to all XDA developers (is their a change IMEI software USB) if yes where can i find it & if no is it going to be developed any soon? when?
I doubt the developers will be writing software for that particular use on the xda1, if you have a serial cable it will work on the xda as long as the radio stack is the early versions, it wont work on radio stack 4.21 for instance.
so where can i get the early(<4.20) Radio version coz i wanna use the
manipulator programme with my XDA2 device ?
????????????????
Chanaging IMEI is a way to get RID of those SPIES who pry into our personal info. Violations of our right to privicy....
Emil, can you expand on that statement please, the imei is the phones identity tag, if you have a prepay sim card your identity is unknown, if you have a post pay contract sim then your details are known and your phone is trackable by the sim details regardless of the imei/phone used.
i want to reset the timer to know how much i talked ,so where can i found that radio version
As far as I know, xda manipulator is for xda1 only.
IMEI-change and call-timer reset
No software exists to change IMEI or reset timers on Himalaya/XDA-II. Also no software does it to the Wallaby/XDA over USB, and The Manipulator, the program that does it to the Wallaby via the serial port only works with certain Radio Stack versions.
We have no legal or moral problems with IMEI-changing or timer reset, but it's a lot of hard work to write something which overwrites parts of people's radio software reliably. The last thing we want is 300 people wrecking their phones and blaming us. This issue has sort of scared us away from this type of modification.
(Unlocking is different since it only reads the ROM and then uses the 'official' mechanism of AT-commands in the phone for unlocking.)
No idea whether this topic will be revisited at some point, but don't hold your breath...
I can help you to change IMEI for XDA I or XDA II
cgigate
tell me how ....pls
cgigate said:
I can help you to change IMEI for XDA I or XDA II
Click to expand...
Click to collapse
Will you tell how it all works, and maybe even create a wiki page on it? We have itsme's and W4XY's works, bu we need many more people to publish the results their trips into the phone ROM and bootloader...
Peter,
Can you tell me how to read or find my IMEI number. I have a phone that was a display model and the lable on the back was removed so I can't get it there and the system identity shows a generic IMEI number (as I've found with all the updated 2003 ones).
Thanks,
David
moto1 said:
Can you tell me how to read or find my IMEI number. I have a phone that was a display model and the lable on the back was removed so I can't get it there and the system identity shows a generic IMEI number (as I've found with all the updated 2003 ones).
Click to expand...
Click to collapse
Try dialing *#06# on the phone. This works on all GSM phones (since it is in the GSM specification to be approved as one).
That still gives the generic IMEI number with an extra "01" at the end. It seems to be a glitch in the 2003 software because the IMEI numbers are available before you upgrade but not after. I thought I was missing something but the other units with the upgrade are giving the same generic number (350314010000009). Does anyone else come up with that IMEI #.(May be T-Mobile only!)
David
nope
I upgraded my rom lots of time and never lost my original IMEI number (which is written inside the case, under the battery)
It must be in the "T-Mobile" upgrade that changes the number in the system settings.
no solution till now????!!!!!
Related
Does every XDA II have a unique ID ?
If yes, is there a way to change that via software ?
Every XDA II has a unique IMEI number. You can find this underneath the battery in the back.
You *may* be able to query it in software by using a TAPI call:
lineGetGeneralInfo
http://msdn.microsoft.com/library/d...s/guide_ppc/htm/extapi_linegetgeneralinfo.asp
I haven't looked into it much, but I very much doubt you can change it.
there is also a unique id in the Disk-On-Chip chip.
Finding IMEI
Dialing *#06# will give you the same IMEI result as looking under the battery.
Sounds worse than I expected. Can anyone think of a way that both, the disk-on-chip ID and the IMEI number could be masked, changed, or hidden ?
PARANOYA.... but as always with these things, better be prepared.....
I don't know how yet, but the imei is derived from data in a flashable rom area, so in theory it should be possible to modify it.
the disk-on-chip id is in true read-only memory.
though you may be able to trick application into thinking it has changed by modifying the trueffs.dll driver.
afaik imei ist not changeable. every phone has a separate imei and it will be sent, also with cardnumber, at avery call to your provider .
for paranoia buy a phone and card on a flee market.
changing the imei is a matter of finding the place in the gsm rom where it is decoded from the data in rom.
you can either modify that code, or figure out the encoding, and change the encoded imei in rom.
not that it is easy, it involves some serious reverse engineering, but possible. we did it for the xda-1 too.
I understand that there is also some kind of checksum applied to the imei so putting any old numbers wont work on some phones, in fact it renders the phone useless, I dont know if this applies to the XDA2 although the XDA1 was very casual about the imei number, no checks whatsoever were carried out, even had my birthday as an imei in my old xda.
