Database Users

Protect You SOFTWARE

I know it is almost impossible to produce a software that is fully protected. In this I would like to share my experience in protection.
I developed a program that works in PPCPE and I have made a very good protection system….. I think
The protection system works as fallows:
- when the software is first install it capture the date of the installation
- it reads the device ID
- it ask the user for the program serial number
- I have two way of registering the system either through an SMS or through the web using a GPRS.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting… also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
- When the user chose the method to register the number is send to my server and the server send back the activation key to the user PPCPE
- The PPCE will read the SMS and delete it and store this SMS in the database …
The above is to get the activation key
In the software the activation key is produce and I use “if statement” to compare the activation key which is stored in the data base and the one the software produce if they are the same it will execute otherwise it will stop execution
To make it very difficult for the hacker I use pointer in the program and in these pointer I add the protiction key to it and subtract the key the program produce to make the additon equal to zero if the two key are the same
The pointer point to each button and each menu item in the program
I hop this information will help and I welcome any comment

Hmmm, sounds nice...but is it worth all the trouble...especially the SMS route could complicate things, no?
Besides, with good debuggers is it not possible to NOP the check section or jmp it, applying a patch?
I would opt more for a good packer such as Armadillo, and protect it that way. It will obfuscate the code, has debugger protections built-in, splits codes and destructs IAT. Additionally, you could add nanomites to make unpacking even harder. Then use a simple license key system.

Yes you are write .. a good hacker can do that …. But
If you use the method of pointer it is almost impossible to get any thing out of the program and it will be use les for any body to use it
And also it is almost imposable to hack it

But armadillo is only available for x86 Windows. But your message is right, HappyGoat.

pointer protection: piece of cake!
Well, the pointer thing as you describe it does not sound too difficult to hack.
You said your software will take the address for a pointer, add the key the user has entered, and substract the one the program has computed so that it equals to zero.
So, this means that the shift is always the same, so if you can get the entry point for any button, you know which value to add to the key generated by your software. Since you don't obfuscate the code this is a matter of minutes to hack this. :roll:
UL

Re: PROTICT YOUR SOFTWARE
As an old cracker I can tell you that this algo would not be difficult to crack. You are not using EXE file encryption, anti-debugging, integrity checking, and other tricks that are used in good protections like ASProtect. They would take some hours to bypass. And playing with pointers can stop only kiddies. UnlockMe said why.
If a cracker would get one valid question-answer pair, he'll easily convert any program to a fully working version. And your code can be cracked without this knowledge.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting…
Click to expand...
Click to collapse
Funny. Why should the cracker try to "find out what I am collecting"? Why the cracker should be bothered with all this ****? There are easier ways.
also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
Click to expand...
Click to collapse
Costly SMS? Even in Russia you can get free SMS subscription. I have free SMS + free GPRS + free incoming calls.
Your protection has at least one very thin part that makes it useless. I've seen the similar ideas before. But I would not tell you
And remember:
If it runs, it can be defeated. (c) +Orc
Click to expand...
Click to collapse

It is very nice to see people participates in a subject. I find it very interesting. And very helpful
I am not going to tell what I do but I am given a point to start to programmer
Chatty
Thanks for bringing this point. I can not find it also
UnlockME
I think it is very difficult to hack.
Imagine in my software I have 36 button and menu item. Each of them has a pointer. Let us say button one has a pointer value equal to 11675 let say it is stored in ptr
My key is 123456789 .. let say it is stored in a string str1
The key in the program is 908070605040302010 …… I use more encryption than that but this is just a demonstration
And let us say it is stored in str2
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
As I mention I am not going to reveal the protection that I use.. I am only giving a point to start
There is more thing in it I leave it to your imagination ..
Mamaich
In my country each SMS cost the mobile owner 0.1 USD … I am not going to cost hem moony for a wrong entry
…….
I think I know what you are thinking …. If the key is produced in the program I can hack it … I hope the above example clear thing up
……..
if you know any EXE encryption or anti debugging software I will be thankful
……..
thanks every body for your replay
-------------------------
pleas remember I am not Claiming that my sAlgorithm is anti-hacked …. It is only an algorithm for protection that I came with

