• Go to Settings -> About device -> Version, and tap on “Version number” 7 times, this should enable the developer mode.
  
  
  

• Go to Settings -> Additional settings -> Developer Options, and enable “USB debugging” and “OEM unlocking”.
  
  

• To communicate with the OnePlus phone we will need to install the command-line tool adb (Android Debug Bridge). On a MacOS this can be installed using HomeBrew.
  
  

firasshaari@MacBook-Pro-9 ~ % brew install android-platform-tools

• Connect the device to your laptop using a USB-C to USB-C or USB-C to USB-A cable. Now, you should be able to see your device listed under the connected devices.
  
  

firasshaari@MacBook-Pro-9 ~ % adb devices   
List of devices attached
76f80f11	device

• Reboot the device in the bootloader mode using the below command.
  
  

firasshaari@MacBook-Pro-9 ~ % adb reboot bootloader

• Now in the bootloader mode your device should have a similar screen to the photo below except, its bootloader is still in the locked state.
  
  

• Now using either one of the 2 commands listed below your phone will prompt you that you’re about to unlock the bootloader. Once you accept that, the device will reboot and a message stating that the device cannot be trusted and you will need to set up it again from scratch.
  
  

firasshaari@MacBook-Pro-9 ~ % fastboot oem unlock
firasshaari@MacBook-Pro-9 ~ % fastboot flashing unlock

• After setting up your device, we will need to install the Magisk APK to allow for super user access on the device. Download Magisk-v27.0.apk and push it your device’s SD card using the following command.
  
  

firasshaari@MacBook-Pro-9 Downloads % adb push Magisk-v27.0.apk /sdcard/Download/ 
Magisk-v27.0.apk: 1 file pushed, 0 skipped. 42.2 MB/s (12498796 bytes in 0.282s)

• Use the Files app on the device to install the Magisk APK. In my case you can see that the device is trying to update the already installed APK
  
  

• After installing the APK you should be greeted with a similar screen the one below. The only difference between my screenshot and yours will be that you haven’t installed Magisk yet.
  
  

• We will need to download a FW image for the OnePlus. Pay attenuation to your HW version, since they are different images for different regulatory domains. I found the FW images on this XDA forum post.
  • Download FWs images from XDA form
• I uploaded the North America images to my OneDrive. you can find them in the links below. In my case I used OxygenOS-CPH2583_14.0.0.404(EX01)A.57 image.
  • OxygenOS CPH2583_14.0.0.502(EX01) A.61 + OxygenOS CPH2583_14.0.0.502(EX01) A.61_Incremental
  • OxygenOS CPH2583_14.0.0.604(EX01)
  • OxygenOS-CPH2583_14.0.0.404(EX01)A.57
• Download the Payload Dumper and follow the installation steps in the ReadMe file. This will be used to extract the “init_boot.img” file from the FW image. In my case this version payload-dumper-go_1.2.2_darwin_amd64 worked on my 2023 MacBook Pro 14″.
• Copy the “init_boot.img” file to your device using the push command.
  
  

firasshaari@MacBook-Pro-9 ~ % adb push init_boot.img /sdcard/Download/

• Open Magisk on the device, click on the “Ramdisk” install and “Select and Patch a File” and select the “init_boot.img” file that we pushed to the device in the last step.
  
  

• Using the adb pull command, pull the generated patched “init_boot.img” file from your phone to your laptop.
  

firasshaari@MacBook-Pro-9 ~ % adb pull /sdcard/Download/magisk_patched-27000_Y3vcR.img

• Now reboot the device in the bootloader mode and flash the patched image.
  
  

firasshaari@MacBook-Pro-9 ~ % adb reboot bootloader
firasshaari@MacBook-Pro-9 ~ % fastboot flash init_boot magisk_patched-27000_Y3vcR.img

• Reboot the device and if all goes well Magisk should be installed and, at this point and you should have root access on the device. It can be seen in the example below how running iw commands fails at first but after acquiring root privileges using the su command the command is executed successfully.
  
  

firasshaari@MacBook-Pro-9 ~ % adb shell
OP595DL1:/ $ iw wlan info 
/system/bin/sh: iw: inaccessible or not found
127|OP595DL1:/ $ su
1|OP595DL1:/ # iw wlan0 info                                                                                                                                                                                                                                               
Interface wlan0
	ifindex 24
	wdev 0x1
	addr 8e:f1:ad:a1:a6:71
	ssid home
	type managed
	wiphy 0
	channel 36 (5180 MHz), width: 80 MHz, center1: 5210 MHz
	txpower 20.00 dBm
OP595DL1:/ # 

• To turn the OnePlus 12 into sniffer mode, execute the following commands on adb shell.

iw phy phy0 interface add mon0 type monitor 
ip link set wlan0 down 
ip link set mon0 up 
ip link set wlan0 down
iw dev mon0 set channel 36 
tcpdump -i mon0 -envvv 

Useful Links

• http://junsun.net/wordpress/2024/04/how-i-rooted-oneplus-12-with-magisk/
• https://topjohnwu.github.io/Magisk/install.html
• https://xdaforums.com/t/oneplus-12-rom-ota-boot-oxygen-os-repo-of-oxygen-os-builds.4657465/
• https://github.com/vm03/payload_dumper
• https://github.com/ssut/payload-dumper-go/releases
• https://github.com/topjohnwu/Magisk/releases/tag/v27.0

On the 10/08/2021 at around 2:00pm I passed the CWISA Certification exam with a score of 97%. I am excited as this the first step in my journey towards achieving the CWISE (Certified Wireless IoT Solution Expert) certification.

The 4th video in the series of the 802.11ax training videos. In this video I explain the difference between OFDM and OFDMA and introduce the concept of RUs in the 802.11ax standard

The 3rd video in the series of the 802.11ax training videos. In this video I explain the different types of PPDUs in the 802.11ax standard.

The 2nd installment in the series of the 802.11ax training videos. In this video I highlight most of the important differences between 802.11ac and 802.11ax.

Looking at the S11 and S21 parameters of dual band ANTs shows acceptable performance up to 6.7GHz. In the photos below 4 markers on the S21 parameter graph can be seen. MK1 was set to the beginning of the 2.4GHz band, MK2 was set at the beginning of the 5GHz band, MK3 was set at the last frequency in the 6GHz where the dual ANTs still gave acceptable levels of performance and finally MK4 was set at the end of the 6GHz band (7.2GHz) where the performance degraded by a factor of 6dB below the performance measured in the 5GHz band.

Note: For more info on the S-Parameters and what do they mean you. this page https://www.antenna-theory.com/definitions/sparameters.php gives a simple and clear explanation of the concept.

On the 23/02/2021 at around 10:00am I took on a 4 hours exam an attempt to achieve the iNARTE Spectrum Management Certification. The exam was challenging, I wouldn’t say it was difficult but, definitely it wasn’t an easy one. For anyone who might be interested in taking on the exam a good background in Electrical Engineering principles and a fair knowledge of HAM radio rules regulations and best practices will definitely be a big a help to clear this exam. Finally, you can check my certification by clicking on the link below.

The Hackrf is a small affordable SDR (software Defined Radio) that can operate in frequencies up to 6GHz with a channel bandwidth of 20MHz. This makes it an excellent choice when it comes to experimenting with WiFi. One of the few drawback of a Hckrf is the lack of amplification on the Tx side. In this experiment I was successful in amplifying the transmit signal of a Hackrf by 30dB using a Skyworks FEM ( Front-End Module).

GNU radio is used to generate an 64 tone OFDM signal which is forwarded to the Hackrf. I will be writing a detailed post on how to replicate this experiment in the future. For now I would like to share with my readers short videos showing the difference in Tx power with and without the a FEM.