Hi All
Sitting here with my 64mB XDA trying to unlock it.
Manipulator seems not to work. If I use it I get error in all fields.
Going into bootloader and using Hyperterminal I can get communication OK .... see the following...
******************************************************
InitDebugSerial using SERIAL PORT 2
******************************************************
HTC Bootloader for [Wallaby] Version:5.15
Copyright (c) 1998-2001 High Tech Computer Corporation
Built at: Jun 6 2002 20:29:17
CPU speed = 206 MHz
DRAM speed = 103 MHz
Hardware platform = 2; (0VT, 1re-PV, 2V, 3anasonic LCD, 4:Reserved)
Get resp timeout err, status is 42
Receive Response error, cmd = 41, arg = FFC000
comd1 No Response
Block size = 512 BYTES
Total blocks in Card: 488320 = 244160k bytes
No legal identify flag in SD Card
Wait for turn on GSM...
GSM Turn on time = 1868 ms
FW 0:12:19>dualser
Wait for turn on GSM...
GSM already on -> RESET !!
GSM turn on successed!!
GSM RESET...
AT-Command Interpreter ready
Screen on XDA is sitting there with GSM turn ON success.
SO dualser is sending the XDA into AT mode OK. However if I type in the AT%UREG?3FE00C,4 command the XDA simply returns ERROR.
What am I doing wrong???
HELP!!!
Not sure what the problem is. Try running The Manipulator and see if it unlocks it.
Hi
I have tried the Manipulator several times.
The phone goes from Walalby to GSM sucess OK.
The phone 'clicks' a couple of times.
The Manipulator screen shows:
Status : Reading data from phone
SID ERROR
GID ERROR
No IMEI
timer <non-zero>
and thats it - nothing more can be done.
I have tried the software on three different computers and the same result.
Running ROM 3.14.13 ENG
Radio 4.20
Protocol version 32S54
Phone is only a few weeks old and is 64Mb version.
Everything else works fine on it. IMEI number shows on device information. Radio turns on and asks for SIM unlock code OK.
Running Tom Tom Nav2, Fonix etc on it and all 100%.
If I use Hyperterminal then you get the results as above. If you type ? rather than dualser then the list of commands comes back as it should do.
Really Wierd.
Any thoughts as to what I can try next???
Rog
Just an afterthought...
Could it be to do with Radio 4.20???
Has anyone unlocked an XDA yet with this version of Radio??? Could they have altered the access to the SID in some way with this release??
Rog
Soory to be a pain here but has anyone ANY ideas as to what to do from here???
(If I use an O2 card then the phone is fine so its not a hardware fault).
Have none of you XDA-Developer guys a clue or advice on this??
Rog
4.20
http://xda-developers.com/phpBB/viewtopic.php?t=896
Re: 4.20
apart from the machine are there any programs specific to the xda?
_____________________________________________________________
Unlock your phone
Entertainers
watch footie for free
Cheap mp3s
Get back on ebay
Money reading emails
Male entertainers
Improve your golf score in 2 weeks
dagaul, your advertising links are not welcome as far as I am concerned. The admins of this board keep it ad free and you come along with a whole bunch of then in your signature. It doesnt affect me directly but this board isnt here to carry your money making advertisements, why dont you set up a website yourself for that purpose?
Rant over. :evil: :evil: :evil: :shock: :shock: :roll: :roll:
Related
This message contains all postings in this thread
dated before January 19th 2003
Subject: another XDA SIMLOCK trick
From: Rick
Date: 10 Jan, 2003 10:14:25
Hello people,
I found a variation of the SIMLOCK bypass trick for XDA
mentioned in another thread on this forum.
There is no need to call a un-answering number and wait.
I think it still works only for 3.02 (ENG/GER/whatever).
HOWTO:
1) find a non-existent number you can call. any number that
returns you "the number you dialed is incorrect". For Italy, a
good one is a 4 digit number beginning with 9.
