Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2004, 09:43
truth
 
Posts: n/a
Arrow GSM cell phone unlocking

I'm talking about service provider lock, your cell phone company locks your
handset so that if you insert another carrier's SIM card the phone will not
operate. You must ask them to tell you how to unlock it ("the unlock code"),
who may or may not be willing to do so. I know there are other types of
locks, but this is definitely the most common one.

I searched the web and there are a bunch of third parties offering "unlocking
service" for $25 or so. Nokia phones are rather easy to unlock, you can DIY
freely for many of its models. But unlocking Motorola phones are much harder,
it seems you have to use a pay service (who has a "clip" to crack the phone's
internal software) if your service provider doesn't give you the unlock code.

I'm interested in the technical details of the locking/unlocking, how does it
work? To my knowledge the mechanism varies for different phones, some
simply calculate the unlock code based on IMEI + MNC + MCC, some generate
the code randomly and only the original carrier knows it. In latter case the
only way is to use the "clip" and data cable to change the handset's firmware
to bypass the locking function.

There is very little tech info I could find on this topic. I wonder if someone
who has experience on hacking those locks can shed some light on it.
Especially I'd like to know if there is DIY method to unlock Motorola
V300/V400/V600 because I'm thinking about buying one.

Last edited by truth; 08-26-2004 at 09:49.
Reply With Quote
  #2  
Old 08-26-2004, 18:43
armmad8
 
Posts: n/a
yes. nokia unlocking codes are free, since the algo was released. in regards to motorola... no calc has been released for free.. ;-(

but u can d/l some old motorola unlockers via cable and study the software and find if there is a valid algo in it... and could try to convert it to the new motorola mobile to work...

btw. most motorola are unlock via cable...

btw, what do u mean by DIY?

br
Reply With Quote
  #3  
Old 08-26-2004, 20:16
McS2oo4
 
Posts: n/a
At begining all was in eeprom, so one could read eeprom with eeprom programmer, change one byte (ulualy was 01 locked, 00 sim unlocked). Then they started to add some realy easy algos so it was like just one XOR or switch nibles, example: locked state: 452398 , unlocked state:543289 (nibles swithced on every byte!). Then they have started to use more and more complicated algos linked to IMEI, Provider code ect. Other method was to directly patch rom image and flash back to phone. Actulay wioth this you just NOP the jmp in flash so skip sim security checks, nothjing more. But then again in nokias you hade to fix the cheskum of flash and update the OTP area. How time past thisng get complicated, and not New Motorola phones V series you can only unlock by codes sending IMEI number to unlock server. So if you tries to do some research this days it will be realy hard to track on now days protections inside new gsm models. Good luck anyway )
Ps. I used to write some of gsm crack sw in past
Reply With Quote
  #4  
Old 08-26-2004, 22:05
mjalan
 
Posts: n/a
First get the software from here..

Code:
http://homepage.ntlworld.com/danluik/cyber_5.4.zip
then
Install and run ..

Then open your mobilephone. Just remove the battery.
Remove your simcard and look for a 15 digits number. (Your IMEI)

Type in your IMEI and put the battery into your phone again. (Do not insert SIM card)

Now choose your country and select your network.

Then press Help/Info and then press Nokia DCT List

Search your type of nokia phone and remember your DCT Number (and if U've got a DCT 4 remember your ASIC number too !)

Close this window.

Then choose your DCT number and press calculate !

Now turn on your mobile phone and type in your unlock code.

(p= press * 3 times; w= press * 4 times; += press * 2 times !)

Now your handy should be unlocked (there will be a short message)

Now you can put any simcard into your nokia phone !

WARNING : DO NOT TRY TO GIVE IN A WRONG CODE 5 TIMES. YOU'LL NEED A CABLE TO UNLOCK YOUR PHONE AGAIN !
Reply With Quote
  #5  
Old 08-27-2004, 02:12
killy
 
Posts: n/a
I would recommend this forum all gsm unlocking and more

hxxp://www.nokiafree.org/forums/
Reply With Quote
  #6  
Old 08-28-2004, 08:06
truth
 
Posts: n/a
To armmad8:
DIY = Do It Yourself
To McS2oo4:
You mean "... and now New Motorola phones ..."?
Quote:
Originally Posted by McS2oo4
... and not New Motorola phones V series you can only unlock by codes sending IMEI number to unlock server ...
There are softwares you can download from www.motounlocknow.com, what
it does is to read some info via USB cable from the phone, send it to its
server, and paid users get the unlock code back from the server. No special
hardware or "clip" needed, so sounds like it's generating the unlock code
rather than patching the firmware.

