IMEI関連


※上記の広告は60日以上更新のないWIKIに表示されています。更新することで広告が下部へ移動します。

IMEI の変更方法

{***調査中
}


材料

Android Marketのプロトコルについて、第2回:Vendingアプリを使わずにAndroid Marketのフリーのアプリをダウンロードする方法(未検証)で書きましたが、ANDROID_IDの取得方法が解明されました。

Androidで使用できる固有識別情報は大別すると2種類あり、ANDROID_IDはその1つとなります。


(1)ANDROID_ID

Uniquely Identifying Android Devices without special permissions. http://strazzere.com/blog/?p=113

ANDROID_IDは、Android Marketのプロトコルでも使われている重要なパラメータの1つです。

Googleのドキュメントにも説明があります。



The Android ID (a unique 64-bit value) as a hex string. Identical to that obtained by calling GoogleLoginService.getAndroidId(); it is also placed here so you can get it without binding to a service.
Constant Value: "android_id"

ANDROID_IDは、ユニークな64bitの値で16進文字列。Android端末を(たぶん)一意に識別できる値。
(GoogleLoginService.getAndroidId();をコールして得られたものと同じ)

WindowsでいうところのGUIDみたいなものでしょうか?WindowsのGUIDのビット数は128bitだった気がしますが。

ANDROID_IDの取得方法は、API Level 1より提供されている
android.provider.Settings.System.ANDROID_ID

は推奨されなくなったようです。

API Level 3(Android 1.5)以降では、android.provider.Settings.Secure.ANDROID_ID

から取得するようになりました。Permissionが付与されていないと読めなくなったので、セキュリティ的な理由で変更されたんですかね。

で、このANDROID_IDの値ですが、工場出荷時状態からの初回起動時か、Googleのサーバとのアクティベーション時に生成されて、Googleのサーバに登録されるんですかね。Windowsのアクティベーションはこんな感じだったような気がするんですが。

それと、ANDROID_IDは、root権限が取得できると書き換えることができます。やり方は、sqliteのデータベースのANDROID_IDの値を書き換えるだけ。

More spoofing of the android id…
http://strazzere.com/blog/?p=235

設定値が保存されているsqliteのデータベースです。
/data/data/com.google.android.googleapps/databases/accounts.db

Spoofing your Android_ID
http://strazzere.com/blog/?p=217

こちらにもANDROID_IDの設定値が保存されています。
/data/data/com.android.providers.settings/databases/settings.db

どちらがマスターなんでしょう。。。

ってことは、Android端末をリセットすると/dataは初期化されるはずなので、ANDROID_IDが変わってしまうってこと???

(2)携帯電話特有の固有識別情報

Uniquely Identifying Android Devices with special permissions
http://strazzere.com/blog/?p=116

サンプルコードが載っていたのでメモ。


import android.telephony.*;


TelephonyManager mTelephonyMgr =
           (TelephonyManager)getSystemService(TELEPHONY_SERVICE); 

String imei = mTelephonyMgr.getDeviceId(); // Requires READ_PHONE_STATE
String phoneNumber=mTelephonyMgr.getLine1Number(); // Requires READ_PHONE_STATE
String softwareVer = mTelephonyMgr.getDeviceSoftwareVersion(); // Requires READ_PHONE_STATE
String simSerial = mTelephonyMgr.getSimSerialNumber(); // Requires READ_PHONE_STATE
String subscriberId = mTelephonyMgr.getSubscriberId(); // Requires READ_PHONE_STATE

取得例


DeviceId(IMEI) = 000000000000000
DeviceSoftwareVersion = null
Line1Number = 15555218135
SimSerialNumber = 89014103211118510720
SubscriberId(IMSI) = 310995000000000



