Develop Bugs

Someone, anyone please HELP with an ESN

I know I'm a noob, but I've been struggleing with this for a while now. I put in probibly 6 hours last night and haven't any clue if I'm even close to being complete.
I bought an HTC Touch MP6900SP (Sprint) and was told it had a clean ESN. Turns out it didn't and I'm up the creek because I paid cash. I bought it to replace my motor razr which has a clean ESN, but is quickly dieing. I'm trying to clone my ESN but can't get mtty to work properly. Once the ESN is swapped, the RAZR will go in my junk drawr.
I've tried to follow the steps here:
http://www.mobile-files.com/forum/showpost.php?p=355768&postcount=1
but when I go to fire up mtty I can only enter the rtask a command then the program or phone won't allow me to do anything else, even type the next command.
In the boot loader I have the following info:
VOGU100 MFG
SPL-2.31.CoKe
CPLD-3
Can someone please walk a noob through this. I'm totally new to this whole unlocking thing and could really use some help. The phone is locked to the account of the previous seller who refuses to release it. I've got the 2.31.coke on there now and when I boot it normally I also have the Alltel rom that fires up. HELP!!! PLEASE!
Edit: In MTTY when I run rtask a this is what I see, but I can't type anything after that.
rtask a
Enter Radio Bootloader
POWER ON PMIC VREG_USB : SUCCESS!

This has been covered...
SEARCH!!! MTTY is actually working, you just can't see the text you are typing... Just be careful typing everything in and you will be good to go...

Alright, I got through MTTY, and am not onto working in CDMA workshop.
I put the phone into DM mode, Active sync disconnects, but CDMA shows it is connected to Com1 port successfully, but fails when I attempt to read the ESN.
I can't seem to find the diagnostic modem drivers that I need and think the lack of the drivers is what is causing me grief now.
Believe me, I'm looking everywhere I can to get information. I've got tons of hours into this now.
Edit: Got the drivers installed and working properly. Still having problems reading from the phone with CDMA.
Edit 2: Had to figure out the proper com port in CDMA, getting warmer.

scanning and finding esn addresses right now! If this thing works I'll be so damn happy!

im still reading up on this, but seeing information that has been corrected over time, then finding some old posts that may be outdated.
using MTTY with all of the steps to superCID... is that actually changing the ESN in one failed, fast swoop? Is it actually doing what CDMA does when scanning/writing?

ESN
cox abele said:
im still reading up on this, but seeing information that has been corrected over time, then finding some old posts that may be outdated.
using MTTY with all of the steps to superCID... is that actually changing the ESN in one failed, fast swoop? Is it actually doing what CDMA does when scanning/writing?
Click to expand...
Click to collapse
Hey did you get this to work? I changed my esn last night and the phone works. Can make and receive calls. Only prob is that I can't connect to the internet. I think it is a problem with the user name/password but not sure. I keep getting the 67 error when trying to connect. I only changed the esn and nothing else.
Did you have any luck? If so what about the internet thing? Any help would be much appreciated. Been reading and trying to figure this out for a while now.
Thanks,
-T

Hey man, welcome to XDA
What Airline do you fly for? It's good too see another fellow Pilot on here.
As you can see from my sigpic, I'm with Air Canada Jazz.

b727pilot said:
Hey did you get this to work? I changed my esn last night and the phone works. Can make and receive calls. Only prob is that I can't connect to the internet. I think it is a problem with the user name/password but not sure. I keep getting the 67 error when trying to connect. I only changed the esn and nothing else.
Did you have any luck? If so what about the internet thing? Any help would be much appreciated. Been reading and trying to figure this out for a while now.
Thanks,
-T
Click to expand...
Click to collapse
Have you tried installing the DCD carrier cab. I think this is the link. Just double check.
http://dcd1182.n715dp.com/index.php?dir=carriers/

Help with ESN Change. Phone works just not internet
Csquared said:
Have you tried installing the DCD carrier cab. I think this is the link. Just double check.
http://dcd1182.n715dp.com/index.php?dir=carriers/
Click to expand...
Click to collapse
Thanks for the reply. No I had not tried the DCD carrier cab. First of all let me get this out of the way. NOOB here.
I tried researching the DCD cab because someone else suggested it and then tried it and it didn't work. I think it might be something with the user name and password for vision service. This is what I did:
Flashed the Touch (it is a sprint touch) to the 6.1 wm latest rom (sprint). Then did the esn swap from my razr (also sprint). After the esn swap I flashed again using the 6.1 sprint rom (just wanted to make sure nothing changed after I did a rom flash). Phone works fine on sprint and I even called them on it and they think it is a razr. I can make and receive calls, voicemail etc. Just can't get the internet working. Just get the 67 error. Any ideas?
-T

