Jump to content

a lead on how to unlock SPV


Guest cizake

Recommended Posts

Have no idea what to expect yet.

The XDA-developers have worked on the XDA manipulator, which obtains the SID code from the ROM.

The bootloader and ROM of the XDA and SPV are very similar. The XDA-dev guys used the "dualser" command, followed by "AT%UREG?3FE00C,4". Presumably a similar sort of thing can be done with the SPV, just the address at the end would be different...

Link to comment
Share on other sites

Could you not write an application that runs in startup that kills simlock.exe upon detection? Since we now got rid of cert, their must be something that can be done!

DJ Hope

Tried that, it just loads back up a couple of seconds later.

Link to comment
Share on other sites

As far as I'm aware, it's limited to just bringing up a screen which asks for a PIN, then reads the ROM to compare the entered PIN and the one stored in the ROM.

It launches upon:

startup if a SIM lock has been setup

[*]startup if no SIM is detected

[*]startup if a locked SIM is detected

[*]termination of a previous instance of the app if the phone is still locked to network/SIM

Link to comment
Share on other sites

florin_m once wrote:

"i made insted a flasher over the serial port with all crc calculation"

Maybe it is possible to dump the whole ROM, remove the simlock and reflash the ROM without it ... ? The danger lies in the crc check but if florin_m made a flash with crc calc. it could be the way.

Link to comment
Share on other sites

That could be a possibility, but it may just require an app with a priveliged certificate to delete SIMLock.exe.

The concern that I had in doing this was that the app firing up SIMLock.exe would realise that it was missing, and lock up the phone or something.

Remember that SIMLock.exe is designed to protect personal data as well, so there must be other protections against it...

Link to comment
Share on other sites

Firaas: i ment a iterative app which is constantly checking to see if simlock.exe is active and killing it everytime it is, might slow the phone down but if it gets rid of simlock maybe thats a good thing!

DJ Hope

Link to comment
Share on other sites

Guest GIZMOTRONICS

You can always unlock you phone as long as you have you original sim card and charger with you.

1./ Start phone with original sim

2./ Plug charger to the phone

3./ Take out battery and change sim card

4./ Put battery back and wait for 2-3 minutes and thats it.

5./ You phone will work on that network until next time you restart you phone.

6./ Thats it. Wierd way to baypass sim lock check.

-----------------------------------------------------------

Do not forget SPV has Microsoft software it can be always cracked even by schoolboys ;)

Link to comment
Share on other sites

You can always unlock you phone as long as you have you original sim card and charger with you.

1./ Start phone with original sim

2./ Plug charger to the phone

3./ Take out battery and change sim card

4./ Put battery back and wait for 2-3 minutes and thats it.

5./ You phone will work on that network until next time you restart you phone.

6./ Thats it. Wierd way to baypass sim lock check.

-----------------------------------------------------------

Do not forget SPV has Microsoft software it can be always cracked even by schoolboys :lol:

Wont work after the update ;)

Link to comment
Share on other sites

This whole thread wouldn't have been here if the trick was working like forever. The SIM swap trick isn't working with the new update (as Keystroke wrote) and therefore we need a more permanent way to get around the operator locking.

That is what this thread is all about... :wink:

Link to comment
Share on other sites

Firaas: i ment a iterative app which is constantly checking to see if simlock.exe is active and killing it everytime it is, might slow the phone down but if it gets rid of simlock maybe thats a good thing!

DJ Hope

The processor usage of such an app which worked would be VERY heavy on the SPV...

Link to comment
Share on other sites

Could be nice trying to see what the effect would be on the phone... not the best solution but worth trying until the good solution is found.

FedEx blew me off today. Worked from home all day but they didn't show up. In the track-and-trace it looks like they were here but they didnt.

Because of this I wont get my serial cable until tomorrow. ;)

Link to comment
Share on other sites

Even though steddys goal were something else than ours I see this as a good point to start:

"Once we crack the CRC and Hash function protecting changing the ROM code, then anything will be possible."

How about asking if he made any progress on this or if he gave up. If you read some of the older postings by steddy in this thread you also see that he has digged into the file system for the ROM thingy. Could be that he at some point came across the address for the unlocking code...

Firaas: You might have something to add to this.. ?

Link to comment
Share on other sites

Even though steddys goal were something else than ours I see this as a good point to start:

"Once we crack the CRC and Hash function protecting changing the ROM code, then anything will be possible."

How about asking if he made any progress on this or if he gave up. If you read some of the older postings by steddy in this thread you also see that he has digged into the file system for the ROM thingy. Could be that he at some point came across the address for the unlocking code...

Firaas: You might have something to add to this.. ?

I would've thought the address would be posted if it was found (unless the founder was florin_m...)

I'm still staying with my idea of the XDA stuff being the right path to travel along. I'll give steddy an email to see if there's been any advance.

I haven't ever carried out an SID unlock - what's the code format?

Is it possible for people who've unlocked to post the number of digits they had (should be eight...) and the first and last number?

This should make it a lot easier to find the relevant code in the ROM.

rcraswell mentioned about the code turning into 12345678 in unlocked SPV's, would this replace the code in the ROM, I wonder? If it did, it'd be extremely easy to find the SID unlock code by scanning through a bunch of addresses systematically...

aGes: Had any advance with the serial cable?

Should have mine two weeks yesterday (damn American companies).

Link to comment
Share on other sites

I think 12345678 was the code florin_m replaced the original one for. So if you find out how to crack it - you can make it whatever you want. That was just for simplicity as far as I know. And also I know that it is definitely possible though costs ££ - so I never bothered...

Link to comment
Share on other sites

Firaas: Got my cable today and can get in touch with the phone from a terminal. I'm not used to talk to units over a terminal and I actually cant get the SPV to do anything at all.

From the terminal:

#======================= Connected 16:02 31-01-2003 ==========================#




h


ERROR <h> This command is not supported.


Do command "h" ERROR


Cmd 1>>


#======= Disconnected 16:02 31-01-2003 Duration 00:00:24 Transfers 0 =========#
I can't get it to enter the debug mode as Paul did and Paul didn't leave instructions on how to do this... ;) I'm willing to try alot of stuff to get this to work but I need some guidance...
Link to comment
Share on other sites

Correction: I can do stuff with the phone!

Have a look here:

#======================= Connected 16:16 31-01-2003 ==========================#




?


#0  ?


#1  Load


#2  mb


#3  mh


#4  mw


#5  testarm7


#6  erase


#7  unlock


#8  config


#9  romcheck


#10  atcmd


#11  krf


#12  kpower


#13  kstd


#14  kpcm


#15  normal


#16  qfs


#17  rbmc


#18  wdata


#19  checksum


#20  set


#21  shmsg


#22  setmslen


Cmd 1>> unlock


USE: addr len


Do command "unlock" ERROR


Cmd 2>>

I have to leave home soon but will continue doing stuff when I get home.

Suggestions are welcome!

Link to comment
Share on other sites

Using the atcmd from above gives me access to the AT. I tried firering different AT% at it and it goes OK or ERROR but it responds for sure.

I tried some ATs from the XDA Developers but no luck in those..

Link to comment
Share on other sites

  • 5 months later...
Guest hjjorg

Hey ppl any update on this stuff you were doing here ?

I think you guys were getting to the right direction.

Also how do i contact this FLORIN_M dude ?

Anyway if the remaing of the posts for this have been moved elsewhere please let me know.

Thanks

HJJORG

Link to comment
Share on other sites

Guest Monolithix [MVP]

Er...Sim lock was cracked a while back mate :)

See the thread in articles forum. If you want to contact Florin send him a pm...

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.