IMEI、端末ソフトウェアのバージョン、MSISDN、SIMのシリアル番号、IMSIを取得することができます。

取得するには、android.permission.READ_PHONE_STATEのPermissionが必要です。

これらの情報を収集すれば、そのうちAndroidでも↓こんなニュースが流れるようになってくるかもしれません。

未発表 iPhoneモデル「iPhone3,1」、アプリの利用統計で観測される

あと、Android端末のファームウェアが不正に書き換えられているとサービス拒否とか。。。

勝手に収集されて悪用されると怖いかも。





材料


View Full Version : Motorola IMEI Change: Patches + Radiocomm




Tr0nAd0r06-12-2006, 21:05
The Motorola phones have two IMEI, one is in OTP Zone (One Time Programming), is imposible overwrite this IMEI.

And have a Second IMEI saved in one Seem, this isn't OTP and can be modified, this second is the IMEI sended to the network

The phone compare this two IMEI when we power on the mobile and if this are different power off inmediatly, but is possible "Patch" this check and the mobile will power on with the two differents IMEI.


This is a example patch for Motorola E398 R373 binary firmware:

Code:

0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000





This the Seem that contain the IMEI:

Element ID 0004
Record 0001
Offset 0000
Lenght 0009


I change the IMEI to the mobile using a Dongle and I try reading this Seem and in here is saved the New IMEI:

Radiocomm log:

Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.

It read the IMEI (for this test i change the IMEI with dongle to 2222222222...)



But when i try to Write this Seem to the Mobile (using Radiocomm), it done all ok:

Sending 'STELEM' command with data '0004000100000009083A05092770104344' to the radio...
Sent to radio: 41020000080019000000002F00110000000400010000000908 3A05092770104344
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.

But the phone have the old IMEI:

Sending 'RDELEM' command with data '0004000100000009' to the radio...
Sent to radio: 410200000800100000000020000800000004000100000009
Returned from radio: 01000000001280008020000A000000082A22222222222202
RDELEM ==>SUCCESSFUL
Time to execute command: 0 seconds.
Command timeout set to : 15 seconds.

The phone is in suspend mode (power off but is detected by Radiocomm), but i see than the SmartClip, Loggers and Dongles put the phone in Flash Mode for overwrite this SEEM (in think that this tools unblock this SEEM), i try modify too with the Seems editors in Normal Mode and isn't possible edit it with this mode.


Any have idea of how to modify this SEEM in Flash Mode?? What soft for try it??


Im working in the OTP Patches for Motorola phones, but i need change the Seem IMEI, replys are welcome :( :(

I attach the P2K IMEI Convert, convert the IMEI of normal format to the PST/Radiocomm format, and a image of Radiocomm


WBR

Tr0nAd0r



guibzh06-14-2006, 20:45
Hello,
I think I found the solution to your problem and you found mine.
I have a Motorola V3 and succefully change the seem's IMEI number (0004).
My problem that my phone compare with the OTP ones and it's done.
So If you could give me a modifyed firmware it's could be cool.

Now your answer :
  • At this point make a full backup of your phone with Flash Backup and store it in sure place.
  • I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)
  • then you have a 64kB pds.bin
  • Now open it with pdstool, click on parse and a seem folder will be create.
  • Then you have to modify the 0004 file with your hexa favorite editor. (be carrefull about file attributes)
  • You just have to use the assamble function off PDS Tool.
  • > select all files of seem's directory.
  • > check version 4
  • > click assemble
  • >restore the generated pds file with Flash Backup
Enjoy



Tr0nAd0r06-15-2006, 21:30
I continue researching about the theme, i extract this info of a data file of the MotoIMEI soft:


"RESTART"|"022"|"1"|"0"|"0"||""|||
"SUSPEND"|"036"|"1"|"1"|"1"||""|||
"RDELEM"|"020"|"1"|"8"|"YY"||""|||
"FLASH"|"00D"|"1"|"0"|"0"||""|||
"STELEM"|"02F"|"1"|"XX"|"1"||""|||
"VERSION"|"039"|"1"|"2"|"YY"||""|||

I think this a list of steps to follow and do the IMEI Change in Motorola.

