dain NOTE's

MIFLASH METHOD
Downloads:
MiFlash 2018
Prog Emmc Firehose ELF(Patched) mirror
Credits: Chocoml
Any ARB4 fastboot rom:
Global: http://bigota.d.miui.com/V9.6.4.0.OE
China: http://bigota.d.miui.com/V10.0.1.0.OE

1. Download dan Extract fastboot rom folder. bisa mengunakan fastboot rom versi terbaru. Jika menggunakan varian Global maka gunakan Global fastboot rom and jika varian China gunakan China fastboot rom untuk menghindari stuck di logo recovery (Miui version can't be installed in this device).
2. Download dan Replace file "prog_emmc_firehose_Sdm660_ddr.elf" dengan file patched diatas di folder fastboot images.
3. coba nyalakan ulan phone. tahan tombol Power kira-kira 20-30 detik atau agak lama. atau coba bberapa kombinasi tombol, (HOLDPower + VolDOWN) atau (Power + VolUP), atau (Power + VolDOWN + VolUP).
4. Connect phone ke PC, buka MIFLASH, load folder fastboot rom.
5. pilih opsi CLEAN ALL and flash.
6. cara flash via MIFlash

QFIL/QPST METHOD
Downloads:
QPST/QFIL
Prog Emmc Firehose MBN(Patched) mirror Credits: Chocoml
Any ARB4 fastboot rom:
Global: http://bigota.d.miui.com/V9.6.4.0.OE...f5ee62becf.tgz
China: http://bigota.d.miui.com/V10.0.1.0.O...7a9c72f518.tgz

1. Download and install QPST.
2. Download and Extract fastboot rom folder. You can use any latest fastboot rom. If you have Global variant use Global fastboot rom and if China variant use China fastboot rom to prevent being stucked on recovery (Miui version can't be installed in this device).
3. Download patched prog_emmc_firehose_Sdm660_ddr.mbn and copy inside fastboot rom images folder.
4. Try to power cycle phone. Hold Power button for about 20-30 secs or longer. Or try any button combinations. (HOLDPower + VolDOWN) or (Power + VolUP), or (Power + VolDOWN + VolUP).
5. Connect phone to PC, Run QFIL from bin folder, select Flat Build (prog_emmc_firehose_Sdm660_ddr.mbn), Load XML (rawprogram0.xml), (patch0.xml) and click Download.
6. How to flash with QFIL

** TROUBLESHOOTING **
1. If with "Write time out, maybe the device was disconnected" or "cannot receive hello packet" error on MIFlash. Disconnect phone from pc and hold power button again for 20-30 seconds. Reconnect to pc and try again.
2. If with "YOU ARE NOT AUTHORIZED TO DOWNLOAD" error on MIFLASH or 'Only nop and sig tag can be received before authentication' on QFIL, try to power cycle again OR hold those buttons while connecting it to PC. Try every combo and flash again.
3. If all failed then Remove back cover of the phone, do a testpoint. If it still doesn't work Disconnect the batteryconnector.
4. How to testpoint RMN5 .

original source

Huawei E3372 LTE stick supports all the LTE/4G frequencies used by Croatian providers (VIPnet uses 1800 MHz, Hrvatski telekom uses the 1800 MHz band in cities and 800 MHz in rural areas) and costs an arm and a leg if bought network-locked from Croatian telecom (HRK 450 /60 € contract-free). Luckily, you can get it for about 30 euros on eBay, fully unlocked.

Since my plan was to find out which frequency HT is using in my area, I tried to sniff it out from the statistics page, but were ultimately unsuccesful in doing so. The firmware I had in my E3372 was customised for Latvia’s LMT and did have signal quality info, but there was no way I could select individual frequency bands, only 2G/3G/HDSPA/4G. Then I tried out a bunch of available firmware packages found on this Austrian forum, but stock versions were more limited than the one I had, while modded versions would simply not flash.

Then I tried reflashing the Huawei to act as a surf-stick, with emulated modem interfaces. Huawei’s AT command set is fairly well-documented, but I was still unable to switch off individual frequency bands so I could find out whether I’m using 800 or 1800 MHz.

