Not really looking for specifics, but I am just generally curious how this is performed?
I have a Samsung A01 that's locked to StraightTalk/TracFone, that i'd like to get on to Verzion. They don't allow the device to be unlocked until after 12 months.
Regardless of my specific device, some websites mention they just send a code (my device doesn't prompt for a pin unlock), where others require access to your PC and do something to the tethered device.
How do these other services get the unlock codes, or perform unlocks on other similar situations? Do these sites have access to someone working at the carriers to supply the codes? Some sort of keygen? These seem to be the most legit, and last through wipes. Some sites say they do stuff to devices remotely, and the unlock doesn't last through a format - are these rooting or installing some sort of custom rom, or just adb'ing and editing some file?
Three categories:
1. Unlock codes supplied by carrier staff
2. Unlock codes generated algorithmically from IMEI/SN, reverse-engineered into keygen
3. Software vulnerabilities / hacks
The software is not bug-free: some devices have bootloader or kernel level vulnerabilities or logic check errors which could be used for unlocking. Sometimes the vulnerabilities could be used to make proper permanent unlock, another time they work only on exact software version and deactivate upon updating.
I remember the case when the vulnerability was used to unlock the phone on a single exact firmware version, that phones were sold on ebay/aliexpress pre-unlocked with that FW, with disabled updates, without notifying the potential buyer that the device is not fully functional.
Nowadays rare, but a decade ago it was fairly common for the manufacturers to implement unlock code generation based on IMEI or serial number. Since it's an algorithm, software researcher can find it in the firmware files, reverse-engineer and reimplement it in a form of keygen.
Many unlocking websites are run by people with superficial technical knowledge, driven by money. They find carrier staff who can provide them unlock codes or buy access to some kind of panel with the codes, then resell them on their website. If they have connections with software researchers, they may pay for making unlocking tool out of vulnerability concept (they call it a 'solution'). Sometimes they just take a free unlocking solutions off the internet, repack and make it look like theirs (happened to me multiple times).
As the website guys are not smart and the model range is huge, it's typical for unlocking page to contain generic instructions which could not be applied to all carrier-modified devices.
Related
I have an XDA IIs from O2 and a Qtek 9090 from Vodafone (fairly litlle tinkering from Vodafone).
I want to unlock the XDA IIs (as does everybody else) but isn't the SimLock part of the Radio Rom, in which case cant I jusr replace this with the Voidafone Rom and hey presto!!
I am sure that this is not as simple as I have suggested, or everybody wouyld be doing it, but can someone explain to me where the SimLock subsystem is and therefore where I should start to poke, to unlock it.
I quite liked the idea of sending millions of AT commands to the wireless modem, but that sounded too easy as well.
I know what the Extended Rom does, and the Rom Rom (presumably OS), and in general I know what the radio Rom does, but if this is all there is then I cant see where the SimLock stuff would be held???
If you could reply I'd be grateful, and if anybody reads this and cracks an unlock, drop me a line as well.
Thanks in advance
During a lot of months I have been wondering this. In my opinion, I think that simlock is in the extended rom because it contains special programs from your provider, but I am not sure. The definite clue would be to change all the operating system (radio rom, OS rom, and extended rom) for other (for example, qtek 9090). If somebody knows how to do this and he tries it, please let us know. Thanks.
The code in the CE ROM (Or possibly the radio rom?) reads information from the phone hardware to detect if it is locked or unlocked and merely displays a message to the user indicating its current status when you try to use an alt network sim. The lock status, network locked to and unlock code is stored in a separate flash area of the phone hardware within the XDA IIs - not in one of the standard 3 roms.
This means that no matter what "standard" rom you put on the XDA it will not suddenly become "unlocked" (As I have had numerous different roms on mine since I purchased it - radio, ce and extended rom).
Unfortunately the area of the phone containing this information cannot easily be accessed and requres a code based on the IMEI number of the phone to access. Without the algorithm used to calc this code (Different for each phone type ie alg. for XDA II is different to one for XDA IIs) we cannot unlock the phone!