It comes with drivers that the phone will show up in the Device Manager as
"Motorola USB Device" and "Motorola Flash Interface". My question is, is it
possible to read/write the phone's flash image through the driver just like
read/write normal software? (I know very little about embedded programming).
It looks reading is no problem, writing may be not. But still, if we can read
and dump the firmware, it should be possible to crack the unlocking algorithm
the same way as finding a license number. After all, this seems to be what
those "unlock servers" do. Then why hasn't someone done it and put it for
free on the web? Considering the HUGE number of free PC software cracks,
this is odd.

Last edited by truth; 08-28-2004 at 10:22.
Reply With Quote
  #7  
Old 08-30-2004, 17:14
armmad8
 
Posts: n/a
hi truth

a friend of mine did send me a motorola sw that unlock via cable last year i think it's for t191 v6.07... i did try to make a test...
i did try to monitor the port and saw that it's sending the same hex on 5 units of motorola... to unlock it..

regards
Reply With Quote
  #8  
Old 08-30-2004, 22:02
McS2oo4
 
Posts: n/a
It is reading IMEI, PSN, TSP code with this info and algo you generate generates NCK unclock code. Algo is tooo complicated. I have old Sagems (this is actualy from original) algo and it is way way complex to solve by one man...

To "armmad8":
t191 is Motorola but ACER, probubly Motola ownes licence (like Siemens and Bosch, s series like s30 s40 are Bosch!) Unlock sequence is not 5 bytes, 5 bytes is signaling srting then comes responce from phone - eeprom read state OK ack arives sw sends eeprom unlocked state bin, then ack from phone, program then send reset command, phone restarts... unlocked. This is only for t191 and t190 (ACER inside!) Motorola not other model. Similar unlock swquence is for all C3x0 (also ACER inside).

To "truth":
I can send you Sagem algo if you are interested to see how it is done.
Best Regards
Reply With Quote
  #9  
Old 08-31-2004, 02:29
surej
 
Posts: n/a
I dont think there is any free easy solution to unlock the Motorolla VXX series...I use the smartclip for that and it works fine ..you can check smart-clip.com for more info...

WBR

Surej
Reply With Quote
  #10  
Old 08-31-2004, 14:10
willy_wonka
 
Posts: n/a
the smart-clip saved my phone, it got that the no boot sector error.
i was able to repair it with ease... aldo i got the error inserting a bad sim card from my brit'n.

but the only way to learn is to break some eggs.

anybody know the standard frequency for us sim cards?
Reply With Quote
  #11  
Old 09-03-2004, 17:08
florin_m florin_m is offline
Friend
 
Join Date: Sep 2004
Posts: 8
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
florin_m Reputation: 0
Regarding motorola (new models)
The Lock status is in seems 1c3 (451 decimal) and if is all 0-rd (00 8 times in the field) the simlock is removed. Now this field is write protected if the phone is simlock and can't be writen, but if you write your own bootloader to remove the write protection, you can unlock it.

In motorola is not a algo regarding simlock code and IMEI as you can set up your own simlock code (seems 15d and 15c). Don't forget to swap the nibles so if you wana setup 12345678 you need to write 21436587 in field 15d. In the new one the filed 15d will be encrypted so when u read again u'll noticed that is changed. If phone is locked active, then the 15d and 15c can't be read /write

[EDITJMI: When you have an additional thought, use the EDIT button, don't add another post.]
Reply With Quote
  #12  
Old 06-24-2013, 17:50
Altair
 
Posts: n/a
unlock nokia 2330-c2

Regards i have this nokia and i can not find unlock codes, i am from Serbia and it is not suported by those calculators. Any help is wery welcome...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 14:58.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )