White HTC EVO 4G
Android version: 2.2.1
Baseband: 2.15.00.09.01
Software: 3.30.651.3
Rooted using http://forum.xda-developers.com/showthread.php?t=829045
Looking for help scanning the right locations in cdma ws 2.7 (unlocked) for my esn. I was able to find all 10 MEID's and was also able to verify it has been zeroed by using "RequestNVItemRead meid" in QXDM Pro.
MEID Locations
0xfac590
0xfcd950
0xfd8350
0x15e7e90
0x17c1dd0
0x18e7a10
0x18f7ca0
0x015E7E8c
0x018E7AF0
0x01d38e27
ESN Locations (So far)
0xfcadb0
0xfcc670
0xfdd590
0x1275c20
0x15f2ca0
0x17c1910
0x17c1d70
0x17c8230
0x1882f20
0x00F950E8
Scanning memory for readable areas:
Unreadable area from: 0000:0000
Readable area from: 00F9:8000
Unreadable area from: 00FE:C000
Readable area from: 0107:C000
Unreadable area from: 01D9:0000
that was my original cdma ws scan. I have scanned readable areas a few times but have not found any new esn numbers.
PLEASE HELP .. I feel like im missing something or over looking something.
jmathieu2 said:
White HTC EVO 4G
Android version: 2.2.1
Baseband: 2.15.00.09.01
Software: 3.30.651.3
Rooted using http://forum.xda-developers.com/showthread.php?t=829045
Looking for help scanning the right locations in cdma ws 2.7 (unlocked) for my esn. I was able to find all 10 MEID's and was also able to verify it has been zeroed by using "RequestNVItemRead meid" in QXDM Pro.
MEID Locations
0xfac590
0xfcd950
0xfd8350
0x15e7e90
0x17c1dd0
0x18e7a10
0x18f7ca0
0x015E7E8c
0x018E7AF0
0x01d38e27
ESN Locations (So far)
0xfcadb0
0xfcc670
0xfdd590
0x1275c20
0x15f2ca0
0x17c1910
0x17c1d70
0x17c8230
0x1882f20
0x00F950E8
Scanning memory for readable areas:
Unreadable area from: 0000:0000
Readable area from: 00F9:8000
Unreadable area from: 00FE:C000
Readable area from: 0107:C000
Unreadable area from: 01D9:0000
that was my original cdma ws scan. I have scanned readable areas a few times but have not found any new esn numbers.
PLEASE HELP .. I feel like im missing something or over looking something.
Click to expand...
Click to collapse
Was a snap finding the locations with CDMA workshop 3.6.
Maybe don't be a pirate and just buy CDMA workshop?
It's unbelievably easy to do when you own the proper software.
You have 10 Esn locations posted, that it the correct amount, what is the reply when you send requestnvitemread esn?
Btw it is the exactly the same proccess to find the locations using 2.7 as 3.6, you evidently don't have much experiance with them, The difference would be in writing them to 0's.
drfosters said:
Btw it is the exactly the same proccess to find the locations using 2.7 as 3.6 The difference would be in writing them to 0's.
Click to expand...
Click to collapse
For the ESN; no easy way to find the MEID locations without 3.6 ("easy" differs amongst people)
But noting that he is 0'd for the MEID and halfway done, I will give him a hint - There is more than 10 locations you will find for the ESN. Zero and rescan.
There have been 12+ locations on every EVO I have done. (All have been Froyo/Radio 2.10 or above)
You may find more than 10 locations but all those locations do not need to be 0'd out.
I have never worked with an Evo 2.10 radio, and that may be it, but I doubt it. When you repair an Esn that has already been repaired before, you will see that.
Last I checked "easy" was telling a program to scan and waiting for the results, but as you say, easy is a matter of opinion. Getting all the locations first shot is a matter of luck, maybe you have better luck because you bought the program
Either way, these should be your missing ESN locations:
0x017C19F0
0x017CE8E0
0x017D8D80
0x01D34E40
0x01D34E70
Try them and look around the actual location as they may not be exact, if they don't work, post the radio and software version you are running.
Have fun!
Necrosan said:
Was a snap finding the locations with CDMA workshop 3.6.
Maybe don't be a pirate and just buy CDMA workshop?
It's unbelievably easy to do when you own the proper software.
Click to expand...
Click to collapse
I was considering buying it. Im not trying to cut corners here! But I am new to this and just looking for some help. If it boils down to not being able to resolve my problem I probably will purchas the software.
Thank you everyone for responding - I appreciate the help.
I have realized that there are more esn locations then just 10 .. Just having issues finding them .. hehe!
When I run command requestnvitemread esn - my esn is not all 0's
But when I run it for meid - it is all 0's
Going to try the new locations posted - I will post again soon
So I have tried the locations with no luck!
