efforg/rayhunter#1001

see https://github.com/EFForg/rayhunter/discussions/771

I ordered two of those and I think they have the same issue as the UZ801, too many variations and the installer doesn’t work half the time. I think we need to get better at identifying working variants of UZ801 see #1006

Which devices did you get? The one I got is M9S LCD (Black), there is no label on the PCB of the exact device product name.

it looks identical to me:

except the print is different. the aliexpress listing is long gone, the model is called “A8-E”. it does not work with this installer, even after removing the USB vendor ID filtering in the installer.

Is the chipset the same as UZ801 (mdm8916)? I think we have this in our local market.

yes it’s msm8916 (msm, not mdm), but the ADB shell isn’t root and there doesn’t seem to be an obvious way to get root. so copying the files fails, and even if that succeeds, starting the daemon will fail. /dev/diag is present.

The patch I had to apply to get that far was

diff --git a/installer/src/uz801.rs b/installer/src/uz801.rs
index 559635b..d32536d 100644
--- a/installer/src/uz801.rs
+++ b/installer/src/uz801.rs
@@ -108,7 +108,7 @@ async fn wait_for_adb() -> Result<ADBUSBDevice> {

         // UZ801 USB vendor and product IDs.
         // TODO: Research if other variants use different IDs.
-        match ADBUSBDevice::new(0x05c6, 0x90b6) {
+        match ADBUSBDevice::new(0x05c6, 0x9024) {
             Ok(mut device) => {
                 // Test ADB connection
                 if test_adb_connection(&mut device).await.is_ok() {

I assume this command didn’t work to gain root? setprop service.adb.root 1; busybox killall adbd do you know what the model written on the PCB? Might get a similar unit for testing but. do we open a new discussion for these MiFi devices as they have different model name but similar to UZ801 (M9s, A8, MF800, H807) some has LCD display and others only LEDs.

interesting yeah, that worked. didn’t know about that trick! daemon starts up fine when run manually from the shell, the installer crashed halfway through trying to modify files for autostart. after poking around a bit it doesn’t seem like there’s an obvious spot to hook autostart into, and most of the system is mounted read-only with mount -o remount,rw not working.

• no /system/bin/init* (and read-only anyway)
• no /etc/init* (and read-only anyway)

Here is a photo of the PCB as requested, it’s not uz801 at all:

Thanks, this is the same internals on my M9S. I’ll revert back to the stock firmware and check if I can get Rayhunter running.

I attempted manual install of Rayhunter and used UZ801 as config device type, it works. /system can be mounted with rw. Added 30s sleep after the system post boot /system/etc/init.qcom.post_boot.sh before running the rayhunter daemon for it to capture data or else it will be 0 bytes. I haven’t checked on the battery percentage and the display support. Steps followed: https://github.com/EFForg/rayhunter/discussions/479#discussioncomment-14246127

interesting, mount -o remount,rw does not work on my device… :grimacing: i dread the idea of supporting this level of hardware diversity

I ordered a similar device such as yours, and I’ll let you know if the /system cannot also be remounted.

So it sounds like the m6/m9s is a good device for us to target, no?

So it sounds like the m6/m9s is a good device for us to target, no?

Yes, manually running Rayhunter works on these two and also they seem to come from the same ODM based on the IMEI and PCB markings. If I get another device, I’ll post it here.