jmitr said:
Hey man, welcome to XDA
What Airline do you fly for? It's good too see another fellow Pilot on here.
As you can see from my sigpic, I'm with Air Canada Jazz.
Click to expand...
Click to collapse
SWA! Ever in MDW?
-T

b727pilot said:
Thanks for the reply. No I had not tried the DCD carrier cab. First of all let me get this out of the way. NOOB here.
I tried researching the DCD cab because someone else suggested it and then tried it and it didn't work. I think it might be something with the user name and password for vision service. This is what I did:
Flashed the Touch (it is a sprint touch) to the 6.1 wm latest rom (sprint). Then did the esn swap from my razr (also sprint). After the esn swap I flashed again using the 6.1 sprint rom (just wanted to make sure nothing changed after I did a rom flash). Phone works fine on sprint and I even called them on it and they think it is a razr. I can make and receive calls, voicemail etc. Just can't get the internet working. Just get the 67 error. Any ideas?
-T
Click to expand...
Click to collapse
Do you have a data plan setup with Sprint on your Razr?

Csquared said:
Do you have a data plan setup with Sprint on your Razr?
Click to expand...
Click to collapse
Yea I have the old sero plan. It includes unlimited data. I think that is what you mean. I can run opera on it so it is working.
-T

This might be trivial but lets check.
Goto:
Settings/Connections/Connections/Advanced/Select Networks
It should show Sprint in top and Work network in bottom.
Click edit under Sprint and make sure its set to #777

Then try this:
Settings/Personal/Phone/Services/Internet/Get settings
Then have IOTA done by pressing start.

No Internet Still......
Csquared said:
Then try this:
Settings/Personal/Phone/Services/Internet/Get settings
Then have IOTA done by pressing start.
Click to expand...
Click to collapse
Thanks Csquared. I tried this and this is what I got. I also have posted this at http://forum.xda-developers.com/showthread.php?p=3413006#post3413006 . Not trying to double post but was getting some help over there also.
Phone is working great using the donor ESN but no internet. Here is what I've got:
- Sprint Razr (donor ESN phone) and Sprint Touch (Had bad ESN now has Razr ESN).
- Have Data plan on my Account.
- Did the changes from the original post and phone works fine (can make and receive calls)
- When I try and connect to the internet it gives me error 67, can not connect #777 and 1012 error.
What I have tried:
- Start/settings/services/internet/get settings/ and start IOTA.
- Tried making a new connection under start/settings/connections/connections and setup a new #777 connection.
- Changed Active Profile from 0 to 1 in ##3282#
None of this worked. Under ##3282# my settings are:
User Name:
Active Profile - 1
MIP_MODE - Mobile IP Only
User Name - (My Username)@sprintpcs.com
SPI MN-HA - 4D2
SPI MN-AAA - 4D2
ReverseTunnel Pref - Enable
Home Agent IP Address - 0.0.0.0 (for some reason it will not let me edit this setting)
Primary Home Agent - 0.0.0.0
Second Home Agent - 0.0.0.0
HA Shared Secret (HEX) – Blank
AAA Shared Secret (HEX) – Bunch of characters
Advanced:
ESN - Donor ESN (From Razr)
MSID - My Phone number
Not sure if any of this makes sense. I am just trying to get the internet working. Please let me know if anyone has any ideas. It does say "Preparing vision services" when I try to connect to the internet but always fails with error 67 Username and/or Password incorrect. Also get Cannot Connect Dialed #777. Also get error code 1012 could not prepare Vision services please try again later.
Thanks very much in advance for the help!
-Tony

Well I know this is prolly not the right thread to put this under however I am not sure which is and the person who started this thread is doing what I wanted to know was possible to do. And second I was wondering how to do it. I am completely noob on this. I did as he did and bought a new phone which ended up having a bad ESN.
I have a Nokia with Verizon and it broke. They wont replace it for me so I went and bought an LGVX9100M. I have been researching for around 4 hours now and cant find a thing if I can take the ESN from my Nokia which is clean and working and put it to the LG to make it work. I am not familiar with any thing that has to do with programming cell phones or using the programs. I am however a pretty quick learner.
Is there a way to do this? Is there a program I need or a way to just do it in the phone? IF I can do this with a program how do I do it and what stuff do I have to replace the numbers with?

