Poco F1 US LTE Bands 2 & 4 Unlock Possible?? (No Longer Being Pursued)

[Huncriter]

Just found this thread after I unlock carrier locked my Hisense B16C2G phone that can't be unlocked for almost 3 years. This is just hypothesis, I suggest to try this with concern.

There are several file that determine bands capability in the devices. Most of it is in NV partition, but from the discussion I know that you guys have tried some popular ways to unlock it, but it failed. Like my phone at first i believe its hardware locked too, but i just discovered some Chinese article about unlocking oneplus device. Maybe you can try it too.

Here it is:
1. Connect to QPST and open EFS explorer
2. In policyman folder there are 3 file that most likely can be the cause of this network restiction
carrier_policy.xml
post.xml (in my phone there is none)
rat_mask (in my case this file that restrict my network even after I change NV values to support all bands)
3. Compare all three file with other phone's that most likely have same architechture (maybe MI8 or Pixel). For rat_mask, make sure it have same bits number(compare with Hex Editor)
4. replace that carrrier_policy.xml(and any file that contain this name) and rat_mask with modified files or use you can use other unrestricted phone's instead
These file originally in modem.img. Some phone replace them back with the original file when boot, you can modified init.radio.sh to prevent that.
We can modify carrier_policy.xml in modem.img and flash it to the phone but i cant find where rat_mask located
5. Reboot and hope if it solve your problem

I can't find any reference about how to generate unrestricted rat_mask and device_config so make sure you backup your original file before you make modification. Sorry I can confirm whether it will work or not because i don't own poco

NB: I solve my problem just with replacing carrier_config.xml and rat_mask. There is a file called device_config, be careful with this file because it control how the phone modem interact with qpst too, wrong modification can cause you cant connect to PC even in diag mode.

somebody tried this?

 

[santoimam]

somebody tried this?

Just discover some more information....

In general , there are the important thing to unlock network capabilities in a phone

1 [in EFS explorer] /policyman/
==carrier policy.xml (usually define conditions that configured by the carrier how the network react depend on what kind of SIMcard or waht operator are you use). this can be modified with some programming skill
==rat_mask (masking radio network capability, even if in band config you already unlocked them all)
==so_mask(mostly like rat_mask, but for service capabilities)
->this three kinds of file can be modified if you can understand how it work or you can copied them from other phone kind of similiar

2. [in EFS explorer]/nv/item_files/rfmv/ or can be viewed in QXDM (their name usually begin with RFNV_XXX)
These files are the most important thing, because they carried the devices specific antenna configuration for each band. For example you want to unlock LTE B20, so you must have RFNV_LTE_B20_xxxxxxx files (usually 10 or more per band) already in your devices, you can copy from exact same kind of device(in your case POCO F1) that are you use, but you can't use other kind of phone even only slightly different. If your device have that, you are good to go, just modified 3 files I menstioned above, if not then try your luck to find another unlocked poco)

More detail here: https://forum.xda-developers.com/mi-5/how-to/progress-trying-to-unlock-bands-t3337476

 

[TOMPPIX]

https://hackaday.com/2017/02/20/33c3-dissecting-3g4g-phone-modems/

 

[husata]

poco?

Thanks to a fellow member of the Poco F1 channel that also happened to have a Mi mix 2s, I am glad to provide these partitions.
modemst1 ->sdf6
modemst2->sdf7
FSG ->sde36
Hope this becomes useful.

Are these parttions from poco f1?

 

[Mikael1013]

Exist any way to do exactly the opposite? Lock a 3g band.