Read and write SIM records - Windows Mobile Development and Hacking General

I am trying to access and Modify SIM content from the Operating System. I am working with a dual line twin card and want to change between one line and other by code.
I am using SIM Manager functions (SimGetRecordInfo, SimReadRecord and SimWriteRecord).
Does anybody know where I can find the structure which contains the two imsi data? I think it is not on the EF_IMSI (6F07), isn't it?
I have been able to read the EF_SPN (6F46), which contains the words Work or Home.
I have been able to read the EF_IMSI (6F07), which contains in Hexadecimal the current IMSI.
I have not been able to read the EF_MSISDN (6F40). Does any body know how can I do it?
I have also tried to write on these records (so that the current line will be changed) but I have got a "Security Failure". Have I got permission to modify this kind of records?
Thanks in advance

Related

Running Sim Toolkit Apps

Hi,
Does anyone know if there is a way to get a list of the STK Apps installed on the SIM and execute them on user's request. I'am not looking for an app to do that, I'm interestend in implementing this functionality in my application. So I am basically asking is if there is any way to do that using the APIs provided by the SDK.
SimReadRecord could be an option, provided somebody knew which address to look for and how data is formated. Anyone has any ideas?
Thanks in advance.
Nikos.
no, you won't have it with SimReadRecord (as the toolkit menu is generated "on the fly" as the card notify the phone). There is a way to retrieve it through the RIL, but I don't have understood it fully, yet, but it's probably related to an internal command (such as RILSendMsg). If you have a way to "spy" the exchanged RIL messages, it may help you :wink:
it's easier to execute them, with the appropriate envelope command. See the RIL SIM commands and your favorite 11.14 standard :wink:
Do u know if I can succesfully use RIL_SendSimToolkitEnvelopeCmd() to send envelope commands?
I read and implemented function to build a ENVELOPE CMD SMS-PP (11.14) DOWNLOAD, but when I execute RIL_SendSimToolkitEnvelopeCmd() I get
Ril_* error RIL_RESULT_ERROR = 0x00000003 ...
Can you help me?
What about directly accessing ril.dll ?
Thank

[Q] [Request] 2 commands for an app: copy a number to sim & reboot

Hey guys
as you see, I'm requesting here 2 commands for an app I'm working on really looking forward to get answers by you
pottkopp
To create contact at sim card take a look at com.android.internal.telephony.IccProvider (Android sources) But keep in mind that in my tests stock HTC Phone app doesn't reflect changes made via this provider.
copy a number to sim card, do you mean copy the phone number to sim card and then reboot?
rwxer said:
To create contact at sim card take a look at com.android.internal.telephony.IccProvider (Android sources) But keep in mind that in my tests stock HTC Phone app doesn't reflect changes made via this provider.
Click to expand...
Click to collapse
how can i import the whole android sources into eclipse? because some needed files such as "ServiceManager.java" are missing..
georgeyeung said:
copy a number to sim card, do you mean copy the phone number to sim card and then reboot?
Click to expand...
Click to collapse
yes I want to reboot either whole phone or just the phone process.. depends on how complicated restarting the phone process is
Heh, I thought we're talking about interesting things, not about eclipse setup. No advice because I don't use it.
IccProvider is like a general data provider so typical usage is:
ContentResolver cr = context.getContentResolver();
ContentValues cv = new ContentValues();
cv.put("tag", tag);
cv.put("number", number);
cr.insert("content://icc/adn", cv);
And I think you don't need to reboot a phone all you need is to force sim card rereading, try to switch off/on a radio, main phone app will reread sim card.
I finally solved all those problems above one more thing I'd like to know is how to get the process id of an app like "com.android.phone"
big thanks for all your help till now!
everything finished pls close!