Bad ESN's= Unrecovered lost or stolen property, or property with a bill due over its usage.
Helping with Bad ESN's, is like helping repaint a stolen car.
WR

HTC evo 4G on BoostMobile CDMA

EDIT: for a quick answer on how to get data working go to post # 222 of this thread!
Hey Guys,
I have been following the thread about the Evo 4G working on boostmobile. I hope someone would be able to help me, I am a bit stuck. First off, I won't bother anyone with any "n00b-ness", as I do know how to use google to find my own information. Here's where I am right now:
I have a "new" EVO 4G that had its MEID marked bad because the previous owner did not pay ETF to sprint. I also had a BlackBerry tour that I managed to connect with BoostMobile using a bit of social engineering (insisting to the relatively naive CSR that it's NOT a blackberry, as its MEID would indicate). I went through all the QXDM and Hexeditor fun to zero out the ESN, and finally the elusive MEID. **I will not mention what I did next, please use your imagination. I do not want to cause any trouble on the forum for talking about (you know what). I then switched the BlackBerry tour into GSM mode, to prevent it from causing a conflict, but at the same time to allow the phone to power up so I could continue to retrieve data or settings off it. Once I changed the programming info (MDN/MSID), I was able to make and receive calls. SMS worked inbound and outbound. Then, I changed the MMS url to mm_myboostmobile_com. Now I was able to send and receive MMS messages. After rooting my Froyo 2.2, I installed the 2.1 EPST app to be able to update PRL via ##775# / ##PRL#. Now, I have been trying various different PRL files from different forums as well as corolada_com. I also copied NV items 465, 466, 1192, and 1194 from my BlackBerry. I still cannot get data working, not EVDO, not even 1x. I would be most grateful to anyone who will contribute to this thread in a positive, constructive way. And if you're a Python, C# .NET, Perl, or Java programmer, or an SQL Server admin, I would gladly share the plethora of information I have in these areas with you. Thank You.

Ok, I have data working now. In the spirit of giving back to the community, here is what I did: I connected to the phone using Qualcomm QPST Service Programming, clicked Read and entered my MSL/SPC code. Then, under the M.IP tab, (you will only have this tab in a more recent build of QPST, I had to upgrade to build 348) I selected "profile 0" and clicked edit. Here, I unchecked the first checkbox which enables the profile. I wrote the changes to the device, and data began working. My rate is very pathetic, 100-200kbps. With previous device (blackberry tour 9630) this was over 5x faster. Maybe I am not getting EVDO? I will try several different PRL files and report results. I also heard that the HA and AAA secrets, stored in NV items 1192 and 1194 must be copied to authenticate for EVDO speeds. I am having trouble reading these from the (previous device) blackberry, particularly 1192. The resulting read in CDMA workshop produces an access denied error in the output file. QPST and QXDM don't even show these items in the nv items list at all, even if you click "File menu> read supported RF NV Items". All other items seem to show, but not these. Of course, you must send the MSL/SPC code before you attempt any nv item reading or writing. Has anyone else managed to transfer their boostmobile-specific HA secret and AAA shared secret from a blackberry onto an android device? What transfer rates are other boostmobile users getting on android devices in large metropolitan areas? (i'm in nyc).. I have heard some far-fetched solutions including "change your SPC to the old phone's SPC", is there any truth to this? Sorry if my thoughts are a bit disorganized. I will try to write a proper tutorial when I have time. Again, thanks to everyone that contributed to make my google searching a success, in this forum as well as others. Please feel free to put in your .02 as maybe I have overlooked something.

The only thing I can offer is on the tour. You don't need GSM mode to have it on. Simply turn off the radio.

I had the same issue or rather kind of similar. I am getting an Error (NV_READONLY_S) in QPST while trying to write to the EVO. Any help on why its doing that? I have surpassed the meid/pesn zero thingy and txt talk just as you have but to get data wkng proves to be difficult. Please advise.

unique, the problem with BB OS 5.0 and higher is that after a dead battery shutdown, it has the mobile network enabled on initial boot. Bosstalk, the NV_READONLY_S error can be ignored, the changes will stick anyway. What phone are you switching from? Did you try disabling the 0 profile under M.IP tab in QPST? Which PRL are you using?

uniquenameevo,
Do u have any assistance you could offer? I have been searching like crazy and its killing me.

gsxrmonkey said:
unique, the problem with BB OS 5.0 and higher is that after a dead battery shutdown, it has the mobile network enabled on initial boot.
Click to expand...
Click to collapse
True, my 9700 does this also. I did not know about the dead battery shutdown on yours

I am switching from an htc tp2 to an evo.

Firstly, When I do the requestnvitemread ds_mip_ss_user_prof in QXDM I get the ha shared hex passwd but all zeros for the AAA shared hex passwd. Isnt it suppose to be a combo of letters and numbers? Please advise.

Talk and Txt EVO but no Data
Can someone please lend a helping hand here. I am up to my wits with this one. Ive got txt and talk working on boost but somehow cannot get data.
(Error code 67)
My donor phone: HTC TP2 with boost
Evo: Rooted(unrevoked 3.2) with 2.2 Froyo update
Installed EPST.apk using Root explorer.
PRL used is 60660
Things Ive done so far:
1.Used QPST to match NV Items 465,466,1192 and 1194 from donor to evo using NV browser.
2. Used Qpst in the Mip tab and matched settings of the donor with the Evo
The only rough end that may be prohibiting my access is the fact that I cannot get an accurate AAA shared reading. I followed the SPC "msl" thingy then did the requestnvitemread ds_mip_ss_user_prof command that gave me good ha shared numbers after the 0x. However the AAA yield 0x00 all the way thru. Im not getting a long string of characters as others have gotten. Please advise!!! I would greatly appreciate it.

