Hi Guys,
i am having issues with phonebak anti theft, installed the application, tried to register it with a keygen but the unlock code will not work since the IMEI on my phone is 17 digits and not the original 15, searched everywhere for solutions but haven't got one, i need the application (BAK2u PhoneBAK Anti Theft.v2.0) to read the original IMEI other than the 17 digits.
Anybody having the application and having it registered will be of great help to me as this is the application that could help me recover my toy in case it ever gets stolen.
Thanks
try without last two digits of IMEI.
I had a similar situation when gave my IMEI for sim unlock. Only 15 digits were requested and I had 17.
hope I'm not wrong but worth a try.
Thanks Radurus for your interest, thing is this application reads the IMEI the way it is so it reads the whole 17 digits and the keygen only accepts 15 digits.
i failed to get this to work out, so i bought the full appliaction
Related
Hi all
I was wondering if anyone knew the answer to the above question.
to explain a bit better:
If i change the IMEI on my XDA it will obviously show up on the phone. What i want to know is will the network see the new of old IMEI. Ie whis is sent out by the phone.
Also:
From that i have found out the new service which blocks off stolen phones work that runs in the UK work by the IMEI code of the phone.
How do i make sure i don't change my IMEI to a number that is registered as stolen and in turn block my phone off.
Also again:
If at a later stage my phone does get blocked will changing it back to the original IMEI unblock it?
After all this i'm wondering if i should bother changing the IMEI. Although it would be nice to have my DOB there.
Oops I think I posted this in the rwong place!!
To Adminstrators:
Sorry
If it is in the wrong place could you move it?
The IMEI is stored in two places: one is displayed, the other is used to send to the network. The Manipulator changes both locations. The chance you'll change your IMEI to one of a stolen phone is small, very small. (It's six digits if you exclude the manufacturer part, so the chance is definitely bigger than getting hit by a meteorite, but still)
We included the IMEI change bit because:
a) We could
b) Privacy concerns: we'd like to live in a world where people can have multiple identities that are hard to connect, even if their opponents happen to run the country / telco.
WOW!!
Thanks for the great answer. As soon as it is possible to change my imei and unblock my phone i'll be doing it. (I have version 4.20 so it don't work yet).
Does anyone know of a web site where it list all the imei that are recognised as stolen or a number i can call in the UK to find out. The local police are useless and don't know anything.
A number to report a stolen phone would be useful as well cos my little sis got her knicked.
It took a small group effort, but we cracked it.
Problem 1: Bug in limitation to %UREG command
First of all, on 4.20 they check to see whether the %UREG request lies within certain bounds as follows:
AT%UREG?addr,len:
if (addr < 0x3ef000 || addr > 0x3ef007) return(0);
if ((addr+len) < 0x3ef000 || (addr+len) > 0x3ef007) return(0);
Now because addr en len are both 32 bits, we can make use of the wrap (negative in effect). After the test above the maximum length will be limited to 100 (0x64).
So for instance:
AT%UREG?3FE004,FFFFFFFF
will read 100 bytes from 0x3FE004, clearly outside the range UREG was meant to be restricted to.
Problem 2: Obfuscation too easy
When executing the command above: after 74 bytes of FF, the obfuscated result code is displayed. The information needed to get the unlock code is contained twice, in the format ABCDABCDEFGHEFGH if a different letter is assigned to each unique nibble. Nibbles are first swapped to make EHAFGBCD. Then bits 3 of nibbles H, F and B are rotated left, so that nibble H gets bit 3 from F and so forth. After this, the whole 4 byte value is rotated into the lower bit. The result is the 8 digit unlock code in BCD, which can be supplied to the unlock command:
Code:
AT%SIDLCK=0,<8-digit unlock code>
Commentary:
Nice try: took us 2 person-days, probably still less than it took to think up, define, approve and program. :twisted:
The new version of The Manipulator, online now, supports unlocking of Radio Stack 4.20.
Yippee... the manipulator works for 4.20 !!!!!