I dont have a phone for try it now, but i will buy one for continue and i will search a document about the P2K Commands because i dont know how to make all this things using Radiocomm software. (I will use the PST Test and Flash Commands)

WBR



paullovinicius06-16-2006, 05:53
Hello Tr0nAd0r,
sorry by words...
i'm not a genius like u :)
but, can we compare several models original images and patched images to get patchs?
did u try the guibzh solution?
thx again, man...



geza06-16-2006, 14:41
Hello,

  • I used Flash Backup 2.6.2 to save the PDS. (uncheck the compression option)



But It does not support v360?



Tr0nAd0r06-16-2006, 17:14
I dont try the gibzh solution, because im traveling now (im not working this days)

I will buy a cheap phone to try with this way, i will see if i obtain a V3 to provide the patch in this thread.

About the patches you can make it, reading the two .bin flash of the phones (original and patched) and compare it using a Comparer as FullFlash Comparer or Siemens (use Google to found it)

Sorry for my poor english

WBR



Tr0nAd0r06-30-2006, 18:17
@guibz how do you edit the IMEI??

Isn't Encrypted in PDS??


a tiny tool for IMEI format convertion:



Tr0nAd0r07-01-2006, 01:13
INFO ABOUT TEST COMMANDS:

MENU 048263*= OPCODE, then write 54* OK, the phone will lost signal, without sound and leds dont power on, the phone now is ready for receive test commands:


IMEI
In test mode
32*4*1*0*0 "OK"
"Results"
F1: 0 ; Command code 0 - ОК
F2 (D): ; Data
083a05092700247709
Decode-
08 - Head
3a 05 09 27 00 24 77 09 - Results IMEI -> 350907200427799
User code
32*116*1*0*0
"Results"
F1: 0
F2 (D):
00310032003300340000
Decode-
0031 -> "1"
0032 -> "2"
0033 -> "3"
0034 -> "4"


Security code- 32*118*1*0*0
Model - 32*279*1*0*8
Flex ver - 32*383*1*0*0
Master Reset 18*0
Master Clear 18*1
Set band GSM 900 10*0*3
Set band DCS 1800 10*0*4
Set band PCS 1900 10*0*5
Set dual band GSM 900/1800 10*0*6
Read band 10*1*0 -> 3=GSM 4=DCS 5=PCS 6=GSM/DCS



I will try now send the Test Command to the phone in test mode, the equivalent for IMEI Write is this:

The Steleem command are converted of hexadecimal to decimal to put it in the phone manually with keys :) :

Change IMEI:
47*4*1*0*9*081032547698103254 ---> IMEI=123456789012345


I wil try with this, and post the results laters

WBR


And some old documents:



Strong Crypto07-03-2006, 08:07
So, is there any update about this topic? I am so interested because my v3x is barred because of imei.



uguron08-10-2006, 23:14
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL



Tr0nAd0r08-10-2006, 23:16
all we need is a "repair firmware patch" , the rest can be handled via radiocomm. otherwise we get an error like:
Returned from radio: 0100000000098000802F0001000007
STELEM ==>SUCCESSFUL

What firmware patch do you need for try it??



Tr0nAd0r08-13-2006, 18:03
I extract this for a V600:


0x080000: 10629BA7 11FF0000
0x0800AC: 11FE000011FE07 FFFFFFFFFFFFFF
0x0800C4: 10629BA7 11FF0000
0x0802D0: B4301C03 2A04D001
0x0802D5: 07D0012A05D11424C0 06D1034B02181B881B
0x0802DF: 1C880C801C2470801C 0B2000477001FFF000



marmotacju08-15-2006, 02:11
Hi, I'm from Brazil and i'm new in the IMEI works, however I've some experience about other "P2K Works".
Maybe I'm wrong but what you are trying to do does not have anything about the RSA Verification ?
Let's see if we can do this 'come true...
That's it...