wwb95, I'm not going to disclose in this forum how to actually hack an exe, but what i can tell you is that pointer-based protection will only stop kiddies as Mamaic says.
a hacker is not always a bad guy, though often they use their knowledge for such purpose, but it is before everything a guy that has an extensive knowledge of development tools, operating system, memory management, ...
I can tell you that if you are going to protect your software with this pointer thing, please send me a link I'll be only too happy to provide it for free to the community with a working "yes-code". 8)

wwb95 said:
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
Click to expand...
Click to collapse
I'll assume that (str1[1]-str2[17]) is always a constant for all Ptrs. Then you can easily find an original button handler (don't ask me how, newbies can check all function addresses, gurus can just look at the code, I'll use a different method), calculate this value and patch a program or write a keygen. And if it is not a constant - the process would not be much more difficult.
if you know any EXE encryption or anti debugging software I will be thankful
Click to expand...
Click to collapse
I don't know any existing protection. Long time ago I was developing such a project, but due to a lack of time and no investitions I've dropped it.
Here is a crackme - http://mamaich.kasone.com/wz/crackme.rar
and a pre-aplha of protector - http://mamaich.kasone.com/wz/protector.rar
It can compress&encrypt ARM WinCE DLLs and EXE files, has minor anti-debugging tricks and primitive import/export/resources encryption. And thats all that was done. No API, no stolen bytes, no on-the fly decryption, no integrity checking, etc.
I would not publish its source codes nor continue the work.

My advice: give up trying to protect your app. It can't be done; anything can be cracked easily. You're only going to piss off your users when the complex reg scheme starts introducing bugs and instability.
All you really want to do is a simple registration scheme. You have to rely on people's honor.
At Airscanner we wrote a book showing how to crack software, with a couple of chapters on ARM-based cracking for Windows CE. But you can get more info, and better, for free at Kaos' website:
http://ka0s.net/
It has everything you need to get started in Pocket PC reverse engineering.
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?

airscanner said:
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?
Click to expand...
Click to collapse
Some time ago I was a regular poster on www.reversing.net and www.reng.ru and reader of fraviamb. Now I don't have time for that.
Maybe you've seen my name in "thanks" sections of some tools.

ZXEvil why are you posting that link on multiple topics? What is that file?

Serial number?

Hi guys,
Been looking round the forums here for a method of getting the device serial number. All of the (very good!) examples seem to return a 16 byte GUID. Is there a method of getting the 12 digit serial number? Mine is like HT620DZ71704. This would be much appreciated, espacially if it were in VB!!!
Many thanks,
Millicent.

Mill - the examples on pocketpcdn are quite good. Just extract the relevant bytes of the returned serial.
V
Edit - didn't see you wanted VB. Apologies, I've only tried it in C++

IMEI changer for Polaris available?

need one to change my IMEI to fit the GPS software runs on specific IMEIs..

AFAIK, changing IMEI is illegal...

windirt said:
need one to change my IMEI to fit the GPS software runs on specific IMEIs..
Click to expand...
Click to collapse
It's away much easier to change GPS software than IMEI.

The IMEI is likely hardcoded into the hardware and WM reads directly off the hard code..Good luck!

you can change the imei of your device but it will cost both in time and money and you have to get your self a golden box( check infinity) but it's going to be easier for you to change your GPS software.

windirt said:
need one to change my IMEI to fit the GPS software runs on specific IMEIs..
Click to expand...
Click to collapse
Its easyer to use mr google to find a new GPS software then change the imei, and i dont think u can do that at all, the net is full of softwares... just pick one

No, the IMEI is not hardcoded into the device. It can be overwritten/changed but its a very dangerous process and if you're not an absolute pro you'll most likely brick your device. And this would be a final brick, not recoverable.
Appart from that: it's absolutely illegal in most countrys in the world. I actually don't know a single country where it isn't. In the countries I know the punishment wouldn't just be a fine but definitifely prison. And even if it's legal in your country, if you'd enter another country with a modded device you'd be guilty if caught at the border.
In the end it's easier to get a pirated copy of a GPS software including maps for your region, activators, keygens and cracks, all that USING GOOGLE ONLY, than changing your IMEI.