Hi,
I must be a very lucky guy.
Just received my xda today (64mb ram, 4.20.00 radio version, 3.16.32 ENG rom, dated 2/13/03) and was fiddling with it about half and hour ago with the former xda manipulator program (ver 1.02) which recorded error messages and couldn't work. Then I looked into the net and found this posting just made( at 10.30 pm) and was the number 6 person to view the posting; downloaded the new manipulator and hey presto - the xda is unlocked !!!!
Only one thing though- don't see the gid lock, the imei number and the call timer entries in this new program(ver 1.1) which were present in the ver 1.02 program. Not a problem for me though as long as I could use the phone on my vodaphone sim.
Anyway, thank you so much for the hard work in cracking the 4.20; really appreciate it. Well done and keep up the magnificent work.
Cheers
Yup - it works a treat - unlocked in 10 seconds.
WELL DONE guys - thanks so much for all your input here. I now have an XDA that is truly useful and versatile.
BRILLIANT!!
Rog
Just tried 1.1 on 6 phones, all with 4.20. Five of them unlocked no problem, but one of them, for some strange reason, didnt work, it read the sid code, but the one that it came back with was only 6 digits long, and when pressinng "UNLOCK" nothing more happened. All the other codes were about 8 digits long. I tried entering the code manually, butjust came back saying it wss incorrect!!!
Anyone come across this??
Many thanks in advance
Hmmm. It could be that the code (or the second half of it) starts with two zeroes, and now that you mention it: the manipulator doesn't display (or unock with) leading zeroes.
Could you try that six digit code with two leading zeroes, and (if that doesn't work) inser the zeroes in the six digit number as follows XXXX00XX or as follows 0XXX0XXX. Tell me if that's it, please...
(Expect 1.11 of The Manipulator in the next day or two...
IMEI Change
Great work guys i'll be unlocking my xda as soon as i get the serial cable. It is a combines serial and USB cable so if anyone has experience with this not working (Ordered from Expansys thenlet me know) otherwise i'll post here to let you know if it worked or not.
I would like to know if there are any plans to make a version of the communicator that ill change the imei.
If not will commands from hyperterminal work? (Sorry if this is not currently possible I havn't been motivated to look it all up but will be if it possible to change the IMEI through this.)
I know that ther version of Hyperterminal that come with in 2k and XP is more limited that the one in 95 and 98 so would another terminal emulation program do the job better (Reflections 420 for example).
Thanks again for the great work.
How do you find all this stuff out?? How do I learn.?
Minesh
@Peter Poelman ur a blinking genius mate, it was the last method (0XXX0XXX)
So now ive done 11 phones(R4.20), and all 11 unlocked, pretty good success rate i reckon
Keep up the great work guys
Re: IMEI Change
MineshT said:
I would like to know if there are any plans to make a version of the communicator that ill change the imei.
Click to expand...
Click to collapse
Manipulator (I assume that's what you mean) does change the IMEI, but not on 4.20 phones, because we can't easily reach the memory range. In fact we have ways to do it, but we didn't yet feel like doing the necessary programming work before they lock us out completely.
If not will commands from hyperterminal work?
Click to expand...
Click to collapse
There's no easy (or medium-hard) way to change the IMEI on 4.20 phones.
How do you find all this stuff out?? How do I learn.?
Click to expand...
Click to collapse
In this specific case, we looked at the ARM machine-code in the 4.20 binary contained in S-record form in the RSU upgrade package, using IDA (a disassembler program). We then figured out the %UREG restriction was lacking. Looking at the obfuscated code we figured we could break it without looking at further code (and the phone binary code guru was unavailable for the day), so we cracked it by just staring at enough possibilities. (We could set and reset the lock using different codes with AT%SIDLCK).
Not sure hacking phones is a specific skill one can learn. Even though we're mostly still pretty young, most of us are very experienced software developers, senior security experts. Electronics, programming and reverse-engineering experience of 20-25 years in some cases. But there's pretty good texts out there that describe disassembling other people's code, understanding embedded hardware and other areas of expertise you'd need.