Huawei E3372h is very popular in Russia, so the 4pda forum has a lot of information and solutions for it, but even if you can read Russian Cyrillic script and understand a bit of Russian (or know how to use Gooogle Translate), you still have to be logged in to download. That process requires registration and solving not one, but two CAPTCHA’s in Russian. After a lot of work, I registered an account – the CAPTCHA on the registration page wants you to add up two numbers visible in the image (XX плюс XX равно or “XX plus XX equals”), but the CAPTCHA on the login page is a hell to solve because it gives you a four-digit number, in words, written in Russian cursive (an example in regular, ‘print’ Cyrillic: девять тысяч восемьсот сорок семь or devyat’ tysyach vosem’sot sorok sem’ or nine thousand eight hundred and forty seven).

Once I solved that, I was back in the game. The forum has detailed instructions on which firmware versions can be flashed out-of-the-box, how to modify the WebUI, how to get telnet/ADB running and how to switch the modem to DEBUG mode, which exposes its control ports.

I’ve used some of the stuff I found there, simplified some things and tested all of it on a new Huawei E3372 straight out of the box, so a standard disclaimer is in order: all of this stuff worked for me, it should work for you, but please don’t come crying if you mess something up. You’ve been warned.
Now, if you do want to make your Huawei E3372h-153 more usable, do read all of the instructions before you start fiddling with it because the first couple of points are a way to manually mod the stock firmware. If you don’t care for that version, you can skip to step 6, flash an appropriate firmware, do steps 1-3 and then just simply flash a modded firmware, ignoring steps 4 and 5.

1. Activating DEBUG mode

The first step in modding the stick is to switch it to DEBUG mode. This gives you access to additional COM ports we’ll use to unlock the modem and run busybox.

The switching procedure requires you to POST some XML to the modems API, which is usually at http://192.168.8.1/CGI

This is what you need to post:

1

2

3

4

5

6

7

8

9

10

11

<?xml version="1.0" encoding="UTF-8" ?> 

<api version="1.0">

  <header>

    <function>switchMode</function>

  </header>

  <body>

    <request>

      <switchType>1</switchType> 

    </request>

  </body>

</api>

Scripts and curl.exe necessary for the above procedure can be found here.

2. Activating debug ports and calculating the OEM key needed for console access

I’m assuming you’ve switched your USB stick into DEBUG mode by running the sw_debug_mode.cmd script.

Download Huawei Modem Terminal, unzip it and run it. Select “FC – PC UI interface” and click on “Connect”.

Activate the console by issuing the following command:
AT^NVWREX=33,0,4,2,0,0,0

You’ll see that the console is active once Huawei Modem Terminal starts showing modem stats.

Time to calculate the OEM key. Download, uzip and run CalculatorOEM. Send the AT command:

1

AT^NVRDEX=50502,0,128

The modem will respond with something like this:

1

Recieve: ^NVRDEX: 50502,0,128,60 DE 2A 11 94 B3 4C 64 78 93 C6 5B 3F 21 57 CC 8A 6C 7C 25 DC 5B E5 C4 61 7A DF B5 EC 5F B4 C2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 62 7E F5 73 BC 33 24 87 39 33 8A 55 CD 75 33 72 05 9C 45 B8 5D BA C7 CC B0 72 6F 83 B0 D2 81 02 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The calculator has the HEX parts you need printed in red and blue, so copy/paste the required parts into CalculatorOEM as shown and click on Подобрать код. After a couple of minutes (the calculations do take a lot of time and it may appear as if the program is not responding) you’ll get your OEM key. Write it down, you’ll need it later. You can get the NCK, the network unlock code, the same way, just replace 50502 with 50503 in the AT command.

Reset the modem: AT^RESET
Once it boots up and the WebUI opens in your browser, switch it to DEBUG mode once again.

3. Starting telnet/busybox

Now use Huawei Modem Terminal to connect to the “FC – ShallB” port.