Accesing marketplace from unsuported locations *potential*

So I have an Australian live account, and I don't want to make a new one for many reasons, so I've been trying to work out a way to access the marketplace (specifically the music store) on my phone from and AU account.
Ultimately I haven't solved it yet but I did find something interesting that maybe someone better at this all than me can use for a permanent fix?
Using a registry editor, go to HKLM/Software/Microsoft/Zune/Settings and edit Xuidlocale from (in my case) en-au to en-us.
This enabled the entire marketplace (not instantly, it needed to reload. reboot was the fastest way to get it). Trouble is, after only a few minutes it would revert to en-au. So clearly it is updating from somewhere.
I figure if we can stop it from updating, or even get it to check somewhere else, we could enable full marketplace support permanently. I mean, the fact that I can browse for 5 mins or so suggests that as long as that registry remains as US (or UK or whatever other fully supported country you like), it will continue to work.
Just my thoughts. anyone out there know anything that could help?
UPDATE 1:
ok so after messing around more I found another registry key in the same directory (LastTunerConfigURL). I foolishly ignored this before because in my mind "tuner" could only mean radio.
anyway, the key leads to a zune configuration page (https://tuners-ssl.zune.net/en-au/winMobile/v7.0/configuration.xml) which has lots of interesting parameters. In particular:
<setting id="Music Marketplace Enabled" value="false"/>
<setting id="App Marketplace Enabled" value="true"/>
<setting id="XBox Live Available" value="true"/>
changing the en-au to en-us shows the US config file in which all three are enabled.
So to enable specific marketplaces we would need to either a) change the XML on the zune server (impossible I would assume) or b) change the registry to lead to the US version. Obviously I tried that straight away, and once again, it worked for a minute or two, but very quickly reverted. Thing is though, the last part of the key is a list of additional parameters that aren't set in the XML file (e.g. MCC=505 and OEMID=HTC). These are setting in the XML but they are obviously being set from the phone, and not the zune servers as I initially thought. So if I can work out the setting or file on the phone and change THAT, then it should stop changing back.
any info on where the hell it might be pulling its info from would be greatly appreciated
UPDATE 2:
Ok so I think I found where its getting most of its information. I downloaded the LEO70 dump and worked through some likely files, and I found some entries in the zune.dll file stored in \windows on the phone (or in the dump files \IMGFS\SYS\MediaApps\Zune.dll), specifically the file S000 in the dump files. Most of it I can't understand but there are a few bits and pieces that could be useful.
The one that I think would be most likely the easiest to change is the section that deciphers the Country ID and turns it into the Phone Locale.
Basically looks like:
MapLCIDToXCountry (*ppMapping) != NULL Z W E N - Z W Y E A R - Y E ..... U S E N - U S ..... A U E N - A U A R E S - A R D Z A R - D Z A L S Q - A L.
(I cut out most of the countries but I think you get the idea
Long shot I know but I assume If i can change this to read A U E N - U S, I could trick it into reporting US to the online servers. Thing is, I have no idea at all how to actually change the file on the phone. I don't know how to compile .dll files from raw files, and I can't copy the file from the phone because touchexperience wont allow me to alter (or even copy from) the /windows directory.
Any help doing either of those two things would be greatly appreciated
Great find, wish I could help but I don't have the skills. If we could find a way to host our own xml then maybe can tweak it for marketplace access?

Imei nulled [problem workout]

