Go to Settings -> About device -> Version, and tap on “Version number” 7 times, this should enable the developer mode.
Go to Settings -> Additional settings -> Developer Options, and enable “USB debugging” and “OEM unlocking”.
To communicate with the OnePlus phone we will need to install the command-line tool adb (Android Debug Bridge). On a MacOS this can be installed using HomeBrew.
Connect the device to your laptop using a USB-C to USB-C or USB-C to USB-A cable. Now, you should be able to see your device listed under the connected devices.
firasshaari@MacBook-Pro-9 ~ % adb devices
List of devices attached
76f80f11 device
Reboot the device in the bootloader mode using the below command.
Now in the bootloader mode your device should have a similar screen to the photo below except, its bootloader is still in the locked state.
Now using either one of the 2 commands listed below your phone will prompt you that you’re about to unlock the bootloader. Once you accept that, the device will reboot and a message stating that the device cannot be trusted and you will need to set up it again from scratch.
After setting up your device, we will need to install the Magisk APK to allow for super user access on the device. Download Magisk-v27.0.apk and push it your device’s SD card using the following command.
Use the Files app on the device to install the Magisk APK. In my case you can see that the device is trying to update the already installed APK
After installing the APK you should be greeted with a similar screen the one below. The only difference between my screenshot and yours will be that you haven’t installed Magisk yet.
We will need to download a FW image for the OnePlus. Pay attenuation to your HW version, since they are different images for different regulatory domains. I found the FW images on this XDA forum post.
I uploaded the North America images to my OneDrive. you can find them in the links below. In my case I used OxygenOS-CPH2583_14.0.0.404(EX01)A.57 image.
Download the Payload Dumper and follow the installation steps in the ReadMe file. This will be used to extract the “init_boot.img” file from the FW image. In my case this version payload-dumper-go_1.2.2_darwin_amd64 worked on my 2023 MacBook Pro 14″.
Copy the “init_boot.img” file to your device using the push command.
Open Magisk on the device, click on the “Ramdisk” install and “Select and Patch a File” and select the “init_boot.img” file that we pushed to the device in the last step.
Using the adb pull command, pull the generated patched “init_boot.img” file from your phone to your laptop.
Reboot the device and if all goes well Magisk should be installed and, at this point and you should have root access on the device. It can be seen in the example below how running iw commands fails at first but after acquiring root privileges using the su command the command is executed successfully.
firasshaari@MacBook-Pro-9 ~ % adb shell
OP595DL1:/ $ iw wlan info
/system/bin/sh: iw: inaccessible or not found
127|OP595DL1:/ $ su
1|OP595DL1:/ # iw wlan0 info
Interface wlan0
ifindex 24
wdev 0x1
addr 8e:f1:ad:a1:a6:71
ssid home
type managed
wiphy 0
channel 36 (5180 MHz), width: 80 MHz, center1: 5210 MHz
txpower 20.00 dBm
OP595DL1:/ #
To turn the OnePlus 12 into sniffer mode, execute the following commands on adb shell.
iw phy phy0 interface add mon0 type monitor
ip link set wlan0 down
ip link set mon0 up
ip link set wlan0 down
iw dev mon0 set channel 36
tcpdump -i mon0 -envvv
Looking at the S11 and S21 parameters of dual band ANTs shows acceptable performance up to 6.7GHz. In the photos below 4 markers on the S21 parameter graph can be seen. MK1 was set to the beginning of the 2.4GHz band, MK2 was set at the beginning of the 5GHz band, MK3 was set at the last frequency in the 6GHz where the dual ANTs still gave acceptable levels of performance and finally MK4 was set at the end of the 6GHz band (7.2GHz) where the performance degraded by a factor of 6dB below the performance measured in the 5GHz band.
Note: For more info on the S-Parameters and what do they mean you. this page https://www.antenna-theory.com/definitions/sparameters.php gives a simple and clear explanation of the concept.
The Hackrf is a small affordable SDR (software Defined Radio) that can operate in frequencies up to 6GHz with a channel bandwidth of 20MHz. This makes it an excellent choice when it comes to experimenting with WiFi. One of the few drawback of a Hckrf is the lack of amplification on the Tx side. In this experiment I was successful in amplifying the transmit signal of a Hackrf by 30dB using a Skyworks FEM ( Front-End Module).
GNU radio is used to generate an 64 tone OFDM signal which is forwarded to the Hackrf. I will be writing a detailed post on how to replicate this experiment in the future. For now I would like to share with my readers short videos showing the difference in Tx power with and without the a FEM.