Hi, Im curious how the xtc clip works for unlocking the htc phones so I have been playing around with it. This is my understanding of the process ...
1 - creates the specific goldcard for the phone you are unlocking.
2 - The memory card used for the goldcard has a modded CID - the CID of the HTC phone must match the CID of the Memory Card and is generated and modded by the xtc clips software (Goldcard can also be prepared using other available tools also)
3 - the xtc software then transfers the necessary files required for the peticular handset which you are unlocking.
Now the goldcard has been created the unlock procedure can continue.
4 - At this point the sim flex can be connected to the phone, and the goldcard can be inserted.
5 - At this point I wondered why a sim flex had to be connected to the phone - I guess the phone is sim spoofed for some reason which I dont know and would like to know more about) So what I decided to do was plug in the xtc-clip and connect 1 of the sim flex's to my dits card reader. I found that every time I read the sim card (under the manage Card ID section) the 'IMSI' and 'ICCID' is constantly changing - I cant tell if these are randomly generated numbers or if there are so many in a sequence which are updated whilst the phone is being unlocked. Again I would like to know how this works/why it has to be done for the unlock process to work. - So to summarise the xtc-clip is constantly changing the simcard information while the unlock procedure is running but I dont understand why and for what reason - I havn't taken the clip apart but I assume there is a programmable simcard inside the clip which is connected to the phones using the various flex's available.
6 - when the phone is put on the hboot menu the unlock software will start after so many seconds (sometimes upto 1 minute 30 seconds etc)
7 - The rest of the process is run on the phone and after choosing the correct options the phone will now be unlocked (S-Off)
My Questions - I would like to know more about the sim card operations which are happening during the process and if any of my information is incorrect. Also if anyone has any more information on how the XTC clip works and can help me understand this will be great.
This is for educational purposes as I like to know how things work and I like to try and clone things for my own ammusment and to help me get a better understanding of things - this is why I want to know hwo the xtc-clip works incase your wondering.
also I dont know if this is the correct section of the forum but looked the most appropriate
thanks
Related
hello ppl .....i no i am sounding a little over the top but is it possible in any way 2 clone ur simcard in order 2 have the same number i.e cellular fone number on another sim card as well. BUT USING THE XDA 2
IS THERE ANY SOFTWARE CREATED THAT JUST COPIES THE SIM THRU USB CRADLE AND WHEN U PLACE A NEW SIM IN IT IT JUST CLONES IT DIRECTLY ..... IF ANY ONE KNOWS OF ANY SUCH SOFTWARE PLZ REPLY TO THIS POST OR PM ME THANX A LOT
To answer your question is it possible, yes, but I wouldn't recommend it. To start I think it's illegal, and certain hardware and software is required. It would be handy though to use a smaller phone during a night on the p*ss without having to remove the battery and thus hard resetting :evil:
nice topic raunak ......
i am also searching for the same .
dont know anything about it yet if it is possible.
but as twichibi said its illegal.
i am searching for it ,
will post link if i found something interesting.
Some background:
To make clone you need:
1. Buy some kind of "microcomputer" incorprated into sim-size plastic smart card (a PIC16F877 controller with additional flash memory: "Green card" / "Silver card" or other models)
2. Program this microcontroller with firmware that emulates functionality of GSM SIM card (check http://simemu.cjb.net/ ). To reprogram PIC controller you need specific smart card programmator. And this is impossible with any mobile phone or HTC hardware.
OR 1+2: buy ready-to-use empty multisim card. There are should be a lot of them available via internet.
3. "Hack" original SIM card to extract IMSI and Ki parameters using old SIM security weakness. There are such software (e.g. search for sim_scan2). Note, that this operation is not safe: you may broke your SIM due to limitations by SIM card provider. And NOT ALL of the SIM card may be cracked in such way because some of the operators use newer SIMs. This step requires another kind of SIM card reader (Phoenix) and technically may be done with HTC hardware. BUT there are no sim_scan - like software for WinCE.
4. Enter IMSI and Ki parameters into SIM emulator. This may be done with any phone or HTC hardware via SIM menu.
That's the story. One more note: please do not ask someone (untrusted person or company) to find Ki&IMSI from your SIM. This will give them the possibility to create and use clones of your SIM card And I also saw the modified sim_scan which silently e-mail your Ki&IMSI to someone after hacking
Links:
http://www.multisimcard.ru/ (Russian only)
http://ucables.com/products/simcards/index.htm
http://simemu.cjb.net/
http://forum.web-hack.ru/index.php?showtopic=15200 (Russian only)
if i change the rom to an i-mate jasjar or any other will it be unblocked?
No
why is that ?
