#1
|
|||
|
|||
GSM cell phone unlocking
I'm talking about service provider lock, your cell phone company locks your
handset so that if you insert another carrier's SIM card the phone will not operate. You must ask them to tell you how to unlock it ("the unlock code"), who may or may not be willing to do so. I know there are other types of locks, but this is definitely the most common one. I searched the web and there are a bunch of third parties offering "unlocking service" for $25 or so. Nokia phones are rather easy to unlock, you can DIY freely for many of its models. But unlocking Motorola phones are much harder, it seems you have to use a pay service (who has a "clip" to crack the phone's internal software) if your service provider doesn't give you the unlock code. I'm interested in the technical details of the locking/unlocking, how does it work? To my knowledge the mechanism varies for different phones, some simply calculate the unlock code based on IMEI + MNC + MCC, some generate the code randomly and only the original carrier knows it. In latter case the only way is to use the "clip" and data cable to change the handset's firmware to bypass the locking function. There is very little tech info I could find on this topic. I wonder if someone who has experience on hacking those locks can shed some light on it. Especially I'd like to know if there is DIY method to unlock Motorola V300/V400/V600 because I'm thinking about buying one. Last edited by truth; 08-26-2004 at 09:49. |
#2
|
|||
|
|||
yes. nokia unlocking codes are free, since the algo was released. in regards to motorola... no calc has been released for free.. ;-(
but u can d/l some old motorola unlockers via cable and study the software and find if there is a valid algo in it... and could try to convert it to the new motorola mobile to work... btw. most motorola are unlock via cable... btw, what do u mean by DIY? br |
#3
|
|||
|
|||
At begining all was in eeprom, so one could read eeprom with eeprom programmer, change one byte (ulualy was 01 locked, 00 sim unlocked). Then they started to add some realy easy algos so it was like just one XOR or switch nibles, example: locked state: 452398 , unlocked state:543289 (nibles swithced on every byte!). Then they have started to use more and more complicated algos linked to IMEI, Provider code ect. Other method was to directly patch rom image and flash back to phone. Actulay wioth this you just NOP the jmp in flash so skip sim security checks, nothjing more. But then again in nokias you hade to fix the cheskum of flash and update the OTP area. How time past thisng get complicated, and not New Motorola phones V series you can only unlock by codes sending IMEI number to unlock server. So if you tries to do some research this days it will be realy hard to track on now days protections inside new gsm models. Good luck anyway )
Ps. I used to write some of gsm crack sw in past |
#4
|
|||
|
|||
First get the software from here..
Code:
http://homepage.ntlworld.com/danluik/cyber_5.4.zip Install and run .. Then open your mobilephone. Just remove the battery. Remove your simcard and look for a 15 digits number. (Your IMEI) Type in your IMEI and put the battery into your phone again. (Do not insert SIM card) Now choose your country and select your network. Then press Help/Info and then press Nokia DCT List Search your type of nokia phone and remember your DCT Number (and if U've got a DCT 4 remember your ASIC number too !) Close this window. Then choose your DCT number and press calculate ! Now turn on your mobile phone and type in your unlock code. (p= press * 3 times; w= press * 4 times; += press * 2 times !) Now your handy should be unlocked (there will be a short message) Now you can put any simcard into your nokia phone ! WARNING : DO NOT TRY TO GIVE IN A WRONG CODE 5 TIMES. YOU'LL NEED A CABLE TO UNLOCK YOUR PHONE AGAIN ! |
#5
|
|||
|
|||
I would recommend this forum all gsm unlocking and more
hxxp://www.nokiafree.org/forums/ |
#6
|
|||
|
|||
To armmad8:
DIY = Do It YourselfTo McS2oo4: You mean "... and now New Motorola phones ..."? Quote:
it does is to read some info via USB cable from the phone, send it to its server, and paid users get the unlock code back from the server. No special hardware or "clip" needed, so sounds like it's generating the unlock code rather than patching the firmware. It comes with drivers that the phone will show up in the Device Manager as "Motorola USB Device" and "Motorola Flash Interface". My question is, is it possible to read/write the phone's flash image through the driver just like read/write normal software? (I know very little about embedded programming). It looks reading is no problem, writing may be not. But still, if we can read and dump the firmware, it should be possible to crack the unlocking algorithm the same way as finding a license number. After all, this seems to be what those "unlock servers" do. Then why hasn't someone done it and put it for free on the web? Considering the HUGE number of free PC software cracks, this is odd. Last edited by truth; 08-28-2004 at 10:22. |
#7
|
|||
|
|||
hi truth
a friend of mine did send me a motorola sw that unlock via cable last year i think it's for t191 v6.07... i did try to make a test... i did try to monitor the port and saw that it's sending the same hex on 5 units of motorola... to unlock it.. regards |
#8
|
|||
|
|||
It is reading IMEI, PSN, TSP code with this info and algo you generate generates NCK unclock code. Algo is tooo complicated. I have old Sagems (this is actualy from original) algo and it is way way complex to solve by one man...
To "armmad8": t191 is Motorola but ACER, probubly Motola ownes licence (like Siemens and Bosch, s series like s30 s40 are Bosch!) Unlock sequence is not 5 bytes, 5 bytes is signaling srting then comes responce from phone - eeprom read state OK ack arives sw sends eeprom unlocked state bin, then ack from phone, program then send reset command, phone restarts... unlocked. This is only for t191 and t190 (ACER inside!) Motorola not other model. Similar unlock swquence is for all C3x0 (also ACER inside). To "truth": I can send you Sagem algo if you are interested to see how it is done. Best Regards |
#9
|
|||
|
|||
I dont think there is any free easy solution to unlock the Motorolla VXX series...I use the smartclip for that and it works fine ..you can check smart-clip.com for more info...
WBR Surej |
#10
|
|||
|
|||
the smart-clip saved my phone, it got that the no boot sector error.
i was able to repair it with ease... aldo i got the error inserting a bad sim card from my brit'n. but the only way to learn is to break some eggs. anybody know the standard frequency for us sim cards? |
#11
|
|||
|
|||
Regarding motorola (new models)
The Lock status is in seems 1c3 (451 decimal) and if is all 0-rd (00 8 times in the field) the simlock is removed. Now this field is write protected if the phone is simlock and can't be writen, but if you write your own bootloader to remove the write protection, you can unlock it. In motorola is not a algo regarding simlock code and IMEI as you can set up your own simlock code (seems 15d and 15c). Don't forget to swap the nibles so if you wana setup 12345678 you need to write 21436587 in field 15d. In the new one the filed 15d will be encrypted so when u read again u'll noticed that is changed. If phone is locked active, then the 15d and 15c can't be read /write [EDITJMI: When you have an additional thought, use the EDIT button, don't add another post.] |
#12
|
|||
|
|||
unlock nokia 2330-c2
Regards i have this nokia and i can not find unlock codes, i am from Serbia and it is not suported by those calculators. Any help is wery welcome...
|
Thread Tools | |
Display Modes | |
|
|