Hi there!
Recently, there were a plenty of cases with imei changed to zero. In this sub-forum, there were already three cases ([1][2][3]), and in our local ex-USSR community there were a lot more of them. The problem comes up in an absolutely random way. In my case, it started when I tried 'format sd-card' function, built into the MIUI rom. But if you look through, you'll find that other cases have nothing in common. So, the conclusion is that there is a bug in Huawei internal firmware, that leads to nulling the IMEI. Further comes the problem workout:
in our community (4pda.ru) we've found an app (it's attached), that is able to back-up and restore IMEI. we've revealed, that the code for IMEI back-up is
dd if=/dev/block/mmcblk0p5 of=/sdcard/imeibackup/5.img
dd if=/dev/block/mmcblk0p10 of=/sdcard/imeibackup/10.img
dd if=/dev/block/mmcblk0p11 of=/sdcard/imeibackup/11.img
It reads all data from mmcblk0pXX partitions and writes it into XX.img files (images) in the imeibackup folder, stored on the sd-card. The main idea of how to restore our broken IMEI's is:
1. create the backup of IMEI using this app;
2. replace our current IMEI with our actual IMEI in theese *.img files (images);
3. restore IMEI using this app;
The idea is perfect and is easy-to-guess, but non of theese images contain IMEI in raw. Probably, they are crypted, and with no key to encrypt them, we would not be able to replace current IMEI with actual IMEI.
I will be happy to be wrong and if anyone of you could help to find the IMEI string in theese images (all info is in attach).
But there is also another way. Android SDK contains android.telephony.TelephonyManager.getDeviceId() function that returns an IMEI of the current phone. The idea is to find the body of the function (Android OS source is free-to-download, isn't it?) (it might be decrypting those partitions for further IMEI fetching) and using it, understand how to turn our IMEI into factory condition.
There might be a problem if this function only makes a RemoteProcedureCall to the phone firmware and the phone firmware actually decrypts those partitions and fetches an IMEI. In this case, we'll need some reverce-ingeneering: we'll need to write a core module, that will set hooks on the open/read_file/partition functions of our mmcblk0pXX partitions, open the stack, make a backtrace and a dump of the functions that called for them.
actually, my programming skills are too poor both for the first easy way (find the getDeviceId() function body) and surely, for reverce-ingeneering. Thar's why, there is a request for the xda-developers community:
If you are a Java programmer, could you please help us to find the android.telephony.TelephonyManager.getDeviceId() function body? If yes, could you please explain us its algorithm in a common language? We will be glad for any help.
for moderators: yes, i've already read all the cautions about the responsibility of IMEI change (in any purpose), thank you.
Sounds cool. Sadly im not a developer so i can't help. If you get this working, it could save so many devices. Mine lost imei and bricked, but this would have solveed the imei problem. Good luck, hopefully you'll get it working!
Since this require dev attention, maybe u should PM stockwell/dzo/genokolar.. Or just post this in the dev section.. Its great to have one thing less to worry about when flashing phone..
I don't think it would be as easy as just hexediting the IMEI into the relevant location in the image (or at least, I hope it isn't). Remember that the IMEI is used to uniquely identify phones on the cell network so that it can be blocked if the phone is reported as stolen. For this reason it's not supposed to be easy to change, and it's illegal in some places to do it.
I know that this would be intended to be used to restore the IMEI, but it could just as easily be used to change the IMEI for stolen phones.
Forcing the response from the Java call won't do anything - it would only be used to show the number in android, and not by the hardware.
Send your phone back under warranty.
stockwell said:
I don't think it would be as easy as just hexediting the IMEI into the relevant location in the image (or at least, I hope it isn't). Remember that the IMEI is used to uniquely identify phones on the cell network so that it can be blocked if the phone is reported as stolen. For this reason it's not supposed to be easy to change, and it's illegal in some places to do it.
I know that this would be intended to be used to restore the IMEI, but it could just as easily be used to change the IMEI for stolen phones.
Forcing the response from the Java call won't do anything - it would only be used to show the number in android, and not by the hardware.
Send your phone back under warranty.
Click to expand...
Click to collapse
But in my case I want to restore it not change it.. so its my right. And because some may miss use it I will not reveal how.
Sent from my u8800 using xda premium
stockwell said:
Send your phone back under warranty.
Click to expand...
Click to collapse
