I am involved in the forensic examination of mobile phones and computers in relation to law enforcement.
I have an Orange SPV C550 to examine that is handset security locked with a code that the owner will not disclose.
Has anyone any idea how to ascertain the code, or get around it so that an examination can take place of the handset.
If anyone has an idea how to 'dump' the flash memory then I would also be very grateful.
Thanks
hmm.. if it is just the password when you power on the device, you can clear it by restoring the device to factory state via hard reset (when the phone is off, push both softkeys and power button, and 0 when the question appears)
if you mean simlock or sth of the kind - such things are on viki and spv-developers. rom dump info is there as well
Thank you for you reply, it is the handset lock that I need to bypass as the SIM card is not PIN protected.
If I do a reset of the handset as suggested then I am going to delete data which somewhat defeats the object of the examination!
I am governed by legislation that states that I should not alter any data if at all possible, whilst I accept by bypassing the security code then some data will change but in the circumstances this can be justified.
I need a way of getting access to the data on this handset by bypassing the security code.
Can anyone point me in the direction of some hardware/software that I can use to pull out the raw data from the handset. If I can do this then apart from obtaining the data by reading the hex data I may even be able to ascertain the user defined handset code.
Related
Hi all,
Is there a way to disable or remove the radio (phone) software. (not switching to flight-mode, or there must be a way to keep it in flight-mode, so i can switch it on/off with a password or something)
My goal is that the Qtec2020 doesn't have any phone capabilities. is there a way?
or
Is there a way to completly disable GPRS / Data??
thx in advance
why get a gsm pda then ?
to disable grps you can just remove all the settings for it
when i exit flight mode i have to type in my sim card pin code just like when i softreset my device guess that depend on the sim and network
here everybody have it to make it impossible to use if people steal it
ok why buy a gsm pda
well we at our company sell software, and the customer will rent the qtec 2020, we don't want our customers to use them as phones.
that's the only reason why i want to disable radio/phone..
we have more that 30 on stock and we don't want to buy new ones
hope that someone can help me.
btw.
hopefully a solution in which we are able to restore everything to it's state in which the phone can be used again. in case our application is going to use gprs/data
you could also put a prepaied sim card in it without any money on
of cause they would still be able to put in their own sim then
otherwise you need a program which keep all phone activity from happening this dont really sound like a program which are out there because of lack of demand maybe you could get somebody to make it
but the program would have to be put in the extented rom to be sure it would still be there if the user hardresets the device
and then you cant really stop a person who knows how to edit the extented rom from removing the program
that is unless you would be willing to open and remove the gsm part of the device
but removing the gprs settings would require the user to know how to set them up again and which settings to put there
and judging from how many people ask about such things here the normal user would not know how to do that
Delete all links to Cprog.exe (Phone Dialer)
then I believe there is a Reg Key that will remove
Turn ON-OFF Flight mode..
You will also need to unmap Green Phone Button.
That's all i can help you!
can't find a reg key
is there no such thing as a dummie radio-stack???
upgrading the PDA with a dummie radio-stack??, or leave the radio-stack out of the upgrade process?? (enough pda's without gsm phone :wink: )
just thoughts!!
thx in advance
upgrading the PDA with a dummie radio-stack??, or leave the radio-stack out of the upgrade process?? (enough pda's without gsm phone
Well yes you could kill the radio stack by forcing error on upgrade I suppose.
I have an XDA IIs from O2 and a Qtek 9090 from Vodafone (fairly litlle tinkering from Vodafone).
I want to unlock the XDA IIs (as does everybody else) but isn't the SimLock part of the Radio Rom, in which case cant I jusr replace this with the Voidafone Rom and hey presto!!
I am sure that this is not as simple as I have suggested, or everybody wouyld be doing it, but can someone explain to me where the SimLock subsystem is and therefore where I should start to poke, to unlock it.
I quite liked the idea of sending millions of AT commands to the wireless modem, but that sounded too easy as well.
I know what the Extended Rom does, and the Rom Rom (presumably OS), and in general I know what the radio Rom does, but if this is all there is then I cant see where the SimLock stuff would be held???
If you could reply I'd be grateful, and if anybody reads this and cracks an unlock, drop me a line as well.
Thanks in advance
During a lot of months I have been wondering this. In my opinion, I think that simlock is in the extended rom because it contains special programs from your provider, but I am not sure. The definite clue would be to change all the operating system (radio rom, OS rom, and extended rom) for other (for example, qtek 9090). If somebody knows how to do this and he tries it, please let us know. Thanks.
The code in the CE ROM (Or possibly the radio rom?) reads information from the phone hardware to detect if it is locked or unlocked and merely displays a message to the user indicating its current status when you try to use an alt network sim. The lock status, network locked to and unlock code is stored in a separate flash area of the phone hardware within the XDA IIs - not in one of the standard 3 roms.
This means that no matter what "standard" rom you put on the XDA it will not suddenly become "unlocked" (As I have had numerous different roms on mine since I purchased it - radio, ce and extended rom).
Unfortunately the area of the phone containing this information cannot easily be accessed and requres a code based on the IMEI number of the phone to access. Without the algorithm used to calc this code (Different for each phone type ie alg. for XDA II is different to one for XDA IIs) we cannot unlock the phone!
That said, I believe that the phone itself may not actually prevent the calls merely the firmware in the radio rom after detecting that the phone is "locked". Therefore, I believe it MAY be possible to hack the rom to allow it to be used on any network. PLEASE NOTE THAT I DO NOT KNOW THIS LAST BIT OF INFO FOR SURE, IT IS SPECULATION ONLY AS A POSSIBLE WAY AROUND THE SIM LOCK....... NOW WHERE IS MY HEX EDITOR!
A summary so far
Ok,
So the simlock code is contained in a fourth ROM somewhere in teh device that we dont know how to get to. The radio ROM then somehow reads to see if it is locked, and if it is prompts for the unlock, and if not then allows you to make a call etc.
This fourth ROM is likely to be pretty fixed, like the deviceID and is presumably unaccessable to anything without opening the device up, removing the chip and hitting it with a lightning bolt.
So where does that leave us. The screen that comes up about SIMlock, enter the number, which interestingly enough says that I have tried a large negative integer times, and then locks up permanently (or so it seams). This bit must be in one of the accessible ROMS, as it is too Windowsy for anything hardware wise.
This screen must call some other function that tries the unlock code into the unaccessable chip. It would probably be easier to attempt to remove the retry timeout and then retry millions of times, either with a simple sendkeys type function or with something cleverer. Or alternatively find the function that SIMLock calls to the hardware.
I am being creative here, hoping that someone can step in and be a little more factual. Anyone....
On the XDA II, if you unlock it, can you lock it again?
Think of this fourth "rom" more as as a type of BIOS with basic hardware call functionality with windows and radio rom sitting on top providing code to access the "BIOS" for radio functions (Bluetooth, GPRS, WiFi, GSM etc) and hardware functionality (LED's, buttons etc). It has a form of NVRAM with IMEI number stored as well as SIM locks etc....
Hi,
Now my xda2s is unlocked, and I can use the device properly, I'd like to get rid of the 02 "add-ons" and understand the optimum firmware to upgrade the device, especially to prevent soft and hard resets and increase perfomance.
Can somebody also advise on the link for the Bluetooth patch, my Jabra has more static than a large wooly jumper!!!!!
Finally, has anybody devised a way to run 2 seperate email and address accounts - I'd like to keep my work email and my personla email (and contacts seperate
Thanks for your help.
We'll help you if you tell us how to unlock the XDA IIs
There is no programme to unlock the XDA2s, not that I know of.
I called customer services and made several requests for the unlatch code because i use dual sim cards and connect to another network.
I have called them at least 20 times, and had almost every reason under the sun for not providng the code. 02 are not obliged to give you the code, but if you are persistnet, you can get it.
hey guyz..
the scene is set, dont want to tell anyone where it happened by whom and ofcourse who got robbed but here's the story.
User had an o2 Xda II, customized rom, with IIWPO Theft Control installed in the rom, so that means hard reset wont wipe IIWPO out of the pda.
Robber comes puts a knife on the user's throat takes away cash and the pda, user gives it happily thinking she will get a msg on the other number with all the info of sim changed.
4 days pass by no info come's and the pda is sold or forwarded to someone else or whatever. END OF STORY.
now how did the user not get a msg of the new sim info.
1. SIM WAS NOT CHANGED.
2.SIM CHANGED BUT NO CREDIT IN NEW SIM.
3.BATTERY TAKEN OUT PDA TOTALLY DEAD TILL NEW CUSTOMER GETS IT. ETC ETC.
WHAT CAN BE DONE.
ok guyz this is the part where i would like allll the geeks & gurus to put in some effort, i know it will be tough but i have a feeling its not impossible.
CAN UR,LL UPDATE IIWPO IN SUCH A WAY THAT WHEN WE ARE FEEDING OUR NAME AND OTHER INFO IT WILL ALSO ASK FOR A SECURITY PASS TO BE PUT IN, SO THAT WHEN ROBBER CHANGES SIM THE IIWPO RECOGNIZES THE SIM CHANGE AND LOCK'S THE PDA AND ASKS FOR THE PASS, AND WONT UNLOCK TILL PASS PROVIDED, REBOOT WONT HELP.
Now ofcourse the robber can be anyone, so the robber plans to hard reset and still the device would recognize the sim change and ask for pass now so annoyed he plans to flash the device and what happens after that all of us know.