crusher08-20-2006, 00:21
no by default "RSA verification" - among being a sticky name as most of them actually don't have anything to do with RSA - only verifies authority to several commands, like it used to be at most places.

however, I heard that MaxRFon solution - that most, if not all, other solutions copied now - uses IMEI patches "hardcoded" to actual OTP IMEI, that are the 2x9 bytes supposed to be... ;)



Tr0nAd0r08-20-2006, 01:46
Any have a good log for sniffing between a IMEI Changer and a Motorola phone, it can be usefull ;) ;) ;) ;)



crusher08-20-2006, 01:54
useful but for what in fact?



Tr0nAd0r08-20-2006, 04:33
useful but for what in fact?

only curiosity :rolleyes: :rolleyes: :rolleyes:



monedadeoro08-20-2006, 05:11
the more finded are change imei in V3i
this phone cant be downgrade and its importan factor for imei changin on this phones
need more info about posibility of downgrade bott in V3i and V3r
BR.



crusher08-20-2006, 09:56
eh this is not true as well :)
bootloader downgradeability is only good for avoiding "test point"...
anyway bootloader downgrading WORKS, the question is what you want to downgrade the bootloader of V3x for instance :)
V3ROHS and V3i are not an issue.



marmotacju08-25-2006, 08:06
Good for all, but in fact where can we find those motorola IMEI patches for the most required models, like E398, V3/i/x, etc...



paullovinicius08-25-2006, 15:09
can this doc help anything?
or is only a joke?



marmotacju08-26-2006, 07:33
No this works but only if the mobile has no restriction in accept a differente IMEI than the one in the OTP. In case the IMEI Patches helps.



paullovinicius08-26-2006, 15:32
ok, but if i patch the flash and use this procedures, the mobile will work with new imei?
thx



marmotacju08-27-2006, 04:34
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...



kosii08-27-2006, 22:43
How can we find the must-patch area in the firmware?
There are the programs to dissassembly the firmware, or should we do other ways of finding that?
sorry for my bad bad english



Tr0nAd0r08-28-2006, 02:54
The IMEI number that the operator "reads" is the one saved in the "software" area (Flash/Firmware). So, like happens with others models/brands (like Samsung, etc...) if you change the IMEI number in the 'soft area' and disable the OTP Check, you will be succesfull. YES, the mobile will work with the new IMEI number you entered.
Let's keep talkin' my friend...

I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).

WBR



paullovinicius08-28-2006, 03:33
I try to do it with a Patched phone, but isn't possible change the IMEI of "software" area, do you have a idea for do it (i know that the software of the dongles use P2K Commands for do it).

WBR

can u try with the p2k commands of "IMEI REPAIR FULL PROCEDURE FOR P2K PRODUCTS.doc", attached here?



GFI09-02-2006, 17:42
No news update already?



notmeagain09-02-2006, 21:10
No news update already?

I tried using the p2k commands and radiocomm with a motorola v3, but i get return code 07 on the stelem commands to write the new imei, and it doesnt change a thing.
I'm sure there are other software methods that can be used to modify or rewrite the imei, but radiocomm and the current p2k commands doesnt seem to cut it.



new_kuku09-04-2006, 10:39
AnybBody have a patch to disable otp_check on v3r? i have a phone for tests.

thanks



pusulateknik09-05-2006, 16:31
where is the program??????



Tr0nAd0r09-06-2006, 00:41
where is the program??????

This inside the NVM Programmer (PST) for Motorola



dest09-07-2006, 05:23
This inside the NVM Programmer (PST) for Motorola

tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.



Tr0nAd0r09-08-2006, 01:45
tronador, I am sure you were able to change the IMEI once you have made the firmware patch!
please let me know because I want to try this also.

