On Mon, Sep 11, 2023 at 2:45 PM Bjørn Mork <bj...@mork.no> wrote: > > By coincidence I spotted [2]. Could that be related? Both modems are > > manufactured by Fibocom. > > Not sure. You're not using the proxy, are you? >
Not that I am aware of... > But you could also try with the proxy. Some USB devices aren't > expecting clients to come and go while the MBM session is open. > I have no idea if that's relevant to PCI, but worth testing. > > > P.S.: The challenge always being zero is also somewhat suspicious - I > > haven't been able to perform a successful unlock so far. > > Yes. Something is obviously missing here. Maybe the firmware expects > this only at a certain point in the session (like immediately after > OPEN)? Or maybe we're decoding it wrong? Did you look at th debug > dump? Or maybe the firmware wants some reqeust parameter it doesn't > get? > Turns out the challenge needs to be requested via --set-fcc-lock=0,0. Still, I can't get a valid unlock. > Is this problem the same with the official Lenovo unlock tool and > scripts? > Good question. The official beta tool does not even support my laptop model - but I can convince it to run by bind-mounting a supported laptop's string to /sys/class/dmi/id/product_family. Is there a way to capture the official tool's communication? AFAICS it is using libmbim (?) for the modem communication by calling mbim_message_intel_mutual_authentication_fcc_lock_set_new. Knowing a valid response for a given challenge would help validating the hashing algorithm. Thanks, Thilo