I'm not an expert but Sometimes I wonder why is that, If we replace ech and every file of locked mda-pro with unlocked jasjar ?? then there should be no reason for a locked mda-pro.
can anyone explain inside science of locking & unlocking ?
I think it also depends on the definition of "blocked"
If the phone iteslf has had its IMEI blocked, then no amount of reprogramming/reflashing will unblock it.
If the phone has a simlock on it, then I believe this would be to do with something within the phone hardware itself.
Hi guys
That old chestnut again, locked and blocked are 2 completely different issues and unfortunately neither of these actually involves anything that is didrectly under the control of pocket windows.
There are 2 types of locking.
1) PUK locking (SIM Locking), this occurs if you incorrectly enter the SIM pin code 3 times in a row. If this happens you need to contact the network provider to get PUK unlock code, better still if you enter the PUK code incorrectly 5 times you will destroy the sim and need t get a new one.
2) Network Locking is a flag that specifies the LAIN of the mobile network that supplied the mobile phone and if this feature is enabled by the operator it will mean that only a SIM card that has the corect LAIN will work in that phone. I forget what LAIN stands for but basically it is used in the GSM international roaming world and therefore each operator has its own, the first few digits indciate the country then the last ones the specific network.
This can be disabled in 2 ways firstly by using and encrypted code specifically issued for your handset. Or secondly by trial and error by writing different values to the registers on the EPROM on the GSM unit itself. Eventually this will result in the phone unlocking itself. In order to do this the gsm engine needs to be removed from the handest and interfaced to a serial port. A 0 or a 1 is then sent to each register 1 ata time and the phone is then tested to see if it works. Depending on the size of the chip this takes a long time. However when you no the memeory location of the register this can then be done to any phone in a matter of minutes. this is basically the way modsyt of the unlocking systems are developed.
Finally IMEI blocking. This is done where the network has evidence that a crime has taken place either fraud commited on the handest, abusive phone calls or the unit has been stolen. If the network IMEI blocks it you have 2 options, 1 sell it in a diferent country ( Nigeria) or some chip sets contain the IMEI details on a flash chip. Again the registers are read over a serial interface and this can be rewritten. The first phones to support this IMEI in flash were the siemens TC35 gsm engines also the wavecom gsm modules support this. I am not really sure of any legitimate application for changing the IMEI of a mobile handest or even why this data is not writen in ROM but there you go.
I hope that helps to clear up issues relating to locking and blocking.
Regards
Charlie
thanks for such informative essay, we all are concerned about the network locking. I have noticed a tool to remove simlock from HTC wizard using same OS as HTC Universal. but in the above post its mentioned that OS has nothing to do with unlocking ..
But unloking tool of all old HTC devices running WM 2003 never took so long as in the case of Universal ? or may be quite possible that all good brains of our forum dont use Universal ?
I'm new to all this and a bit confused. I have an O2 XDA Mini S and need it unlocked to all networks and if possible all the O2 stuff removing from it and I want turn it into a bog standard HTC Wizard.
Is any of this possible?
I have been told by HTC that they do not have and BIOS upgrades available for any of there phones and these all come from the rebranding companies such as O2 and QTEK etc.
I know this has probably been covered a million times on this forum but I must be a little stupid or either it's too technical for me as I can't find it in clear black and white Could someone please clarify all this for me and assure me it will work without too mnuch trouble and with little risk of putting the PDA into an UNRECOVERABLE state and point me towards:
a) The exe files and/or program I need to run to do it
b) A set of step by step idiot instructions for me to follow
Many thanks!!
I see a load of people a viewed this but could someone please reply with some/ any info?
To unlock your device to any network follow the instructions in,
http://forum.xda-developers.com/showthread.php?t=249474&highlight=lokiwiz
As far as changing the software read through the threads in the upgradeing section. All the information is there and some very good 'ROMs' put together by people who put a lot of time into helping others.
Good luck
Remember - read carefully, follow instructions, and if your not sure of what your doing DON'T.
Many Thanks!!!
OK I've just run the unlock tool and seems to have gone smoothly. I've put my Vodafone SIM in the phone, it finds Vodafone...but I cant call it and I cant make calls out
Any one have any thoughs please?
What's going on here if it recognises the SIM and connets to a Vodafone Cell, surely it should then be functional....or not?
HELP!!!
If its a pay as you talk chip its out of credit or credit period, phone the network to reactivate.
If its contract it sounds as if the chip needs to be activated again phone the network.
MIZZO1628 said:
I'm new to all this and a bit confused. I have an O2 XDA Mini S and need it unlocked to all networks and if possible all the O2 stuff removing from it and I want turn it into a bog standard HTC Wizard.
