「IMEI関連」の編集履歴(バックアップ)一覧はこちら
「IMEI関連」(2011/05/02 (月) 08:16:04) の最新版変更点
追加された行は緑色になります。
削除された行は赤色になります。
IMEI の変更方法
調査中
----
材料
(2)携帯電話特有の固有識別情報
Uniquely Identifying Android Devices with special permissions
http://strazzere.com/blog/?p=116
サンプルコードが載っていたのでメモ。
import android.telephony.*;
…
TelephonyManager mTelephonyMgr =
(TelephonyManager)getSystemService(TELEPHONY_SERVICE);
String imei = mTelephonyMgr.getDeviceId(); // Requires READ_PHONE_STATE
String phoneNumber=mTelephonyMgr.getLine1Number(); // Requires READ_PHONE_STATE
String softwareVer = mTelephonyMgr.getDeviceSoftwareVersion(); // Requires READ_PHONE_STATE
String simSerial = mTelephonyMgr.getSimSerialNumber(); // Requires READ_PHONE_STATE
String subscriberId = mTelephonyMgr.getSubscriberId(); // Requires READ_PHONE_STATE
取得例
DeviceId(IMEI) = 000000000000000
DeviceSoftwareVersion = null
Line1Number = 15555218135
SimSerialNumber = 89014103211118510720
SubscriberId(IMSI) = 310995000000000
IMEI、端末ソフトウェアのバージョン、MSISDN、SIMのシリアル番号、IMSIを取得することができます。
取得するには、android.permission.READ_PHONE_STATEのPermissionが必要です。
これらの情報を収集すれば、そのうちAndroidでも↓こんなニュースが流れるようになってくるかもしれません。
未発表 iPhoneモデル「iPhone3,1」、アプリの利用統計で観測される
あと、Android端末のファームウェアが不正に書き換えられているとサービス拒否とか。。。
勝手に収集されて悪用されると怖いかも。
------
材料
View Full Version : Motorola IMEI Change: Patches + Radiocomm
--------------------------------------------------------------------------------
Tr0nAd0r06-12-2006, 21:05
The Motorola phones have two IMEI, one is in OTP Zone (One Time Programming), is imposible overwrite this IMEI.
And have a Second IMEI saved in one Seem, this isn't OTP and can be modified, this second is the IMEI sended to the network
The phone compare this two IMEI when we power on the mobile and if this are different power off inmediatly, but is possible "Patch" this check and the mobile will power on with the two differents IMEI.
This is a example patch for Motorola E398 R373 binary firmware:
Code:
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
This the Seem that contain the IMEI:
Element ID 0004
Record 0001
Offset 0000
Lenght 0009
I change the IMEI to the mobile using a Dongle and I try reading this Seem and in here is saved the New IMEI:
Radiocomm log:
Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
It read the IMEI (for this test i change the IMEI with dongle to 2222222222...)
But when i try to Write this Seem to the Mobile (using Radiocomm), it done all ok:
Sending 'STELEM' command with data '0004000100000009083A05092770104344' to the radio...
Sent to radio: 41020000080019000000002F00110000000400010000000908 3A05092770104344
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
But the phone have the old IMEI:
Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
The phone is in suspend mode (power off but is detected by Radiocomm), but i see than the SmartClip, Loggers and Dongles put the phone in Flash Mode for overwrite this SEEM (in think that this tools unblock this SEEM), i try modify too with the Seems editors in Normal Mode and isn't possible edit it with this mode.
Any have idea of how to modify this SEEM in Flash Mode?? What soft for try it??
Im working in the OTP Patches for Motorola phones, but i need change the Seem IMEI, replys are welcome :( :(
I attach the P2K IMEI Convert, convert the IMEI of normal format to the PST/Radiocomm format, and a image of Radiocomm
WBR
Tr0nAd0r
--------------------------------------------------------------------------------
guibzh06-14-2006, 20:45
Hello,
I think I found the solution to your problem and you found mine.
I have a Motorola V3 and succefully change the seem's IMEI number (0004).
My problem that my phone compare with the OTP ones and it's done.
So If you could give me a modifyed firmware it's could be cool.
Now your answer :
- At this point make a full backup of your phone with Flash Backup and store it in sure place.
- I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)
- then you have a 64kB pds.bin
- Now open it with pdstool, click on parse and a seem folder will be create.
- Then you have to modify the 0004 file with your hexa favorite editor. (be carrefull about file attributes)
- You just have to use the assamble function off PDS Tool.
-> select all files of seem's directory.
-> check version 4
-> click assemble
->restore the generated pds file with Flash Backup
Enjoy
--------------------------------------------------------------------------------
Tr0nAd0r06-15-2006, 21:30
I continue researching about the theme, i extract this info of a data file of the MotoIMEI soft:
"RESTART"|"022"|"1"|"0"|"0"||""|||
"SUSPEND"|"036"|"1"|"1"|"1"||""|||
"RDELEM"|"020"|"1"|"8"|"YY"||""|||
"FLASH"|"00D"|"1"|"0"|"0"||""|||
"STELEM"|"02F"|"1"|"XX"|"1"||""|||
"VERSION"|"039"|"1"|"2"|"YY"||""|||
I think this a list of steps to follow and do the IMEI Change in Motorola.
I dont have a phone for try it now, but i will buy one for continue and i will search a document about the P2K Commands because i dont know how to make all this things using Radiocomm software. (I will use the PST Test and Flash Commands)
WBR
--------------------------------------------------------------------------------
paullovinicius06-16-2006, 05:53
Hello Tr0nAd0r,
sorry by words...
i'm not a genius like u :)
but, can we compare several models original images and patched images to get patchs?
did u try the guibzh solution?
thx again, man...
--------------------------------------------------------------------------------
geza06-16-2006, 14:41
Hello,
- I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)
But It does not support v360?
--------------------------------------------------------------------------------
Tr0nAd0r06-16-2006, 17:14
I dont try the gibzh solution, because im traveling now (im not working this days)
I will buy a cheap phone to try with this way, i will see if i obtain a V3 to provide the patch in this thread.
About the patches you can make it, reading the two .bin flash of the phones (original and patched) and compare it using a Comparer as FullFlash Comparer or Siemens (use Google to found it)
Sorry for my poor english
WBR
--------------------------------------------------------------------------------
Tr0nAd0r06-30-2006, 18:17
@guibz how do you edit the IMEI??
Isn't Encrypted in PDS??
a tiny tool for IMEI format convertion:
--------------------------------------------------------------------------------
Tr0nAd0r07-01-2006, 01:13
INFO ABOUT TEST COMMANDS:
MENU 048263*= OPCODE, then write 54* OK, the phone will lost signal, without sound and leds dont power on, the phone now is ready for receive test commands:
IMEI
In test mode
32*4*1*0*0 "OK"
"Results"
F1: 0 ; Command code 0 - ОК
F2 (D): ; Data
083a05092700247709
Decode-
08 - Head
3a 05 09 27 00 24 77 09 - Results IMEI -> 350907200427799
User code
32*116*1*0*0
"Results"
F1: 0
F2 (D):
00310032003300340000
Decode-
0031 -> "1"
0032 -> "2"
0033 -> "3"
0034 -> "4"
Security code- 32*118*1*0*0
Model - 32*279*1*0*8
Flex ver - 32*383*1*0*0
Master Reset 18*0
Master Clear 18*1
Set band GSM 900 10*0*3
Set band DCS 1800 10*0*4
Set band PCS 1900 10*0*5
Set dual band GSM 900/1800 10*0*6
Read band 10*1*0 -> 3=GSM 4=DCS 5=PCS 6=GSM/DCS
I will try now send the Test Command to the phone in test mode, the equivalent for IMEI Write is this:
The Steleem command are converted of hexadecimal to decimal to put it in the phone manually with keys :) :
Change IMEI:
47*4*1*0*9*081032547698103254 ---> IMEI=123456789012345
I wil try with this, and post the results laters
WBR
And some old documents:
--------------------------------------------------------------------------------
Strong Crypto07-03-2006, 08:07
So, is there any update about this topic? I am so interested because my v3x is barred because of imei.