I've never programmed for WinCE but on WinNT I would go the following way:
1. Read MSDN to get an idea where from IMEI is to be obtained (I don't think every user space application reads hw registers, there should be some interfacing library (dll) which provides required functions).
2. Look for articles on dll injection (google for this trick) on WinCE.
3. Build custom dll providing all but IMEI query functions tunneled from original dll, IMEI retrival functions should be handled by your library, providing preprogrammed constants to user level app.
4. Program dll injector for putting hook into the specific app.

actually believe it or not it is not illegal to change your imei number here in canada but reasons for changing it end up being not so legal!

i hate fido
they locked me into a 3-yr contract and trick me into signing up for the $15 "unlimited surfing option" and only to tell me they have to bill me $120 extra backdate to my previous two invoices claiming my phone is not compatable with their "unlimited surfing option" and hence have to bill me by $/kB and claiming i had used over $2000 worth of data (WTF?!?!) over the past two month which i already paid my invoices in full & on time and there was nothing mentioned about any data usage whatsoever!
hence, i would very much like to change my IMEI to screw them back. Appreciate any help.

Hack a uim card for xv6800

一个偶然的机会， mr7 在某二手手机卖场发现一台由美国电信运营商 verizon 订制的 XV6800 烧号一体机。由于广州玩 CDMA 烧号机的人不多，商家也不会改，于是抱着碰运气的心态把这台未经改卡的原装机买了回家看能不能改为插卡机。
同为美国电信运营商的 Sprint 公司订制的 XV6800 机身为浅灰色，外观十分有型！而 verizon 订制的 XV6800 外观则显得有点土，机身塑料质感明显！但在按键操作及力度反馈上 mr7 认为 verizon 版本优于 Sprint 版本。机子拿回家后马上刷了中文 ROM ，并出现“白三角”的正常现象，为何说“白三角”是正常现象？很简单， mr7 还没更新PRL和做 QPST 的设置。
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
看看两者机身背面， verizon 版 XV6800 背部的金属屏蔽片已经被商家拆除，估计不会改插卡所以放弃了，而 Sprint 版的 XV6800 则已被改好插卡。很多网友经常问 XV6800 哪个版本好，其实不管 A 版、 S 版、 V 版、 Q 版的 XV6800 ，内部硬件是一样的，都是由 HTC 这个厂家代工的，都有 WIFI 模块。只是表面外壳和 LOGO 不同而已。手机原来的开机 LOGO 、 ROM 都是特意为不同电信运营商定制的，而且需要写码烧号。这些手机拿到中国大陆后，很多商家通过硬件改造，在电路板上加入 UIM 卡座，然后修改 QPST, 使到这款机子可以在国内使用。早期 XV6800 的 ROM 是屏蔽了 GPS 功能的，后来新出的 ROM 解除了屏蔽。
为了方便广州地区的玩家讨论改装操作，可加入广州 CDMA 玩家群了解，以便在广州市内共同研究交流， QQ 群号： 51711332 （请注明是广州地区玩家）。 mr7 的 QQ ： 510844822（请注明） 。
OK ，改插卡前先准备好梅花内六角螺丝批、充值卡或废旧 SIM 卡等塑料硬卡片用于拆机。假如 TF 卡槽内有 TF 记忆卡的话请先拔出。我们只须拆开手机底部外壳即可。
1 ．扭开 XV6800 背面的 4 颗小螺丝。如图方框处。

2
2 ．打开 XV6800 的滑盖，键盘按键朝上。把充值卡小心插入键盘与外壳之间的缝隙，如下图。 XV6800 键盘与外壳之间共有 6 个暗扣连接着，充值卡从顶部开始以顺时针方向慢慢划开键盘与外壳连接的暗扣。划开暗扣后可以轻轻翘起键盘直到外壳全部脱离向下翻开。
3 ．暗扣的位置分别在下面 3 个地方，大家可以参考下面 3 张图片以便拆机。
A. 右侧
B. 顶部
C. 左侧