My Phone info is
Android version: 2.2.1
Baseband: 2.15.00.09.01
Software: 3.30.651.3
I dont mind doing the work but im not understanding why when i scan my redable areas after i zero'd out the first 10 esn's that i dont get anymore?
I must be doing something wrong.
I have read about turning on/off airplane mode (and actually had to use this to zero out my last meid)
are you trying to fix a bad esn? if so i do not think xda can help you. plus it's against federal law.
When you try the locations that I posted, do you see zero's there?
You could try changing the user name of your data profile, than doing another memory dump, just dump from 0108-0000 for 13500000 bytes.
I will post another bunch of locations for you to try when I get home.
Sent from my PC36100 using Tapatalk
I have solved my problem. After some reading and researching i figured out what I was doing wrong.
I was using the "memory" tab and Memory / Eeprom section to scan memory locations, when i should have been using "security" tab ESN section to scan (MUCH EASIER) ..
I appreciate all the help
Please help
I zerod out my esn some how and I have read this and am having trouble understanding. If someone could make this file needed to rewrite the esn I would gladly pay them. When I do esn write with universal ram method it asks for a file that I don't have. Please help. I already read the meid and got the text file but couldn't figure out how to use that. And I almost screwed up my phone worse trying to use qxdm. PLEASE HELP ME. I don't want this evo to be a paperweight. I have cdma ws 3.6 Thanks
Ok so i need help i cant find my esn anywhere in these locations how do i go about reading the esn locations and find my esn
i need step by step help with repairing evos esn on cdma 2.7 full crack and QXDM ive been stuck for days i cant seem to get it to work please help
jmathieu2 said:
I have solved my problem. After some reading and researching i figured out what I was doing wrong.
I was using the "memory" tab and Memory / Eeprom section to scan memory locations, when i should have been using "security" tab ESN section to scan (MUCH EASIER) ..
I appreciate all the help
Click to expand...
Click to collapse
so basically im having the same problem as you. im no newb eto this so please dont flame me. i did the epic no problem. would care to elacorate on how you fixed your problem. thanks.
Solved my problem. Thanks guys.
Solved......
Could someone help a guy out with how to actually perform the scan? I legitimately own cw 3.6 and every time I do a security scan - either esn or meid my phone reboots.
nutrapi said:
Could someone help a guy out with how to actually perform the scan? I legitimately own cw 3.6 and every time I do a security scan - either esn or meid my phone reboots.
Click to expand...
Click to collapse
You need to use the memory tab to get the valid ranges for the scan, and then instead of using the defaults in the ESN scan you put in the different ranges.
For the EVO it is
00FA:0000 to 00FE:FFFF
0108:0000 to 01D8:FFFF
(at least on my EVO)
As pathetic as this sounds, can someone please help direct me to scanning the esn addresses of my htc evo 2.15.00.11.19 radio?
So far, this is how I did it:
I opened up cdmaws 3.6, and clicked on security tab, and then sent the spc for the evo which unlocked it. In that same tab, I see 4 boxes (ESN, MEID, PASSWORD 16 DIGIT, SPC/USER LOCK).
This is where I'm lost. Basically, do I click on the esn tab and click read or write? Niether does anything. So I click on the Universal RAM option and click write again. This time it asks for starting and ending addresses. But I don't know those.
Any ideas? please help. Thanks
Forst of all, I am not using my Epic 4G in US or a country that changing ESN/MEID is illegal, just for technical help. if you know details about this phone/chipset or whatever it matters i will be appreciated.
Currently I am going to change the phone's ESN to a new one other than the pESN which is generated from MEID found under the battery. However, I use this method mobile5.in/forums/index.php?/topic/255-meid-esn-repair-for-samsung-epic-4g and get the correct MEID result, also the corresponding pESN is correct too. With the absolute right AKEY which is written by CDMAWorkshop, I can't use the phone service.To give further clarity, I am using a MEID which is taken from my previous "droid pro" and that phone is not switched on now, it's far away from my network. and that means I am copying old droid pro's MEID on to my new Epic 4G, then use the same IMSI(MIN) / AKEY.
Just don't know if something different with Samsung platform or this specific Qualcomm chip used in Epic 4G. I got right MEID/pESN on the phone's screen with ##RTN#, and correct pESN in QPST,QXDM,CDMAWorkshop, but I still can't input akey on the phone by ##AKEY#, no matter wich format i use (16hex,20dec,26dec) it says AKEY failed.
Thanks in advance for answering
I bought an Evo 4G and didn't know it was currently flashed to MetroPCS. I have enough knowledge and experience to flash it back so that is not my issue. The phone has something written into it so the Lock Bar Banner and the Notification Bar have Metro PCS on them (see pics). I have run RUU's, flashed roms, factory reset, ##786# reset, hooked the phone up to cdma workshop and the banners remain! In cdma workshop the banner says Sprint PCS but it displays the MetroPCS. I am completely stumped... Any help?
