[Not illegal] Information about IMEI and WM device - Windows Mobile Development and Hacking General

Hello my friend,
First, this topic is not in order to ask " How to change IMEI device", because it's illegal and it's very very hard of new HTC phones.
I'm software programmor and I programm in eVC for Windows Mobile.
I would like develop a tools about IMEI and Windows Mobile Device.
I would like to know if anyone know how Windows Mobile retrieve the IMEI ?
I know that the IMEI number is stored in OTP memory ( One Time programmable memory), but where is located this OTP ?
In the mainboard ? Or directly in the cellular modem ?
So i think that the GSM driver allow to seek the IMEI ?
It's right or no ?
Thanks a lot,
regards,
Nixeus

The IMEI can be read from registry: HKLM\Drivers\BuiltIn\RIL: IMEI
It is not safe (I believe it is only updated when the device is coming up after initial boot after upgrade) and can be changed - not impacting anything, e.g. *#06# will still deliver the correct IMEI.

Thanks my friend for your answer.
When i use the *#06#, do you know how the imei is reading ?
With an AT command and the cellular modem ?

Try it out - dial *#06# and see that you get. Then change the registry value and do the same - it will not read the registry. AT command I never tried, but I suspect it will also not read the registry.
Afaik, the IMEI is stored in encrypted format in some permanent part of the device memory. It should be accessible through some API calls to the RIL. As I am no programmer I cannot help you further.

hard to think of a LEGAL reason to be doing this anyway, the only reasons i can think of are writing a fake one (illegal) or spoofing it across the network (illegal).
If you just need to know what the IMEI is in your software for some reason then the registry entry mentioned should do it for you surely

Nooot !
I need to expand my knowledge.

Use the lineGetGeneralInfo function.

can be used for licensing method...for example a developer wants each copy can only be run on 1 device,this can be used

For example man, but i would like better to be able to read this imei in low level

Or directly from the cellular modem..

Related

Replacing My App by the default dial app and a few more..