Yeah i change using a Dongle, but i dont like this way :) :) :)

If any have a way for sniffing the communication between the phone and software (in test mode) can be usefull, because my dongle change the imei only in flash mode :) :)

WBR



marmotacju09-10-2006, 06:05
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.



Tr0nAd0r09-10-2006, 07:03
Ok, Tr0nAd0r, do you have a patch code for the V3 (Black) and hot can I use (compile) it to be patched ? Thanx.

FB3.0 can be used for apply the patches in Motorola Phones



notmeagain09-10-2006, 21:51
FB3.0 can be used for apply the patches in Motorola Phones

I backed up my phone using fb3.0(.53) and used the PDS tool from fb2.6.2 to modify the seem 0004 and re uploaded to the phone, the IMEI isn't changed at all, not even in radiocom, and now the phone asks for subsidy password on all but the original sim (was unlocked before).

Tr0nAd0r, i hate to ask for help, but could you please point me in the right direction to change the imei? _without a dongle_ i'm a student and haven't got much money to throw around at new hardware.



marmotacju09-11-2006, 00:22
Ok, but I need the patch file and/or the codes to apply the patch using FP3... Thanx...



mikoniko09-12-2006, 05:46
Heelo everyone...i must to say that im a nw whit this thing...but im learning a lot fro this forum...well as you can see the english is not my prinsipal lenguague but it's ok.
Tronador, one question, you make OTP patches for phones, do you have something for a V220?
Thanks



Tr0nAd0r09-19-2006, 02:24
A document, i found it in a spanish forum (already not tested) about V3 IMEI

The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8

The language of the document is portuguese

If any can test if pls post results

WBR



paullovinicius09-19-2006, 02:32
i can't test, but i can translate...



notmeagain09-19-2006, 02:44
i can't test, but i can translate...
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.

Or does it patch the phones software to allow you to change the seem?

Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.



marmotacju09-19-2006, 07:34
Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...



yoda6709-19-2006, 10:11
i need flash for v600 imei change thankyou



bananin09-19-2006, 17:52
marmotacju you can change the imei to any imei or change imei to only a imei??
you imei is IMEI=35507800855883x ??

thanks for reply



Tr0nAd0r09-19-2006, 18:20
So, where do you actually change the imei? this just seems like it repairs your phones original imei, incase of faulty flash or something.

Or does it patch the phones software to allow you to change the seem?

Tron, is there any more info you can give about the procedure, maybe a link to the forum where you found it?
I have 2 blacklisted (Bought that way for testing) and 1 original v3, so i've got plenty to test on.

www.redsudaca.com is offline for now 72hours

Tr0nAd0r, you're 'THE MAN', I test it and IT WORKS FULLY !!!. I don't know how, but IT WORKS !!!
Successfully IMEI changed in a V3 Black...
confirm the new imei number of the phone.

Anymore test it???

WBR



crusher09-19-2006, 20:56
I will test tomorrow.
noo, not on V3 ;)



apd0609-21-2006, 17:49
A document, i found it in a spanish forum (already not tested) about V3 IMEI

The flash mencioned in the text is in here (it will be removed in 7 days):
http://download.yousendit.com/9142247A378317A8

The language of the document is portuguese

If any can test if pls post results

WBR

any chance of rehosting this again?



notmeagain09-21-2006, 19:54
www.redsudaca.com (http://www.redsudaca.com) is offline for now 72hours


confirm the new imei number of the phone.

Anymore test it???

WBR

Well it worked on the two blacklisted phones, but i still get "Unregistered Sim" messages.

Had to re-flex the phones tho, as i wasn't getting past the "hellomoto" start screen.

Is there any way to change the imei back? :P



Tr0nAd0r09-22-2006, 00:09
any chance of rehosting this again?