I am at the same point.
I think the HA is "secret" in plaintext
the AAA I managed to get was very long and qpst service programming app refused to accept any key in hex over 32 chars. I believe the one I have is 64 chars.
Do I have to send 'mode offline-d' if the radio is disabled anyway?
If anyone knows a way around this please advise.
Donor phone is BlackBerry Tour 9630
Target phone is HTC Evo 4G with 2.2 Froyo rooted

bosstalk said:
Can someone please lend a helping hand here. I am up to my wits with this one. Ive got txt and talk working on boost but somehow cannot get data.
(Error code 67)
My donor phone: HTC TP2 with boost
Evo: Rooted(unrevoked 3.2) with 2.2 Froyo update
Installed EPST.apk using Root explorer.
PRL used is 60660
Things Ive done so far:
1.Used QPST to match NV Items 465,466,1192 and 1194 from donor to evo using NV browser.
2. Used Qpst in the Mip tab and matched settings of the donor with the Evo
The only rough end that may be prohibiting my access is the fact that I cannot get an accurate AAA shared reading. I followed the SPC "msl" thingy then did the requestnvitemread ds_mip_ss_user_prof command that gave me good ha shared numbers after the 0x. However the AAA yield 0x00 all the way thru. Im not getting a long string of characters as others have gotten. Please advise!!! I would greatly appreciate it.
Click to expand...
Click to collapse
i just got my EVO and i was wondering if you could help me in the right direction to make the switch i have 7 BOOST CDMA LINES and plenty of donor's also i have about 9 boost cdma c290 would one of them work or does it need to be a higher end HS thanks to all

sdwyz74 said:
i just got my EVO and i was wondering if you could help me in the right direction to make the switch i have 7 BOOST CDMA LINES and plenty of donor's also i have about 9 boost cdma c290 would one of them work or does it need to be a higher end HS thanks to all
Click to expand...
Click to collapse
I am in the same boat as this guy, but have read and got to the point of making calls, txt, and mms. I just need data!!! I am so close...so close. CDMA WS will not read the c290. I get that it fails to answer. I used BITPIM to get the NVM settings of the c290, but I need to know how to take the key information to place into the EVO. Error 67 is driving me nuts!!!

Please someone help with getting data on my boost evo. I have managed to get talk and text working but cannot get data. Any assistance in this matter would be greatly appreciated.
I have read several forums and none of those methods are working for me.
Thanks in advance.

bosstalk said:
Firstly, When I do the requestnvitemread ds_mip_ss_user_prof in QXDM I get the ha shared hex passwd but all zeros for the AAA shared hex passwd. Isnt it suppose to be a combo of letters and numbers? Please advise.
Click to expand...
Click to collapse
For profile 0 aaa password you need to send this:
requestnvitemread hdr_an_auth_passwd_long
Good luck.

i have a tp2 on a cdma account.
what i did is use a cdma info from a NON activated boost phone. (use you imagination) no more detail on that.
once i was done i simple activated the phone and it activated and downloaded the ha and aaa.
let me know if this works as i am trying to get this to work

For ##DATA# is ##3282# and to pull the hex value use QXDM (you can find it on the net) and you will need QPST for the port server. In QXDM on most phones you send the MSL of the phone then request to read the password:
spc (your 6 digit msl)
requestnvitemread hdr_an_auth_passwd_long
On some phones you can get it with:
requestnvitemread ds_mip_ss_user_prof
And to get the dial-up 6-digit AAA password of profile 1 just add a 1 at the end:
requestnvitemread ds_mip_ss_user_prof 1

Ok I finally got my data icon to show up and my 1x data to work and the way I did it is I got my 6 digit AAA password from the donor rant phone straight from the device itself than I entered under profile 0 and profile 1 in my epic in QPST service programming secret as my ha user name and the 6 character password with text string selected. I used the same user name and password for both profiles because its the only way I get any data. But I can only get 1x. I tried changing primary & secondary servers but makes no difference. Any ideas why Im not getting 3g?
edit: n/m i figured it out

