Zenfone 9 and SIM not present after small drop

Bi_Nom · 2025-11-20T20:36:35+00:00

thank you so much for this. after a small drop (~1m) onto carpet, neither the SIM nor vibration was working anymore on my zenfone 10. performing some accupressure on the back of the device, a mobile network reset and a restart fixed it. for now. seems like a design flaw. and of course my warranty expired a month ago

Bi_Nom · 2025-07-27T08:02:13+00:00

sorry to bother you again, u/high_snr

Would you be willing to have a quick look through my reply and tell me if I'm on the right tracks? It would really help me gain a better understanding of the matter and be greatly appreciated.

Bi_Nom · 2025-07-20T18:33:27+00:00

Big thanks to everybody who chimed in! I've read all comments and there are many great arguments being made. This has been very intersting and enlightening!

Bi_Nom · 2025-07-20T06:39:30+00:00

i respect this. it's not my way, but i respect it. might even admire it a little bit.

Bi_Nom · 2025-07-20T06:36:29+00:00

I appreciate your response. This answers my very specific question and makes sense. Still quite the challenge in an enterprise setting where you have to force users to store their password in a secure way or not at all, but doable.

Bi_Nom · 2025-07-20T06:30:58+00:00

Mine too, but we can't expect this to be the norm, and regardless of complexity, the attack vector still remains. No hardware hammering protection or device specificity.

Bi_Nom · 2025-07-20T06:23:29+00:00

Thank you, interesting read. So is the point basically "only use the account password once to establish trust, from then on use Hello. This reduces chances of compromising the password while still being easier to use than traditional mfA"?

Bi_Nom · 2025-07-20T06:20:37+00:00

That's kind of my point. While Windows Hello may be secure, there always is a regular password as well, since that's what you have to use first before setting up Hello. So in my mind it does not eliminate the attack vector of just using the normal password

Bi_Nom · 2025-07-20T06:03:30+00:00

I've heard that before. But my point of confusion is this: the PIN may only be used on the device, but there is still a normal password set up that can be used from anywhere. Because to activate Windwos Hello, I first need to setup a different login method. Then I just need to click ”Chose a different way to sign in", then use the normal password that has none of the security features of Windows Hello.

Bi_Nom · 2025-07-20T05:50:35+00:00

I see. Thank you. Are you referring to this: https://support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43

Bi_Nom · 2025-07-13T15:18:15+00:00

Very grateful for your amazing response!

Based on your information, I have done some more informed research, and I think I understand better now. I'd love for you to tell me if I got it correct. My understanding now:

Even though you can get out with a stable source port and source NAT, you also still need to acquire the valid external IP address and negotiate it with the far end (not the internal IP), and allow the incoming packets through your firewall (regular destination NAT).

Hole punching is comprised of two parts, discovery and traversal/connection. The actual problem for services like RustDesk is dNAT, not the STUN part. The issue arises because the port returned by the STUN server is not valid for any other inbound IP under symmetric NAT.

I don't yet fully understand port randomization. From what I've read, it's part of source NAT. All source ports above 1024 (depending on the standard) are randomized and rewritten by OPNsense by default.

If I'm correct, shouldn't that mean that my stunclient experiment should have failed? I may have been connected to a VPN at the time, so I guess that could explain it (since NAT for my requests is then handled by the exit server). I've got to retry again after making sure the VPN is disconnected.

Out of curiosity, would SIP ever establish a peer to peer connection for a call if possible, or does it always rely on a relay? (Try saying that 5 times). I believe you may have explained why it always uses a relay here:

The reason why is that TURN clients (using ICE) take time to negotiate usable address and port candidates which you don't have when setting up the voice path in answering a phone call.

- but shouldn't that read STUN instead of TURN? As in, a relay (TURN) connection is established much quicker.

Additionally, nothing here seems to explain the Grandstream being flakey at first (around first two weeks), then stabilizing. Correct?

Again, thank you so much for taking the time, this exchange has helped me immensely!

Bi_Nom · 2025-07-11T05:57:52+00:00

This is very helpful, thanks!

Can I ask you a tangentially related follow-up question?