--------------------------------------------------------------------------------
uguron08-10-2006, 23:14
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
--------------------------------------------------------------------------------
Tr0nAd0r08-10-2006, 23:16
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
What firmware patch do you need for try it??
--------------------------------------------------------------------------------
Tr0nAd0r08-13-2006, 18:03
I extract this for a V600:
0x080000: 10629BA7 11FF0000
0x0800AC: 11FE000011FE07 FFFFFFFFFFFFFF
0x0800C4: 10629BA7 11FF0000
0x0802D0: B4301C03 2A04D001
0x0802D5: 07D0012A05D11424C0 06D1034B02181B881B
0x0802DF: 1C880C801C2470801C 0B2000477001FFF000
--------------------------------------------------------------------------------
marmotacju08-15-2006, 02:11
Hi, I'm from Brazil and i'm new in the IMEI works, however I've some experience about other "P2K Works".
Maybe I'm wrong but what you are trying to do does not have anything about the RSA Verification ?
Let's see if we can do this 'come true...
That's it...
--------------------------------------------------------------------------------
crusher08-20-2006, 00:21
no by default "RSA verification" - among being a sticky name as most of them actually don't have anything to do with RSA - only verifies authority to several commands, like it used to be at most places.
however, I heard that MaxRFon solution - that most, if not all, other solutions copied now - uses IMEI patches "hardcoded" to actual OTP IMEI, that are the 2x9 bytes supposed to be... ;)
--------------------------------------------------------------------------------
Tr0nAd0r08-20-2006, 01:46
Any have a good log for sniffing between a IMEI Changer and a Motorola phone, it can be usefull ;) ;) ;) ;)
--------------------------------------------------------------------------------
crusher08-20-2006, 01:54
useful but for what in fact?
--------------------------------------------------------------------------------
Tr0nAd0r08-20-2006, 04:33
useful but for what in fact?
only curiosity :rolleyes: :rolleyes: :rolleyes:
--------------------------------------------------------------------------------
monedadeoro08-20-2006, 05:11
the more finded are change imei in V3i
this phone cant be downgrade and its importan factor for imei changin on this phones
need more info about posibility of downgrade bott in V3i and V3r
BR.
--------------------------------------------------------------------------------
crusher08-20-2006, 09:56
eh this is not true as well :)
bootloader downgradeability is only good for avoiding "test point"...
anyway bootloader downgrading WORKS, the question is what you want to downgrade the bootloader of V3x for instance :)
V3ROHS and V3i are not an issue.
--------------------------------------------------------------------------------
marmotacju08-25-2006, 08:06
Good for all, but in fact where can we find those motorola IMEI patches for the most required models, like E398, V3/i/x, etc...
--------------------------------------------------------------------------------
paullovinicius08-25-2006, 15:09
can this doc help anything?
or is only a joke?
--------------------------------------------------------------------------------
marmotacju08-26-2006, 07:33
No this works but only if the mobile has no restriction in accept a differente IMEI than the one in the OTP. In case the IMEI Patches helps.
--------------------------------------------------------------------------------
paullovinicius08-26-2006, 15:32
ok, but if i patch the flash and use this procedures, the mobile will work with new imei?
thx
--------------------------------------------------------------------------------
marmotacju08-27-2006, 04:34
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...
--------------------------------------------------------------------------------
kosii08-27-2006, 22:43
How can we find the must-patch area in the firmware?
There are the programs to dissassembly the firmware, or should we do other ways of finding that?
--
sorry for my bad bad english
--------------------------------------------------------------------------------
Tr0nAd0r08-28-2006, 02:54
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...
I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).
WBR
--------------------------------------------------------------------------------
paullovinicius08-28-2006, 03:33
I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).
WBR
can u try with the p2k commands of "IMEI REPAIR FULL PROCEDURE FOR P2K PRODUCTS.doc", attached here?
--------------------------------------------------------------------------------
GFI09-02-2006, 17:42
No news update already?
--------------------------------------------------------------------------------
notmeagain09-02-2006, 21:10
No news update already?
I tried using the p2k commands and radiocomm with a motorola v3, but i get return code 07 on the stelem commands to write the new imei, and it doesnt change a thing.
I'm sure there are other software methods that can be used to modify or rewrite the imei, but radiocomm and the current p2k commands doesnt seem to cut it.
--------------------------------------------------------------------------------
new_kuku09-04-2006, 10:39
AnybBody have a patch to disable otp_check on v3r? i have a phone for tests.
thanks
--------------------------------------------------------------------------------
pusulateknik09-05-2006, 16:31
where is the program??????
--------------------------------------------------------------------------------
Tr0nAd0r09-06-2006, 00:41
where is the program??????
This inside the NVM Programmer (PST) for Motorola
--------------------------------------------------------------------------------
dest09-07-2006, 05:23
This inside the NVM Programmer (PST) for Motorola
tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.
--------------------------------------------------------------------------------
Tr0nAd0r09-08-2006, 01:45
tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.
Yeah i change using a Dongle, but i dont like this way :) :) :)
If any have a way for sniffing the communication between the phone and software (in test mode) can be usefull, because my dongle change the imei only in flash mode :) :)
WBR
--------------------------------------------------------------------------------
marmotacju09-10-2006, 06:05
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.
--------------------------------------------------------------------------------
Tr0nAd0r09-10-2006, 07:03
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.
FB3.0 can be used for apply the patches in Motorola Phones
--------------------------------------------------------------------------------
notmeagain09-10-2006, 21:51
FB3.0 can be used for apply the patches in Motorola Phones
I backed up my phone using fb3.0(.53) and used the PDS tool from fb2.6.2 to modify the seem 0004 and re uploaded to the phone, the IMEI isn't changed at all, not even in radiocom, and now the phone asks for subsidy password on all but the original sim (was unlocked before).
Tr0nAd0r, i hate to ask for help, but could you please point me in the right direction to change the imei? _without a dongle_ i'm a student and haven't got much money to throw around at new hardware.
--------------------------------------------------------------------------------
marmotacju09-11-2006, 00:22
Ok, but I need the patch file and/or the codes to apply the patch using FP3... Thanx...
--------------------------------------------------------------------------------
mikoniko09-12-2006, 05:46
Heelo everyone...i must to say that im a nw whit this thing...but im learning a lot fro this forum...well as you can see the english is not my prinsipal lenguague but it's ok.
Tronador, one question, you make OTP patches for phones, do you have something for a V220?
Thanks
--------------------------------------------------------------------------------
Tr0nAd0r09-19-2006, 02:24
A document, i found it in a spanish forum (already not tested) about V3 IMEI
The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8
The language of the document is portuguese
If any can test if pls post results
WBR
--------------------------------------------------------------------------------
paullovinicius09-19-2006, 02:32
i can't test, but i can translate...
--------------------------------------------------------------------------------
notmeagain09-19-2006, 02:44
i can't test, but i can translate...
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.
Or does it patch the phones software to allow you to change the seem?
Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.
--------------------------------------------------------------------------------
marmotacju09-19-2006, 07:34
Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...
--------------------------------------------------------------------------------
yoda6709-19-2006, 10:11
i need flash for v600 imei change thankyou
--------------------------------------------------------------------------------
bananin09-19-2006, 17:52
marmotacju you can change the imei to any imei or change imei to only a imei??
you imei is IMEI=35507800855883x ??
thanks for reply
--------------------------------------------------------------------------------
Tr0nAd0r09-19-2006, 18:20
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.