savior02 said:
Ok I finally got my data icon to show up and my 1x data to work and the way I did it is I got my 6 digit AAA password from the donor rant phone straight from the device itself than I entered under profile 0 and profile 1 in my epic in QPST service programming secret as my ha user name and the 6 character password with text string selected. I used the same user name and password for both profiles because its the only way I get any data. But I can only get 1x. I tried changing primary & secondary servers but makes no difference. Any ideas why Im not getting 3g?
edit: n/m i figured it out
Click to expand...
Click to collapse
If your donor is 1x that's all you're getting. And you don't use the same password. Provisioning is 16 hexadecimal digits and your account password is 6
Both use HA password "secret" (without quotes, of course)

m4f1050 said:
If your donor is 1x that's all you're getting. And you don't use the same password. Provisioning is 16 hexadecimal digits and your account password is 6
Both use HA password "secret" (without quotes, of course)
Click to expand...
Click to collapse
Ok I finally got it working on 3g the thing is my donor is a rant and is very difficult to extract the 16 hex from it. Everything is working now but my voicemail doesnt notify me of new ones.

How I flashed my Evo OFF Boost and fixed the MEID

EDIT: found out that though the method I wrote up here works fine, there is a simpler way. I'm leaving the original post because I learned a lot about my phone in the process and maybe someone else would want to as well.
EASY WAY:
unroot your phone and return to stock: http://forum.xda-developers.com/showthread.php?t=780141
hard reset (from hboot) and it resets everything to stock
when you call in to sprint to activate they will have you do this: ##yourmslcode# and enter your MDN and MSID
BAM!!! you're all done
I bought an Evo on craigslist cheap. The MEID on the phone was good. The one stored IN the phone was not a Sprint MEID. Also, all the settings for MMS, data, etc were changed and unusable on Sprint. The Sprint store told me I was screwed and the local cell store wanted to charge me $100.00 to fix it. I spent close to 20 hours on forums trying to figure out how to fix it. The answers I got were conflicting, and people were generally not helpful with comments like RTFM and accusations of doing illegal stuff. So, I decided I would share what worked for me to save the next guy from the same anguish.
This tutorial will probably suck so don't ***** at me if it does, at least I'm trying to help. Also don't look to me for help or blame me if you break something I AM NOT AN EXPERT. That said here you go:
#1. Download needed software:
HTCDiagDrivers
QPST_2_7_Build355
QXDM31136
#2. Root Phone
Follow this post: http://forum.xda-developers.com/showthread.php?t=838448
(make sure you use a Sense based rom not AOSP)
#3. Get MSL Code
Connect phone to internet via WiFi
Go to Market on your phone
Install "MSL Reader"
Run it and write down the code
#4 Install and Setup Downloaded Software
Install QPST
Open QPST Configuration from start menu
Click on "Ports" tab
Click on "Add New Port"
In the field "Port" enter "COM4" (THE PORT ON YOUR COMPUTER MAY BE DIFFERENT. COM5, COM6, ETC)
In the field "Port Label" name it. I called it "Evo"
Click "OK" and exit
Install QXDM
****My computer (Win7) had issues installing these automatically. This is what I had to do to get it installed:
-extract zip
-Put Evo in Diag mode ##3424#
-plug in Evo
-go to "Device Manager"
-find the Evo (you should see it with a "!" by it)
-right click it and select "Update Drivers"
-click "Browse my computer for driver software"
-click "Let me pick from a list of device drivers on my computer"
-click "Have Disk"
-browse to the location of the extracted "HTCDiagDrivers" folder and select the driver
-click "OK" and let it install
#5 Make your MEID writable:
Follow this tutorial Steps 1-5:
***The following thread doesn't explain Step 1 (flashing the radio) so I will tell you how
(1)RADIO
-download radio 2.05.00.06.10
-(DO NOT EXTRACT) copy to your phone's micro SD card
-reboot into recovery
-select "flash zip from sd card"
-choose the radio you copied to your card
-reboot
http://cdmagurus.com/forum/showthre...id-on-the-Evo/page7?highlight=clone+evo+boost
Immediately follow on to the next step
#6 Write Your MEID
(I initially tried another command found in this and then in a different post and could not get the MEID to stick after a reboot so this is what I did)
Copy the MEID(hex) from the back of your Evo underneath the battery
Put Evo I Daig mode ##3424#
Plug Evo into computer via USB
Open QXDM from start menu
Go to "Options" > "Communications"
Click the drop down menu next to "Target Port"
Select "COM4" (or 5,6,etc)
Click "OK"
In the field "Command" enter: "RequestNVItemWrite meid 0x&&&&&&&&&&&" replacing the "&"s with MEID from the back of your phone
Exit QXDM
Reboot Evo
#7 Restore provider settings for data, mms, and such:
***Call Sprint to activate your new phone. Probably best you don't tell them your issues. I didn't do the programming as they had told me but I said I had. This may or may not be important, but is what worked for me. Write down your MSID when they tell you it.
Enter EPST from the dialer ##3282#
Select "Edit"
Enter you MSL code
Select "Advanced"
Select "MSID"
Enter the MSID Sprint gave you
Hit menu
Select "Commit Modifications"
Let phone reboot
Enter EPST from dialer: ##3282#
Select "Edit"
Enter your MSL code
Select "Data Profile"
Press menu button
Select "Restore"
Phone will reboot and run a bunch of stuff. Let it run until it gets to "Checking for Firmware Update" press cancel (might not be important but it's what I did just because I didn't know if it would mess up my "rooted" ROM)
#8 Flash back to stock or the ROM of your choosing and enjoy your Evo!
If this How-To was unclear or I left something out let me know. I know there are many methods and I don't suggest this is the best, only what worked for me.
Here is a link to a similar thread: http://forum.xda-developers.com/showthread.php?t=937652
It doesn't deal with anything having to do with MEID but might be helpful

