now its showw 900e port