We do not mind to send the warranty, but it will not take as imei = 0
stockwell said:
Send your phone back under warranty.
Click to expand...
Click to collapse
Of course, it would be the simpliest way to solve the problem, but in any warranty there is a clause that warranty becomes invalid if IMEI has been changed We would not mind the problem and would just send our phones to warranty, but... it has become invalid, so now we need to have our IMEIs restored...
stockwell said:
Forcing the response from the Java call won't do anything
Click to expand...
Click to collapse
You've missunderstood me. The idea is to reveal an IMEI decryption algorythm by looking through the getDeviceId() functions body. I expect to see there something like this (func names are not real):
Code:
function getDeviceId()
{
$imei = fread(0x12345678); //some code to reveal where IMEI is stored
$imei_num = decrypt_sha1($imei, $key_to_decrypt); //some code to reveal the decryption key and method
return $imei_num;
}
Something like this may help us to write some other code to restore our broken IMEIs and warrantys, for example:
Code:
function restoreDeviceId($imei_to_restore)
{
$imei_encrypted = encrypt_sha1($imei_to_restore, $key_to_decrypt); //here we use an encryption key we discovered in prev. step
if(fwrite(0x12345678, $imei_encrypted)) return true; //here we use the mem adress we discovered in prev. step
return false;
}
Of course, I don't expect this to be that easy as in examples above, but I'm ready to digg
PS: i've just sent an email to the Huawei support with problem description. hope, they can help...
Kindly let me know if they reply positive ,need to restore mine too.....
Hello ppl...
I have the same problem, IMEI = 0.
I'm pretty sure that the IMEI was not in any way changed, since I can register on my network.... and supposedely that is not possible with an IMEI nulled.
By the way, I was with CM7 and also formated the SD Card within android system, guessing that could be the reason for that.
Related or not, I started having troubles with non working wifi and SD Card with 2.3 based roms... with original roms or FLB (2.2.2) system works fine.
It would be very helpfull to some of us if one of the Devs could take a look at this problem.
Thank you all!
stockwell, genokolar, dzo...
Can you help us ?!?!?! PLEEEEEAAAASSSSEEEEEEEEEEEEEEE
I miss my 2.3 roms
My X5 also had nulled IMEI.
Also it had WI-FI MAC address changed to new value and SD-card problems (unknown hardware on my PC and recognized as CD-drive).
Service center guy said that it all hardware issues and main-board to be replaced. So it's covered by warranty (despite the fact that I admitted that I had rooted the phone and had installed custom ROM).
Today a was notified that the phone was fixed. I'll get it back tomorrow.
I'm from ex-USSR too (Moscow).
Garry,
If problema was hardware ir wouldnt work also with 2.2.2 roms... And in fact they work perfect.
Problem is 2.3 related... Lwts see when huawei gives official update. They refer the delay is related with... Guess? WIFI!
Sent from my U8800 using XDA App
Does it going on here?
My IMEI = 0, too
In Germany (homenetwork vodafone) I have no problems to login to the network, having phone calls etc.
Now I'm in Sweden and I can't login to any network here. Or, I am logged in not correctly 'cause I see the signal is changing, but I can only do emergency calls. In the status the network provider is unknown.
Today I was in Kopenhagen, Denmark and there I was able to login to TDC A/S and had a phone call - I received SMS...as usual
So what is that? -.-
nrdl said:
Garry,
If problema was hardware ir wouldnt work also with 2.2.2 roms... And in fact they work perfect.
Problem is 2.3 related... Lwts see when huawei gives official update. They refer the delay is related with... Guess? WIFI!
Click to expand...
Click to collapse
Yes stock ROM (2.2) was almost working (some issues with USB access from PC). Custom ROMs (2.3) and most other of Huawei ROMs (2.2) all had broken WIFI and PC USB access. It's not just 2.3 issue it looks for me like different appearances of one bug. I think it happened because of some hardware issue.
Does ToolBox5iromV1.0.4.2.apk work?
ufukyayla said:
Does ToolBox5iromV1.0.4.2.apk work?
Click to expand...
Click to collapse
I've read about it but google translate is giving me a headache.. But i think the Chinese community have tool to backup IMEI n restoring them..
izzoe said:
I've read about it but google translate is giving me a headache.. But i think the Chinese community have tool to backup IMEI n restoring them..
Click to expand...
Click to collapse
The question about this is that you had to have made backup before... wich doesn't happend... most users don't even noticed their IMEI is now 0.
me too,IMEI is 0
So will this problem be a problem without any solution forever???
in theory, if we could edit backup img to our original imei... solution would be simple...
Justa need the help of some devs or programmers to be able to edit that file. ;-)
Sent from my U8800 using XDA App