This will work with all evo's or only ones with older Hboots and older partitions?
Thanks
Oh, and I do believe you but your name makes it a bit harder to, LOL.

cordell12 said:
This will work with all evo's or only ones with older Hboots and older partitions?
Thanks
Oh, and I do believe you but your name makes it a bit harder to, LOL.
Click to expand...
Click to collapse
I don't know what it will work on.
The Evo I did says hw v 0003 in settings > about phone
When I vol down + power on it says:
supersonic evt2-3 ship s-off
hboot-2.10.0001
radio-2.05.00.06.10
Before doing this I had updated everything hoping it would somehow fix it. (radio/nv/etc except) and had flashed CM7RC2, myn's warm, and several others just to play with it. I read some that someone with hwv4 having issues downgrading radio but that might have been user error. Also, from what I understand you can zero out the MEID to make it writable (Step#5) using other methods without having to downgrade the radio. This is simply what worked for me.

nice write up

untruestory said:
The answers I got were conflicting, and people were generally not helpful with comments like RTFM and accusations of doing illegal stuff..
Click to expand...
Click to collapse
Because it is illegal what you're doing.

To the OP, in step #5, you mention about changing the radio. What is the purpose of this? What if the device has a more recent radio? Thanks!
=============
(1)RADIO
-download radio 2.05.00.06.10
=============

mbg19 said:
Because it is illegal what you're doing.
Click to expand...
Click to collapse
no... the person who ported it OFF of sprint was the one breaking the law. he was doing the right thing and porting the phone BACK to sprint.

heldunder said:
no... the person who ported it OFF of sprint was the one breaking the law. he was doing the right thing and porting the phone BACK to sprint.
Click to expand...
Click to collapse
Cloning an esn either way is wrong, if you break into security of a bank to return stolen money, you still broke into a bank just with good intentions, may be a bad metaphor but you should get the point, cloning both ways is illegal

gpz1100 said:
To the OP, in step #5, you mention about changing the radio. What is the purpose of this? What if the device has a more recent radio? Thanks!
=============
(1)RADIO
-download radio 2.05.00.06.10
=============
Click to expand...
Click to collapse
From what I understand from reading the refrenced thread it has something to do with the trick used to make the MEID writable or it will not work.
mbg19 said:
Because it is illegal what you're doing.
Click to expand...
Click to collapse
I think you misread something somewhere.
iitreatedii said:
Cloning an esn either way is wrong, if you break into security of a bank to return stolen money, you still broke into a bank just with good intentions, may be a bad metaphor but you should get the point, cloning both ways is illegal
Click to expand...
Click to collapse
I'm not going to get into this ridiculously played out debate and really it's off topic. If you can link to an actual government site that clearly states editing the MEID for such purposes is illegal or cases of actual criminal prosecution please post links.
Repairing the MEID is not like breaking into a bank to return money. That's absurd. It's like restoring the VIN on a car or ID# on a car stereo (which btw if have a car stereo you bought from some guy in the state of WI and it doesn't have a serial number it's a $500 fine just for having it in your possession even if there's no evidence it was ever stolen) If I had repaired the serial # on the stereo do you think I would have gotten a fine for fixing it? Don't be silly

This is nj, if you need more you can look yourself, close thread, http://www.romingerlegal.com/new_jersey/appellate/a4869-96.opn.html
untruestory said:
From what I understand from reading the refrenced thread it has something to do with the trick used to make the MEID writable or it will not work.
I think you misread something somewhere.
I'm not going to get into this ridiculously played out debate and really it's off topic. If you can link to an actual government site that clearly states editing the MEID for such purposes is illegal or cases of actual criminal prosecution please post links.
Repairing the MEID is not like breaking into a bank to return money. That's absurd. It's like restoring the VIN on a car or ID# on a car stereo (which btw if have a car stereo you bought from some guy in the state of WI and it doesn't have a serial number it's a $500 fine just for having it in your possession even if there's no evidence it was ever stolen) If I had repaired the serial # on the stereo do you think I would have gotten a fine for fixing it? Don't be silly
Click to expand...
Click to collapse

iitreatedii said:
This is nj, if you need more you can look yourself, close thread, http://www.romingerlegal.com/new_jersey/appellate/a4869-96.opn.html
Click to expand...
Click to collapse
From the link:
The end-result of this process is the creation of two telephones, the original and a "clone," that carry the same telephone number and serial number.
That is not what is going on here. The OP is not cloning, there are not two phones with the same number. I don't see anything wrong (morally or legally) with this.
OP = Good write up, and while it does not apply to me, I see how this can be useful to the Evo community.