2) have the phone screen active and the non existent number
ready.
3) turn GSM on. When the X disappears, wait 1-2 seconds and then
call the non-existen number.
4) after a while, you will see provider registration, and then a
message saying the number can't be dialed.
5) tap OK, you're hooked to your network!
With this trick, you will neither see the "enter unlock code" or
"application error" message. It works all the time!
BTW, I got my official unlock code from O2... but it does not
work, it just says "invalid password"!!! I am waiting for them
to fix it, in the meantime, I can use my phone...
Let's share the good tricks!!!
Ciao,
Rick
Italy
Subject: Rubbish
From: MADmanFREE
Date: 14 Jan, 2003 18:26:22
This did not work for me at all..
The closest I got was something about changing the number in
Ireland, from the operator... I'm using 3.01 in the uk
If you can clarify that this trick does indeed work in the UK I
would be greatfull...
Subject: Faaantastic
From: Peter
Date: 14 Jan, 2003 23:45:49
30 seconds..........UNLOCKED...........why has it taken me 8
months to do this????
Excelent!!! Thanks for the info.
Pete.
Subject: Worked at last
From: MADmanFREE
Date: 15 Jan, 2003 19:42:28
http://b
oard.dserver.org/e/eitcenter/00000868.html
I found another article describing exactly the same thing.
It worked for me by Just ringing the houseand allowing it to go
on for a few moments. The Sim code request never appeared. And
now I've been using the Vodafone chip in my o2 XDA for 24hrs.
Good luck everybody
Subject: how about for SPV?
From: xDAguy
Date: 16 Jan, 2003 03:45:45
Crazy to buy an SPV phone, but since I live in Asia -would the
trick do the same for the SPV?
/Harry :wink:
Subject: addendum
From: Rick
Date: 17 Jan, 2003 09:51:28
I must add that, when using this trick, you can lose your
provider's signal, go back under coverage, and the phone
recovers just fine, without asking for code
But... who needs this trick, now that the XDA dev team created
the manipulator?
Ciao
Rick
u can also ring somone , and when they answer hang up, but the phone has to atleast ring 4 times. this way also, u dont get that crash msg, which makes the phone more stable.
???
This doesn't work for me. You dont get a chance to dial the number - the enter pin dialog shows up and disconnects GSM before it gets a chance to dial.
Re: ???
Fud said:
This doesn't work for me. You dont get a chance to dial the number - the enter pin dialog shows up and disconnects GSM before it gets a chance to dial.
Click to expand...
Click to collapse
Please use MANIPULATOR !
Great program!
and work very well
Im trying now - soldering a serial cable onto the cradle board is not easy!!!!! :shock:
Soldering Job!
Hmmm connected up as per "wiring diagram" and Manipulator did squat. ActiveSync tried to establish a connection but failed.
I tested pin9 on the XDA and it appears to be a ground! Are you sure that wiring diagram is right or if all XDA's are the same - coz I double checked my end and it's definately a ground???
Re: Soldering Job!
Fud said:
I tested pin9 on the XDA and it appears to be a ground! Are you sure that wiring diagram is right or if all XDA's are the same - coz I double checked my end and it's definately a ground???
Click to expand...
Click to collapse
It could well be at ground level, but it's definitely not a ground. It's RTS. You will probably only need to connect RX, TX and GND if all you want to do is unlock it.
You did tell ActiveSync not to touch the serial port while you were running the Manipulator, right ?
Humble Pie is actually quite nice with cream.
Yeah your right - the 9 pin is not ground and I'm clearly not on ground lvl!
Dunno how but i checked and double checked and my meter was tellin me it was ground. Sorry - I am a worm!!
Anywho, I have turned off ActiveSync - I was just trying to test the connection. I have resoldered the thing and made sure its right but I still cant get it to work. Radio version is 4.06 and bootloader 5.15.
