Unlocking Jiofi M2 Pegasus Router (WIP) JioFi 2

Search This thread

subhash_india

Member
Jul 1, 2021
38
5

YOURKIN

Senior Member
May 12, 2015
51
10
Find UART pins for jiofi m2
chrome_syxcMcFPQI.png

use any ground as a GND pin connections


if not then its QUALCOMM Mode

if you get any shell access try this User - root Password - oelinux1 login shell



cat /proc/mtd



[email protected]:~# cat /proc/mtd
dev: size erasesize name
mtd0: 00140000 00020000 "sbl"
mtd1: 00140000 00020000 "mibib"
mtd2: 00b40000 00020000 "efs2"
mtd3: 00240000 00020000 "foxnv"
mtd4: 00100000 00020000 "tz"
mtd5: 00080000 00020000 "rpm"
mtd6: 000c0000 00020000 "aboot"
mtd7: 000c0000 00020000 "aboot_bak"
mtd8: 00720000 00020000 "boot"
mtd9: 00420000 00020000 "scrub"
mtd10: 02600000 00020000 "modem"
mtd11: 02600000 00020000 "modem_bak"
mtd12: 00080000 00020000 "sec"
mtd13: 00120000 00020000 "misc"
mtd14: 00720000 00020000 "recovery"
mtd15: 00060000 00020000 "fota"
mtd16: 000a0000 00020000 "fwinfo"
mtd17: 02700000 00020000 "recoveryfs"
mtd18: 00060000 00020000 "cache"
mtd19: 00120000 00020000 "nvram"
mtd20: 00a20000 00020000 "foxusr"
mtd21: 008e0000 00020000 "foxcal"
mtd22: 02980000 00020000 "foximg"
mtd23: 02700000 00020000 "system"








cat /dev/mtd0 > /sdcard/sbl.img

cat /dev/mtd1 > /sdcard/mibib.img # not done
cat /dev/mtd2 > /sdcard/efs2.img # not done


cat /dev/mtd3 > /sdcard/foxnv.img
cat /dev/mtd4 > /sdcard/tz.img
cat /dev/mtd5 > /sdcard/rpm.img
cat /dev/mtd6 > /sdcard/aboot.img
cat /dev/mtd7 > /sdcard/aboot_bak.img
cat /dev/mtd8 > /sdcard/boot.img
cat /dev/mtd9 > /sdcard/scrub.img
cat /dev/mtd10 > /sdcard/modem.img
cat /dev/mtd11 > /sdcard/modem_bak.img
cat /dev/mtd12 > /sdcard/sec.img
cat /dev/mtd13 > /sdcard/misc.img
cat /dev/mtd14 > /sdcard/recovery.img
cat /dev/mtd15 > /sdcard/fota.img
cat /dev/mtd16 > /sdcard/fwinfo.img
cat /dev/mtd17 > /sdcard/recoveryfs.img
cat /dev/mtd18 > /sdcard/cache.img
cat /dev/mtd19 > /sdcard/nvram.img
cat /dev/mtd20 > /sdcard/foxusr.img
cat /dev/mtd21 > /sdcard/foxcal.img
cat /dev/mtd22 > /sdcard/foximg.img
cat /dev/mtd23 > /sdcard/system.img





Then you can edit the build.prop directly from shell and add

Code :
persist.service.adb.enable=1
persist.service.debuggable=1
persist.sys.usb.config=mtp,adb

After reboot it’ll enable adb

Backup first it is important to keep firmware stock.
 
Last edited:

lpnbmkr

New member
Dec 16, 2021
1
1
Thank you devs for working on this , i hope one day we will be able unlock this :)

Note for all newbies like me : STOP SHARING YOUR EMAIL HERE
no one have a unlocked firmware, so stop asking for it :) :)
 
  • Like
Reactions: YOURKIN

pooja8080

New member
Dec 27, 2021
2
0
View attachment 5474007
use any ground as a GND pin connections


if not then its QUALCOMM Mode

if you get any shell access try this User - root Password - oelinux1 login shell



cat /proc/mtd



[email protected]:~# cat /proc/mtd
dev: size erasesize name
mtd0: 00140000 00020000 "sbl"
mtd1: 00140000 00020000 "mibib"
mtd2: 00b40000 00020000 "efs2"
mtd3: 00240000 00020000 "foxnv"
mtd4: 00100000 00020000 "tz"
mtd5: 00080000 00020000 "rpm"
mtd6: 000c0000 00020000 "aboot"
mtd7: 000c0000 00020000 "aboot_bak"
mtd8: 00720000 00020000 "boot"
mtd9: 00420000 00020000 "scrub"
mtd10: 02600000 00020000 "modem"
mtd11: 02600000 00020000 "modem_bak"
mtd12: 00080000 00020000 "sec"
mtd13: 00120000 00020000 "misc"
mtd14: 00720000 00020000 "recovery"
mtd15: 00060000 00020000 "fota"
mtd16: 000a0000 00020000 "fwinfo"
mtd17: 02700000 00020000 "recoveryfs"
mtd18: 00060000 00020000 "cache"
mtd19: 00120000 00020000 "nvram"
mtd20: 00a20000 00020000 "foxusr"
mtd21: 008e0000 00020000 "foxcal"
mtd22: 02980000 00020000 "foximg"
mtd23: 02700000 00020000 "system"