Thanks iitreatedii for the link it was very informative but I think you missed the point.
Thank you rugedraw for clarifying.

oh lord no please no more talk of all this illegal esn business im going to throw gasoline on my computer and burn it down i have to hide all the evidence and claw my own eyes out for seeing this. i have a htc hero a epic 4g touch pro 2 and lg optimus all on boost with the same number if you catch my drift

LOL...that's too funny! I think people on here sometimes get carried away with what's illegal and what isn't. I know I might be going off topic but I remember when I had an iPhone back in the day and I mentioned to someone that I jailbroke it and they were like OMFG, that's illegal....you'll go to jail!!....I seriously doubt that the government is going to waste time and money going after ONE SINGLE person that jailbroke/cloned an esn or whatever......in these cases you read about how someone got locked up for doing such a thing it was because A. they were stealing someone's information/money or B. they got greedy and started running a craigslist/ebay business out of their mom's basement........SO LIKE jay said....let's cool it on the whole illegal/legal deal......no one has to burn a computer down or burn their fingerprints or change their names and move to mexico....ALRIGHT?!..lol...All the OP was trying to do was save someone the headache of researching the damn info themselves!
You either let the kid post it on here or it gets posted on some other forum....either way, the information WILL BE OUT THERE!

There are plenty of threads about the legalities out there. I'll say this and lets let it go:
1) although prosecution is extremely rare and most references to laws about it are out-dated altering an esn IS illegal.
2) people that get off telling other people that everything is illegal are probably just acting out because their parents didn't hug them enough growing up.
3) it is against forum rules because the forum can get in trouble because it is illegal.
4) REPAIRING the esn is not illegal and not against forum rules.
5) the topic of this thread involves REPAIRING the esn, not altering it.
Sent from my PC36100 using Tapatalk

i think the main issue here is that by showing someone how to "undo" it that person can easily figure out how to "do" it. it is a PITA to find all this info but by posting it here people who steal phones...(bastards) can have easy access by searching a few keywords.
i don't think it's wrong but this info could fall into the wrong hands and that would make my evo a target.

it's just like when I had my 88 VW GTI there is a easy way to break into one just jab a screwdriver through the door right below the handle and jiggle it. well I read about this on a website selling reinforced steel plates that you weld inside the door to prevent this.
the point is, you are empowering people by giving them the tools they need to change or clone an esn/meid. for good or for evil
Sent from my PC36100 using XDA Premium App

thedudejdog said:
i think the main issue here is that by showing someone how to "undo" it that person can easily figure out how to "do" it. it is a PITA to find all this info but by posting it here people who steal phones...(bastards) can have easy access by searching a few keywords.
i don't think it's wrong but this info could fall into the wrong hands and that would make my evo a target.
Click to expand...
Click to collapse
Keep in mind that this write up is somewhat advanced, not every thief out there has any idea of what to do with the phone in order to make it 'usable'... all they want is cash. Note that there is high risk of bricking the device as well (since the procedure requires to mess up with the weakness of the EVO: its radio)
Also, this information has to have been available somewhere else thus the risk you run getting your phone stolen for this purpose is the same as it was before this was written.

rugedraw said:
From the link:
The end-result of this process is the creation of two telephones, the original and a "clone," that carry the same telephone number and serial number.
That is not what is going on here. The OP is not cloning, there are not two phones with the same number. I don't see anything wrong (morally or legally) with this.
OP = Good write up, and while it does not apply to me, I see how this can be useful to the Evo community.
Click to expand...
Click to collapse
I agree...I'm so sick of this cloning illegal/isn't illegal. Good piece

good write up, I hope someday I can use it.
Sent from my PC36100 using XDA Premium App