Hi
I have a few question
--is it possible that i replace my application with the default dial applciation when the start call key is pressed . i read the post that by replacing /windows/cprog.exe this can be achieved temporarily. i want it for permanent.
--secondly is it possible to stop any default voice call when number is pressed on touch screen or through dialer application..........by intercepting the internal message mechanism .
--How XDA2s make a voice call ....is it through tapi ...i m talking about the normal phone calls ....if its tapi i will b help ful if a detail is provieded whether a seperate TSP is required for that ?
Thanks in advance ...any help will b highly appreciated .....
Regards,
Tabish
Replace cprog.exe with custom phone app
Hi hsibat,
I have almost the same problem. I want to replace the original phone application with my custom phone app. In this custom app I want to control which phone numbers are allowed to dial, and which numbers to accept a phone call from.
My results untill now are:
- My app works well when it runs besides the originale cprog.exe, using tapi calls like lineInitialize ... tapiRequestMakeCall etc.
- When I overwrite \Windows\cprog.exe with my app (now also named cprog.exe) I cannot dial or receive calls anymore. Building up a line and selecting a provider in the end results in "No service" in the connection dialog. Despite the fact that i'm seeing when debugging that the registration with my provider results in the correct provider (lineRegister) "NL KPN".
Obvisouly cprog has some more coding in it to setup a good connection.
- After this I tried to analyze the disassembled cprog.exe, but I didn't succeed until now to reveil which extra coded I needed in my app. Reading and interpreting the disassembled code is not easy for me, because I'm not experienced in assembly.
The disassembling I did in the following way:
1. Extract the pda os into a rom file using the OSImage tool (which you can download from http://cuba.calyx.nl/~jsummers/XDA/XDAtools-Jeff.exe).
2. Extracted all files from the romfile on my pc with the tool dumprom from itsme (which you can download from http://www.xs4all.nl/~itsme/projects/xda/dumprom.html).
3. Disassembled cprog.exe with IDA Pro 4.17.
- Now I'm trying to get my app working by replacing the original cprog.exe with my app and renaming the original cprog.exe and store the file somewhere outside /Windows, and starting the renamed cprog.exe from within my app. This Worked!!!! BUT my purpose to block "screened" outgoing calls can be bypassed. When an incoming call is missed you still are able to view missed calls (icon in the taskbar), and if you selected a missed call the original cprog phone app is started (dispite the renaming). And you are free to make any call.
So I'm searching for a solution for this "leak". A solution could be by intercepting ALL outgoing call by receiving a message in my customized app. But like you I didn't figure out how to do this, yet. Or an even better solution would be to get the missing coding I need to be able to exclude the original cprog.exe completly.
You problem to make your overwritte of the cprog permanent can be solved I thing by making your own rom file with your own cprog.exe included and upload that to your pda. Using the tool makerom.
I hope you can extract some tips from my quest, and I hope someone has some tips for me.
greetings
Re: Replace cprog.exe with custom phone app
i'd recommend you to use completely different method. As you know OS communicates with GSM device through a COM-port. It sends normal AT-commands. You can hook the COM-port, parse ATDxxx and modem's responces and hide unneeded commands.
Replace cprog.exe with custom phone app
Thanks Mamaich (famous celebrity in France),
I think your solution is neater, do you perhaps also have an example of how this should be done ? I searched the whole bb, but couldn't find more then cproghook. Learning by example works perfect for me.
Compliments for this great app by the way. I wonder how you come to these kind of ideas of hooking ?
tai
Re: Replace cprog.exe with custom phone app
http://mamaich.kasone.com/rover/IrCOMM.rar
archive contains a wrapper driver around one of COM-ports. It has no comments and was written to a different device.
Hooking COM
Thanks again Mamaich,
I'll start trying to make this work for my purposes. As soon as I have some results I 'll update my findings to the BB.
Greetings
Replacing the default Dialer App by hook or by Crook ..HELP!
Thanks a lot guys for so much suggestions.
What i m doing is trying a different options now mostly based on your suggestions....listed follows
-- I downloaded the WINCE source code provided by Microsoft under shared source code .Under there faq they said them selves that the source given is very different what runs on a pocket pc ..contains custom applications as well ....secondly i ddidnt find any thing related to GSM in the code but did find about Tapi which is used by a number of applications . i didnt find any thing like cprog.exe as well.....i m stuck what should i do ...i m unable to find even the dial button event handler ........i dont know how to put the dialing application do i need to build a custom one and if so ..how can it b possible to call it when the dial button is pressed ....
-- it might be an idea that intercepting the com port might help...but when there is nothing insied the availabe source code abt the GSM ....what i want to ask is is that are u talking about some external GSM device connected to com port .....if that so how the pocket pc makes the call
sorry if the questions are too childish but i m very new to this ..
Any help will be highly appreciated ..
Regards,
Tabish
Re: Replacing the default Dialer App by hook or by Crook ..H
hsibat said:
-- it might be an idea that intercepting the com port might help...but when there is nothing insied the availabe source code abt the GSM ....what i want to ask is is that are u talking about some external GSM device connected to com port .....if that so how the pocket pc makes the call
Click to expand...
Click to collapse
The code provided by MS does not have the code for RIL and other stuff.
Our devices contain 2 parts - a GSM modem and a Windows part that works with it via TAPI and RIL interfaces. They internally use COM2 to communicate with modem device (also COM9 is used during data session, but this can be ignored in your case). You can intercept all commands going through COM2 and filter out unnecessary ones.
MS shared source code would provide a little help. Most info can be obtained by decompiling DLLs/EXEs with IDA (www.datarescue.com).
Intercepting the COM2 port for GSM
Thanks for the reply,
i m into writing an application that will intercept the commands destined for COM2 as its a gsm port right ....i hope this will work for me .
Is there are good starting article for writing hooks for COM ports and is there any detail available for WinCE what port is for what purpose ?or u can say WinCE internals .
Any extra advice or information will also be highly appreciated in this regard.
Regards
Tabish
Re: Intercepting the COM2 port for GSM
i don't know such articles
Hi
Now i m trying to get into details and trying to write a GSM port interceptor .
A few problems that i have that ....i wanna create a seperate rom iamage i mean my little application will be a part of OS . but unfortunately i dont have the RIL module code in the shared source code ...there is no TSP ( not remember the exact name )avaialble that Tapi uses to make the call.
Secondly if i dont make it a part of OS then will it b possible to make it background process that will run every time OS starts and will not disappear even after a hard reset.
I will be needing guidance to achieve this .....
ideas matters alot .....
Thanks in advance ..
Tabish
to add files to ROM you can use itsme's romtools, or you can make a CAB and place it to extended ROM so that it would be installed after each hardreset
Oks ...
making the cab file is the second part ....
firstly i tried to extract the rilgsm.dll and ril.dll from my device , i was succedded in getting rilgsm.dll but was unable to get ril.dll....infact i wanted to have a look at the functions provided there ....
i m not sure where to start from .....i check the forum ther i found a very complex solution for hooking the dll in this link
http://forum.xda-developers.com/viewtopic.php?t=19558
and i will have to hook the dll in ordert to intercept what even command goes to the port .....
Correct Me if my direction is wrong ....
Regards
Tabish
I have followed many posts on how to establish data call and am still having problems.
1) When collecting data from TAPI shall i createfile through COM 1 ? because when i try to, i get an error message. Maybe shall i get rid of CProg.exe ? However in my program i'm only requesting a connection to recieve data from a remote module.
2) When connecting through COM 2 with AT Commands i get normal AT responses. However with my ATD i have more difficulties. I dial ATD"0123456789"; and i get an OK then NO CARRIER response. Anyone got an idea ?
thanks for your helps.