Or does it patch the phones software to allow you to change the seem?
Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.
www.redsudaca.com is offline for now 72hours
Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...
confirm the new imei number of the phone.
Anymore test it???
WBR
--------------------------------------------------------------------------------
crusher09-19-2006, 20:56
I will test tomorrow.
noo, not on V3 ;)
--------------------------------------------------------------------------------
apd0609-21-2006, 17:49
A document, i found it in a spanish forum (already not tested) about V3 IMEI
The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8
The language of the document is portuguese
If any can test if pls post results
WBR
any chance of rehosting this again?
--------------------------------------------------------------------------------
notmeagain09-21-2006, 19:54
www.redsudaca.com (http://www.redsudaca.com) is offline for now 72hours
confirm the new imei number of the phone.
Anymore test it???
WBR
Well it worked on the two blacklisted phones, but i still get "Unregistered Sim" messages.
Had to re-flex the phones tho, as i wasn't getting past the "hellomoto" start screen.
Is there any way to change the imei back? :P
--------------------------------------------------------------------------------
Tr0nAd0r09-22-2006, 00:09
any chance of rehosting this again?
Yes, i will upload to another server :) :) :)
--------------------------------------------------------------------------------
apd0609-22-2006, 09:07
Yes, i will upload to another server :) :) :)
Thanks TrOnAdOr,I have been searching for this for a while. :)
--------------------------------------------------------------------------------
mad_dog09-26-2006, 01:25
hello can someone please recomend a good programe to change motorola's imei codes because i do not understand all this well and don't have much time! this would be a great help! if not can someone please explain well how to do a imei code change and how to patch it after?
--------------------------------------------------------------------------------
mad_dog09-27-2006, 00:54
hello is there just a program to change imei code on motorola because i do not understand all this well and would like a simple and clean process, even if this is explained different for a noob like me lol thx alot.
--------------------------------------------------------------------------------
mad_dog09-27-2006, 01:06
can someone please explain this for me as i do not understand most of this but have had some experience with motorola moding my motorola e398 to a rokr itunes phone, please if there is a programe that can do what u all are talking about(changing imei code) please let me know!
--------------------------------------------------------------------------------
guibzh09-28-2006, 13:11
Is there someone could upload the V3 flash file?
I'm very interested by it
Thanks
--------------------------------------------------------------------------------
dorganx10-01-2006, 17:58
Hello! would you be able to upload the file again Tr0nAd0r, you can do it at http://www.megaupload.com/ it will stay there available untill it spends 21 days unused.
I would really appreciate it, no importa el idioma en que este.
--------------------------------------------------------------------------------
Tr0nAd0r10-01-2006, 18:44
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)
--------------------------------------------------------------------------------
dest10-01-2006, 20:03
Tr0and0r,
Do you have the patch for v3?
--------------------------------------------------------------------------------
Tr0nAd0r10-01-2006, 20:09
Tr0and0r,
Do you have the patch for v3?
no, but i think that can be possible looking for a original flash and compare with this V3 flash that is working.
@dest, contact me in msn: guilleiguarans@hotmail.com
--------------------------------------------------------------------------------
Tr0nAd0r10-05-2006, 01:42
Hey guys if you got any questions or think you have useful information just post it on Hello-Moto Forums (http://www.hellomoto.1gig.biz/forums/index.php) because that place is like a database for information.
and about imei change, you can give me a link???
--------------------------------------------------------------------------------
darkriff10-06-2006, 03:33
There are some news??? I have here a v3x and i can't make it work ´cause of the IMEI
--------------------------------------------------------------------------------
josetolo_jr10-06-2006, 07:28
i am a new motorola user and i got E1 or the roker..... i do not know if these things talking in here are applicable to my phone... i like to explore and upgrade my new moto roker help me plz......
--------------------------------------------------------------------------------
dorganx10-11-2006, 18:26
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)
hello! I sent you a PM, just waiting for your reply, thank you very much for your help
--------------------------------------------------------------------------------
Tr0nAd0r10-12-2006, 02:22
...... MP Sent ...... !!!
--------------------------------------------------------------------------------
muratcell10-13-2006, 22:00
hi help mi v3i imei chanc plase ( my box mss4 )
--------------------------------------------------------------------------------
mansooreyan10-13-2006, 22:23
maybe u can change it use testpoint
mehdi_naghous@yahoo.com
+989131154402
--------------------------------------------------------------------------------
muratcell10-14-2006, 15:48
can you teach to me what i can do this?did you do complately?
--------------------------------------------------------------------------------
hedayat10-30-2006, 16:43
:) :p its ok my frend i weel used
--------------------------------------------------------------------------------
Tr0nAd0r11-05-2006, 17:54
L6 IMEI Change:
Flash with CMCC Flash: http://rapidshare.com/files/970293/L6_CMCC.rar.html
Write the langpack which you want (because it will be chinesse :) )
Use this soft: http://rapidshare.com/files/2119430/L6_change_imei.rar.html
For use soft, write imei and connect TP,,, this dont have "Start" button ;)
WBR
--------------------------------------------------------------------------------
mpeled11-06-2006, 08:23
This is a example patch for Motorola E398 R373 binary firmware:
Code:
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
Tr0nAd0r
Hi,
Could you please give the instructions how to apply the example patch to the phone?
thanks,
mpeled.
--------------------------------------------------------------------------------
GENEW11-11-2006, 07:04
Tronador forbidden file according to rapid share.
how about c651 change imei any procedures and files?
please share.
tia
--------------------------------------------------------------------------------
Tr0nAd0r11-11-2006, 07:33
@mpeled, Phone can be patched with FlashBackup, but dont imei changed
@GENEW, c651 files dont available
If any have the original files of L6 and V3 (same version of posted patched files) please share, those are usefull for continue researching :) :)
WBR
--------------------------------------------------------------------------------
mpeled11-12-2006, 08:29
@mpeled, Phone can be patched with FlashBackup, but dont imei changed
WBR
Thanks Tr0nAd0r,
but how do i convert those lines of text
from your example patch:
-----------------------------------------------
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
----------------------------------------------
into a patch file recognised by flashbackup?
thanks,
mpeled.
--------------------------------------------------------------------------------
Tr0nAd0r11-12-2006, 15:54
I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)
--------------------------------------------------------------------------------
mpeled11-13-2006, 00:56
@mpeled, Phone can be patched with FlashBackup....
I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)
Thanks Tr0nAd0r,
After dl V_Klay I found out that it is the best way to do it. :D
thank you for your answers,
mpeled.
--------------------------------------------------------------------------------
kasamiko11-20-2006, 03:48
Link not found...
Pls post another link..
--------------------------------------------------------------------------------
CEPHASTANESİ11-21-2006, 00:45
Tronador LTE2 imei change ok
pro what
pro picture
method what
--------------------------------------------------------------------------------
weba112-02-2006, 18:40
i tried this method on v3i , but it is not change . anyone can chage imei of v3i , v3r or v3x
--------------------------------------------------------------------------------
Tr0nAd0r12-02-2006, 19:08
V3i V3r using dongle
--------------------------------------------------------------------------------
uizarde12-03-2006, 21:50
I need a simple tutorial.
I change imei of psd backup (of my phone), i need patch for v3 otp, can help me?
--------------------------------------------------------------------------------
wntl02-03-2007, 11:07
Can I change displayed IMEI on e398 (and HOW ?), not this sending to network, only displayed :D
sorry for my poor english
--------------------------------------------------------------------------------
k@m@R02-14-2007, 22:33
What change Imei in Moto E398? Write please instruction with picture! Thank you enormous!