ESN and MEID, which one is used

Forst of all, I am not using my Epic 4G in US or a country that changing ESN/MEID is illegal, just for technical help. if you know details about this phone/chipset or whatever it matters i will be appreciated.
Currently I am going to change the phone's ESN to a new one other than the pESN which is generated from MEID found under the battery. However, I use this method mobile5.in/forums/index.php?/topic/255-meid-esn-repair-for-samsung-epic-4g and get the correct MEID result, also the corresponding pESN is correct too. With the absolute right AKEY which is written by CDMAWorkshop, I can't use the phone service.To give further clarity, I am using a MEID which is taken from my previous "droid pro" and that phone is not switched on now, it's far away from my network. and that means I am copying old droid pro's MEID on to my new Epic 4G, then use the same IMSI(MIN) / AKEY.
Just don't know if something different with Samsung platform or this specific Qualcomm chip used in Epic 4G. I got right MEID/pESN on the phone's screen with ##RTN#, and correct pESN in QPST,QXDM,CDMAWorkshop, but I still can't input akey on the phone by ##AKEY#, no matter wich format i use (16hex,20dec,26dec) it says AKEY failed.
Thanks in advance for answering

Flashing Epic to Boost, quick question before purchasing donor

I have been in the process of attempting to flash my Epic 4g to boost for about a week now (with very limited time each day). Thanks to the help of some awesome people here on the forum I have made quite a bit of progress. I have however, hit a wall. I am currently attempting to use a Samsung Replenish which I purchased with GB 2.3.6 pre-installed. I have gotten to the point where I need to extract the HA/AAA keys from the donor and it is locked down tighter than (insert random virgin joke here...). I have tried two methods, method 1- reading NV Items 465,466,1192, and 1194, this method gives me four text files, each of which say access denied toward the top and give me nothing but goose eggs. method 2- using QXDM typing password (spc) which works fine, I have the right SPC and it accepts it, but then when I type the requestnvitemread ds_mip_ss_user_prof command (and I have tried prof 1 and prof 0) it says "error recieved from target". I am not familiar with anything more technical than what I explained, I know my way around these phones a bit and am technically savvy, but I do not know any code or anything like that.
I stated in my first post that I dont mind having to spend money to get my epic to boost but I would like to avoid it. With that being said, I would like to know if there is anything that I can try before pulling the trigger on a Sanyo Incognito (which to my understanding is one of the easier phones to use for this process). I have read that flashing back to froyo might help, but I cant find anything on flashing the Replenish back to Froyo as no one seems to want to do it. If anyone has any advice on flashing back to Froyo or anything else that I can try to get those keys I would be eternally grateful (well maybe for a day or two, after that I'd probably forget...anyways...)
thanks in advance for any help!!

Even though you're trying to flash an Epic 4G, this question is more applicable to a Replenish forum (if there is one), where people have experience reading these NV items on that particular model.
Some things to try:
Try first sending "password 01F2030F5F678FF9" in QXDM. (I wouldn't be surprised if this password did not work for the Replenish. Some Samsung devices have unique passwords.)
Try DFS CDMA Tool.
Try reading /nvm/num/ in QPST EFS Explorer.

etirkca said:
Even though you're trying to flash an Epic 4G, this question is more applicable to a Replenish forum (if there is one), where people have experience reading these NV items on that particular model.
Some things to try:
Try first sending "password 01F2030F5F678FF9" in QXDM. (I wouldn't be surprised if this password did not work for the Replenish. Some Samsung devices have unique passwords.)
Try DFS CDMA Tool.
Try reading /nvm/num/ in QPST EFS Explorer.
Click to expand...
Click to collapse
Yeah, unfortunately for me, this phone isn't very popular...especially in the hacking/flashing community so my resources are limited, I did not see a thread dedicated to this phone on here. I tried using the password that you gave me and it did accept it but did not change my result. I also tried using efs explorer and each file that I save/view says secret and nothing else....

Usually reading EFS is blocked until you send the 16 digit password, but it sounds like you did that already. Sorry, I've never used a Replenish, so I'm not sure what else to do.

etirkca said:
Usually reading EFS is blocked until you send the 16 digit password, but it sounds like you did that already. Sorry, I've never used a Replenish, so I'm not sure what else to do.
Click to expand...
Click to collapse
NP thanks anyway, I went ahead and bought an Incognito. I got a deal on ebay, for a nonfunctional unit with guaranteed ESN as well as USB capabilities for $35, the dealer sells them specifically for the purpose of donor/flashing. Guess I'll have to wait a few more days for an almost fully functional Epic...At least now I get to play around with some roms and fine tune that sucker to my exact liking

One more quick question though, When I get the phone, should I transfer my boost account to it BEFORE I flash the epic? or can I just flash it, call from the epic and transfer it all that way?

You need to have the incognito on boost first. When you transfer the account to incognito they will program the phone for you. I would suggest you to talk to a live person at boost when you activate the incognito. Write down the spc code and mdn number. This will save you some time. After that everything else should be easy. Program the epic with the information from incognito.
bugzy3188 said:
One more quick question though, When I get the phone, should I transfer my boost account to it BEFORE I flash the epic? or can I just flash it, call from the epic and transfer it all that way?
Click to expand...
Click to collapse
Sent from my PC36100 using XDA Premium App