当外壳卸载后，就是通信部分的主板了。主板上要整改的地方为红蓝两个区域。
A ．红色方框内必须用透明胶布贴好。主要原因是改区域为 XV6800 金属手写插入的地方，电路板上的触点都是外露的，金属笔插入后该处后很容易造成短路，短路后造成手机会不断重启的，因此必须贴上透明胶布以防短路。
B ．蓝色区域则为焊接 UIM 卡座的地方。焊接卡座需要电烙铁，松香等。注意！焊接前先将电烙铁预热，然后拔掉电烙铁的电源插头利用余热来做焊接工作，这样可以防止静电或感应电窜入电路导致元件烧坏。
5 ．准备好改装的材料，包括特制的 UIM 卡座和塑料底板。 XV6800 的 UIM 卡座跟普通的 SIM 或 UIM 卡座很不同， XV6800 卡座卡脚和触点是错位，而普通卡座是一一对应的，不能直接焊在 XV6800 电路板上使用。为了方便大家了解，作了大致示意图。
6 ．除了焊接 UIM 卡座，还要焊接电路板上两处触点，如下图。图中的 A 与 B 两点焊接在一起使RST端口能连接到电路，同样将 C 与 D 两点也焊接在一起使CLK端口能连接到电路。顺便把 UIM 卡座各触点定义也标出来。
7 ．这是焊接好 UIM 卡座后的特写， A 、 B 和 C 、 D 各触点也焊接好了。

8 ．下图是贴上塑料底板并合上外壳后的效果图。基本完成硬件改造。
做完硬件改造后，下一步是用电脑做 QPST 的设置。做 QPST 前请先拔出 UIM 卡和 TF 卡。
首先安装微软的 Activesync 4.5 ，并测试电脑与 XV6800 的连接是否正常。安装 QPST 2.7 BUILD 215 ， 215 是目前最好用的版本。安装驱动 Install_MSI_Sprint 。进入拨打电话界面，按 ##3434 然后拨号或按 ##3424# 进入 DM Router 模式，电脑认出硬件后手动找出驱动路径，当然也可以选用单独的 Modem 驱动。详细方法可参考其他网友的攻略。
进入 QPST 时会提示输入 SPC 码的，用算号器输入 ESN 码就得出 SPC 码。 QPST 设置的项目主要有：
1 ． 1x/HDR Secruity 栏的 R-UIM 项改为 R-UIM Only 即只读 UIM 卡数据。
2 ． M.IP 栏的 Mobile IP 项改为 Simple IP only 。
3 ． gpsOne 栏左边的选项前面全打钩，右边的 PDE IP 项地址为 0.0.0 .0 ， PDE Port 端口项为 0 ， PDE 项选 DBM ， Position 项选 PDE 。
4 ． MMC填460，MNC填03
大概设置就是如此！写入手机即可，然后重启一下手机。
顺便把 PRL 、 RADIO 等刷为最新版本，开机后可显示 EV-DO连接（37号频点） 。接上 CDMA UIM 卡，拨打电话正常！通话优良。
以上图片均可放大查看。本文内容仅供参考，只代表mr7个人实际测试及建议。鉴于本人水平所限，如有不正之处敬请多多指教。
GO AHEAD！ TRY IT…………………

So what exactly is the purpose of adding a sim card to the titan?

Well.. Viewing the pictures, looks great, but reading in chinese it's frustating, specially when I don't understand it... jejejejeje...
Anyway, seems to be a great way to use our Titans as GSM... Or that's what I think is this post to...
Any other language will be okey..
Thanx...

But I don't think the titan has functional GSM hardware/software. I don't think it has anything to do with missing a sim card. I translated the Chinese it kinda makes since in his steps.

Perhaps... I really don't know if this phone has those functionalities, but we can't denied the images... jejeje...
If there's another posts on the web about this, it really will come out soon..

RUIM uses cdma networks with all subscriber info on a sim card. Meaning in china, korea or india (where CDMA networks are used) you could theoretically pick up a prepaid sim and use your titan on a foreign network if you soldered a sim tray on it. (basic way of explaining it) There is another post in here in english if you care to search. Pretty cool stuff!
HERE is the thread from about a year ago or so.

