NETGEAR / SIERRA MR6400 THREAD

Post Reply
User avatar
Rich Hathaway
Posts: 218
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 2 times
Been thanked: 70 times

NETGEAR / SIERRA MR6400 THREAD

Post by Rich Hathaway »

I did not see this thread anywhere so here it is, a general thread for the MR6400
Please add to this anything about this device you wish.

I just got to have a look at this device today (remotely) it is similar to the M5.
Here are the hardware id's for it

modem
USB\VID_0846&PID_68E2&REV_0504&MI_03
USB\VID_0846&PID_68E2&MI_03

Diag
USB\VID_0846&PID_68E2&REV_0504&MI_02
USB\VID_0846&PID_68E2&MI_02

RNDIS
USB\VID_0846&PID_68E2&REV_0504&MI_00
USB\VID_0846&PID_68E2&MI_00

ADB
USB\VID_0846&PID_68E2&REV_0504&MI_04
USB\VID_0846&PID_68E2&MI_04

USB Composite device
USB\VID_0846&PID_68E2&REV_0504
USB\VID_0846&PID_68E2
============================================
Use the same methods to work on this device that you use for M5
Hopefully, I will get another one of these to spend more time with soon, he
only wanted me to change the root password and hard code TTL for him on it
so thats all I did on this model so far but is very similar to the M5 so the same
things can be done to it.
IMEI, MEID, pESN, TTL, Band Lock, CA manipulation, etc.
User avatar
Rich Hathaway
Posts: 218
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 2 times
Been thanked: 70 times

Re: NETGEAR / SIERRA MR6400 THREAD

Post by Rich Hathaway »

MR6400 Partitions by name

mtd0: 00280000 00040000 "sbl"
mtd1: 00280000 00040000 "mibib"
mtd2: 01680000 00040000 "efs2"
mtd3: 001c0000 00040000 "tz"
mtd4: 00100000 00040000 "tz_devcfg"
mtd5: 00180000 00040000 "ddr"
mtd6: 00100000 00040000 "apdp"
mtd7: 00100000 00040000 "xbl_config"
mtd8: 00100000 00040000 "xbl_ramdump"
mtd9: 00100000 00040000 "multi_image"
mtd10: 00100000 00040000 "multi_image_qti"
mtd11: 00100000 00040000 "aop"
mtd12: 00100000 00040000 "qhee"
mtd13: 00100000 00040000 "abl"
mtd14: 00380000 00040000 "uefi"
mtd15: 00180000 00040000 "toolsfv"
mtd16: 00180000 00040000 "loader_sti"
mtd17: 01280000 00040000 "boot"
mtd18: 00100000 00040000 "scrub"
mtd19: 00100000 00040000 "logfs"
mtd20: 08040000 00040000 "modem"
mtd21: 001c0000 00040000 "misc"
mtd22: 00180000 00040000 "devinfo"
mtd23: 00080000 00040000 "recovery"
mtd24: 00080000 00040000 "fota"
mtd25: 00080000 00040000 "recoveryfs"
mtd26: 00100000 00040000 "sec"
mtd27: 00100000 00040000 "ipa_fw"
mtd28: 00100000 00040000 "usb_qti"
mtd29: 12c80000 00040000 "system"
mtd30: 034c0000 00040000 "pad1"
mtd31: 02840000 00040000 "userrw"
mtd32: 03940000 00040000 "hdata"
mtd33: 008c0000 00040000 "cust"
mtd34: 01040000 00040000 "ntgrpersist"
mtd35: 15980000 00040000 "ntgfota"

and its mounts
ubi0:rootfs / ubifs rw,seclabel,relatime,bulk_read,assert=read-only,ubi=0,vol=0 0 0
devtmpfs /dev devtmpfs rw,seclabel,relatime,size=310108k,nr_inodes=77527,mode=755 0 0
sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
cgroup2 /sys/fs/cgroup/unified cgroup2 rw,seclabel,nosuid,nodev,noexec,relatime,nsdelegate 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,seclabel,nosuid,nodev,noexec,relatime,xattr,name=systemd 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,seclabel,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,seclabel,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
cgroup /sys/fs/cgroup/debug cgroup rw,seclabel,nosuid,nodev,noexec,relatime,debug 0 0
tmpfs /var/volatile tmpfs rw,rootcontext=system_u:object_r:var_t:s0,seclabel,relatime 0 0
ubi0:systemrw /systemrw ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read,assert=read-
only,ubi=0,vol=3 0 0
debugfs /sys/kernel/debug debugfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /tmp tmpfs rw,seclabel,nosuid,nodev 0 0
ubi0:systemrw /etc/data/mobileap_cfg.xml ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_
read,assert=read-only,ubi=0,vol=3 0 0
/dev/ubi1_0 /firmware ubifs rw,context=system_u:object_r:firmware_t:s0,relatime,bulk_read,assert=read-only,ubi=1,vol=0 0
0
ubi0:persist /persist ubifs rw,rootcontext=system_u:object_r:persist_t:s0,seclabel,relatime,bulk_read,assert=read-only,u
bi=0,vol=4 0 0
ubi0:systemrw /etc/data/mobileap_firewall.xml ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,
bulk_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:usrfs /data ubifs rw,rootcontext=system_u:object_r:data_t:s0,seclabel,relatime,bulk_read,assert=read-only,ubi=0,vol
=1 0 0
ubi0:systemrw /etc/data/wlan_cfg.xml ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read
,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/ipa_config.txt ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_re
ad,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/l2tp_cfg.xml ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read
,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/ipa/IPACM_cfg.xml ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk
_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/dhcp_hosts ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read,a
ssert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/hosts ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read,assert
=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/usb/boot_hsusb_comp ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_re
ad,assert=read-only,ubi=0,vol=3 0 0
ubi3:hdata /mnt/hdata ubifs ro,sync,rootcontext=system_u:object_r:mnt_t:s0,seclabel,relatime,bulk_read,assert=read-only,
ubi=3,vol=0 0 0
ubi0:systemrw /etc/adb_devid ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_read,assert=
read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/data/usb/softap_w_dun ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk_
read,assert=read-only,ubi=0,vol=3 0 0
ubi2:userrw /mnt/userrw ubifs rw,sync,rootcontext=system_u:object_r:mnt_t:s0,seclabel,relatime,bulk_read,assert=read-onl
y,ubi=2,vol=0 0 0
adb /dev/usb-ffs/adb functionfs rw,relatime 0 0
diag /dev/ffs-diag functionfs rw,relatime 0 0
tracefs /sys/kernel/debug/tracing tracefs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
ubi0:cachefs /cache ubifs rw,rootcontext=system_u:object_r:cache_t:s0,seclabel,relatime,bulk_read,assert=read-only,ubi=0
,vol=2 0 0
ubi0:systemrw /etc/misc/wifi/WCNSS_qcom_cfg.ini ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatim
e,bulk_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/misc/wifi/hostapd-wlan1.conf ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatim
e,bulk_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/misc/wifi/hostapd-wlan2.conf ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatim
e,bulk_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/misc/wifi/hostapd.conf ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relatime,bulk
_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/misc/wifi/sta_mode_hostapd.conf ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,rela
time,bulk_read,assert=read-only,ubi=0,vol=3 0 0
ubi0:systemrw /etc/misc/wifi/wpa_supplicant.conf ubifs rw,rootcontext=system_u:object_r:system_data_t:s0,seclabel,relati
me,bulk_read,assert=read-only,ubi=0,vol=3 0 0
/

The real ports can be enabled by the same means as the M1,M2,M5
the 68E2 PID works to enable all ports.
Post Reply

Return to “Netgear”