cat /dev/mtd0 > /sdcard/sbl.img

cat /dev/mtd1 > /sdcard/mibib.img # not done
cat /dev/mtd2 > /sdcard/efs2.img # not done


cat /dev/mtd3 > /sdcard/foxnv.img
cat /dev/mtd4 > /sdcard/tz.img
cat /dev/mtd5 > /sdcard/rpm.img
cat /dev/mtd6 > /sdcard/aboot.img
cat /dev/mtd7 > /sdcard/aboot_bak.img
cat /dev/mtd8 > /sdcard/boot.img
cat /dev/mtd9 > /sdcard/scrub.img
cat /dev/mtd10 > /sdcard/modem.img
cat /dev/mtd11 > /sdcard/modem_bak.img
cat /dev/mtd12 > /sdcard/sec.img
cat /dev/mtd13 > /sdcard/misc.img
cat /dev/mtd14 > /sdcard/recovery.img
cat /dev/mtd15 > /sdcard/fota.img
cat /dev/mtd16 > /sdcard/fwinfo.img
cat /dev/mtd17 > /sdcard/recoveryfs.img
cat /dev/mtd18 > /sdcard/cache.img
cat /dev/mtd19 > /sdcard/nvram.img
cat /dev/mtd20 > /sdcard/foxusr.img
cat /dev/mtd21 > /sdcard/foxcal.img
cat /dev/mtd22 > /sdcard/foximg.img
cat /dev/mtd23 > /sdcard/system.img





Then you can edit the build.prop directly from shell and add

Code :
persist.service.adb.enable=1
persist.service.debuggable=1
persist.sys.usb.config=mtp,adb

After reboot it’ll enable adb

Backup first it is important to keep firmware stock.can you share the firmware

View attachment 5474007
use any ground as a GND pin connections


if not then its QUALCOMM Mode

if you get any shell access try this User - root Password - oelinux1 login shell



cat /proc/mtd



[email protected]:~# cat /proc/mtd
dev: size erasesize name
mtd0: 00140000 00020000 "sbl"
mtd1: 00140000 00020000 "mibib"
mtd2: 00b40000 00020000 "efs2"
mtd3: 00240000 00020000 "foxnv"
mtd4: 00100000 00020000 "tz"
mtd5: 00080000 00020000 "rpm"
mtd6: 000c0000 00020000 "aboot"
mtd7: 000c0000 00020000 "aboot_bak"
mtd8: 00720000 00020000 "boot"
mtd9: 00420000 00020000 "scrub"
mtd10: 02600000 00020000 "modem"
mtd11: 02600000 00020000 "modem_bak"
mtd12: 00080000 00020000 "sec"
mtd13: 00120000 00020000 "misc"
mtd14: 00720000 00020000 "recovery"
mtd15: 00060000 00020000 "fota"
mtd16: 000a0000 00020000 "fwinfo"
mtd17: 02700000 00020000 "recoveryfs"
mtd18: 00060000 00020000 "cache"
mtd19: 00120000 00020000 "nvram"
mtd20: 00a20000 00020000 "foxusr"
mtd21: 008e0000 00020000 "foxcal"
mtd22: 02980000 00020000 "foximg"
mtd23: 02700000 00020000 "system"








cat /dev/mtd0 > /sdcard/sbl.img

cat /dev/mtd1 > /sdcard/mibib.img # not done
cat /dev/mtd2 > /sdcard/efs2.img # not done


cat /dev/mtd3 > /sdcard/foxnv.img
cat /dev/mtd4 > /sdcard/tz.img
cat /dev/mtd5 > /sdcard/rpm.img
cat /dev/mtd6 > /sdcard/aboot.img
cat /dev/mtd7 > /sdcard/aboot_bak.img
cat /dev/mtd8 > /sdcard/boot.img
cat /dev/mtd9 > /sdcard/scrub.img
cat /dev/mtd10 > /sdcard/modem.img
cat /dev/mtd11 > /sdcard/modem_bak.img
cat /dev/mtd12 > /sdcard/sec.img
cat /dev/mtd13 > /sdcard/misc.img
cat /dev/mtd14 > /sdcard/recovery.img
cat /dev/mtd15 > /sdcard/fota.img
cat /dev/mtd16 > /sdcard/fwinfo.img
cat /dev/mtd17 > /sdcard/recoveryfs.img
cat /dev/mtd18 > /sdcard/cache.img
cat /dev/mtd19 > /sdcard/nvram.img
cat /dev/mtd20 > /sdcard/foxusr.img
cat /dev/mtd21 > /sdcard/foxcal.img
cat /dev/mtd22 > /sdcard/foximg.img
cat /dev/mtd23 > /sdcard/system.img





Then you can edit the build.prop directly from shell and add

Code :
persist.service.adb.enable=1
persist.service.debuggable=1
persist.sys.usb.config=mtp,adb

After reboot it’ll enable adb

Backup first it is important to keep firmware stock.
i need firmware of this device. can you make it publicully available ????
 