Digital Roaming
Dear mr7mr7
the setting MMC 460，MNC 03 is it operator related ?
if the RUIM card i have is already prgramed which is i get from CDMA operator here in indonesia, do i still need to change the MMC and MNC setting ?
When i do the other setting (Change 1x/HDR to RUIM Only) and inserting my RUIM, my phone turn to digital roam.
is there any other setting needed ??
-- Tubbz --

google translate people:
A chance, mr7 second-hand mobile phone in a store by the United States found a verizon carriers ordered XV6800 No. burning machine. CDMA as a result of playing the Guangzhou No. burning of many people, businesses will not change, luck was with this mentality of Taiwan without the original card to buy a home machine and see if I can read card machine.
The same for the U.S. carrier Sprint Corporation XV6800 customized for the light gray body, appearance is very stylish! Verizon customized XV6800 and it appears that the appearance of a little soil, texture clear plastic body! However, operation and efforts in the feedback button on the verizon version mr7 that version is better than Sprint. Home immediately after the machine brushes the Chinese ROM, and a "white triangle" of a normal phenomenon, so why is "white triangle" is a normal phenomenon? Very simple, mr7 do not update the PRL and QPST settings.
Take a look at the back of the two fuselage, verizon version of the metal shield back XV6800 film business has been dismantled, it is estimated that there will not be given up to card, XV6800 and the Sprint version of the card has been improved. Many friends often ask which version XV6800 good, in fact, no matter A version, S versions, V Edition, Q version of the XV6800, the internal hardware is the same as all the manufacturers by HTC of Taiwan, have WIFI module. LOGO is a superficial shell and different. Mobile phone original boot LOGO, ROM are designed to customize the different carriers, but also burn No. need to write code. To get these phones in mainland China, many business transformation through the hardware, the circuit board to join in the UIM card connector, and then modify QPST, so this machine can be used. XV6800 early screening of the ROM is the GPS function, a new out later lifted the mask ROM.
Guangzhou in order to facilitate conversion of the players to discuss the operation, which may be included in Guangzhou CDMA base to understand players in order to study the exchange of the city of Guangzhou, QQ group number: 51711332 (Please specify player is in Guangzhou). mr7 the QQ: 510844822 (please specify).
OK, change card ready before Plum Hexagon screwdriver, recharge cards or SIM cards used hard plastic card used to拆机. TF card slot if there are TF memory card if you pull out. We need only to open the phone at the bottom of shell.
1. XV6800 turn on the back of the four small screws. Figure Box Office.
Attached Thumbnails
Click image for larger version Name: IMG_0013.JPG Views: 148 Size: 47.8 KB ID: 151171 Click image for larger version Name: IMG_0019.JPG Views: 146 Size: 36.0 KB ID: 151172 Click image for larger version Name: IMG_0021.JPG Views: 136 Size: 39.6 KB ID: 151173 Click image for larger version Name: IMG_0026.JPG Views: 137 Size: 46.3 KB ID: 151174 Click image for larger version Name: IMG_0034.JPG Views: 128 Size: 41.2 KB ID: 151175
Click image for larger version Name: IMG_0035.JPG Views: 129 Size: 34.7 KB ID: 151176 Click image for larger version Name: IMG_0036.JPG Views: 126 Size: 33.8 KB ID: 151177 Click image for larger version Name: IMG_0033.JPG Views: 130 Size: 35.6 KB ID: 151180
Reply With Quote Multi-Quote This Message Quick reply to this message
mr7mr7
View Public Profile
Send a private message to mr7mr7
Find all posts by mr7mr7
Add mr7mr7 to Your Contacts
Sponsored Links
# 2 Report Post
Old 28th January 2009, 05:27 AM
mr7mr7 mr7mr7 is offline
Junior Member
Join Date: Oct 2008
Posts: 4
Default 2
2. Slide open the XV6800, keyboard keys up. Insert the card carefully to recharge the keyboard and the gap between the shell, as Fig. XV6800 keyboard with a total of six between the shell buckle connected to the dark, recharge cards from the top clockwise slowly began to draw with the shell to connect the keyboard to open the secret button. Dark gash can hold gently tilt the keyboard down until the case all turned out.
3. Withholding the location of the dark in the following three areas, we can refer to the following three picture拆机.
A. right
B. at the top
C. left