--------------------------------------------------------------------------------
..::hotlovercool4::..02-14-2007, 22:46
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
--------------------------------------------------------------------------------
BIG EVIL02-15-2007, 10:37
@ hotlovercool4 post the software here pls
--------------------------------------------------------------------------------
car__3402-22-2007, 05:06
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
YEAH POST THE SOFTWARE AND PLEASE MAKE A RELAIABLE LINK
--------------------------------------------------------------------------------
Gavincol7803-20-2007, 01:27
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
I don't like asking people to prove themselves but unless you can provide the software / working link for the software then I am afraid I am calling your bluff there is no simple software to change an IMEI number for Motorola.
not even your forum @ www.gsmlover.com has any info on Motorola IMEI changing.
If you can prove yourself then I will eat my words
--------------------------------------------------------------------------------
Patuno03-22-2007, 17:30
Hey please somebody re-upload the files!!!
--------------------------------------------------------------------------------
binhdo04-09-2007, 03:29
how would i change the imei for a rizr z3?
--------------------------------------------------------------------------------
ciromaster04-16-2007, 05:46
k1 imei repair
change the imei
--------------------------------------------------------------------------------
Fitap06-09-2007, 19:20
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
Not only upload that soft you said; post the tutorial too, please !!
Only if you want shure ...
--------------------------------------------------------------------------------
luigivsf06-17-2007, 07:03
looks like its injecting another bootloader, but i dont know what b/l
--------------------------------------------------------------------------------
Alan_B07-06-2007, 01:09
as imei is generated patch, soon to apply it to the flash file by means of v_klay? :confused::confused::confused:
--------------------------------------------------------------------------------
pollopopo10-19-2007, 22:36
guide for change imei v3xx
--------------------------------------------------------------------------------
digisys10-21-2007, 08:36
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143
CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!
--------------------------------------------------------------------------------
mhrm110-21-2007, 11:30
:confused:is possible in odm models for ex. w375???
--------------------------------------------------------------------------------
digisys10-21-2007, 11:33
not this only work on P2K phones... (E2 A1200 & ODM not work) and on lates generation have to dowgrade the bootloader and the patch its a little "mas complejo" :D algun dia los pondre....
--------------------------------------------------------------------------------
pollopopo10-21-2007, 14:41
Programs that I use to change the IMEI v3xx
--------------------------------------------------------------------------------
yurais03-24-2008, 07:22
WOuld it work on v180 ?
I think for replacing the stuff at the firmware all has to be done is extract the firmware with flashbackup to SHX, decode the shx file with shxcodec and replace the stuff with vklay.
then assemble everything with shxcodec and flash back the shx with flashbackup
because you only talk about cg1 annd cg7 I think no need to read/decode/flash other CGs
--------------------------------------------------------------------------------
dummyshu04-01-2008, 21:39
i have a motorola phone without IMEI, it doesn't work (no network even put in SIM card), anyone can teach me how to make it work ?
--------------------------------------------------------------------------------
Tr0nAd0r06-06-2008, 00:27
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143
CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!
Good work men, im testing now, this work 100% OK, anyone can made his own IMEI Patcher with this. I will write one in C++ and release it.
--------------------------------------------------------------------------------
geanicev06-06-2008, 07:23
Is it work with another model?
or just for NEPTUNE LTE base, what about NEPTUNE LTE2 base such as, L7, V360, V3i, L7e?
--------------------------------------------------------------------------------
Tr0nAd0r06-06-2008, 16:25
This method work in LTE2 too. Dont work in linux based phones and ODM.
Regards.
--------------------------------------------------------------------------------
geanicev06-07-2008, 12:22
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.
--------------------------------------------------------------------------------
NAZTY06-07-2008, 13:01
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html
REGARDS
NAZTY®:cool:
:D"DONT GAIN THE WORLD & LOSE YOUR SOUL.....
.....WISDOM IS BETTER THAN SILVER & GOLD":D
--------------------------------------------------------------------------------
Tr0nAd0r06-07-2008, 16:58
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.
Please post in here, we all can post the patches in here. :)
@NAZTY, I will try to modify this soft to remove all the text and image. I unpacked it and get some parts of source code and a lot of loaders for motorola phones,,, very interesting
--------------------------------------------------------------------------------
yurais06-08-2008, 02:51
If I dont have any patcher, would it work as I explained? extract CG1 and CG7 with flashbackup, edit with any HEXEditor and flash both CGs back into the phone ?
--------------------------------------------------------------------------------
Tr0nAd0r06-08-2008, 04:00
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html
I extract 183 loaders from this file, i will post because it can be usefull for someone ;)
--------------------------------------------------------------------------------
yurais06-08-2008, 07:27
and what could be these loaders useful for ?
--------------------------------------------------------------------------------
jacky1978006-15-2008, 10:07
:o:o:o:cool::cool::cool::cool::cool::cool::cool:do w 1st
--------------------------------------------------------------------------------
geanicev07-17-2008, 05:51
I extract 183 loaders from this file, i will post because it can be usefull for someone ;)
great, i will wait for it.
I need the information of the other patch for another model, as long as i know this soft works with same method as what we discuss here, only patching the FW. :D
The important thing of patching is you have to remove RSA protection from FW to make thge patch works :D
--------------------------------------------------------------------------------
j0b0ily09-16-2008, 20:50
I want change my imei, but
Motoimei not working with my v3i
R479 bootloader A052:mad:
You said :
V3i V3r using dongle
Dongle? I have only USB cable... ?
It's my v3i information:
TCMD Interface established ok
Read phone informations
Model: V3i
IMEI: ******************
User Code: 1234
Security Code: 000000
Firmware: R479_G_08.B5.86R
Flex Version: GSPV3IRGRS01NA19D - 1.0.K.3.0.2.0.AB.0.0
Operation completed with success
Do you have able to add A0.52 bootloader ?
For change IMEI, do you need use checkpoint ?
--------------------------------------------------------------------------------
bananin09-16-2008, 22:50
I want change my imei, but
Motoimei not working with my v3i
R479 bootloader A052:mad:
You said :
V3i V3r using dongle
Dongle? I have only USB cable... ?
It's my v3i information:
TCMD Interface established ok
Read phone informations
Model: V3i
IMEI: ******************
User Code: 1234
Security Code: 000000
Firmware: R479_G_08.B5.86R
Flex Version: GSPV3IRGRS01NA19D - 1.0.K.3.0.2.0.AB.0.0
Operation completed with success
Do you have able to add A0.52 bootloader ?
For change IMEI, do you need use checkpoint ?
For imei change in this model you need downgrade bootloader to 0A.30 and need testpoint.Then you can change whit free motoimei from zulea
--------------------------------------------------------------------------------
OCM77011-08-2008, 01:00
Greetings all, any advance on this for R4517 L7? I have patched CG1 but im not sure what offsets to change in CG7, anyone?
--------------------------------------------------------------------------------
P3rd1d011-18-2008, 02:56
dead post ??
no news ?
--------------------------------------------------------------------------------
gallar02-16-2009, 06:44
Hello guys,
Any of you has got idea how to change the IMEI number in motorola k1?:P
Maybe someone has done succesfully before?:P
--------------------------------------------------------------------------------
nadirghazi02-16-2009, 07:04
Hello guys,
Any of you has got idea how to change the IMEI number in motorola k1?:P
Maybe someone has done succesfully before?:P
use smart clip goto Restore IMEI
than press IMEI PATCHER VERY EASY:)
--------------------------------------------------------------------------------
gallar02-16-2009, 08:55
The only poblem is that I do not own a Smart Clip device.
Isn't there an easy way to do it just with a USB cable?