Still no joy
OK I've been on this too long now. I have wired up TX RX and GND as you suggested but still nothing. How long does it take to connect? It just sits on scanning ports.
Somebody on another forum aso had probs with bootloader 5.15? Are there known problems? How do I use a terminal prog to access it? Ive tried Win Hyperterminal to connect but I cant type the commands in (suggesting its not actually connected)
All I need is to unlock to use my Vodafone sim, I might as well go get a O2 sim rather than mess around with the serial cable.
It took a small group effort, but we cracked it.
Problem 1: Bug in limitation to %UREG command
First of all, on 4.20 they check to see whether the %UREG request lies within certain bounds as follows:
AT%UREG?addr,len:
if (addr < 0x3ef000 || addr > 0x3ef007) return(0);
if ((addr+len) < 0x3ef000 || (addr+len) > 0x3ef007) return(0);
Now because addr en len are both 32 bits, we can make use of the wrap (negative in effect). After the test above the maximum length will be limited to 100 (0x64).
So for instance:
AT%UREG?3FE004,FFFFFFFF
will read 100 bytes from 0x3FE004, clearly outside the range UREG was meant to be restricted to.
Problem 2: Obfuscation too easy
When executing the command above: after 74 bytes of FF, the obfuscated result code is displayed. The information needed to get the unlock code is contained twice, in the format ABCDABCDEFGHEFGH if a different letter is assigned to each unique nibble. Nibbles are first swapped to make EHAFGBCD. Then bits 3 of nibbles H, F and B are rotated left, so that nibble H gets bit 3 from F and so forth. After this, the whole 4 byte value is rotated into the lower bit. The result is the 8 digit unlock code in BCD, which can be supplied to the unlock command:
Code:
AT%SIDLCK=0,<8-digit unlock code>
Commentary:
Nice try: took us 2 person-days, probably still less than it took to think up, define, approve and program. :twisted:
The new version of The Manipulator, online now, supports unlocking of Radio Stack 4.20.
Yippee... the manipulator works for 4.20 !!!!!
Hi,
I must be a very lucky guy.
Just received my xda today (64mb ram, 4.20.00 radio version, 3.16.32 ENG rom, dated 2/13/03) and was fiddling with it about half and hour ago with the former xda manipulator program (ver 1.02) which recorded error messages and couldn't work. Then I looked into the net and found this posting just made( at 10.30 pm) and was the number 6 person to view the posting; downloaded the new manipulator and hey presto - the xda is unlocked !!!!
Only one thing though- don't see the gid lock, the imei number and the call timer entries in this new program(ver 1.1) which were present in the ver 1.02 program. Not a problem for me though as long as I could use the phone on my vodaphone sim.
Anyway, thank you so much for the hard work in cracking the 4.20; really appreciate it. Well done and keep up the magnificent work.
Cheers
Yup - it works a treat - unlocked in 10 seconds.
WELL DONE guys - thanks so much for all your input here. I now have an XDA that is truly useful and versatile.
BRILLIANT!!
Rog
Just tried 1.1 on 6 phones, all with 4.20. Five of them unlocked no problem, but one of them, for some strange reason, didnt work, it read the sid code, but the one that it came back with was only 6 digits long, and when pressinng "UNLOCK" nothing more happened. All the other codes were about 8 digits long. I tried entering the code manually, butjust came back saying it wss incorrect!!!
Anyone come across this??
Many thanks in advance
Hmmm. It could be that the code (or the second half of it) starts with two zeroes, and now that you mention it: the manipulator doesn't display (or unock with) leading zeroes.
Could you try that six digit code with two leading zeroes, and (if that doesn't work) inser the zeroes in the six digit number as follows XXXX00XX or as follows 0XXX0XXX. Tell me if that's it, please...
(Expect 1.11 of The Manipulator in the next day or two...
IMEI Change
Great work guys i'll be unlocking my xda as soon as i get the serial cable. It is a combines serial and USB cable so if anyone has experience with this not working (Ordered from Expansys thenlet me know) otherwise i'll post here to let you know if it worked or not.