Paste your OEM code in the “Send” box and hit Enter. The modem should reply:

1

2

3

Recieve: Login success 

Recieve: EUAP>

Recieve: EUAP>

Run busybox/telnet by issuing the following command

1

busybox telnetd -l /bin/sh

Now you can fire up your favourite telnet client (PuTTy, KiTTY) and open a Telnet connection to port 23, host IP 192.168.8.1

4. Autorun of adb and telnet

Download the necessary files, copy them on a MicroSD card and put it in the Huawei. Download and unpack this archive to the root folder of your SD card: ADB Daemon

First we’ll mount the MicroSD card so we can use it:

1

mount -t vfat /dev/block/mmcblk0p1 /mnt/sdcard

We’ll also remount /system with read-write permissions

1

mount -o remount,rw /dev/block/mtdblock16 /system

Then we’ll un-tar the adb daemon to system/bin:

1

busybox tar -xzvf /mnt/sdcard/adbd_s.tgz -C /system/bin

and finally add busybox and the adb daemon to the autorun script

1

echo -e "\nbusybox telnetd -l /bin/sh\n/system/bin/adbd &" >> /system/etc/autorun.sh

Now you can try to reboot your Huawei. Telnet and ADB should be accessible without the need to switch to DEBUG mode.

5. Replacing the webUI

Download the necessary files and copy them to your MicroSD card. You’ll need the modded full WebUI: webui17.100.06.00.03mod1.0 and nand tools if you want to backup your existing WebUI, although there are more ways of doing that.

Provided that you’ve completed steps 1-3, open a Telnet connection to the Huawei and, if needed, mount the SD card.

You can also make a backup of your existing WebUI if you feel so inclined. To restore any of these three types of backups, you’ll need telnet access.

You can either copy the files to a .tar archive:

1

busybox tar -cvf /mnt/sdcard/original-webui.tgz /app/webroot/*

or dump the entire partition with the WebUI using dd:

1

dd if=/dev/block/mtdblock15 of=/mnt/sdcard/webui.dd

or do the same with nanddump:

1

/mnt/sdcard/nanddump -f /mnt/sdcard/webui.img /dev/mtd/mtd15

Moving on. First we’ll remount the webroot as RW.

1

mount -o remount,rw /dev/block/mtdblock15 /app/webroot

Then we’ll delete the entire WebUI:

1

2

rm -r /app/webroot/WebApp

rm -r /app/webroot/upnp

Finally, we’ll unpack the modded WebUI from the SD card to webroot:

1

busybox tar -xzvf /mnt/sdcard/webui17.100.06.00.03mod1.0.tgz -C /app/webroot

In case of any trouble, try erasing the userdata or reverting the Huawei to factory settings. This wasn’t necessary in my case, but if you need a way of doing it, use the following scripts: erase_userdata_e3372.rar

6. Flashing a patched kernel which enables you to flash modded firmware

I couln’t find a patched kernel for the stock fimware I got with my Huawei, but you can always re-flash it to a supported version. Flash one of the following firmware versions:

1

2

3

4

22.200.03.00.1134

21.180.01.00.00

21.180.01.00.143

22.180.05.00.00

You can find stock firmware on this Austrian forum, use the first one under “HI- Link Offiziell E3372h” (22.180.05.00.00).

If you do flash it after you’ve completed steps 1-5, you’ll have to redo steps 1-3 and then just flash a modded firwmare file/webUI.

Once you’ve flashed your Huawei to an eligible firmware version and enabled Telnet, copy the matching kernel and nand tools to the root of your SD card.
Kernels: dload_patch_kernels_HuaweiE3372h.7zNand tools: nand_tools.7z

Mount the SD card:

1

mount -t vfat /dev/block/mmcblk0p1 /mnt/sdcard

Erase the existing kernel:

1

/mnt/sdcard/dload_patch/flash_erase /dev/mtd/mtd7 0 0

Flash a new kernel – use only the one appropriate for your kernel.

1

/mnt/sdcard/dload_patch/nandwrite /dev/mtd/mtd7 /mnt/sdcard/dload_patch/kernel_22.XXX.XX.XX.XX.bin

Finally, check if everything is okay by doing a test dump.

1

/mnt/sdcard/dload_patch/nanddump -f /testdump.bin /dev/mtd/mtd7

If all is well, you can reset your modem and flash a firmware/WebUI of your choosing (with or without ADB/telnet, etc). Just make sure it’s marked “M”, which means that it’s already modded to accept custom firwmare.

source