That said, I believe that the phone itself may not actually prevent the calls merely the firmware in the radio rom after detecting that the phone is "locked". Therefore, I believe it MAY be possible to hack the rom to allow it to be used on any network. PLEASE NOTE THAT I DO NOT KNOW THIS LAST BIT OF INFO FOR SURE, IT IS SPECULATION ONLY AS A POSSIBLE WAY AROUND THE SIM LOCK....... NOW WHERE IS MY HEX EDITOR!
A summary so far
Ok,
So the simlock code is contained in a fourth ROM somewhere in teh device that we dont know how to get to. The radio ROM then somehow reads to see if it is locked, and if it is prompts for the unlock, and if not then allows you to make a call etc.
This fourth ROM is likely to be pretty fixed, like the deviceID and is presumably unaccessable to anything without opening the device up, removing the chip and hitting it with a lightning bolt.
So where does that leave us. The screen that comes up about SIMlock, enter the number, which interestingly enough says that I have tried a large negative integer times, and then locks up permanently (or so it seams). This bit must be in one of the accessible ROMS, as it is too Windowsy for anything hardware wise.
This screen must call some other function that tries the unlock code into the unaccessable chip. It would probably be easier to attempt to remove the retry timeout and then retry millions of times, either with a simple sendkeys type function or with something cleverer. Or alternatively find the function that SIMLock calls to the hardware.
I am being creative here, hoping that someone can step in and be a little more factual. Anyone....
On the XDA II, if you unlock it, can you lock it again?
Think of this fourth "rom" more as as a type of BIOS with basic hardware call functionality with windows and radio rom sitting on top providing code to access the "BIOS" for radio functions (Bluetooth, GPRS, WiFi, GSM etc) and hardware functionality (LED's, buttons etc). It has a form of NVRAM with IMEI number stored as well as SIM locks etc....
Hi I Need Your Help To Unlock My Phone T-mobile Dash
Had you done some basic research you would have found that there is no "free" solution out there.
You can use iemi-check for $38, or there is a member here (whose name is slipping my mind -- I appologize) who does it for cheaper.
If you have tmobile for more than 90 days, just call tech support and ask them for the unlock code (for free).
yea...the only free way is just call them. they emailed my code 2 days later. just make sure you acount is all paid up and you have maintained service (with no missed payments) for over 90 days as stated above
boubasakcom said:
Hi I Need Your Help To Unlock My Phone T-mobile Dash
Click to expand...
Click to collapse
What type of lock are you referring to? The guys above are referring to a SIM unlock, but there are two other types as well...
CID unlock- Is required to operate software/operating systems of other carriers on your device; this can be costly through imei-check, but you can get around this by using CID bypass software such as JumpSPL or Haret.exe (it'll bypass the CID lock and allow you to install whatever ROM you desire)
Application unlock- Is required to operate unsigned 3rd party application software on your device; software such as SDA app unlock or SurrealNetworksApplicationUnlock works great
Rip Syntaxx said:
What type of lock are you referring to? The guys above are referring to a SIM unlock, but there are two other types as well...
Click to expand...
Click to collapse
In my experience -- people who don't specify what type of unlock are generally looking for SIM unlocking. But you are correct -- never assume anything
u know its sad they keep saying there is no free way to unlock the imei ok maybe im asking the wrong question how do the pay sites do it . maybe its not free but i am sure its cheaper and say say its not free well what are they doing who are they paying i guess the question is how are they getting the code
Hello,
a friend has a dev account and therefor he can unlock several wp7 phones when using his live id and adding my phone to dev phones. NoDo works too of course.
My thoughts are: if i update my phone he could add it as dev phone and the DeveloperUnlocked key would change from 0 (after NoDo update) to 1.
Next step would be that I change the reg keys (because of dev status i could use the reg editor) that have been the cause my HTC Mozart 7 got relocked when i connected to zune:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg]
"PortalUrlProd"=""
"PortalUrlInt"=""
And now i would change back to my live id and he would remove my phone from his dev phone list - would the DeveloperUnlocked key change to 0 again or won't it be possible because of the DeviceReg "hack" above?