To prevent this THE GEEKS & GURUS can just build a small security patch that can wont allow flashing of device till pass given, it would work like this, we flash our device for the first time install IIWPO and the NEW SECURITY PATCH (with passwords) device is robbed, robber changes the sim gets pass error he gets pissed and tries to flash the device and that clever software would not flash the device till pass provided, this would prove that all the efforts the robber made to steal the device are gone to waste.
And ofcourse someday someone might put in a sim with credit and we would get the info.
NOT FORGETTING CHARLES WARNER FOR THE GREAT WORK HE'S PUT IN FOR ALL xda-developers.com USERS and also giving the IIWPO to us for free, REALLY APPRECIATE YOUR WORK SIR !! THANKS ALOT.
no one interested in being secured ?
I think the IIWPO idea can definitely be improved, BUT: It will never protect you from being robbed.
The true advantage of IIWPO in its currect form is to be able to get track of the 'new' owner of a nicked device. In the end: someone will put in his/her sim and then its just bing!
All other enhancements will just make sure noone else gets to use the device. Sure an improvement, but less important to me: I just want my device back and get the thief nailed!
Interesting...
But I think you have misunderstood how IIWPO works.
IIWPO does not detect if someone changes the SIM card. It ONLY acts when the someone changes the Owner Information (Start/Settings/Owner Information), so no matter what SIM card there is, as long as it has credit it will send an SMS to the recipient's phone number. That's the beauty of it, that it silently sends the SMS with the 'new' users data so there is a slight chance of knowing who's the 'new' owner.
But! This is by no means fool proof. It's what they call 'protection by obscurity', so if a savvy robber knows how to reflash the device it will get away with it no matter what features we can integrate to IIWPO.
That's one of the cool new features of WM5.0, that we can at least know for sure that our data is SAFE by wiping the info remotely if necessary.
Just a thought.
Rayan
edsub said:
The true advantage of IIWPO in its currect form is to be able to get track of the 'new' owner of a nicked device.I just want my device back and get the thief nailed!
Click to expand...
Click to collapse
Rayan said:
so if a savvy robber knows how to reflash the device it will get away with it no matter what features we can integrate to IIWPO
Click to expand...
Click to collapse
ofcourse this is why we all love IIWPO cause it sends use a msg, and ofcourse even if someone was to modify IIWPO iam sure that this feature would'nt wipe out.god forbid you get robbed u get a msg frm the cell but you for some reason cant track the person or some other c#@p...and the pda is gone....WHY caz it only sends sms it does not block the screen....if you were to have a feature which would jam or freeze the pda on change of the name then the pda would be useless to the robber nothing much he could do....unless he knows how to flash it...now comes a part where we can do something about not flashin the device with out a pass....this would totally make the pda useless to the robber and would also keep sendin us msgs and secondly the robber maybe maybe next time might think twice before robbing a pda and might go for something else
How about a device that would be installed internally to the xda and if it is stolen and a different sim/different user info is entered and the person makes a call it fires a large captive bolt which nails the phone to the head of the user, it then adjusts itself to full volume with all lights flashing and announcing "This is a stolen phone...call an ambulance...or hearse".,
cruisin-thru said:
How about a device that would be installed internally to the xda and if it is stolen and a different sim/different user info is entered and the person makes a call it fires a large captive bolt which nails the phone to the head of the user, it then adjusts itself to full volume with all lights flashing and announcing "This is a stolen phone...call an ambulance...or hearse".,
Click to expand...
Click to collapse
tht would be great..... are u goood enough to build something like tht ?
Rayan said:
But I think you have misunderstood how IIWPO works.
Click to expand...
Click to collapse
I perfectly understands the IIWPO functionality. It was me who put together IIWPO for other devices than Wallaby.
Let me explain how my earlier post should be interpreted: Sure it is triggered by the change of owner info, but most thieves (or buyer from a stolen device) will put in another SIM (simply because they dont have the pin of the stolen sim or because the stolen sim is blocked by the network). Thus: As soon as the 'new' owner puts in a SIM AND he/she has changed the owner info (and every one does that!) the sms is sent.
Also: Eventually a thief might flash a device, but ost certain a thief (or buyer) starts it up to test whether its working or not.
Imho IIWPO can be improved, but practically chances of getting a device back will not significantly improve
edsub said:
Rayan said:
But I think you have misunderstood how IIWPO works.
Click to expand...
Click to collapse
I perfectly understands the IIWPO functionality. It was me who put together IIWPO for other devices than Wallaby.
Let me explain how my earlier post should be interpreted: Sure it is triggered by the change of owner info, but most thieves (or buyer from a stolen device) will put in another SIM (simply because they dont have the pin of the stolen sim or because the stolen sim is blocked by the network). Thus: As soon as the 'new' owner puts in a SIM AND he/she has changed the owner info (and every one does that!) the sms is sent.