--------------------------------------------------------------------------------
IMEI の変更方法
&bold(){***調査中
}
----
材料
Android Marketのプロトコルについて、第2回:Vendingアプリを使わずにAndroid Marketのフリーのアプリをダウンロードする方法(未検証)で書きましたが、ANDROID_IDの取得方法が解明されました。
Androidで使用できる固有識別情報は大別すると2種類あり、ANDROID_IDはその1つとなります。
(1)ANDROID_ID
Uniquely Identifying Android Devices without special permissions. http://strazzere.com/blog/?p=113
ANDROID_IDは、Android Marketのプロトコルでも使われている重要なパラメータの1つです。
Googleのドキュメントにも説明があります。
http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID
The Android ID (a unique 64-bit value) as a hex string. Identical to that obtained by calling GoogleLoginService.getAndroidId(); it is also placed here so you can get it without binding to a service.
Constant Value: "android_id"
ANDROID_IDは、ユニークな64bitの値で16進文字列。Android端末を(たぶん)一意に識別できる値。
(GoogleLoginService.getAndroidId();をコールして得られたものと同じ)
WindowsでいうところのGUIDみたいなものでしょうか?WindowsのGUIDのビット数は128bitだった気がしますが。
ANDROID_IDの取得方法は、API Level 1より提供されている
android.provider.Settings.System.ANDROID_ID
は推奨されなくなったようです。
API Level 3(Android 1.5)以降では、android.provider.Settings.Secure.ANDROID_ID
から取得するようになりました。Permissionが付与されていないと読めなくなったので、セキュリティ的な理由で変更されたんですかね。
で、このANDROID_IDの値ですが、工場出荷時状態からの初回起動時か、Googleのサーバとのアクティベーション時に生成されて、Googleのサーバに登録されるんですかね。Windowsのアクティベーションはこんな感じだったような気がするんですが。
それと、ANDROID_IDは、root権限が取得できると書き換えることができます。やり方は、sqliteのデータベースのANDROID_IDの値を書き換えるだけ。
More spoofing of the android id…
http://strazzere.com/blog/?p=235
設定値が保存されているsqliteのデータベースです。
/data/data/com.google.android.googleapps/databases/accounts.db
Spoofing your Android_ID
http://strazzere.com/blog/?p=217
こちらにもANDROID_IDの設定値が保存されています。
/data/data/com.android.providers.settings/databases/settings.db
どちらがマスターなんでしょう。。。
ってことは、Android端末をリセットすると/dataは初期化されるはずなので、ANDROID_IDが変わってしまうってこと???
(2)携帯電話特有の固有識別情報
Uniquely Identifying Android Devices with special permissions
http://strazzere.com/blog/?p=116
サンプルコードが載っていたのでメモ。
import android.telephony.*;
…
TelephonyManager mTelephonyMgr =
(TelephonyManager)getSystemService(TELEPHONY_SERVICE);
String imei = mTelephonyMgr.getDeviceId(); // Requires READ_PHONE_STATE
String phoneNumber=mTelephonyMgr.getLine1Number(); // Requires READ_PHONE_STATE
String softwareVer = mTelephonyMgr.getDeviceSoftwareVersion(); // Requires READ_PHONE_STATE
String simSerial = mTelephonyMgr.getSimSerialNumber(); // Requires READ_PHONE_STATE
String subscriberId = mTelephonyMgr.getSubscriberId(); // Requires READ_PHONE_STATE
取得例
DeviceId(IMEI) = 000000000000000
DeviceSoftwareVersion = null
Line1Number = 15555218135
SimSerialNumber = 89014103211118510720
SubscriberId(IMSI) = 310995000000000
IMEI、端末ソフトウェアのバージョン、MSISDN、SIMのシリアル番号、IMSIを取得することができます。
取得するには、android.permission.READ_PHONE_STATEのPermissionが必要です。
これらの情報を収集すれば、そのうちAndroidでも↓こんなニュースが流れるようになってくるかもしれません。
未発表 iPhoneモデル「iPhone3,1」、アプリの利用統計で観測される
あと、Android端末のファームウェアが不正に書き換えられているとサービス拒否とか。。。
勝手に収集されて悪用されると怖いかも。
------
材料
View Full Version : Motorola IMEI Change: Patches + Radiocomm
--------------------------------------------------------------------------------
Tr0nAd0r06-12-2006, 21:05
The Motorola phones have two IMEI, one is in OTP Zone (One Time Programming), is imposible overwrite this IMEI.
And have a Second IMEI saved in one Seem, this isn't OTP and can be modified, this second is the IMEI sended to the network
The phone compare this two IMEI when we power on the mobile and if this are different power off inmediatly, but is possible "Patch" this check and the mobile will power on with the two differents IMEI.
This is a example patch for Motorola E398 R373 binary firmware:
Code:
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
This the Seem that contain the IMEI:
Element ID 0004
Record 0001
Offset 0000
Lenght 0009
I change the IMEI to the mobile using a Dongle and I try reading this Seem and in here is saved the New IMEI:
Radiocomm log:
Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
It read the IMEI (for this test i change the IMEI with dongle to 2222222222...)
But when i try to Write this Seem to the Mobile (using Radiocomm), it done all ok:
Sending 'STELEM' command with data '0004000100000009083A05092770104344' to the radio...
Sent to radio: 41020000080019000000002F00110000000400010000000908 3A05092770104344
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
But the phone have the old IMEI:
Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.
The phone is in suspend mode (power off but is detected by Radiocomm), but i see than the SmartClip, Loggers and Dongles put the phone in Flash Mode for overwrite this SEEM (in think that this tools unblock this SEEM), i try modify too with the Seems editors in Normal Mode and isn't possible edit it with this mode.
Any have idea of how to modify this SEEM in Flash Mode?? What soft for try it??
Im working in the OTP Patches for Motorola phones, but i need change the Seem IMEI, replys are welcome :( :(
I attach the P2K IMEI Convert, convert the IMEI of normal format to the PST/Radiocomm format, and a image of Radiocomm
WBR
Tr0nAd0r
--------------------------------------------------------------------------------
guibzh06-14-2006, 20:45
Hello,
I think I found the solution to your problem and you found mine.
I have a Motorola V3 and succefully change the seem's IMEI number (0004).
My problem that my phone compare with the OTP ones and it's done.
So If you could give me a modifyed firmware it's could be cool.
Now your answer :
- At this point make a full backup of your phone with Flash Backup and store it in sure place.
- I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)
- then you have a 64kB pds.bin
- Now open it with pdstool, click on parse and a seem folder will be create.
- Then you have to modify the 0004 file with your hexa favorite editor. (be carrefull about file attributes)
- You just have to use the assamble function off PDS Tool.
-> select all files of seem's directory.
-> check version 4
-> click assemble
->restore the generated pds file with Flash Backup
Enjoy
--------------------------------------------------------------------------------
Tr0nAd0r06-15-2006, 21:30
I continue researching about the theme, i extract this info of a data file of the MotoIMEI soft:
"RESTART"|"022"|"1"|"0"|"0"||""|||
"SUSPEND"|"036"|"1"|"1"|"1"||""|||
"RDELEM"|"020"|"1"|"8"|"YY"||""|||
"FLASH"|"00D"|"1"|"0"|"0"||""|||
"STELEM"|"02F"|"1"|"XX"|"1"||""|||
"VERSION"|"039"|"1"|"2"|"YY"||""|||
I think this a list of steps to follow and do the IMEI Change in Motorola.
I dont have a phone for try it now, but i will buy one for continue and i will search a document about the P2K Commands because i dont know how to make all this things using Radiocomm software. (I will use the PST Test and Flash Commands)
WBR
--------------------------------------------------------------------------------
paullovinicius06-16-2006, 05:53
Hello Tr0nAd0r,
sorry by words...
i'm not a genius like u :)
but, can we compare several models original images and patched images to get patchs?
did u try the guibzh solution?
thx again, man...
--------------------------------------------------------------------------------
geza06-16-2006, 14:41
Hello,
- I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)
But It does not support v360?