Any one interested in writing a utility to mask does numbers or even to change them at leasure ?
itsme said:
changing the imei is a matter of finding the place in the gsm rom where it is decoded from the data in rom.
you can either modify that code, or figure out the encoding, and change the encoded imei in rom.
not that it is easy, it involves some serious reverse engineering, but possible. we did it for the xda-1 too.
Click to expand...
Click to collapse
Itsme, as it has been done for the XDA 1, is there any chance it will be done for the XDA 2 ?
Laws differ from country to country, and I don't even want to go THERE...
But it would be remiss of me, not to point out that SIM unlocking is perfectly legal in the UK.
BUT, in the UK, to change an IMEI on a handset is illegal, and carries a 5 year prison sentence.
Other countries can be quite different I'm led to beleive though.
a while back ( 5 years or so ) I read a story about how they were identifying phones by fingerprinting the analog signal from the transmitter. apparently small differences in the analog parts make each phone uniquely identifyable.
hey itsme
do you still have this article... I would be very interested to read it...
I can not believe this... Honestly... this is impossible (and I do believe in aliens)
Neither the PA nor the RF of a mobile phone has anykind of serial register or an area where you could influence the signal to finger print it,
next thing that the signal get heavily disturbed while transmitted, they are happy enough if they find the normal payload ;-)
or was it 4 year and 50 weeks ago ;-)
Alex
it was not explicitly made different, just that analog parts are never exactly the same.
found it:
http://iwce-mrt.com/ar/radio_fight_cellular_cloning/
not sure if it would still work, in 7 years, cellphone technology has changed quite a bit.
if you search for 'radio frequency fingerprinting' on google you will find more on it.
chuck said:
as it has been done for the XDA 1, is there any chance it will be done for the XDA 2 ?
Click to expand...
Click to collapse
I'd say chance of 90%, where the 10% is for taking into account I didn't actually do it. The new method of unlocking the XDA 2 pretty much allows you to change all values in the phone.
hi itsme
I called our rf-radio specialists... they never hear about it and do not think it is possible.
Seven years about the radio of a mobile did indeed constist of many (hundert) discretes which all have of course have a tolerance, now a days the hole radio fits into a single chip with some discrets around.
The qualtiy of the radio also has greatly improved so the difference between manufators have become so small that it is not possible to judge different radios by their signals.
An other thing just came to my mind... this article is from america, here they use and used analog cell-phones... I am pretty sure this technologie refers to analog cellphone standart and not to a GSM one...
hey the more I think about it the more I like this explanation...
Now I can sleep better...
Alex
W4XY, do you know from experience if any checksum is used with the imei in the XDA2 or is it the same as the xda1 where just about any number could be used.?
I have no true idea if the algorithm is different for the IMEI in the XDA 2 as I have not looked at that in particular, but I suspect it will be the same as a lot of other stuff is still the same too.
An IMEI is supposed to satisfy a Luhn check - which is the same checksum algorithm as used for Credit Cards.
Useless fact: the number printed on a SIM card also satisfies the same check.
Guys, I got a HUGE problem.
I got my new Qtek S100, magician the other day with:
WM2003SE
ROM Version: 1,11,00 WWE
Radio Version: 1,11,00
Protocol version: 1337,42
ExtROM Version: 1,11,133 WWE
Model NO: PM10A
The phone works great as a PDA....but I cant get any service at all!
1. I did try Itsme's unlock tool (not pinlocked SIM in it, that is, I unlocked the sim card, then tried it) it said that it unlocked the phone OK.
2. Tried to reinstall the ROM, no difference.
3. I went to Settings---Phone--Network
Tried to "Find Network" = Nothing
Tried "Set Networks" = Gives me this message;
"Unable to read setting from the network. Try viewing settings later, or disconnect data connection and try again".
No USB or BT connection is established with a PC at the moment.
Please advise, and help!!
Thanks a bunch,
Monty
Sure you're not in flight mode?
V
Yeah Im not.
btw, vija as in vija who developed smart401?
Any other ideas by the way?
What country are you in? Sure you're using the right radio type/band/ROM?
V
Yeah, I downloaded the swedish Qtek ROM (yeah Im in Sweden alright)
However, I tested with a diff. simcard from a diff. provider, that one gets signal but I cant make any calls, they just end abruptly.