something may help in sim unlock p3300

HI all
first of all , thanks to all the crackeres and progarmers here who do their best to make our life easier .
ok i'll describe what i found in breif
i'm still new to this field but i got intersted in it and i had a friend who was complaining that his p3300 mobile was sim locked when he was trying to upgrade to wm6
so i offered to help him as i have a good background in pc progarams cracking
i searched ur forums for the sim unlock but i couldn't find it
so i tried to use the tools available here to figure out how i can unlock it
and here are my results :
1 - i found that the program which locks the phone is called " simlock.exe "
and this file is well hidden in the windows folder and u can't see it inhe i - mate or even using win xp
the only way to see it is by 2 methods :
u can see it if u are using win vista and u showed hidden files and system files
or u can see it using xda utlities " pdir -v windows\s*.exe"
2 - i tried to delete this file or copy it to my pc to analyze it using my set of cracking programs but it always gave me ( access denied )
3 - finally i could get rid of this stupid screen that is asking for ( unlock key ) using the command " pkill simlock.exe " and i could open the phone while the sim is in without any interference from this program .
4 - there were 2 drawsback for my method
- the phone got simlocked again when i restart the phone because the program is set to run again .
- there was no signal from the sim ( just say it is searching for signal )
5 - i tried to debug the simlock.exe while it is running and i found that it is attached to another file called ( compime.dll ) which is also hidden and inaccessible .
after all what i found , i have a conclosion here which i want the experts to discuss and try to use it to make a program for unlocking this i-mate
this file ( simunlock ) is started when the windows load its files either by regestry key or another way
then when u enter code it sends it to the compime.dll library which compares it with the serial it generates
and there is another 1 or more programs which prevent sim from working properly
so to sim unlock this phone we need to find how simunlock.exe and the other programs which prevents the user from using the phone starts and we disable or delete them
or another more complicated smart way is to figure out how compime.dll generates and compares the codes and make a sim keymaker using the same algorithm
this is what i found till now
i don't know if u know these information or not but i felt that it is my duty to tell u what i know as u tell me what u know
thanks to the moderators especiallly ( POF )
AND I'M WAITING FOR UR COMMENTS
ohhhh before i forget
i want to start learn this stuff , can anyone from the moderators help me ???
i'm good in visuall basic 6
have good background in cracking , reverse engineering , assembly language .
i would appreciate if someone provided me with books or their experience about this field .

