def run(self, args): port = args.port cn = connection(port) if cn.connected: info = cn.ati() if "vendor" in info: if info["vendor"] == "Sierra Wireless" or info[ "vendor"] == "Netgear": print("Sending download mode command") print(cn.send("AT!BOOTHOLD\r")) print(cn.send('AT!QPSTDLOAD\r')) print("Done switching to download mode") elif info["vendor"] == "Quectel": print("Sending download mode command") interface = 0 diag = qcdiag(loglevel=self.__logger.level, portconfig=[[0x2c7c, 0x0125, interface]]) if diag.connect(): diag.hdlc.receive_reply() res = diag.send(b"\x4b\x65\x01\x00") diag.disconnect() print("Done switching to download mode") elif info["vendor"] == "Telit": print("Sending download mode command") interface = 0 diag = qcdiag(loglevel=self.__logger.level, portconfig=[[0x2c7c, 0x0125, interface]]) if diag.connect(): diag.hdlc.receive_reply() res = diag.send(b"\x4b\x65\x01\x00") diag.disconnect() print("Done switching to download mode") elif info["vendor"] == "ZTE": print("Sending download mode command") interface = 0 diag = qcdiag(loglevel=self.__logger.level, portconfig=[[0x19d2, 0x0016, interface]]) if diag.connect(): diag.hdlc.receive_reply() res = diag.send(b"\x4b\x65\x01\x00") if res[0] == 0x4B: print("Done switching to ENANDPRG mode") else: res = diag.send(b"\x3a") if res[0] == 0x3A: while True: state = cn.waitforusb( vendor.zte.value, 0x0076) if not state: diag.disconnect() if diag.connect(): res = diag.send(b"\x3a") else: break if state: print("Done switching to NANDPRG mode") else: print("Failed switching to download mode") diag.disconnect() cn.close()
def detect(self, port): vendortable = { 0x1199: ["Sierra Wireless", 3], 0x2c7c: ["Quectel", 3], 0x19d2: ["ZTE", 2], 0x0846: ["Netgear", 2], 0x413c: ["Telit", 0] } mode = "Unknown" for device in self.detectusbdevices(): if device.vid == vendor.zte.value: if device.pid == 0x0016: print( f"Detected a {vendortable[device.vid][0]} device with pid {hex(device.pid)} in Diag mode" ) mode = "AT" break elif device.pid == 0x1403: print( f"Detected a {vendortable[device.vid][0]} device with pid {hex(device.pid)} in Web mode" ) mode = "Web" # url = 'http://192.168.0.1/goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=1' #adb url = 'http://192.168.0.1/goform/goform_process?goformId=MODE_SWITCH&switchCmd=FACTORY' if self.websend(url): mode = "AT" break elif device.vid == vendor.telit.value: if device.pid == 0x81d7: print( f"Detected a {vendortable[device.vid][0]} device with pid {hex(device.pid)} in Diag mode" ) print("Sending download mode command") interface = 5 diag = qcdiag(loglevel=self.__logger.level, portconfig=[[0x413c, 0x81d7, interface]]) if diag.connect(): data = diag.hdlc.receive_reply() res = diag.send(b"\x4b\x65\x01\x00") if res[0] == 0x4B: print("Sending download mode succeeded") diag.disconnect() break if mode == "AT" or mode == "Unknown": for port in self.getserialports(): if port.vid in vendortable: portid = port.location[-1:] if int(portid) == vendortable[port.vid][1]: print( f"Detected a {vendortable[port.vid][0]} at interface at: " + port.device) return port.device return ""
def run(self, args): port = args.port cn = connection(port) if cn.connected: info = cn.ati() if "vendor" in info: if info["vendor"] == "Sierra Wireless" or info[ "vendor"] == "Netgear": print("Sending at switch command") kg = SierraKeygen(cn) if kg.openlock(): if cn.send('AT!CUSTOM="ADBENABLE",1\r') == -1: print("Error on sending adb enable command.") if cn.send('AT!CUSTOM="TELNETENABLE",1\r') != -1: time.sleep(5) tn = Telnet("192.168.1.1", 23, 15) tn.write(b"adbd &\r\n") info = tn.read_eager() print(info) print("Enabled adb via telnet") else: print("Error on sending telnet enable command.") elif info["vendor"] == "Quectel": print("Sending at switch command") salt = cn.send("AT+QADBKEY?\r") if salt != -1: if len(salt) > 1: salt = salt[1] code = crypt.crypt("SH_adb_quectel", "$1$" + salt) code = code[12:] cn.send("AT+QADBKEY=\"%s\"\r" % code) if cn.send( "AT+QCFG=\"usbcfg\",0x2C7C,0x125,1,1,1,1,1,1,0\r" ) == -1: if cn.send("AT+QLINUXCMD=\"adbd\"" ) != -1: #echo test > /dev/ttyGS0 print("Success enabling adb") else: print("Success enabling adb") print( "In order to disable adb, send AT+QCFG=\"usbcfg\",0x2C7C,0x125,1,1,1,1,1,0,0" ) elif info["vendor"] == "ZTE": print("Sending switch command via diag") if cn.send("AT+ZMODE=1") != -1: print("Success enabling adb") else: interface = 0 diag = qcdiag(loglevel=self.__logger.level, portconfig=[[0x19d2, 0x0016, interface]]) if diag.connect(): res = diag.send(b"\x4B\xA3\x06\x00") if res[0] == 0x4B: challenge = res[4:4 + 8] response = hashlib.md5(challenge).digest() res = diag.send(b"\x4B\xA3\x07\x00" + response) if res[0] == 0x4B: if res[3] == 0x00: print("Auth success") res = diag.send(b"\x41" + b"\x30\x30\x30\x30\x30\x30") if res[1] == 0x01: print("SPC success") sp = b"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE" res = diag.send(b"\x46" + sp) if res[0] == 0x46 and res[1] == 0x01: print("SP success") else: res = diag.send(b"\x25" + sp) if res[0] == 0x46 and res[1] == 0x01: print("SP success") res = diag.send( b"\x4B\xFA\x0B\x00\x01") #Enable adb serial if res[0] != 0x13: print("Success enabling adb serial") res = diag.send(b"\x4B\x5D\x05\x00") #Operate ADB if res[0] != 0x13: print("Success enabling adb") diag.disconnect() elif info["vendor"] == "Simcom": print("Sending at switch command") # Simcom7600 if cn.send("AT+CUSBADB=1,1") != -1: print("Success enabling adb") elif info["vendor"] == "Fibocom": print("Sending at switch command") # FibocomL718: if cn.send("AT+ADBDEBUG=1") != -1: print("Success enabling adb") elif info["vendor"] == "Alcatel": print("Send scsi switch command") print( "Run \"sudo sg_raw /dev/sg0 16 f9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -v\" to enable adb" ) elif info["vendor"] == "Samsung": if cn.send("AT+USBMODEM=1"): print("Success enabling adb") elif cn.send("AT+SYSSCOPE=1,0,0"): print("Success enabling adb") cn.close()