I don't know what is causing the change from 1 to 0, is it just zune connect or does this change apply via Wifi/3G also? Are the two keys above still actual for NoDo?
It would help everyone who knows a person with dev account to get the NoDo unlocked
Right the person that i searching for.
How does the unlock of a second or third device work? Can the person with the other device we wont to unlock use my Live-ID without the use of my Id on his phone? I found nothing about this in the App-Hup.
not possible.
only the FIRST live ID can unlock a phone and you will be stuck with that account.
that mean that you can't use your own email account for online services and your friends email account is always in your phone.
to change that you would need to hardreset the phone and then the unlock is gone to.
Thanks for that information.
Ah right, i forgot that that the change of the FIRST live id needs a hardreset. Thanks for pointing that out.
I wondered WHY you have to hardreset your phone to change the main live id. Now i know why =)
To sum it up: dev account needs to put the matching live id as the FIRST on the phone, so you would need a hardreset to do that. And another hardreset to get back to "your" live id - resetting the dev unlock status.
Ok let's wait for some success here: http://forum.xda-developers.com/showthread.php?t=1078007 - cross your thumbs
Well the way it works is simple...
say i have a dev account, and have 2 devices left I can unlock.
You just give me your device, I connect it trough USB (it does not matter if your live ID is the only live ID on the device!)
with your email, live-ID, contacts and everything.
Once I connect it to the pc, I run the tool and type in MY live ID, now I click unlock and your phone is unlocked trough my live ID.
Now you can run the tools to edit the registry, than connect the device and relock. Edit the registry again (the registry editor should probably be running, otherwise you will get an error message). And your device is unlocked, with your live ID and everything.
my registered devices
The following devices have been registered and may be used to test your unpublished Windows Phone 7 applications. Adding additional devices must be accomplished through Visual Studio, but you may only add the maximum number allowable by your account. You may remove devices from this list at any time by selecting the remove option below.
Registered Devices (2)
SAMSUNG OMNIA4/12/2012 Remove
SAMSUNG OMNIA71/8/2012 Remove
Maximum allowable device registrations: 3
Click to expand...
Click to collapse
Thx Marvin_S for your reply. So you say i don't need to change the live id to unlock the device?
And what about that registry thing, the registry editor should be running and then i can set the dev unlock key to 1 and it WILL STAY instead of relocking? Because i think that you need to leave the device as unlocked in your app hub as you show us on your quote. If you hit "remove" then the phone will be locked the next time you connect it to zune.
Maybe you can give us more details on this. Thanks.
Unipac said:
Thx Marvin_S for your reply. So you say i don't need to change the live id to unlock the device?
And what about that registry thing, the registry editor should be running and then i can set the dev unlock key to 1 and it WILL STAY instead of relocking? Because i think that you need to leave the device as unlocked in your app hub as you show us on your quote. If you hit "remove" then the phone will be locked the next time you connect it to zune.
Maybe you can give us more details on this. Thanks.
Click to expand...
Click to collapse
Yes legally yes, however here comes your regedit into play.
The steps to unlock your device are easy:
- Set up your device with your own live ID (I assume you have this already, this does NOT have to be the same live ID as the devs live ID!)
- Connect your device with your Live ID to your friends computer. Follow the steps then run the Developer Registration Tool from Microsoft, fill in the live ID of your FRIEND who is DEVELOPER registered on his live ID.
- Your device is unlocked... to keep it unlocked run Samsung-Tools or a similar xap on your device which will do those regedits you have quoted above. If you have done these edits your friend can safely remove your device from his developers panel.
Done deal enjoy
Is it realy that easy to unlock any device?
That means someone with a WP7 and his own Live-ID wants to unlock it with my Dev-Account and my Live-ID, we connect it through usb, start developer registration tool and his phone is unlocked...
Edit! You have answered my question before i could ask.
Thank you.
ceesheim said:
not possible.
only the FIRST live ID can unlock a phone and you will be stuck with that account.
that mean that you can't use your own email account for online services and your friends email account is always in your phone.
to change that you would need to hardreset the phone and then the unlock is gone to.
Click to expand...