[Q] PERMANENTLY changing MAC address (Samsung Galaxy S5 G-900H)

Hi,
First off i want to state that i have some knowledge of the legal issues concerning changing of MAC addresses and the sole reason that i want to do this is because privacy is a big issue for me and i have a right to enjoy my right. Therefore, any posts or argument concerning such are requested to be posted elsewhere where the topic expressly states so.
Also, please treat me like a newbie when it comes to developing and programming of any kind. I have a very shallow understanding of kernel and the likes.
I am using a rooted S5 G-900H(Exynos with BCM 4534 chip)
Running on 4.4.2 Kitkat stock ROM and Kernel
So without further ado, here is what i have found so far
The MAC address is reflected in a hidden file called .mac.info in the /efs/wifi/ folder. However, editing the file does not change the actual MAC address in anyway. A phone reboot or even turning the wifi on/off will just change it back to the original.
I dumped partitions from /dev/block/ on to my SD card and copied it to my laptop. I searched through the files and found the MAC address in the efs.img partition.My wifi was turned off and the plane was in airplane mode. I modified it and flashed it back using the dd command from terminal emulator on my phone(this can also be done through adb shell but im guessing if you know what that is then you obviously know how to do it).
I rebooted the phone and everything seemed fine. The Wifi MAC address in the status screen in settings displayed my edited address. The .mac.info file also displayed the same. The problem is that it reverted back to the original as soon as i turned on the wifi. The MAC address values in the .mac.info file, status screen and the efs partition from the /dev/block/, all changed back to the original.
I have read that for most phones the important information unique to that particular phone(like IMEI, wifi/BT MAC address, unlock codes and so on) is stored in the NV_DATA.bin file, but everything is encrypted. Also there are only guides as to searching unlock codes and such, so i tried to search for hash blocks randomly using Hex Editor but there was nothing of the sort and the only hash block i can recognize is the one with AES-Encryption as shown from another forum on this site.Maybe it is another type of encryption, but that was another dead end for me.
Then i tried to search and edit various files and kernels as such, but there are no kernels that directly offer this customization. Tried to edit init.tuna.rc but there was no such file in the root directory. Searched init.goldfish.rc and init.wifi.rc and found nothing, but i did see init.svc.macloader mentioned and since i didnt want to mess with programs in the /system/bin/file i left it as is.
Also tried to search through PARAM partition using Hex Editor but nothing was there. Did the same for RADIO and BOOT but i dont think i did find anything major there.
tried to edit /sys/class/net/wlan0/address but it didnt let me, even though i was mounted as r/w. Flashing through dd command on terminal also resulted in permission denied. I was only able to view or dump it. I thought that may have been the source, but modifying the MAC address through the busybox if config command was reflected on the file. which obviously means that its not.
Looked through the dmesg (kernel) log and found a few interesting things but i dont know how to interpret them and what to do with it either. Ill post it later.
There is no NVRAM.txt the only ones in place of it i have are nvram_mfg.txt, nvram_mfg.txt_wisol, nvram_mfg.txt_semco3rd, nvram_net.txt, nvram_net.txt_semco3rd, nvram_net.txt_wisol.
I did do a bit more searching and editing, but i dont recall them right now.
Now, After all that what i think is this.
There is a source for the original MAC address somewhere either hardcoded in the Broadcom chip or somewhere in the partitions under a layer of encyrption.
The Original MAC address is only accessed when the wifi is turned on and not on reboot. This means it is not in any file, program or script that activates on boot, so only scripts and files accessed and imported during the turning on of wifi
must have it. Also while wifi is on and running, busybox ifconfig command changes the MAC address succesfully albeit temporarily, although the change is not seen on the status screen and but it does on the .mac.info file.
Any help from anyone, especially from developers with knowledge of Android kitkat ROm and kernels would be very much appreciated.
Alpaca_Bandit said:
Hi,
First off i want to state that i have some knowledge of the legal issues concerning changing of MAC addresses and the sole reason that i want to do this is because privacy is a big issue for me and i have a right to enjoy my right. Therefore, any posts or argument concerning such are requested to be posted elsewhere where the topic expressly states so.
Also, please treat me like a newbie when it comes to developing and programming of any kind. I have a very shallow understanding of kernel and the likes.
I am using a rooted S5 G-900H(Exynos with BCM 4534 chip)
Running on 4.4.2 Kitkat stock ROM and Kernel
So without further ado, here is what i have found so far
The MAC address is reflected in a hidden file called .mac.info in the /efs/wifi/ folder. However, editing the file does not change the actual MAC address in anyway. A phone reboot or even turning the wifi on/off will just change it back to the original.
I dumped partitions from /dev/block/ on to my SD card and copied it to my laptop. I searched through the files and found the MAC address in the efs.img partition.My wifi was turned off and the plane was in airplane mode. I modified it and flashed it back using the dd command from terminal emulator on my phone(this can also be done through adb shell but im guessing if you know what that is then you obviously know how to do it).
I rebooted the phone and everything seemed fine. The Wifi MAC address in the status screen in settings displayed my edited address. The .mac.info file also displayed the same. The problem is that it reverted back to the original as soon as i turned on the wifi. The MAC address values in the .mac.info file, status screen and the efs partition from the /dev/block/, all changed back to the original.
I have read that for most phones the important information unique to that particular phone(like IMEI, wifi/BT MAC address, unlock codes and so on) is stored in the NV_DATA.bin file, but everything is encrypted. Also there are only guides as to searching unlock codes and such, so i tried to search for hash blocks randomly using Hex Editor but there was nothing of the sort and the only hash block i can recognize is the one with AES-Encryption as shown from another forum on this site.Maybe it is another type of encryption, but that was another dead end for me.
Then i tried to search and edit various files and kernels as such, but there are no kernels that directly offer this customization. Tried to edit init.tuna.rc but there was no such file in the root directory. Searched init.goldfish.rc and init.wifi.rc and found nothing, but i did see init.svc.macloader mentioned and since i didnt want to mess with programs in the /system/bin/file i left it as is.
Also tried to search through PARAM partition using Hex Editor but nothing was there. Did the same for RADIO and BOOT but i dont think i did find anything major there.
tried to edit /sys/class/net/wlan0/address but it didnt let me, even though i was mounted as r/w. Flashing through dd command on terminal also resulted in permission denied. I was only able to view or dump it. I thought that may have been the source, but modifying the MAC address through the busybox if config command was reflected on the file. which obviously means that its not.
Looked through the dmesg (kernel) log and found a few interesting things but i dont know how to interpret them and what to do with it either. Ill post it later.
There is no NVRAM.txt the only ones in place of it i have are nvram_mfg.txt, nvram_mfg.txt_wisol, nvram_mfg.txt_semco3rd, nvram_net.txt, nvram_net.txt_semco3rd, nvram_net.txt_wisol.
I did do a bit more searching and editing, but i dont recall them right now.
Now, After all that what i think is this.
There is a source for the original MAC address somewhere either hardcoded in the Broadcom chip or somewhere in the partitions under a layer of encyrption.
The Original MAC address is only accessed when the wifi is turned on and not on reboot. This means it is not in any file, program or script that activates on boot, so only scripts and files accessed and imported during the turning on of wifi
must have it. Also while wifi is on and running, busybox ifconfig command changes the MAC address succesfully albeit temporarily, although the change is not seen on the status screen and but it does on the .mac.info file.
Any help from anyone, especially from developers with knowledge of Android kitkat ROm and kernels would be very much appreciated.
Click to expand...
Click to collapse
As you said, ifconfig changes it, there are several apps that do it for you as well, chainfire also released a mac randomizer app. You also noted it's hardwired in, so i would just have a startup script that changes it if i were you, there night be a better way to do it though.
Sent from my Tw5ted SM-G900A using Tapatalk
Yes, I have been using pry-fi as an option but the thing is that when i'm watching videos or downloading large sized files from playstore or other file hosting sites, it starts to turn my wifi on/off several times before becoming stable and logging in to the AP again. I have tried macchanger also and both misbehave after an interval of time. Thats why im trying to search for a more cleaner way to do it.
Running an init script would be nice but i have no idea how to do that. But there should be a script that only runs when turning on the wifi right? Would you know where this file was located and how to modify it? and if so please tell me.
Alpaca_Bandit said:
Yes, I have been using pry-fi as an option but the thing is that when i'm watching videos or downloading large sized files from playstore or other file hosting sites, it starts to turn my wifi on/off several times before becoming stable and logging in to the AP again. I have tried macchanger also and both misbehave after an interval of time. Thats why im trying to search for a more cleaner way to do it.
Running an init script would be nice but i have no idea how to do that. But there should be a script that only runs when turning on the wifi right? Would you know where this file was located and how to modify it? and if so please tell me.
Click to expand...
Click to collapse
You can just use init.d to make the script, shell scripting isnt very hard and i won't give you a tutorial here. Also as noted many places when researchng changing a mac on android, you can't connect to secured APs, or it won't be easy at least. As i said before, there may be a better way to do this, but i do not know it.
Sent from my Tw5ted SM-G900A using Tapatalk
Ok, thanks a lot. Running a script might just be cleaner than anything else I have right now. I'll still be on the lookout for other ways though. Call me hard to please.
Btw, I think the reason most custom MAC addresses(if they do get changed) are too different than the ones registered on the chip. I've found that changing only the 2nd digit out of the 12 in the address, to an even hexadecimal number like 2 or A, works for me on my pc.
Also you need to forget the networks on your pc or android as soon as you change it. Doesnt matter if you have the password or not, it doesnt connect. Must be something to do with the saved info about the ap on the phone that messes it up.
Alpaca_Bandit said:
Ok, thanks a lot. Running a script might just be cleaner than anything else I have right now. I'll still be on the lookout for other ways though. Call me hard to please.
Btw, I think the reason most custom MAC addresses(if they do get changed) are too different than the ones registered on the chip. I've found that changing only the 2nd digit out of the 12 in the address, to an even hexadecimal number like 2 or A, works for me on my pc.
Also you need to forget the networks on your pc or android as soon as you change it. Doesnt matter if you have the password or not, it doesnt connect. Must be something to do with the saved info about the ap on the phone that messes it up.
Click to expand...
Click to collapse
I know on for example ddwrr and even some official router firmwares they allow you to spoof your mac, may be worth looking into how they do it, but i have a suspicion it might be done with a script.
Sent from my Tw5ted SM-G900A using Tapatalk
Hard Wired?
I have been messing with 2 Alcatel Ideal 4060a, (because I bricked the first one i had).
After bricking the first 4060a I had, (wiping all partitions), I bought a second, (so I could install TWRP on it back it up and restore the backup onto the first).
After Restoring the backup of the second onto the first, all was good until I tried to get them online together.
When one connected it knocked the other offline, because they both share the same MAC address.
This is my problem and I wish the Mac Addresses were hard wired, then i wouldn't have this problem.
This is good news for anyone who wants to know if mac addresses are indeed hard wired. They are not, (at least not in the 4060a).
Hope This Helps.
gscripting
MAC for bt and wifi reside in the EEPROM or NVRAM. And that is not editable.
To put it simply you can't change it. Only spoof it. And if you know it's not legal you probably shouldn't be asking.
Reported Is different from original
gscripting said:
I have been messing with 2 Alcatel Ideal 4060a, (because I bricked the first one i had).
After bricking the first 4060a I had, (wiping all partitions), I bought a second, (so I could install TWRP on it back it up and restore the backup onto the first).
After Restoring the backup of the second onto the first, all was good until I tried to get them online together.
When one connected it knocked the other offline, because they both share the same MAC address.
This is my problem and I wish the Mac Addresses were hard wired, then i wouldn't have this problem.
This is good news for anyone who wants to know if mac addresses are indeed hard wired. They are not, (at least not in the 4060a).
Hope This Helps.
gscripting
Click to expand...
Click to collapse
More info relative to these 2 phones
I installed an app called Change my Mac.
It Lists:
Original MAC 12:34:56:78:90:ab
Current MAC ff:ee:dd:cc:bb:aa
They Are Different.
I thought the original MAC address it's showing, was the one written in the EEPROM or NVRAM,
but it turns out, after installing Change My MAC on the other phone also, its lists the same Original and Current MAC addresses as the first phone.
The Current MAC address listed is the one reported in settings and my network.
I Use Change My MAC to set the reported MAC to the original every time the phone boots using Tasker on only one of them.
Using Change My MAC, the change lasts til boot.
Just passing it on for those that might be interested.
When I get link privileges, I'll add a screenshot of Change My MAC.
gscripting

Categories

Resources