Is any of this possible?
I have been told by HTC that they do not have and BIOS upgrades available for any of there phones and these all come from the rebranding companies such as O2 and QTEK etc.
I know this has probably been covered a million times on this forum but I must be a little stupid or either it's too technical for me as I can't find it in clear black and white Could someone please clarify all this for me and assure me it will work without too mnuch trouble and with little risk of putting the PDA into an UNRECOVERABLE state and point me towards:
a) The exe files and/or program I need to run to do it
b) A set of step by step idiot instructions for me to follow
Many thanks!!
Click to expand...
Click to collapse
it didnt work on my xda mini s it just restarted and it still didnt get any signal
sorry wrong thing i was on about the unlock it doesnt work
I have a Hermes, Vario II variety on t-mobile in the UK, running Black v2.0. I'm, delighted with it and WM6 has been a revelation, it's fast and reliable IMHO. I am a little new to the world of PPC, so please excuse the noob-ish question.
I blatted my contacts during the transition to WM6 which is no huge deal (didn't lose that much), but I'm now making sure I sync with outlook in the future.
However I do see a way out, of sorts. I have an old SIM card (O2) which contains a lot of numbers that I need. My plan was to insert this SIM card in my Vario and then somehow copy the contacts from the SIM to my Vario's memory.
When I do this though what follows is...
- Black logo v2.0
- message saying Enter PIN (3 attempts remaining) - i assume this is my sim PIN code - which I know - I enter it.....
- briefly WM6 today screen flashes up
- then message saying "You have tried 2 times, please wait until timeout"
So my question is two fold....
Is my Hermes Locked or Unlocked?
and
If it's locked, can I unlock it (safely) and how?
I assume it's locked, but I only need access to the SIM card contacts?
Would appreciate some help.
ta
bb
-----
DELETE POST....
Ignore me, all info on the wiki - it was locked and now it's not, thanks to POF.
Is there a way to unlock the SIM for all companies on CM9? I tried the "classic" sim unlock for cm7, but it didn't work.
Thanks in advance.
Hey,
I have the same problem on an MB526 Can`t Downgrade Baseband or other Calculation has not working.
An other way to Unlock the device?
I would like to know this too. Just got a new sim card and no unlock options pop up after boot ...
how do I do it?
using cm9 on defy
----
so, I went and flashed the latest sbf back to normal froyo. I then realised the sim card wasn't inserted properly as froyo at least told me that 'no sim was present' rather than just saying there was no network. DOH!
So maybe it would have been possible in CM9 in the settings > secuity > sim unlock
Royal pain
If there is a way, to unlock a Captivate with CyanogenMod9, I would be most appreciative to hear it!
I have CyanogenMod9 , a Terminal Emulator, ROM swapper, and other brilliant stuff that I have no idea about but it came with the used phone I got from family.. who got it from someone else.
What I have tried:
1. Code Companies
2. Watching Video of 'Wei' from XDA over Youtube
3. Downloaded and ran 'SGS Unlocker' from Google's 'Play Store'
4. Read up on methods until it became info overload
The complications:
1. Code Companies- Want all the normal info that you'd submit to AT&T forms anyway but the Code Companies charge for a service anyways. They want to know the IMEI easy; the make&model- easier still; and the original service carrier - Straight Talk is AT&T, but then they had sueing issues and fighting and dropped support and junk that makes your head spin... the kind of info I can't even imagine where to start after it's been a hand-down three times. Then it takes 24hrs to get a code; a physical store that does this is even worse- they require more money and three days. Not to mention that you'd be the holder of the AT&T account to do it the simpler-/+Easier way through AT&T 'unlockdevice' .. and I don't recognize the SIM card except that it may be straight talk based off one result from a Google search using 'SIM 89014' .
2. Wie's video was informative, but when I typed the *#7465625# into the phone, it resulted in and error 'no network connection'(I can't begin to figure what that means); So no telling what locks are on the phone, the '*#746..' doesn't work for me.
3. Downloaded and ran SGS Locker from Google's- Play Store, but it results with 'no codes found' (*sarcastic* Peachy).
4. Read XDA forums.. at least five threads with multiple results each, but this is the only one I've found relevant to my issues with the CyanogenMod9.
So I'm burnt out and sick of learning about the Samsung Galaxy S1 aka Captivate aka i897 aka Vivid aka SGH-I897 aka WHATEVER! I just freaking want to use the phone on T-mobile services , unlocked or locked... I've lost care about unlocking to no carrier.
I have a Terminal Emulator though. Is there a step by step input that I can use to find the unlocking code I need?
Thanks.