Reverse-engineering needs a lot of the same skills that 'forward-engineering' does. If you have the skills needed to build something, you can begin to take it apart.
Current issues with The Manipulator
The Manipulator currently does not unlock phones which were locked and then user-upgraded to 4.20. So unlock first and then upgrade. Also, please read hotentot's post and my reply above for a problem that appears when the code has zeroes in certain positions.
Both issues will be addressed in the next version, due in a few days, when I know there's no other things that need fixin'.
Hello,
I brought my HTC TyTN from expansys and I'm currently on holiday in Turkey, I had to get my IMEI number registered on the countrys database with my passport for it to be usable but when the lady entered the IMEI, it had two extra characters at the end and the system didn't accept those so she removed them and registered that IMEI, she registered the same as the IMEI on the back of my battery, but when I do *#06# in WM, it shows the same IMEI with 04 at the end, now I upgraded my radio and the 04 at the end has changed to a 06. So in 15 days, my phone will be unusable in Turkey because it has a 04/06 at the end of the real IMEI and this isn't registered.
I'm paying 50$ via PayPal to the person who can solve this issue for me with either a tutorial or other ways.
Regards,
Ekin
i am not shur ... the last 2 digi are versions numbers ... ignore them!
See here for more info http://en.wikipedia.org/wiki/IMEI
Woot! Now that's a Wiki worth 50 smackers... although NetrunnerAT nailed it.
But I'm looking to remove the last 2 characters, is that not possible or are you saying the phone is allready reporting the right IMEI, the one with out the last 2 characters to my operator?
Why would you like to remove the last 2 digits?
Even your Telco knows the last part is a versionnumber.
I had to register with the phone's serialnumber (starts with an H).
http://www.numberingplans.com/?page=analysis&sub=imeinr Here you can check your IMEI.
Because Turkey is dumb, I got my IMEI registered and they registered it without the last 2 numbers because their stupid system has a character number limit.
Forget about the last two numbers. The IMEA doesn't change, what you see printed under your battery is the authoritive IMEA. The numbers you are finding on your screen following the IMEA are something else, version numbers as someone else said.
Feel free to send me $50 at any time.
Hi there.
I spotted something REALLY awkward today while trying to handle this problem with my service provider, where i keep getting PIN: PENDING, with Blackberry connect.
My provider finally asked me to give him my IMEI number so he can follow up on the matter. I gave him my IMEI number, not paying much attention as i was doing so, directly from the Blackberry Connect app's output. An hour later he calls me back to confirm the number, because it is invalid...
So i checked it out.
In Blackberry Connect, under Identity tab, it read out my IMEI number 2 digits short.
Can anybody confirm or deny that this is just a graphic glitch that the screen isn't wide enough to show the whole number, or is the app actually misreading the IMEI?
If the latter is in fact true, i think i finally coined why Pharos doesn't wanna connect Blackberry properly.
Your responses are highly appreciated.
PS: You can find your full IMEI under Settings --> System --> Device Information --> Identity.
oh crap... Im not paying attention at all!
Seems my device is reporting its own IMEI wrong... as 17 digits instead of 15...
So.. i checked the sticker under the battery on my device, and the last digits, 01, shouldnt be there.
How can i remove em? I think this may be the reason Blackberry isnt working?
Hey all,
I have a Motorola Flipout that i've taken to a shop to be unlocked from Orange UK, but they are having an issue as the phone won't take the code.
They are telling me that the unlock code should be 16 digits as appose to 8 digits for other phones, there for they can't get the code at the moment.
Is this correct, or completely wrong, i'm confused cos i've always known it to be 8 digits.
hi
if you need 16 digit unlock code then email me at [email protected]
thanks
I just chose the cheapest one on ebay (£8.90 I think). I got an email from them within an hour, sent back my IMEI number and they sent the code that worked straight away. I think it was 16 digits