How To Read the Imei from Polaris

anyone knows that?
What do you mean? By a program you are writing or just because you dont know your IMEI?
As for the program, I dont know, the last thing I touched was Visual Basic 6 a couple years ago...
As for the IMEI in general: dial " *06# " (without the quotes) and it will display the IMEI. Or check the package of your device, its written on it as well or as a last resort, remove the battery, there is a sticker on the back of the device carrying the IMEI.
Settings --> Device Information --> Identity
i Want to replace my imei because i want to use the Gps software.The licence need it
nosure said:
i Want to replace my imei because i want to use the Gps software.The licence need it
Click to expand...
Click to collapse
You want to spoof your IMEI for the software??
or
You want to actually change your IMEI on the device ??
which one?
Wizard service tool is what you are lookin for!
http://forum.xda-developers.com/showthread.php?t=329170
Do not forget to note your current IMEI!!!
I want to actually change your IMEI on the device .
Wizard service tool can`t for polaris,i think...
nosure said:
I want to actually change your IMEI on the device .
Wizard service tool can`t for polaris,i think...
Click to expand...
Click to collapse
Yes it does not work I have tried it. BTW does anyone have anytool for changing imei?
hi,
guys, you don't need to change phone's EMEI. What you need is to use MultyDID app (see the link for procedure http://forum.djawir.com/smartphone-...99-my-collection-smartphone-apps-games-5.html ). This program perfectly works for NAVITEL NAVIGATOR GPS-program, and I'm sure it will work for other GPS-apps as well.
Rgds.
change imei
i use mtty's mb command to peak into the memory and found the address for the following...
9DDD6C-9DDD7C: CID (ie. HTC__001)
9DDD7C-9DDD89: IMEI
9DDD94: SECU_FLAG (ie. 0 or 1)
i tried using mw to write the memory but the value wont stick... anyone know how to make the values sticky?
^^^ does anybody know?
For what purpose would you want to change the IMEI number for this way?
If a software will not accept your phones IMEI number you should contact the manufacturer/retailer. If it being installed because it wasnt meant for that particular phone then I'm afraid you should look elsewhere for solutions.
Guys, I'll be honest with you changing IMEI numbers to install software sounds like what it is without having to spell it out and I would be grateful if we wouldnt encourage it here on the Polariis forums by entertaining these type of posts.
Many thanks.

How to repair imei

hi i have problem with my imei after unlocking sim code got some extra two digitals in the end... its existing any program for blackstone to edit that??? or any good idea how to fix that?
I thought that the IMEI is an unique number for every device, and it cannot be changed in any way.Someone correct me if i am wrong.
berbecverde said:
I thought that the IMEI is an unique number for every device, and it cannot be changed in any way.Someone correct me if i am wrong.
Click to expand...
Click to collapse
IMEI can be changed for any phone if you have the appropriate software, but it is illegal to change IMEI number in some country.
The last two digits are your SVN "software version number" there is no need to change them. http://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity

[Q] Legal way to change SPC to 000000

hello
i have seen or read many article on how to change spc to 000000. i needed to download and tweak my phone but without changing my imei. it's as good as nothing.
Please which better way to edit my existing SPC number to 000000. i use MSL utility to know my SPC. but i am having problem changing it.
i also made use of CDMA but i was hanged on the Password (16 digit ) where my sprint number said ( check image below )
so how will i achieve this?
thanks
http://forum.xda-developers.com/showthread.php?t=2270191 should be what you are looking for...

Categories

Resources