I would like to know if there are any plans to make a version of the communicator that ill change the imei.
If not will commands from hyperterminal work? (Sorry if this is not currently possible I havn't been motivated to look it all up but will be if it possible to change the IMEI through this.)
I know that ther version of Hyperterminal that come with in 2k and XP is more limited that the one in 95 and 98 so would another terminal emulation program do the job better (Reflections 420 for example).
Thanks again for the great work.
How do you find all this stuff out?? How do I learn.?
Minesh
@Peter Poelman ur a blinking genius mate, it was the last method (0XXX0XXX)
So now ive done 11 phones(R4.20), and all 11 unlocked, pretty good success rate i reckon
Keep up the great work guys
Re: IMEI Change
MineshT said:
I would like to know if there are any plans to make a version of the communicator that ill change the imei.
Click to expand...
Click to collapse
Manipulator (I assume that's what you mean) does change the IMEI, but not on 4.20 phones, because we can't easily reach the memory range. In fact we have ways to do it, but we didn't yet feel like doing the necessary programming work before they lock us out completely.
If not will commands from hyperterminal work?
Click to expand...
Click to collapse
There's no easy (or medium-hard) way to change the IMEI on 4.20 phones.
How do you find all this stuff out?? How do I learn.?
Click to expand...
Click to collapse
In this specific case, we looked at the ARM machine-code in the 4.20 binary contained in S-record form in the RSU upgrade package, using IDA (a disassembler program). We then figured out the %UREG restriction was lacking. Looking at the obfuscated code we figured we could break it without looking at further code (and the phone binary code guru was unavailable for the day), so we cracked it by just staring at enough possibilities. (We could set and reset the lock using different codes with AT%SIDLCK).
Not sure hacking phones is a specific skill one can learn. Even though we're mostly still pretty young, most of us are very experienced software developers, senior security experts. Electronics, programming and reverse-engineering experience of 20-25 years in some cases. But there's pretty good texts out there that describe disassembling other people's code, understanding embedded hardware and other areas of expertise you'd need.
Reverse-engineering needs a lot of the same skills that 'forward-engineering' does. If you have the skills needed to build something, you can begin to take it apart.
Current issues with The Manipulator
The Manipulator currently does not unlock phones which were locked and then user-upgraded to 4.20. So unlock first and then upgrade. Also, please read hotentot's post and my reply above for a problem that appears when the code has zeroes in certain positions.
Both issues will be addressed in the next version, due in a few days, when I know there's no other things that need fixin'.
Hi,
I run the ACT! v.6 CRM data base on my PC and the Link for Pocket PC on my XDAII and it runs great. Only problem is that on my XDA it inserts my country code (+61 for Australia) which makes all my contact phone numbers invalid.
+61 3396 9000 is invalid
+61 07 3396 9000 is invalid - have to drop the 0 from 07
+61 7 3396 9000 is valid.
Does anyone know how to disable the +61 / international prefix? Or even drop the 0 from the area code?
Much appreciated, I have spent hours searching and trying to resolve this frustrating issue!!
When you add a phone number to act you have to select the style that you want want the numbers displayed.
Select the freestyle and you should be ok. You should only have to select the freestyle once and then you are ok from then on.
Did you solve your issue?
I am having the same issue with Act and the XDA II. Did you resolve yours and if so how?
TIA
Anthony
Hello,
I am writting a program, which is used to get Cell ID from xdaI.but now I have a problem.
My codes can be correctly run with xdaIII, but wrong with xdaI.
I have read lots of articles online about getting Cell ID, no result.
I think the problem is the function RIL_DevSpecific() from RIL.
http://www.xs4all.nl/~itsme/projects/xda/ril.html
By xdaIII the parameter req = 26, but if i use the value for xdaI, then i got an error for
UNKNOWNERROR:0x80004001
So I changed the parameter's value from 0 to 40, I could get response for values
1 10 11 13 15 19 32 34 35 36
but none of them can response the Cell ID from xdaI.