Solution:
You will need CDMA Workshop and you will need to read NV Item 8042. On stock Evo 4G's this file is inactive but on my phone it had HEX and when converted to text was @mymetropcs.com. I zeroed it out and wrote the file I edited. This file seems to override the "BANNER" that most diagnostic software can change. Even after a ##786# Reset this banner will remain if it is written on NV Item 8042.
You will need to hex edit the htclockscreen.apk and more than likely you are gonna find the esn is bad if it was on metro as probably 80% of phones flashed to other carriers were purchased with a blacklisted esn which means you will have to flash it to sprint using your old phone, however if sprint finds out they will terminate your account and blacklist you from ever obtaining service thru them again so tread lightly and never go to sprint for service
We are legion, for we are many
Sent from my Anonymous DeathStar in the depths of GalaXy S2
-EViL-KoNCEPTz- said:
You will need to hex edit the htclockscreen.apk and more than likely you are gonna find the esn is bad if it was on metro as probably 80% of phones flashed to other carriers were purchased with a blacklisted esn which means you will have to flash it to sprint using your old phone, however if sprint finds out they will terminate your account and blacklist you from ever obtaining service thru them again so tread lightly and never go to sprint for service
We are legion, for we are many
Sent from my Anonymous DeathStar in the depths of GalaXy S2
Click to expand...
Click to collapse
Thank you very much, I will try that now but am still confused as to how this apk would have not been affected by a RUU?
In qpst, after you connect the phone in service programming, on one of the tabs (I forget which one) there is a space marked "banner". Type sprint or whatever you want it to say and hit write to phone. I made mine say boost since I use them obviously. On some roms like the one I'm using, there is an app that you can use to change it too
Sent from my PC36100 using xda premium
Klown80 said:
In qpst, after you connect the phone in service programming, on one of the tabs (I forget which one) there is a space marked "banner". Type sprint or whatever you want it to say and hit write to phone. I made mine say boost since I use them obviously. On some roms like the one I'm using, there is an app that you can use to change it too
Sent from my PC36100 using xda premium
Click to expand...
Click to collapse
Usually that would work but I wouldn't have been posting this thread had that been the case. Usually a ##786# reset would have wiped it had that been the case. This one was written into an NV item.
Thanks man, i was having trouble finding a solution. I kept trying to do it through qpst but it wouldnt change it
I've been searching all over google and everywhere else I can think of, I have found similar cases as mine, but not exactly what I'm looking for.
First off I purchased a phone that was said to be cleared for activation, yet when it arrived it was not, I called Virgin Mobile and asked them to activate the phone onto my account and I was told to get name/pin/address of the previous owner to deactivate the phone, even though it has no service. So I looked around and saw this MEID cloning stuff, and since I already have a Samsung Intercept I thought I'd just use that as the donor phone since it's very slow and ruins the android experience for me. I've missed calls because it locks up when an incoming call comes in, anyways... I got the phone set up and data works just fine, but my calling comes back with a "We could not validate..." I've cloned the MEID, MSID, MDN, everything, and it still won't work. So basically my question is, has anyone had a similar problem and fixed it? Took me 2 days to figure out everything and just get data running.. D:
Isn't cloning that Id illegal?
In the uk you'll be sent to jail for cloning or changing mobile id's.
From what I've read it's illegal if you want to keep both phones up and running at the same time, or if the phones MEID was stolen. I'm going to be leaving the Intercept off and use the Wildfire as my main phone. I tried doing it the right way but VM was not wanting to work with me so I have to do it the hard way.
I actually found the problem, after I wrote the MEID with DFS CDMA Tool, It generated a pESN in an un-editable box below it, all I had to do was use a hex editor on file '0' after doing the 'open sesame door' using EFS File explorer, and rewrite the ESN to the pESN. Which is how I had to re-write the MEID also. So I just extracted the files '0' and '1496' rewrote them in a hex editor so they would read all 0's and deleted/replaced them. Rebooted the phone, wrote the MEID. Rebooted again, and rewrote the '0' file with a hex editor since the ESN did not want to change in DFS. Made it way more complicated than it should have been.
Hey guys, after flashing my Nexus it seems the IMEI changed. Calls and stuff still works...
I just want to know if it would cause any trouble if I left it that way? I don't want to stuff up the phone more than I already have and I dont want to pay to fix it if there's no point.
Phones out of warranty so I don't really care, what I'm worried is if anyone else has this Issue and has the same IMEI Number causing the Mobile Phone Service Providers to either block me or I duhno... Rock up at my door with the police? Cause as I'm aware we're not supposed to change it...
Just wondering, does your phone still work with the generic imei (basic voice, text, data?)?