Reply With Quote Multi-Quote This Message Quick reply to this message
mr7mr7
View Public Profile
Send a private message to mr7mr7
Find all posts by mr7mr7
Add mr7mr7 to Your Contacts
# 3 Report Post
Old 28th January 2009, 05:32 AM
mr7mr7 mr7mr7 is offline
Junior Member
Join Date: Oct 2008
Posts: 4
Default
When the shell after unloading, that is, the communication part of the motherboard. To reform the motherboard where the two regions for the red and blue.
A. Red box with a transparent adhesive tape must be affixed to good. The main reason is for the XV6800 to the region where the metal insert handwritten, circuit board contacts are exposed, metal pens on the premises after insertion is likely to result after the short circuit, short circuit caused by mobile phones will continue after the restart, it must be affixed transparent adhesive tape to prevent short circuit.
B. Blue region compared with the local welding UIM card connector. Electric iron deck welding needs, such as rosin. Attention! Before the first electric iron welding preheating, electric iron and then unplug the power plug to make use of heat welding, to prevent electrostatic or induction electric circuits lead to components窜入burned.
5. Ready modified materials, including specially designed holder and plastic floor UIM. UIM card connector with the XV6800 ordinary SIM or UIM card connector is very different, XV6800 card deck is the wrong foot and contacts, and general deck is one-to-one and can not directly solder circuit boards used in the XV6800. In order to facilitate understanding, were more or less schematic.
6. UIM card connector in addition to welding, but welding circuit two contacts on the board, as Fig. Figure A and B in two welded together to make RST port can connect to the circuit, the same C and D will be welded together to make two other points which can be connected to the CLK port circuit. Incidentally, the UIM card connector standard definition of the contacts out.
7. This is a good welding features after UIM card connector, A, B and C, D of the contact welding is also good.
Attached Thumbnails
Click image for larger version Name: IMG_0052.JPG Views: 124 Size: 41.3 KB ID: 151181 Click image for larger version Name: IMG_0056.JPG Views: 121 Size: 40.0 KB ID: 151182 Click image for larger version Name: IMG_0061.JPG Views: 123 Size: 32.0 KB ID: 151183 Click image for larger version Name: IMG_0070.JPG Views: 122 Size: 42.1 KB ID: 151184
Reply With Quote Multi-Quote This Message Quick reply to this message
mr7mr7
View Public Profile
Send a private message to mr7mr7
Find all posts by mr7mr7
Add mr7mr7 to Your Contacts
# 4 Report Post
Old 28th January 2009, 05:34 AM
mr7mr7 mr7mr7 is offline
Junior Member
Join Date: Oct 2008
Posts: 4
Default
8. The chart is pasted on the plastic shell plate after the combined effect of Fig. Complete transformation of the basic hardware.
After the hardware modified, the next step is to do with computer settings QPST. QPST do you pull out before the UIM card and TF card.
First of all installed Microsoft Activesync 4.5, and test computer and connection is the XV6800. Install QPST 2.7 BUILD 215, 215 is the best version. Install the driver Install_MSI_Sprint. Interface into the call, press # # 3434 then dial-up or press # # 3424 # to enter the DM Router mode, the computer recognized the drive hardware manual to find the path, of course, can choose to use a separate drive Modem. Detailed methodology for the other users can refer to the Raiders.
QPST will be prompted to enter the SPC code input and enter the ESN with算号器come SPC code on the code. QPST project settings are:
1. 1x/HDR Secruity column changed to R-UIM of R-UIM Only data that is read-only UIM card.
2. M. IP column replaced by the Mobile IP of Simple IP only.
3. gpsOne options in front of the left column打钩wide right of the PDE IP address 0.0.0 .0, PDE Port for the port of 0, PDE election of DBM, Position of selected PDE.
4. MMC fill 460, MNC fill 03
Set is probably the case! Can be written into the phone, and then click restart phone.
Incidentally, the PRL, RADIO brush and so on for the latest version of the boot can show EV-DO connection (37 frequency points). Access to the CDMA UIM card, make calls to normal! Good call.
The above picture can be enlarged view. This article is for information purposes only personally mr7 represent the actual testing and suggestions. Since I am limited by the level, if you is not correct at the exhibitions.
GO AHEAD! TRY IT ... ... ... ... ... ... ...