--------------------------------------------------------------------------------
Tr0nAd0r06-16-2006, 17:14
I dont try the gibzh solution, because im traveling now (im not working this days)
I will buy a cheap phone to try with this way, i will see if i obtain a V3 to provide the patch in this thread.
About the patches you can make it, reading the two .bin flash of the phones (original and patched) and compare it using a Comparer as FullFlash Comparer or Siemens (use Google to found it)
Sorry for my poor english
WBR
--------------------------------------------------------------------------------
Tr0nAd0r06-30-2006, 18:17
@guibz how do you edit the IMEI??
Isn't Encrypted in PDS??
a tiny tool for IMEI format convertion:
--------------------------------------------------------------------------------
Tr0nAd0r07-01-2006, 01:13
INFO ABOUT TEST COMMANDS:
MENU 048263*= OPCODE, then write 54* OK, the phone will lost signal, without sound and leds dont power on, the phone now is ready for receive test commands:
IMEI
In test mode
32*4*1*0*0 "OK"
"Results"
F1: 0 ; Command code 0 - ОК
F2 (D): ; Data
083a05092700247709
Decode-
08 - Head
3a 05 09 27 00 24 77 09 - Results IMEI -> 350907200427799
User code
32*116*1*0*0
"Results"
F1: 0
F2 (D):
00310032003300340000
Decode-
0031 -> "1"
0032 -> "2"
0033 -> "3"
0034 -> "4"
Security code- 32*118*1*0*0
Model - 32*279*1*0*8
Flex ver - 32*383*1*0*0
Master Reset 18*0
Master Clear 18*1
Set band GSM 900 10*0*3
Set band DCS 1800 10*0*4
Set band PCS 1900 10*0*5
Set dual band GSM 900/1800 10*0*6
Read band 10*1*0 -> 3=GSM 4=DCS 5=PCS 6=GSM/DCS
I will try now send the Test Command to the phone in test mode, the equivalent for IMEI Write is this:
The Steleem command are converted of hexadecimal to decimal to put it in the phone manually with keys :) :
Change IMEI:
47*4*1*0*9*081032547698103254 ---> IMEI=123456789012345
I wil try with this, and post the results laters
WBR
And some old documents:
--------------------------------------------------------------------------------
Strong Crypto07-03-2006, 08:07
So, is there any update about this topic? I am so interested because my v3x is barred because of imei.
--------------------------------------------------------------------------------
uguron08-10-2006, 23:14
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
--------------------------------------------------------------------------------
Tr0nAd0r08-10-2006, 23:16
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
What firmware patch do you need for try it??
--------------------------------------------------------------------------------
Tr0nAd0r08-13-2006, 18:03
I extract this for a V600:
0x080000: 10629BA7 11FF0000
0x0800AC: 11FE000011FE07 FFFFFFFFFFFFFF
0x0800C4: 10629BA7 11FF0000
0x0802D0: B4301C03 2A04D001
0x0802D5: 07D0012A05D11424C0 06D1034B02181B881B
0x0802DF: 1C880C801C2470801C 0B2000477001FFF000
--------------------------------------------------------------------------------
marmotacju08-15-2006, 02:11
Hi, I'm from Brazil and i'm new in the IMEI works, however I've some experience about other "P2K Works".
Maybe I'm wrong but what you are trying to do does not have anything about the RSA Verification ?
Let's see if we can do this 'come true...
That's it...
--------------------------------------------------------------------------------
crusher08-20-2006, 00:21
no by default "RSA verification" - among being a sticky name as most of them actually don't have anything to do with RSA - only verifies authority to several commands, like it used to be at most places.
however, I heard that MaxRFon solution - that most, if not all, other solutions copied now - uses IMEI patches "hardcoded" to actual OTP IMEI, that are the 2x9 bytes supposed to be... ;)
--------------------------------------------------------------------------------
Tr0nAd0r08-20-2006, 01:46
Any have a good log for sniffing between a IMEI Changer and a Motorola phone, it can be usefull ;) ;) ;) ;)
--------------------------------------------------------------------------------
crusher08-20-2006, 01:54
useful but for what in fact?
--------------------------------------------------------------------------------
Tr0nAd0r08-20-2006, 04:33
useful but for what in fact?
only curiosity :rolleyes: :rolleyes: :rolleyes:
--------------------------------------------------------------------------------
monedadeoro08-20-2006, 05:11
the more finded are change imei in V3i
this phone cant be downgrade and its importan factor for imei changin on this phones
need more info about posibility of downgrade bott in V3i and V3r
BR.
--------------------------------------------------------------------------------
crusher08-20-2006, 09:56
eh this is not true as well :)
bootloader downgradeability is only good for avoiding "test point"...
anyway bootloader downgrading WORKS, the question is what you want to downgrade the bootloader of V3x for instance :)
V3ROHS and V3i are not an issue.
--------------------------------------------------------------------------------
marmotacju08-25-2006, 08:06
Good for all, but in fact where can we find those motorola IMEI patches for the most required models, like E398, V3/i/x, etc...
--------------------------------------------------------------------------------
paullovinicius08-25-2006, 15:09
can this doc help anything?
or is only a joke?
--------------------------------------------------------------------------------
marmotacju08-26-2006, 07:33
No this works but only if the mobile has no restriction in accept a differente IMEI than the one in the OTP. In case the IMEI Patches helps.
--------------------------------------------------------------------------------
paullovinicius08-26-2006, 15:32
ok, but if i patch the flash and use this procedures, the mobile will work with new imei?
thx
--------------------------------------------------------------------------------
marmotacju08-27-2006, 04:34
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...
--------------------------------------------------------------------------------
kosii08-27-2006, 22:43
How can we find the must-patch area in the firmware?
There are the programs to dissassembly the firmware, or should we do other ways of finding that?
--
sorry for my bad bad english
--------------------------------------------------------------------------------
Tr0nAd0r08-28-2006, 02:54
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...
I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).
WBR
--------------------------------------------------------------------------------
paullovinicius08-28-2006, 03:33
I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).
WBR
can u try with the p2k commands of "IMEI REPAIR FULL PROCEDURE FOR P2K PRODUCTS.doc", attached here?
--------------------------------------------------------------------------------
GFI09-02-2006, 17:42
No news update already?
--------------------------------------------------------------------------------
notmeagain09-02-2006, 21:10
No news update already?
I tried using the p2k commands and radiocomm with a motorola v3, but i get return code 07 on the stelem commands to write the new imei, and it doesnt change a thing.
I'm sure there are other software methods that can be used to modify or rewrite the imei, but radiocomm and the current p2k commands doesnt seem to cut it.
--------------------------------------------------------------------------------
new_kuku09-04-2006, 10:39
AnybBody have a patch to disable otp_check on v3r? i have a phone for tests.
thanks
--------------------------------------------------------------------------------
pusulateknik09-05-2006, 16:31
where is the program??????
--------------------------------------------------------------------------------
Tr0nAd0r09-06-2006, 00:41
where is the program??????
This inside the NVM Programmer (PST) for Motorola
--------------------------------------------------------------------------------
dest09-07-2006, 05:23
This inside the NVM Programmer (PST) for Motorola
tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.
--------------------------------------------------------------------------------
Tr0nAd0r09-08-2006, 01:45
tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.
Yeah i change using a Dongle, but i dont like this way :) :) :)
If any have a way for sniffing the communication between the phone and software (in test mode) can be usefull, because my dongle change the imei only in flash mode :) :)
WBR
--------------------------------------------------------------------------------
marmotacju09-10-2006, 06:05
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.
--------------------------------------------------------------------------------
Tr0nAd0r09-10-2006, 07:03
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.