Again, I used the unlock tool from itsme, and my device is listed so I really dont know whats wrong...
your mini might be Blocked (not locked) by your provider.
the network won't allow your imei on the network and when you use the other sim (it should be using only high bands 1800/1900) so it can't set to lock the whole network system bec sms and radio transmit at different freq) so you can get signal, send and receive sms but can't make calls.
just try this to confirm, plug in the sim that can make sms and search networks, if you can see all the networks available then I think it is blocked.
this is only what I know after some research but I may be wrong, hope this give you some help
Hi,
Yeah, when I put in the other SIM card, and I search for networks, it finds all of them.
Thing is, its brand new, but I bought it from a private person from the Internet (from a similar site to Ebay) guess this one didn't come with a reciept eh
Guess it wont do to just change the IMEI # then? I read somewhere that you could change it. Oh well, guess I'll return it to the seller then and get a new one.....
montana said:
Hi,
Yeah, when I put in the other SIM card, and I search for networks, it finds all of them.
Thing is, its brand new, but I bought it from a private person from the Internet (from a similar site to Ebay) guess this one didn't come with a reciept eh
Guess it wont do to just change the IMEI # then? I read somewhere that you could change it. Oh well, guess I'll return it to the seller then and get a new one.....
Click to expand...
Click to collapse
so it works like I describe? then it is BLOCKED by the order of NTC
XDA can change IMEI as it is hard burned on the ROM, good luck
[quote="DON2003
XDA can change IMEI as it is hard burned on the ROM, good luck[/quote]
can change IMEI? really?how to change?i also have a prob, when i softreset my mini,must wait almost 10 or 15 mins,then can find network?i already flash a few diffrent rom but still same.
bbcba said:
[quote="DON2003
XDA can change IMEI as it is hard burned on the ROM, good luck
Click to expand...
Click to collapse
can change IMEI? really?how to change?i also have a prob, when i softreset my mini,must wait almost 10 or 15 mins,then can find network?i already flash a few diffrent rom but still same. [/quote]
very sorry, mistype in my previous post,
it should said CAN'T change IMEI
if i change the rom to an i-mate jasjar or any other will it be unblocked?
No
why is that ?
I'm not an expert but Sometimes I wonder why is that, If we replace ech and every file of locked mda-pro with unlocked jasjar ?? then there should be no reason for a locked mda-pro.
can anyone explain inside science of locking & unlocking ?
I think it also depends on the definition of "blocked"
If the phone iteslf has had its IMEI blocked, then no amount of reprogramming/reflashing will unblock it.
If the phone has a simlock on it, then I believe this would be to do with something within the phone hardware itself.
Hi guys
That old chestnut again, locked and blocked are 2 completely different issues and unfortunately neither of these actually involves anything that is didrectly under the control of pocket windows.
There are 2 types of locking.
1) PUK locking (SIM Locking), this occurs if you incorrectly enter the SIM pin code 3 times in a row. If this happens you need to contact the network provider to get PUK unlock code, better still if you enter the PUK code incorrectly 5 times you will destroy the sim and need t get a new one.
2) Network Locking is a flag that specifies the LAIN of the mobile network that supplied the mobile phone and if this feature is enabled by the operator it will mean that only a SIM card that has the corect LAIN will work in that phone. I forget what LAIN stands for but basically it is used in the GSM international roaming world and therefore each operator has its own, the first few digits indciate the country then the last ones the specific network.
This can be disabled in 2 ways firstly by using and encrypted code specifically issued for your handset. Or secondly by trial and error by writing different values to the registers on the EPROM on the GSM unit itself. Eventually this will result in the phone unlocking itself. In order to do this the gsm engine needs to be removed from the handest and interfaced to a serial port. A 0 or a 1 is then sent to each register 1 ata time and the phone is then tested to see if it works. Depending on the size of the chip this takes a long time. However when you no the memeory location of the register this can then be done to any phone in a matter of minutes. this is basically the way modsyt of the unlocking systems are developed.
Finally IMEI blocking. This is done where the network has evidence that a crime has taken place either fraud commited on the handest, abusive phone calls or the unit has been stolen. If the network IMEI blocks it you have 2 options, 1 sell it in a diferent country ( Nigeria) or some chip sets contain the IMEI details on a flash chip. Again the registers are read over a serial interface and this can be rewritten. The first phones to support this IMEI in flash were the siemens TC35 gsm engines also the wavecom gsm modules support this. I am not really sure of any legitimate application for changing the IMEI of a mobile handest or even why this data is not writen in ROM but there you go.
I hope that helps to clear up issues relating to locking and blocking.
Regards
Charlie
thanks for such informative essay, we all are concerned about the network locking. I have noticed a tool to remove simlock from HTC wizard using same OS as HTC Universal. but in the above post its mentioned that OS has nothing to do with unlocking ..