does anyone think there is any potential here at all to possibly use the sim card slot to extend the titan/mogul memory.
just trying to think outside the box

SIM cards can store, at most, a few hundred K, and that's ROM space, not RAM. Not even remotely worth thinking about as an expansion.
If you're not planning to use your Titan on an Asian CDMA network that requires a SIM card, this information is completely useless to you.

i beg to differ...this article is from 2006
http://www.pdasnews.com/articles/2118/1/msystems-Announces-Availability-of-High-Capacity-SIM-Cards
get a decent programmer who can remap this as a vfs (virtual file system) and have direct access to the kernel
i know next to nothing in programming...and yes maybe they aren't capable of worthwhile access speeds
or maybe they are...
dont just talk negative...think of the possibilities...the website is solely devoted to not depending on the providers
"if they didn't offer it...its not possible" is a horrible way to think and even be posting on this website
i did find a new program that looks pretty baller
i have a trial copy of it
its called solfs
http://www.eldos.com/solfs/

How to get onto Boost Mobile

Okay, so I just spent an entire Saturday, Sunday evening, and Tuesday evening, about 15 hours of work total, to flash my phone, got everything working. IMO it was way too hard for how simple the task was because of a lack of clarity and information.
MY ADVICE: find two or three different guides, and use my advice below as a loose guide as well, the more info the better. the LEGAL FLASH GUIDE posted for noobs on this site is great, cause it goes step by step, but it does leave out some rather vital parts, so you have to have a good understanding of computers and have sound logical reasoning to get this done.
1) Buy an incognito and download Windows XP and a Virtual OS Software, don't waste your time installing XP and ruining your machine, run it virtually for the incognito modem driver.
2) USE DFS CDMA TOOL, CDMAWS IS USELESS, AND QXDM is only good for ESN AND MEID STUFF... type in the correct SPC which you can get from boost mobile by calling them and asking them for it.
3) SCREENSHOT ALL INFO UNDER PROGRAMMING TAB, including General, NAM, Data, Mobile IP, and then save your 4 NV files needed, 455 etc under NV tab.
4) Put Evo in diag mode on windows 7 side, and use QXDM to SCAN for your ESN LOCATIONS, don't play a guessing game, SCAN. 0 them out.
5) FOR MEID, I suggest googling your radio version and OS version to find a list of matching MEIDs, this will elimanate most for you, then once you've done this, do a scan for the remaining ones. Use HxD HEx editor to scan, THIS IS THE BEST PROGRAM, do not waste time with others. Use windows calculator to calculate locations of remaining hits.
6) once you've zero'd it out, restart the phone, it will rewrite the MEID, 0 out the locations again, then use QXDM to write the new meid, don't worry, it will figure out the ESN.
7) Now, go back to DFS TOOL, COPY ALL INFO from programming tab from old ****ty phone to new pretty evo.
8) You will likely get a "error 16" message once you switch over, just talk to the sprint lady and act confused and they'll fix your phone.
9) if you get error 67 you didn't copy the info in DFS to new phone correctly, you might have two different AAA keys and make sure you have the right amount of profiles and everything mathces mind your p's and q's.
will other phones work? Yes, DFS CDMA Tool iS AMAZING for reading encrypted information and is connected to their servers for many things, like updating PRL etc. some phones however do not use AAA shared keys, like blackberries.
will this work on verizon and virgin and alltell? yes, CDMA's all the same guys. just make sure your donor phone can be read correctly in DFS cdma tool and i don't see why you couldn't get this to work.

Is there a guide for this program???
Sent from my SPH-L900 using Tapatalk 2

I use cdma workshop .... it takes less than 30 minutes to flash the phone into boostmobile ... and you dont need qxdm nor qpst ... just one program *cdma workshop*
Sent from my SGH-T999 using XDA Premium HD app