Sintel MK

New member
Mar 8, 2022
1
0
you can enable fastboot in jiofi m2 by pressing wps and reset button at the same time least 5 sec. when light blinking are stopped then its enable fastboot in jiofi m2. you dont have to remove battery and you can enable it without using usb card
 

YOURKIN

Senior Member
May 12, 2015
51
10
you can enable fastboot in jiofi m2 by pressing wps and reset button at the same time least 5 sec. when light blinking are stopped then its enable fastboot in jiofi m2. you dont have to remove battery and you can enable it without using usb card
we know the way enable fastboot mode but we need to know how to enable adb also how to unlock oem bootloader ? when it disable from device setting also they block RX pin internally also we cant erase system cache using fastboot .
 
you can enable fastboot in jiofi m2 by pressing wps and reset button at the same time least 5 sec. when light blinking are stopped then its enable fastboot in jiofi m2. you dont have to remove battery and you can enable it without using usb card
Will this work on Jiofi M2S? when to connect USB cable to device? @YOURKIN bro can you explain this in detail?
 

YOURKIN

Senior Member
May 12, 2015
51
10
Will this work on Jiofi M2S? when to connect USB cable to device? @YOURKIN bro can you explain this in detail?
yes you can try , only erase data and cache , if you run successfully then you get full access (* Not sure because not tested ) , and please don't connect sim or update . You must do Full backup the firmware OR contact me . in Discord or wait for my next replay .


** If you successfully run the command


fastboot erase data

fastboot erase cache
 

subhash_india

Member
Jul 1, 2021
38
5
i found the uart pinesView attachment 5370691

i need help who have usb to ttl converter and jiofi m2s
and have little knowledge about it .
DM me for helping me

then we backup the firmware

my device system is working but problem is so much testing and finding those pin my device is stuck after coming shell login option.
How you got adb access without uart pins ? I have M2 device and usb to TTL converter . I'm trying to find uart pins on M2 . If I connect wrong rx TX pins with TTL , will they get short ?
 

subhash_india

Member
Jul 1, 2021
38
5
My M2 device not detected in fastboot when I use Qualcomm drivers , but with adb composite bridge as driver, it's get detected in fastboot mode , even when Qualcomm drivers get installed successfully and M2 device port 9008/902d showing in device manager when in fastboot mode. But it's not detected in fastboot devices list ,? Putty also not responding in serial mode ?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    /** Dont Get Confused Between Jiofi 2 and Jiofi 3. This Thread is Exclusive for JioFi 2 M2 Unlocking ,
    If you Brick or Damage your JioFi Router then please don't blame me **/


    Hi Guys,

    I have been doing some research on the JioFi M2 Mobile Router from past few days. I new things have been discovered which were not known to us Before .

    New Updates 13.8.2017:
    Untitled_1.png

    New Updates 2.5.2017:
    I have Found the hardware Specs of the JioFi M2 Wifi Router by Disassembling it.
    Specs :

    • Cpu: Qualcomm mdm 9307
      Flash Chip: Nanya 1635
      Montherbroad: MF672S v3.1_B

    New Updates 1.5.2017:

    • This Router is a Android Device
    • Fastboot Mode is Available on this device ( Hold WPS + Power Button for 3 Secs ) Works Even without Battery inside
    • Fastboot Reboot and Fastboot Reboot Bootloader Working
    • Fastboot OEM Unlock is Showing Remote Unlock Not Allowed

    Currently my JioFi M2 is running on PEG_M2_B34 Firmware Version. I have tried Flashing JioFi_JMR520_R6.20.bin but its a FAILURE

    I am still trying to figure out if there is a USB Debugging mode so that we can reveal the Chipset and OEM of this Router.

    How Can you Help ME ??
    Ans : If you have the firmware file of Jiofi M2 Router then Please upload to a Dropbox or GDrive Drop the Link Below. I will try to unpack the .bin firmware and Repack and Flash.
    3
    Maybe that's the key, no SIM present = shell access? may have to try but adb was not available last time I checked. Or it may be that you are on an older firmware which allows shell access and you also seem to have root access !!(# sign for the shell but no network connectivity) and hence the reason it is trying to update.
    Can you please post your firmware and hardware versions from the admin webpage (192.168.1.1). I think with your device, the device can be reversed/hacked for plenty of additional features if we engage the right folks here with the skills in XDA.

    fastboot cannot reboot to recovery.

    .
    2
    hello

    gimme Ur email... i have a link but xda is not allowing me to type a link here as i am new.... (Mod Edit - Email Removed)
    2
    Download link for firmware files extracted from /firmware directory

    https: // drive.google. com/ open?id=1wWsJHPC8C8gX2Sv5SaPQC7FqzFurAadz
    2
    Hey, this is to request all those who are spamming the thread and post by asking for an unlocker. If you bothered to read the op, you wouldn't be asking the page owner said it is not possible to unlock it as yet. Don't keep pestering the op or potentially get your account suspended.