But unloking tool of all old HTC devices running WM 2003 never took so long as in the case of Universal ? or may be quite possible that all good brains of our forum dont use Universal ?
I have 2 of these phones. One of them was used in France and on one of my visits there the phone (GSM) stopped working. My account with O2 is in order and Roaming was enabled. It never worked again after that. I tried upgrading from WM5 to WM6, I unlocked it with HTC Uni Unlocker v 1, and read all the forums I could find. I have been trying to solve the problem for the last 2 months.
Along the way, I found out that the IMEI number has changed. I don't know at which point this has happened however the reported EMEI number with lot's of 0000000 in the middle doesn't change any more after ROM upgrades or Unlocking.
My conclusion is that this EMEI number is barred on the networks with various symptoms ie. TMobile and Vodafone let you connect but you cannot phone or receive phone calls. Orange and o2 shows NO SERVICE straight away.
It seems to be impossible to change the EMEI number, besides I have been warned that it is illegal, despite the fact that I have a perfectly legal phone with a perfectly legal EMEI number. I cannot have this phone serviced by o2 any more as I have changed to Orange
Howevefr I have a second phone which works perfectly with the Orange SIM (on contract) and with it's original EMEI number. I have upgraded this phone to WM6 with the following ROM : SPVM5000_WWE_21208_212010_11500 (excellent work btw) and with radio v 1.18
Any solutions ?
This is what I have been thinking (might be impractical though). If I could copy the EEPROM data (that's where I THINK the EMEI number is stored) from my working phone and write it to the non working phone it might work but the EMEI number might be the same as on my working phone. If that then could be edited with my legal EMEI number of my non working phone that would even be better.
I have a French SFR (Vodafone in France) contract and I would love to use this second Universal when I am on the continent (weekly).
It all depends on the possibility to read and write the information from and to the storage media that holds the EMEI number on the device. First I need to know where it is stored and a solution to do just that. I tried Iwizard with WM5 on this phone and that doesn't work (returns an EMEI number that has nothing to do with what I have and the structure of an EMEI number - something like C4BC6400C4BC640 and doesn't let you update to another number).
If anyone out there needs more info, I am available to answer any questions. I have read on forums that other people seem to have the same problem, I even read that someone had the same problem after Roaming in France as well. Any solution would not only help me but others as well. It would also be interesting to know exactly what has happened. Thanks to anyone to is willing to contribute to solve this problem.
komfurt said:
I have 2 of these phones. One of them was used in France and on one of my visits there the phone (GSM) stopped working. My account with O2 is in order and Roaming was enabled. It never worked again after that. I tried upgrading from WM5 to WM6, I unlocked it with HTC Uni Unlocker v 1, and read all the forums I could find. I have been trying to solve the problem for the last 2 months.
Along the way, I found out that the IMEI number has changed. I don't know at which point this has happened however the reported EMEI number with lot's of 0000000 in the middle doesn't change any more after ROM upgrades or Unlocking.
My conclusion is that this EMEI number is barred on the networks with various symptoms ie. TMobile and Vodafone let you connect but you cannot phone or receive phone calls. Orange and o2 shows NO SERVICE straight away.
It seems to be impossible to change the EMEI number, besides I have been warned that it is illegal, despite the fact that I have a perfectly legal phone with a perfectly legal EMEI number. I cannot have this phone serviced by o2 any more as I have changed to Orange
Howevefr I have a second phone which works perfectly with the Orange SIM (on contract) and with it's original EMEI number. I have upgraded this phone to WM6 with the following ROM : SPVM5000_WWE_21208_212010_11500 (excellent work btw) and with radio v 1.18
Any solutions ?
This is what I have been thinking (might be impractical though). If I could copy the EEPROM data (that's where I THINK the EMEI number is stored) from my working phone and write it to the non working phone it might work but the EMEI number might be the same as on my working phone. If that then could be edited with my legal EMEI number of my non working phone that would even be better.
I have a French SFR (Vodafone in France) contract and I would love to use this second Universal when I am on the continent (weekly).
It all depends on the possibility to read and write the information from and to the storage media that holds the EMEI number on the device. First I need to know where it is stored and a solution to do just that. I tried Iwizard with WM5 on this phone and that doesn't work (returns an EMEI number that has nothing to do with what I have and the structure of an EMEI number - something like C4BC6400C4BC640 and doesn't let you update to another number).
If anyone out there needs more info, I am available to answer any questions. I have read on forums that other people seem to have the same problem, I even read that someone had the same problem after Roaming in France as well. Any solution would not only help me but others as well. It would also be interesting to know exactly what has happened. Thanks to anyone to is willing to contribute to solve this problem.