Yes, i will upload to another server :) :) :)



apd0609-22-2006, 09:07
Yes, i will upload to another server :) :) :)


Thanks TrOnAdOr,I have been searching for this for a while. :)



mad_dog09-26-2006, 01:25
hello can someone please recomend a good programe to change motorola's imei codes because i do not understand all this well and don't have much time! this would be a great help! if not can someone please explain well how to do a imei code change and how to patch it after?



mad_dog09-27-2006, 00:54
hello is there just a program to change imei code on motorola because i do not understand all this well and would like a simple and clean process, even if this is explained different for a noob like me lol thx alot.



mad_dog09-27-2006, 01:06
can someone please explain this for me as i do not understand most of this but have had some experience with motorola moding my motorola e398 to a rokr itunes phone, please if there is a programe that can do what u all are talking about(changing imei code) please let me know!



guibzh09-28-2006, 13:11
Is there someone could upload the V3 flash file?
I'm very interested by it
Thanks



dorganx10-01-2006, 17:58
Hello! would you be able to upload the file again Tr0nAd0r, you can do it at http://www.megaupload.com/ it will stay there available untill it spends 21 days unused.
I would really appreciate it, no importa el idioma en que este.



Tr0nAd0r10-01-2006, 18:44
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)



dest10-01-2006, 20:03
Tr0and0r,
Do you have the patch for v3?



Tr0nAd0r10-01-2006, 20:09
Tr0and0r,
Do you have the patch for v3?

no, but i think that can be possible looking for a original flash and compare with this V3 flash that is working.

@dest, contact me in msn: guilleiguarans@hotmail.com



Tr0nAd0r10-05-2006, 01:42
Hey guys if you got any questions or think you have useful information just post it on Hello-Moto Forums (http://www.hellomoto.1gig.biz/forums/index.php) because that place is like a database for information.

and about imei change, you can give me a link???



darkriff10-06-2006, 03:33
There are some news??? I have here a v3x and i can't make it work ´cause of the IMEI



josetolo_jr10-06-2006, 07:28
i am a new motorola user and i got E1 or the roker..... i do not know if these things talking in here are applicable to my phone... i like to explore and upgrade my new moto roker help me plz......



dorganx10-11-2006, 18:26
If you need the flash send a PM and i will give link, i upload to my FTP, but the server dont like hotlinks because abbuse of bandwidth ;) ;)

hello! I sent you a PM, just waiting for your reply, thank you very much for your help



Tr0nAd0r10-12-2006, 02:22
...... MP Sent ...... !!!



muratcell10-13-2006, 22:00
hi help mi v3i imei chanc plase ( my box mss4 )



mansooreyan10-13-2006, 22:23
maybe u can change it use testpoint
mehdi_naghous@yahoo.com
  1. 989131154402



muratcell10-14-2006, 15:48
can you teach to me what i can do this?did you do complately?



hedayat10-30-2006, 16:43
:) :p its ok my frend i weel used



Tr0nAd0r11-05-2006, 17:54
L6 IMEI Change:

Flash with CMCC Flash: http://rapidshare.com/files/970293/L6_CMCC.rar.html
Write the langpack which you want (because it will be chinesse :) )
Use this soft: http://rapidshare.com/files/2119430/L6_change_imei.rar.html

For use soft, write imei and connect TP,,, this dont have "Start" button ;)

WBR



mpeled11-06-2006, 08:23
This is a example patch for Motorola E398 R373 binary firmware:

Code:

0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000


Tr0nAd0r

Hi,

Could you please give the instructions how to apply the example patch to the phone?

thanks,

mpeled.



GENEW11-11-2006, 07:04
Tronador forbidden file according to rapid share.

how about c651 change imei any procedures and files?
please share.

tia



Tr0nAd0r11-11-2006, 07:33
@mpeled, Phone can be patched with FlashBackup, but dont imei changed
@GENEW, c651 files dont available

If any have the original files of L6 and V3 (same version of posted patched files) please share, those are usefull for continue researching :) :)

WBR



mpeled11-12-2006, 08:29
@mpeled, Phone can be patched with FlashBackup, but dont imei changed

WBR

Thanks Tr0nAd0r,

but how do i convert those lines of text
from your example patch:



0x080001: FE FF
0x0800C5: FE FF
0x080312: B4301C032A07D0012A05D11424C0801C 46C02A04D0012A06D1034B02181B881B
0x080322: 880C801C24 800B200047
0x080328: 801C46C0 01FFF000



into a patch file recognised by flashbackup?

thanks,

mpeled.