Also: Eventually a thief might flash a device, but ost certain a thief (or buyer) starts it up to test whether its working or not.
Imho IIWPO can be improved, but practically chances of getting a device back will not significantly improve
Click to expand...
Click to collapse
Sorry edsub, I should have specified to whom I was refering to (zairyaab) when I wrote that comment.
Best regards,
Rayan
np m8
edsub said:
It was me who put together IIWPO for other devices than Wallaby.
Click to expand...
Click to collapse
Can you explain what should I change in the cab to make it work on other devices (Like ETen M500/Torq P100)?
edsub said:
Imho IIWPO can be improved, but practically chances of getting a device back will not significantly improve.
Click to expand...
Click to collapse
Yeah, but still I would feel somewhat better if I can at least call the thief/buyer and shout some expletives if he/she refuses to cooperate!!! :twisted: :lol:
Best regards,
Rayan
i have my girlfriend's number as my report number.. what if were together and we got robbed both our phones are taken away.. a multiple report number would be a good addition to IIWPO
The changes I'd like to see done to IIWPO include:
a) not using "IIWPO" or 'xda-developer' in the registry (user customisable registry key)
b) user customisable executable file name (IIWPO_startup is like a dead giveaway)
c) not storing owner name & number 'in the clear' (a simple XOR to hide it would be just as effective)
d) a hash of the entire owner info page (not just the last name) so unit will resend an SMS if any info changes
e) a new sms is resent after a preset time (eg: every 24/48/120 hours for example), regardless if owner info has changed or not.
I also like the idea of multiple number reporting.
a,b,c) Considering the concept of IIWPO is 'security by obscurity'; it will help if one could hide it more effectively. (no one is going to bother too much about bluetooth.exe or msn_update.exe in the startup folder for example...)
d) Most people get their name right; then meddle with the other bits of information as time goes on - it'd be good to get 'updated' info as and when it happens.
e) Consider it a 'keep alive' thing, so we'll know the unit is still in use, and can continue to keep in touch with the new owner =) I've no moral issues burning up the credit of someone who refuses to give me back my property either. =P
If nothing else, we'd be able to know when the unit gets reflashed, and can quiety say goodbye to our unit after not hearing from it for a while... =(
Is IIWPO still being maintained by the author, or anyone on xda-developers? If not, is the source available? I might be interested in following up on it (time permitting...)
Edited to add: A really vicious version of the IIWPO would possibly send out:
a) phone numbers stored in the SIM card
b) phone numbers stored in the addres book
c) recently dialed/received phone numbers
d) recently sent/received SMS phone numbers
Not all in one go; but in bits and pieces (eg: every 20 startups; send phone numbers of last 5 SMSs sent/received + last 5 phone calls dialed/received).
That would allow us get in touch with his friends and would possibly aid in getting the unit returned (use your imagination... probably easier to get them tell you who/where he is, rather than to get them convince him to return it...)
Probably this would add too much bloat to IIWPO; but hey, could be useful... =P
WOW, ok.
First of all - I registered 2 this forum less than a week ago,
and great job for doing these kind of things.
second - where can i d/l the prog?
and last another idea: when some1 steals ur pda he's usually gonna sell it over. meaning he made his money.
HOWEVER - if even after a HR after changing sims (maybe even without) there will be a picture message saying:
"You cannot use this phone"
"This phone can only be used by me - *name*"
"However, Im willing to buy this phone back from you. call +......"
there wont be a place on the screen to enter the code.
however - the phones' user knows he can type his password and unlock the phone. you might even integrate a handwriting recognition programm for signature or somthing but that will be super hard, i know.
another option is that when seeing this message user has to touch 4 corners of the screen with the stylus in a specific order, then he'll have a please enter password screen.
any comment?
is it do-able?
http://wiki.xda-developers.com/index.php?pagename=IIWPO
What I am looking for is a way to password protect our device / note2 so that if anyone steals our phone and tries to put another sim card in, during the start up, the phone will challenge the user for a PIN or some kind of password protection. I have been looking around but cannot seem to find anything.
In the Android OS, there is a PIN on boot but that only protects your SIM card and not the phone.
Any help or pointers will be appreciated. Thx.
sasukewa said:
What I am looking for is a way to password protect our device / note2 so that if anyone steals our phone and tries to put another sim card in, during the start up, the phone will challenge the user for a PIN or some kind of password protection. I have been looking around but cannot seem to find anything.
In the Android OS, there is a PIN on boot but that only protects your SIM card and not the phone.
Any help or pointers will be appreciated. Thx.
Click to expand...
Click to collapse
Setup sim change alert and simcard lock under Security
Anyway a Wipe data will erase all these parameters so I don't thing that is really necessary...