FB3.0 can be used for apply the patches in Motorola Phones
--------------------------------------------------------------------------------
notmeagain09-10-2006, 21:51
FB3.0 can be used for apply the patches in Motorola Phones
I backed up my phone using fb3.0(.53) and used the PDS tool from fb2.6.2 to modify the seem 0004 and re uploaded to the phone, the IMEI isn't changed at all, not even in radiocom, and now the phone asks for subsidy password on all but the original sim (was unlocked before).
Tr0nAd0r, i hate to ask for help, but could you please point me in the right direction to change the imei? _without a dongle_ i'm a student and haven't got much money to throw around at new hardware.
--------------------------------------------------------------------------------
marmotacju09-11-2006, 00:22
Ok, but I need the patch file and/or the codes to apply the patch using FP3... Thanx...
--------------------------------------------------------------------------------
mikoniko09-12-2006, 05:46
Heelo everyone...i must to say that im a nw whit this thing...but im learning a lot fro this forum...well as you can see the english is not my prinsipal lenguague but it's ok.
Tronador, one question, you make OTP patches for phones, do you have something for a V220?
Thanks
--------------------------------------------------------------------------------
Tr0nAd0r09-19-2006, 02:24
A document, i found it in a spanish forum (already not tested) about V3 IMEI
The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8
The language of the document is portuguese
If any can test if pls post results
WBR
--------------------------------------------------------------------------------
paullovinicius09-19-2006, 02:32
i can't test, but i can translate...
--------------------------------------------------------------------------------
notmeagain09-19-2006, 02:44
i can't test, but i can translate...
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.
Or does it patch the phones software to allow you to change the seem?
Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.
--------------------------------------------------------------------------------
marmotacju09-19-2006, 07:34
Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...
--------------------------------------------------------------------------------
yoda6709-19-2006, 10:11
i need flash for v600 imei change thankyou
--------------------------------------------------------------------------------
bananin09-19-2006, 17:52
marmotacju you can change the imei to any imei or change imei to only a imei??
you imei is IMEI=35507800855883x ??
thanks for reply
--------------------------------------------------------------------------------
Tr0nAd0r09-19-2006, 18:20
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.
Or does it patch the phones software to allow you to change the seem?
Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.
www.redsudaca.com is offline for now 72hours
Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...
confirm the new imei number of the phone.
Anymore test it???
WBR
--------------------------------------------------------------------------------
crusher09-19-2006, 20:56
I will test tomorrow.
noo, not on V3 ;)
--------------------------------------------------------------------------------
apd0609-21-2006, 17:49
A document, i found it in a spanish forum (already not tested) about V3 IMEI
The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8
The language of the document is portuguese
If any can test if pls post results
WBR
any chance of rehosting this again?
--------------------------------------------------------------------------------
notmeagain09-21-2006, 19:54
www.redsudaca.com (http://www.redsudaca.com) is offline for now 72hours
confirm the new imei number of the phone.
Anymore test it???
WBR
Well it worked on the two blacklisted phones, but i still get "Unregistered Sim" messages.
Had to re-flex the phones tho, as i wasn't getting past the "hellomoto" start screen.
Is there any way to change the imei back? :P
--------------------------------------------------------------------------------
Tr0nAd0r09-22-2006, 00:09
any chance of rehosting this again?
Yes, i will upload to another server :) :) :)
--------------------------------------------------------------------------------
apd0609-22-2006, 09:07
Yes, i will upload to another server :) :) :)
Thanks TrOnAdOr,I have been searching for this for a while. :)
--------------------------------------------------------------------------------
mad_dog09-26-2006, 01:25
hello can someone please recomend a good programe to change motorola's imei codes because i do not understand all this well and don't have much time! this would be a great help! if not can someone please explain well how to do a imei code change and how to patch it after?
--------------------------------------------------------------------------------
mad_dog09-27-2006, 00:54
hello is there just a program to change imei code on motorola because i do not understand all this well and would like a simple and clean process, even if this is explained different for a noob like me lol thx alot.
--------------------------------------------------------------------------------
mad_dog09-27-2006, 01:06
can someone please explain this for me as i do not understand most of this but have had some experience with motorola moding my motorola e398 to a rokr itunes phone, please if there is a programe that can do what u all are talking about(changing imei code) please let me know!
--------------------------------------------------------------------------------
guibzh09-28-2006, 13:11
Is there someone could upload the V3 flash file?
I'm very interested by it
Thanks
--------------------------------------------------------------------------------
dorganx10-01-2006, 17:58
Hello! would you be able to upload the file again Tr0nAd0r, you can do it at http://www.megaupload.com/ it will stay there available untill it spends 21 days unused.
I would really appreciate it, no importa el idioma en que este.
--------------------------------------------------------------------------------
Tr0nAd0r10-01-2006, 18:44
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)
--------------------------------------------------------------------------------
dest10-01-2006, 20:03
Tr0and0r,
Do you have the patch for v3?
--------------------------------------------------------------------------------
Tr0nAd0r10-01-2006, 20:09
Tr0and0r,
Do you have the patch for v3?
no, but i think that can be possible looking for a original flash and compare with this V3 flash that is working.
@dest, contact me in msn: guilleiguarans@hotmail.com
--------------------------------------------------------------------------------
Tr0nAd0r10-05-2006, 01:42
Hey guys if you got any questions or think you have useful information just post it on Hello-Moto Forums (http://www.hellomoto.1gig.biz/forums/index.php) because that place is like a database for information.
and about imei change, you can give me a link???
--------------------------------------------------------------------------------
darkriff10-06-2006, 03:33
There are some news??? I have here a v3x and i can't make it work ´cause of the IMEI
--------------------------------------------------------------------------------
josetolo_jr10-06-2006, 07:28
i am a new motorola user and i got E1 or the roker..... i do not know if these things talking in here are applicable to my phone... i like to explore and upgrade my new moto roker help me plz......
--------------------------------------------------------------------------------
dorganx10-11-2006, 18:26
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)
hello! I sent you a PM, just waiting for your reply, thank you very much for your help
--------------------------------------------------------------------------------
Tr0nAd0r10-12-2006, 02:22
...... MP Sent ...... !!!
--------------------------------------------------------------------------------
muratcell10-13-2006, 22:00
hi help mi v3i imei chanc plase ( my box mss4 )
--------------------------------------------------------------------------------
mansooreyan10-13-2006, 22:23
maybe u can change it use testpoint
mehdi_naghous@yahoo.com
+989131154402
--------------------------------------------------------------------------------
muratcell10-14-2006, 15:48
can you teach to me what i can do this?did you do complately?
--------------------------------------------------------------------------------
hedayat10-30-2006, 16:43
:) :p its ok my frend i weel used
--------------------------------------------------------------------------------
Tr0nAd0r11-05-2006, 17:54
L6 IMEI Change:
Flash with CMCC Flash: http://rapidshare.com/files/970293/L6_CMCC.rar.html
Write the langpack which you want (because it will be chinesse :) )
Use this soft: http://rapidshare.com/files/2119430/L6_change_imei.rar.html
For use soft, write imei and connect TP,,, this dont have "Start" button ;)
WBR
--------------------------------------------------------------------------------
mpeled11-06-2006, 08:23
This is a example patch for Motorola E398 R373 binary firmware:
Code:
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
Tr0nAd0r
Hi,
Could you please give the instructions how to apply the example patch to the phone?
thanks,
mpeled.
--------------------------------------------------------------------------------
GENEW11-11-2006, 07:04
Tronador forbidden file according to rapid share.
how about c651 change imei any procedures and files?
please share.
tia
--------------------------------------------------------------------------------
Tr0nAd0r11-11-2006, 07:33
@mpeled, Phone can be patched with FlashBackup, but dont imei changed
@GENEW, c651 files dont available
If any have the original files of L6 and V3 (same version of posted patched files) please share, those are usefull for continue researching :) :)
WBR
--------------------------------------------------------------------------------
mpeled11-12-2006, 08:29
@mpeled, Phone can be patched with FlashBackup, but dont imei changed
WBR
Thanks Tr0nAd0r,
but how do i convert those lines of text
from your example patch:
-----------------------------------------------
0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000
----------------------------------------------
into a patch file recognised by flashbackup?
thanks,
mpeled.