Tr0nAd0r11-12-2006, 15:54
I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)



mpeled11-13-2006, 00:56
@mpeled, Phone can be patched with FlashBackup....

I apply it directly to the .bin firmware using VKlay for Siemens :) :) :)

Thanks Tr0nAd0r,

After dl V_Klay I found out that it is the best way to do it. :D

thank you for your answers,

mpeled.



kasamiko11-20-2006, 03:48
Link not found...

Pls post another link..



CEPHASTANESİ11-21-2006, 00:45
Tronador LTE2 imei change ok

pro what

pro picture

method what



weba112-02-2006, 18:40
i tried this method on v3i , but it is not change . anyone can chage imei of v3i , v3r or v3x



Tr0nAd0r12-02-2006, 19:08
V3i V3r using dongle



uizarde12-03-2006, 21:50
I need a simple tutorial.

I change imei of psd backup (of my phone), i need patch for v3 otp, can help me?



wntl02-03-2007, 11:07
Can I change displayed IMEI on e398 (and HOW ?), not this sending to network, only displayed :D

sorry for my poor english



k@m@R02-14-2007, 22:33
What change Imei in Moto E398? Write please instruction with picture! Thank you enormous!



..::hotlovercool4::..02-14-2007, 22:46
i have a software for free to change the imei
br
wink shafeeq
geo mobiles



BIG EVIL02-15-2007, 10:37
@ hotlovercool4 post the software here pls



car__3402-22-2007, 05:06
i have a software for free to change the imei
br
wink shafeeq
geo mobiles

YEAH POST THE SOFTWARE AND PLEASE MAKE A RELAIABLE LINK



Gavincol7803-20-2007, 01:27
i have a software for free to change the imei
br
wink shafeeq
geo mobiles

I don't like asking people to prove themselves but unless you can provide the software / working link for the software then I am afraid I am calling your bluff there is no simple software to change an IMEI number for Motorola.

not even your forum @ www.gsmlover.com has any info on Motorola IMEI changing.

If you can prove yourself then I will eat my words



Patuno03-22-2007, 17:30
Hey please somebody re-upload the files!!!



binhdo04-09-2007, 03:29
how would i change the imei for a rizr z3?



ciromaster04-16-2007, 05:46
k1 imei repair
change the imei



Fitap06-09-2007, 19:20
i have a software for free to change the imei
br
wink shafeeq
geo mobiles

Not only upload that soft you said; post the tutorial too, please !!
Only if you want shure ...



luigivsf06-17-2007, 07:03
looks like its injecting another bootloader, but i dont know what b/l



Alan_B07-06-2007, 01:09
as imei is generated patch, soon to apply it to the flash file by means of v_klay? :confused::confused::confused:



pollopopo10-19-2007, 22:36
guide for change imei v3xx



digisys10-21-2007, 08:36
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143

CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!



mhrm110-21-2007, 11:30
:confused:is possible in odm models for ex. w375???



digisys10-21-2007, 11:33
not this only work on P2K phones... (E2 A1200 & ODM not work) and on lates generation have to dowgrade the bootloader and the patch its a little "mas complejo" :D algun dia los pondre....



pollopopo10-21-2007, 14:41
Programs that I use to change the IMEI v3xx



yurais03-24-2008, 07:22
WOuld it work on v180 ?