So I ask for help,
Is it possible to get Cell ID from xdaI by using RIL.lib?
Thanks
CellID on XDAI
Hi,
For previous XDAI focused cell id discussions try searching for "CREG"
In particular
(http://forum.xda-developers.com/viewtopic.php?t=11701)
Bryn
thanks, Brynl.
I understood later, that i should use AT-command to get Cell ID on XDA I. And now my program works.
Guys, I got a HUGE problem.
I got my new Qtek S100, magician the other day with:
WM2003SE
ROM Version: 1,11,00 WWE
Radio Version: 1,11,00
Protocol version: 1337,42
ExtROM Version: 1,11,133 WWE
Model NO: PM10A
The phone works great as a PDA....but I cant get any service at all!
1. I did try Itsme's unlock tool (not pinlocked SIM in it, that is, I unlocked the sim card, then tried it) it said that it unlocked the phone OK.
2. Tried to reinstall the ROM, no difference.
3. I went to Settings---Phone--Network
Tried to "Find Network" = Nothing
Tried "Set Networks" = Gives me this message;
"Unable to read setting from the network. Try viewing settings later, or disconnect data connection and try again".
No USB or BT connection is established with a PC at the moment.
Please advise, and help!!
Thanks a bunch,
Monty
Sure you're not in flight mode?
V
Yeah Im not.
btw, vija as in vija who developed smart401?
Any other ideas by the way?
What country are you in? Sure you're using the right radio type/band/ROM?
V
Yeah, I downloaded the swedish Qtek ROM (yeah Im in Sweden alright)
However, I tested with a diff. simcard from a diff. provider, that one gets signal but I cant make any calls, they just end abruptly.
Again, I used the unlock tool from itsme, and my device is listed so I really dont know whats wrong...
your mini might be Blocked (not locked) by your provider.
the network won't allow your imei on the network and when you use the other sim (it should be using only high bands 1800/1900) so it can't set to lock the whole network system bec sms and radio transmit at different freq) so you can get signal, send and receive sms but can't make calls.
just try this to confirm, plug in the sim that can make sms and search networks, if you can see all the networks available then I think it is blocked.
this is only what I know after some research but I may be wrong, hope this give you some help
Hi,
Yeah, when I put in the other SIM card, and I search for networks, it finds all of them.
Thing is, its brand new, but I bought it from a private person from the Internet (from a similar site to Ebay) guess this one didn't come with a reciept eh
Guess it wont do to just change the IMEI # then? I read somewhere that you could change it. Oh well, guess I'll return it to the seller then and get a new one.....
montana said:
Hi,
Yeah, when I put in the other SIM card, and I search for networks, it finds all of them.
Thing is, its brand new, but I bought it from a private person from the Internet (from a similar site to Ebay) guess this one didn't come with a reciept eh
Guess it wont do to just change the IMEI # then? I read somewhere that you could change it. Oh well, guess I'll return it to the seller then and get a new one.....
Click to expand...
Click to collapse
so it works like I describe? then it is BLOCKED by the order of NTC
XDA can change IMEI as it is hard burned on the ROM, good luck
[quote="DON2003
XDA can change IMEI as it is hard burned on the ROM, good luck[/quote]
can change IMEI? really?how to change?i also have a prob, when i softreset my mini,must wait almost 10 or 15 mins,then can find network?i already flash a few diffrent rom but still same.
bbcba said:
[quote="DON2003
XDA can change IMEI as it is hard burned on the ROM, good luck
Click to expand...
Click to collapse
can change IMEI? really?how to change?i also have a prob, when i softreset my mini,must wait almost 10 or 15 mins,then can find network?i already flash a few diffrent rom but still same. [/quote]
very sorry, mistype in my previous post,
it should said CAN'T change IMEI