Click to expand...
Click to collapse
i read an article not long ago i forget where just popped up during a random goole search but someone created a beta IMEI changer for one of the earlier HTC phones ( i almost wanna say it was for a wizard or blue angel ) anyway if your imei got corrupted, I can't see why if the tool will work, changing it back to the IMEI on the BOX OF YOUR LEGAL PURCHASED PHONE and that match's the sticker on the inside of your device as you are only restoring what was already assigned to it. other option. chargable repair via htc or a 3rd party
Do any one know how a windows mobile sends the IMEI to the network?
Which function in the api ?
i'm sure it is in the low level api , kernel or may be the coredll.dll but i cannot find any clue on it , and i don't have any idea on where to start to trace that.
Any help or clue would be grateful
Is it really sent??
I'm by no means an expert on this subject -- but is it really sent over the network? In my case the US ATT network? I'm not so sure it is...
...if so, why do they have to always ask me for it?
...if so, why aren't they automatically charging me an extra $30/mo. for a PDA data plan which they insist is REQUIRED for PDAs to connect-even though we all KNOW that's a lie and an ATT rip-off scheme?
...if so, why am I able to call them and give them ANY NON ATT IMEI over the phone and they not dispute it?
...jus a few questions to answer your question.
I'm not an expert either, but I can tell you that they see it. I like to think of the IMEI number as your "ip address" or your phone's "username" for the network. It has to be sent for access purposes and it would be stupid not to log that type of server access. Else how else would you be restricted from using other Cellular towers.
Wrong.
Read up on IMSI's and TMSI's
In the Netherlands the police used an IMEI number to send text messages to a stolen cellphone, even thought they had changed the simcard the phone would show: " This phone is stolen please bring it to the police" every 5 minutes...
Though I'm not an expert on this topic, I thought that the Radio Firmware handled all communications with the Cellular network, including IMEI. One reason I am inclined to go with the Radio Firmware is this simple reason: If it was handled by WM, somebody could probably figure out how to spoof it through WM at one point or another, in the same way that MAC addresses can be spoofed.
And as I said, I'm no expert on this, so please, somebody correct me if I'm blatantly incorrect.
Oh, and w00t! 400th post!
IMEI is for sure transmitted to the network, since this is registered on the BTS every time your signal "auth" on it , and the server logs it and checks if your phone is on the "blacklist" and then reject connection if it is the case.
Check here
But i wonder, technically, where from it is sent, maybe from the Radio firmware like previously posted ?
I guess, since we have some tools to read & change the IMEI on others HTC, it could be done on every models (if i understood right, the IMEI part is somewhere on "read only" and we first need to unlock the CID to unlock this part of memory and then modify / alter it.)
The tools is found here :
IMEI Updater
But works only for iWizard and some other models.
But couldnt we hook the function that retrieves the imei and alter it on the fly? (from the software point of view?) or should i digg in the flash memory?
Or is it hardcoded on the SPL or the IPL? When and what function is used to send it on the network ?
Also for al the legal issues, i might add that an opensource OpenBTS Project is running , and it is in a research-oriented initiative.
So no post saying that i want to change stolen Imei etc.. this is not the case.
I'm a developer for one year now, and i'm interested in mobile security and research.
ix0u said:
IMEI is for sure transmitted to the network, since this is registered on the BTS every time your signal "auth" on it , and the server logs it and checks if your phone is on the "blacklist" and then reject connection if it is the case.
Check here
But i wonder, technically, where from it is sent, maybe from the Radio firmware like previously posted ?
I guess, since we have some tools to read & change the IMEI on others HTC, it could be done on every models (if i understood right, the IMEI part is somewhere on "read only" and we first need to unlock the CID to unlock this part of memory and then modify / alter it.)
Click to expand...
Click to collapse
I think you'd have to Security Unlock as well. And I'm certain that it's stored somewhere in protected flash memory, at least on the Qualcomm based devices, because there have been isolated reports of IMEI changes after using Olipro's Kaiser SIM/CID unlocker/changer.
It works by flashing a modified radio firmware which security unlocks the device (until a different radio is flashed), then a program is run in Windows Mobile which somehow changes SIM lock and CID information. If you're curious, those cases concerning IMEI changes as a result of this tool are here and here. And if you really want to know about this issue, a visit to the XDA IRC channel, or a polite PM to cmonex, Jockeyw2001, Olipro, or Pof could probably clear this up, as those are the people who really know these devices. Good luck
Thank you very much DaveTheTytnIIGuy, at least i have a lead now, on where to go and who to ask.