I think for replacing the stuff at the firmware all has to be done is extract the firmware with flashbackup to SHX, decode the shx file with shxcodec and replace the stuff with vklay.

then assemble everything with shxcodec and flash back the shx with flashbackup
because you only talk about cg1 annd cg7 I think no need to read/decode/flash other CGs



dummyshu04-01-2008, 21:39
i have a motorola phone without IMEI, it doesn't work (no network even put in SIM card), anyone can teach me how to make it work ?



Tr0nAd0r06-06-2008, 00:27
i discover this
OFFSET <----------------------> DATOS ORIGINALES <----------------------> DATOS A INGRESAR
CG1
00000000: <----------------------> 10A99F09 <--------------------------------------> 11F81141
00A7579E: <----------------------> D108 <------------------------------------------> 46C0
00A7DA80: <----------------------> 00000010214365 <------------(este es el imxx)--> 21436587092143

CG7
00000C82: <-------> FFFFFFFFFFFFFFFFFFFFFFFFF FFF <-------> 4B01F000F80210A99F0947184 6C0
i´m already post here, now this metod workme in almost all´s motorolas, now i need some one helpme to develop a free or a very low cost software to do it, if you know program and heve a little idea how read and write firmware contact me soon plis!


Good work men, im testing now, this work 100% OK, anyone can made his own IMEI Patcher with this. I will write one in C++ and release it.



geanicev06-06-2008, 07:23
Is it work with another model?
or just for NEPTUNE LTE base, what about NEPTUNE LTE2 base such as, L7, V360, V3i, L7e?



Tr0nAd0r06-06-2008, 16:25
This method work in LTE2 too. Dont work in linux based phones and ODM.

Regards.



geanicev06-07-2008, 12:22
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.



NAZTY06-07-2008, 13:01
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html

REGARDS
NAZTY®:cool:

:D"DONT GAIN THE WORLD & LOSE YOUR SOUL.....
.....WISDOM IS BETTER THAN SILVER & GOLD":D



Tr0nAd0r06-07-2008, 16:58
Great, i have ported the patch to the L7 R4513_G_08.B7.ACR_RB
Working good, and im not using CG7 patch. Just applying CG1 patch only.
Great discovery by digisys.

Please post in here, we all can post the patches in here. :)

@NAZTY, I will try to modify this soft to remove all the text and image. I unpacked it and get some parts of source code and a lot of loaders for motorola phones,,, very interesting



yurais06-08-2008, 02:51
If I dont have any patcher, would it work as I explained? extract CG1 and CG7 with flashbackup, edit with any HEXEditor and flash both CGs back into the phone ?



Tr0nAd0r06-08-2008, 04:00
Moto IMEI Changer:-
http://www.4shared.com/file/49232258/90617215/Moto_Tool_v001.html



I extract 183 loaders from this file, i will post because it can be usefull for someone ;)



yurais06-08-2008, 07:27
and what could be these loaders useful for ?



jacky1978006-15-2008, 10:07
:o:o:o:cool::cool::cool::cool::cool::cool::cool:do w 1st



geanicev07-17-2008, 05:51
I extract 183 loaders from this file, i will post because it can be usefull for someone ;)

great, i will wait for it.

I need the information of the other patch for another model, as long as i know this soft works with same method as what we discuss here, only patching the FW. :D

The important thing of patching is you have to remove RSA protection from FW to make thge patch works :D



j0b0ily09-16-2008, 20:50
I want change my imei, but
Motoimei not working with my v3i
R479 bootloader A052:mad:

You said :
V3i V3r using dongle

Dongle? I have only USB cable... ?

It's my v3i information:
TCMD Interface established ok
Read phone informations
Model: V3i
IMEI: ******************
User Code: 1234
Security Code: 000000
Firmware: R479_G_08.B5.86R
Flex Version: GSPV3IRGRS01NA19D - 1.0.K.3.0.2.0.AB.0.0
Operation completed with success

Do you have able to add A0.52 bootloader ?

For change IMEI, do you need use checkpoint ?