Click to collapse
This is not true
It does not matter which ID unlocks the phone, it does NOT have to be the same.
Is there any Devloper In Mumbai India with the dev Account i have Dell Venue Pro Nodo Locked i want to unlock it
Thanks
wow that could open a whole market for 3rd party unlocks
like:
registered developer: provide a service to unlock wp7 device for 24h
customer: needs teamviewer or some remote desktop and knowlege about "how to prevent the relock" in most cases advanced config can fix it...
customer provide login information for his remote desktop
connect his wp7 device
developer unlocks the phone with his id and removes it after 24 from the list.
rest you can imagen...
soo.. who want a dev unlock for $10 paypal?
who is the dev to become rich with unlocks?
webwalk® said:
wow that could open a whole market for 3rd party unlocks
like:
registered developer: provide a service to unlock wp7 device for 24h
customer: needs teamviewer or some remote desktop and knowlege about "how to prevent the relock" in most cases advanced config can fix it...
customer provide login information for his remote desktop
connect his wp7 device
developer unlocks the phone with his id and removes it after 24 from the list.
rest you can imagen...
soo.. who want a dev unlock for $10 paypal?
who is the dev to become rich with unlocks?
Click to expand...
Click to collapse
Yeah but what if someone runs a keystroke logger... this will open up the dev's email and password to the customer. Its a form of trust both the dev and the customer will need to have.
I will do it in person, no problem, but you are right it is possible to unlock infinite devices this way. And most of the people who unlock will run these regedits anyway (unlimted sideloaded xaps + prevent relocking)
well yea the plan is not perfect
i dont know enough about remote desktop to tell you if there is any way to encrypt the data.. maybe simple copy paste would be enough, but yeah, your login details would be at high risk, still its simple to change passwords..
microsoft wants $99 and all of your personal data
in some countrys you have hell of paper work and waiting times around 6month
even $50 for a quick paypal unlock is still a good deal for some..
microsoft has to come after (or with mango) with some homebrew unlock thing or people will come up with these kinda services...
heh hell or post a $5 fiverr.com add
hey i want to spend some $$ to unlock my Dell venue pro is there any body can help me i m in India Mumbai Pm me .
Yep i got a pretty ugly vision how this could work out in the end!
1 MS will revoke a “few” developers status whom enjoy WP7 dev. “sanctuary”, even if they weren't unlocking.
2 We never ever going to see through a MS unlocked update for public use, forever we going to stick with market app....
Its a bit boxed up future. don't you think?
I also would like to have full access to my HTC 7 Pro T7576 it came with NoDo oobe.Zune not even find update yet.
seems soon be unlocking problem solved
http://labs.chevronwp7.com/
right on time
but a small fee? that stinks, lets see how this works out...
wow thats good news
Does anyone know how many characters are in AT&T unlock code, and if there is any known pattern? I wonder if an unlock code could be brute-forced by a program, which just keeps entering all possible combinations until it succeeds. I see the "unlock" screen has a delay of ~3 seconds, which is 28800 combinations in 24 hours. I would imagine the unlock application just calls into radio, so it's likely even faster to brute-force, because you can likely do several tries per second.
It was my understanding that unlock codes are based on imei and each phone has a limited number of tries before it becomes hard locked to a carrier.
It uses an algorithm based on the imei and other information as I understand it. Very device specific. As for the limited number of attempts, I've heard that before too, but never a solid confirmation that it is true. I expect it is though, If for no other reason than to prevent cracking it by brute force or other means.
Sent from my SAMSUNG-SGH-I747 using Tapatalk
Hi all,
I've actually got a Nokia G50, but I think the unlocking mechanism is likely to be similar for all the G range phones.
I just wanted to find out - what do we know about how HMD Global typically lock the phones?
I know there is a file, but if anyone has any tips or hints as to what format it is in perhaps that can give us a head start to cracking it.
I think brute forcing isn't going to be a viable option, but anything like how many characters of data is in the key, and what it uses along with the IMEI to generate it would be useful.
Any information about how any other Nokia unlocking key works (for the ones already opened) would be helpful also.
It'd be great if we could find out enough to get started trying to think about how to open it.