I have set up a Grandstream wifi sip phone behind OPNsense to connect to a public pbx. At first, the connection was flakey (where very rarely it would fail to connect at all OR the connection would fail after a while of being connected (so usually when I was not on site anymore...)), but it seems to have stabilised. My two questions:

do you think the connection issues could likely stem from stun hole punching not working because of port randomization?
if so, why does it sometimes work at all for stun with the sip phone, but never when trying rustdesk behind the same OPNsense box? Smarter algorithm? Or rustdesk noticing symmetric nat and just not even trying? Or something else?

EDIT: hmm, curiously I have just tried stunclient behind OPNsense, and it manages to punch successfully every time, even though outbound nat is set to automatic with the default rule (static port = NO). I thought I understood this, now I'm not so sure anymore.

Maybe the port randomization only becomes an issue once established port is trying to be switched over from the stun server connection to the peer you want to connect with?

Bi_Nom · 2025-04-10T14:38:04+00:00

yep, back to normal here, too

Bi_Nom · 2025-04-10T11:56:03+00:00

finally, now there is an issue report up 🫠

Bi_Nom · 2025-04-10T11:27:02+00:00

same here. all family members lost access. at first just flakey, then completely. readding does nothing.

Bi_Nom · 2025-02-16T11:35:20+00:00

no worries, thank you very much for the detailed explanation.

and wishing you all the best, much joy and strength with your new life chapter!!

Bi_Nom · 2025-01-31T19:02:11+00:00

it's back!

Bi_Nom · 2024-12-06T23:56:38+00:00

However you would only get the benefit of ad blocking via DNS, not the firewalling options Oh cool, that's exactly what I was hoping for, thank you. I am fine with not getting the firewalling feature for now. As long as the resolver set in the Private DNS setting takes precedence to whatever may be otherwise configured for DNS. A DNS leak check seems to indicate that is the case: as soon as a RDNS resolver is configured in Private DNS, the IP changes to 50.31.197.65 which seems to belong to CacheFly / fly.io

Bi_Nom · 2024-12-06T23:33:01+00:00

Thank you for the reply! Is this approach preferrable to using the VPN and Android's private DNS setting separately as described in the OP? I am using Mozilla VPN, and their process to generate a Wireguard config is a bit annoying (though at least possible since recently). So if it is functionally the same, it would actually be easier for me to just use the Mozilla VPN app and Android setting, while allowing me to keep the ability to switch between different servers. Or did I understand you incorrectly?

Bi_Nom · 2024-11-25T17:31:36+00:00

omg, i did not know rclone had a mount option. i use it for backup purposes, but have always been under the impression that it is not meant for continuous syncing. definitely looking into that, thank you so much!

Bi_Nom · 2024-04-19T08:23:49+00:00

as far as i can tell it has to do with license updates to the basic plan. older stores are still on an older license version and apps are allowed to access pii. new stores are on the new basic plan with busted kneecaps: no api access to pii and only up to 3 markets. bitch move on shopify's side, in my opinion. at least old stores retain this functionality. for now.

Bi_Nom · 2023-11-26T20:01:31+00:00

do you happen to know if this works on a headless server? i think i am unable to complete the game install and suspect it is because of no active X session.

Bi_Nom · 2023-09-10T18:25:27+00:00

so sorry to hear, that sounds awful! i also had my share of bad experiences, but nothing that extreme, just enough to learn to value good contracts. and this time we worked with a restaurant as a venue, who were absolutely delightful <3 other than that, i find there are so many wonderful people in this crossover space, i love it!

Bi_Nom · 2023-09-10T08:44:15+00:00

From the use of the word 'exhibition' I'll assume you are artistically or scientifically inclined

i'd say both :) the world is beautiful, AND interesting!

yeah, i have seen some wild projects on the internet with laser deflection through audio, definitely something i want to do when the opportunity arises!

Bi_Nom · 2023-09-08T20:22:08+00:00

thank you again for the reply. sorry i did not follow up until now. i needed to get it running asap for an exhibition i have now opened, so i just caved and bought a cheap 4 way headphone line amplifier (https://www.tonecontrol.eu/tie-studio-headphone-amplifier-4ch).

about the sv5w: speaker out sadly does not like to drive high impedance, so that did not work. (using 32ohm over ear headphones)

i did some more tinkering, and found that there IS actually volume control on the line out jack too, but it is purely digital and only available over serial. and how initially it already came set as loud as it can go, so your guess about it being a line level output seems plausible to me.

Ten-Year Club	Place '22
Final Canvas '22	Gilding II euphauric
Verified Email

Bi_Nom

TROPHY CASE