--------------------------------------------------------------------------------
Tr0nAd0r11-12-2006, 15:54
I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)
--------------------------------------------------------------------------------
mpeled11-13-2006, 00:56
@mpeled, Phone can be patched with FlashBackup....
I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)
Thanks Tr0nAd0r,
After dl V_Klay I found out that it is the best way to do it. :D
thank you for your answers,
mpeled.
--------------------------------------------------------------------------------
kasamiko11-20-2006, 03:48
Link not found...
Pls post another link..
--------------------------------------------------------------------------------
CEPHASTANESİ11-21-2006, 00:45
Tronador LTE2 imei change ok
pro what
pro picture
method what
--------------------------------------------------------------------------------
weba112-02-2006, 18:40
i tried this method on v3i , but it is not change . anyone can chage imei of v3i , v3r or v3x
--------------------------------------------------------------------------------
Tr0nAd0r12-02-2006, 19:08
V3i V3r using dongle
--------------------------------------------------------------------------------
uizarde12-03-2006, 21:50
I need a simple tutorial.
I change imei of psd backup (of my phone), i need patch for v3 otp, can help me?
--------------------------------------------------------------------------------
wntl02-03-2007, 11:07
Can I change displayed IMEI on e398 (and HOW ?), not this sending to network, only displayed :D
sorry for my poor english
--------------------------------------------------------------------------------
k@m@R02-14-2007, 22:33
What change Imei in Moto E398? Write please instruction with picture! Thank you enormous!
--------------------------------------------------------------------------------
..::hotlovercool4::..02-14-2007, 22:46
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
--------------------------------------------------------------------------------
BIG EVIL02-15-2007, 10:37
@ hotlovercool4 post the software here pls
--------------------------------------------------------------------------------
car__3402-22-2007, 05:06
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
YEAH POST THE SOFTWARE AND PLEASE MAKE A RELAIABLE LINK
--------------------------------------------------------------------------------
Gavincol7803-20-2007, 01:27
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
I don't like asking people to prove themselves but unless you can provide the software / working link for the software then I am afraid I am calling your bluff there is no simple software to change an IMEI number for Motorola.
not even your forum @ www.gsmlover.com has any info on Motorola IMEI changing.
If you can prove yourself then I will eat my words
--------------------------------------------------------------------------------
Patuno03-22-2007, 17:30
Hey please somebody re-upload the files!!!
--------------------------------------------------------------------------------
binhdo04-09-2007, 03:29
how would i change the imei for a rizr z3?
--------------------------------------------------------------------------------
ciromaster04-16-2007, 05:46
k1 imei repair
change the imei
--------------------------------------------------------------------------------
Fitap06-09-2007, 19:20
i have a software for free to change the imei
br
wink shafeeq
geo mobiles
Not only upload that soft you said; post the tutorial too, please !!
Only if you want shure ...
--------------------------------------------------------------------------------
luigivsf06-17-2007, 07:03
looks like its injecting another bootloader, but i dont know what b/l
--------------------------------------------------------------------------------
Alan_B07-06-2007, 01:09
as imei is generated patch, soon to apply it to the flash file by means of v_klay? :confused::confused::confused:
--------------------------------------------------------------------------------
pollopopo10-19-2007, 22:36
guide for change imei v3xx
--------------------------------------------------------------------------------
digisys10-21-2007, 08:36
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143
CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!
--------------------------------------------------------------------------------
mhrm110-21-2007, 11:30
:confused:is possible in odm models for ex. w375???
--------------------------------------------------------------------------------
digisys10-21-2007, 11:33
not this only work on P2K phones... (E2 A1200 & ODM not work) and on lates generation have to dowgrade the bootloader and the patch its a little "mas complejo" :D algun dia los pondre....
--------------------------------------------------------------------------------
pollopopo10-21-2007, 14:41
Programs that I use to change the IMEI v3xx
--------------------------------------------------------------------------------
yurais03-24-2008, 07:22
WOuld it work on v180 ?
I think for replacing the stuff at the firmware all has to be done is extract the firmware with flashbackup to SHX, decode the shx file with shxcodec and replace the stuff with vklay.
then assemble everything with shxcodec and flash back the shx with flashbackup
because you only talk about cg1 annd cg7 I think no need to read/decode/flash other CGs
--------------------------------------------------------------------------------
dummyshu04-01-2008, 21:39
i have a motorola phone without IMEI, it doesn't work (no network even put in SIM card), anyone can teach me how to make it work ?
--------------------------------------------------------------------------------
Tr0nAd0r06-06-2008, 00:27
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143
CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!
Good work men, im testing now, this work 100% OK, anyone can made his own IMEI Patcher with this. I will write one in C++ and release it.
--------------------------------------------------------------------------------
geanicev06-06-2008, 07:23
Is it work with another model?
or just for NEPTUNE LTE base, what about NEPTUNE LTE2 base such as, L7, V360, V3i, L7e?
--------------------------------------------------------------------------------
Tr0nAd0r06-06-2008, 16:25
This method work in LTE2 too. Dont work in linux based phones and ODM.
Regards.
--------------------------------------------------------------------------------
geanicev06-07-2008, 12:22
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.
--------------------------------------------------------------------------------
NAZTY06-07-2008, 13:01
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html
REGARDS
NAZTY®:cool:
:D"DONT GAIN THE WORLD & LOSE YOUR SOUL.....
.....WISDOM IS BETTER THAN SILVER & GOLD":D
--------------------------------------------------------------------------------
Tr0nAd0r06-07-2008, 16:58
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.
Please post in here, we all can post the patches in here. :)
@NAZTY, I will try to modify this soft to remove all the text and image. I unpacked it and get some parts of source code and a lot of loaders for motorola phones,,, very interesting
--------------------------------------------------------------------------------
yurais06-08-2008, 02:51
If I dont have any patcher, would it work as I explained? extract CG1 and CG7 with flashbackup, edit with any HEXEditor and flash both CGs back into the phone ?
--------------------------------------------------------------------------------
Tr0nAd0r06-08-2008, 04:00
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html
I extract 183 loaders from this file, i will post because it can be usefull for someone ;)
--------------------------------------------------------------------------------
yurais06-08-2008, 07:27
and what could be these loaders useful for ?
--------------------------------------------------------------------------------
jacky1978006-15-2008, 10:07
:o:o:o:cool::cool::cool::cool::cool::cool::cool:do w 1st
--------------------------------------------------------------------------------
geanicev07-17-2008, 05:51
I extract 183 loaders from this file, i will post because it can be usefull for someone ;)
great, i will wait for it.
I need the information of the other patch for another model, as long as i know this soft works with same method as what we discuss here, only patching the FW. :D
The important thing of patching is you have to remove RSA protection from FW to make thge patch works :D
--------------------------------------------------------------------------------
j0b0ily09-16-2008, 20:50
I want change my imei, but
Motoimei not working with my v3i
R479 bootloader A052:mad:
You said :
V3i V3r using dongle
Dongle? I have only USB cable... ?
It's my v3i information:
TCMD Interface established ok
Read phone informations
Model: V3i
IMEI: ******************
User Code: 1234
Security Code: 000000
Firmware: R479_G_08.B5.86R
Flex Version: GSPV3IRGRS01NA19D - 1.0.K.3.0.2.0.AB.0.0
Operation completed with success
Do you have able to add A0.52 bootloader ?
For change IMEI, do you need use checkpoint ?
