AAA/HA Retrieval - Sprint LG Optimus G

Well guys, I have tried every method out there and all I get are 0's for an AAA key. I have to assume at least one of you has successfully read the AAA key off of your LGOG, so how did you do it?

Related

HTC evo 4G on BoostMobile CDMA

EDIT: for a quick answer on how to get data working go to post # 222 of this thread!
Hey Guys,
I have been following the thread about the Evo 4G working on boostmobile. I hope someone would be able to help me, I am a bit stuck. First off, I won't bother anyone with any "n00b-ness", as I do know how to use google to find my own information. Here's where I am right now:
I have a "new" EVO 4G that had its MEID marked bad because the previous owner did not pay ETF to sprint. I also had a BlackBerry tour that I managed to connect with BoostMobile using a bit of social engineering (insisting to the relatively naive CSR that it's NOT a blackberry, as its MEID would indicate). I went through all the QXDM and Hexeditor fun to zero out the ESN, and finally the elusive MEID. **I will not mention what I did next, please use your imagination. I do not want to cause any trouble on the forum for talking about (you know what). I then switched the BlackBerry tour into GSM mode, to prevent it from causing a conflict, but at the same time to allow the phone to power up so I could continue to retrieve data or settings off it. Once I changed the programming info (MDN/MSID), I was able to make and receive calls. SMS worked inbound and outbound. Then, I changed the MMS url to mm_myboostmobile_com. Now I was able to send and receive MMS messages. After rooting my Froyo 2.2, I installed the 2.1 EPST app to be able to update PRL via ##775# / ##PRL#. Now, I have been trying various different PRL files from different forums as well as corolada_com. I also copied NV items 465, 466, 1192, and 1194 from my BlackBerry. I still cannot get data working, not EVDO, not even 1x. I would be most grateful to anyone who will contribute to this thread in a positive, constructive way. And if you're a Python, C# .NET, Perl, or Java programmer, or an SQL Server admin, I would gladly share the plethora of information I have in these areas with you. Thank You.
Ok, I have data working now. In the spirit of giving back to the community, here is what I did: I connected to the phone using Qualcomm QPST Service Programming, clicked Read and entered my MSL/SPC code. Then, under the M.IP tab, (you will only have this tab in a more recent build of QPST, I had to upgrade to build 348) I selected "profile 0" and clicked edit. Here, I unchecked the first checkbox which enables the profile. I wrote the changes to the device, and data began working. My rate is very pathetic, 100-200kbps. With previous device (blackberry tour 9630) this was over 5x faster. Maybe I am not getting EVDO? I will try several different PRL files and report results. I also heard that the HA and AAA secrets, stored in NV items 1192 and 1194 must be copied to authenticate for EVDO speeds. I am having trouble reading these from the (previous device) blackberry, particularly 1192. The resulting read in CDMA workshop produces an access denied error in the output file. QPST and QXDM don't even show these items in the nv items list at all, even if you click "File menu> read supported RF NV Items". All other items seem to show, but not these. Of course, you must send the MSL/SPC code before you attempt any nv item reading or writing. Has anyone else managed to transfer their boostmobile-specific HA secret and AAA shared secret from a blackberry onto an android device? What transfer rates are other boostmobile users getting on android devices in large metropolitan areas? (i'm in nyc).. I have heard some far-fetched solutions including "change your SPC to the old phone's SPC", is there any truth to this? Sorry if my thoughts are a bit disorganized. I will try to write a proper tutorial when I have time. Again, thanks to everyone that contributed to make my google searching a success, in this forum as well as others. Please feel free to put in your .02 as maybe I have overlooked something.
The only thing I can offer is on the tour. You don't need GSM mode to have it on. Simply turn off the radio.
I had the same issue or rather kind of similar. I am getting an Error (NV_READONLY_S) in QPST while trying to write to the EVO. Any help on why its doing that? I have surpassed the meid/pesn zero thingy and txt talk just as you have but to get data wkng proves to be difficult. Please advise.
unique, the problem with BB OS 5.0 and higher is that after a dead battery shutdown, it has the mobile network enabled on initial boot. Bosstalk, the NV_READONLY_S error can be ignored, the changes will stick anyway. What phone are you switching from? Did you try disabling the 0 profile under M.IP tab in QPST? Which PRL are you using?
uniquenameevo,
Do u have any assistance you could offer? I have been searching like crazy and its killing me.
gsxrmonkey said:
unique, the problem with BB OS 5.0 and higher is that after a dead battery shutdown, it has the mobile network enabled on initial boot.
Click to expand...
Click to collapse
True, my 9700 does this also. I did not know about the dead battery shutdown on yours
I am switching from an htc tp2 to an evo.
Firstly, When I do the requestnvitemread ds_mip_ss_user_prof in QXDM I get the ha shared hex passwd but all zeros for the AAA shared hex passwd. Isnt it suppose to be a combo of letters and numbers? Please advise.
Talk and Txt EVO but no Data
Can someone please lend a helping hand here. I am up to my wits with this one. Ive got txt and talk working on boost but somehow cannot get data.
(Error code 67)
My donor phone: HTC TP2 with boost
Evo: Rooted(unrevoked 3.2) with 2.2 Froyo update
Installed EPST.apk using Root explorer.
PRL used is 60660
Things Ive done so far:
1.Used QPST to match NV Items 465,466,1192 and 1194 from donor to evo using NV browser.
2. Used Qpst in the Mip tab and matched settings of the donor with the Evo
The only rough end that may be prohibiting my access is the fact that I cannot get an accurate AAA shared reading. I followed the SPC "msl" thingy then did the requestnvitemread ds_mip_ss_user_prof command that gave me good ha shared numbers after the 0x. However the AAA yield 0x00 all the way thru. Im not getting a long string of characters as others have gotten. Please advise!!! I would greatly appreciate it.
I am at the same point.
I think the HA is "secret" in plaintext
the AAA I managed to get was very long and qpst service programming app refused to accept any key in hex over 32 chars. I believe the one I have is 64 chars.
Do I have to send 'mode offline-d' if the radio is disabled anyway?
If anyone knows a way around this please advise.
Donor phone is BlackBerry Tour 9630
Target phone is HTC Evo 4G with 2.2 Froyo rooted
bosstalk said:
Can someone please lend a helping hand here. I am up to my wits with this one. Ive got txt and talk working on boost but somehow cannot get data.
(Error code 67)
My donor phone: HTC TP2 with boost
Evo: Rooted(unrevoked 3.2) with 2.2 Froyo update
Installed EPST.apk using Root explorer.
PRL used is 60660
Things Ive done so far:
1.Used QPST to match NV Items 465,466,1192 and 1194 from donor to evo using NV browser.
2. Used Qpst in the Mip tab and matched settings of the donor with the Evo
The only rough end that may be prohibiting my access is the fact that I cannot get an accurate AAA shared reading. I followed the SPC "msl" thingy then did the requestnvitemread ds_mip_ss_user_prof command that gave me good ha shared numbers after the 0x. However the AAA yield 0x00 all the way thru. Im not getting a long string of characters as others have gotten. Please advise!!! I would greatly appreciate it.
Click to expand...
Click to collapse
i just got my EVO and i was wondering if you could help me in the right direction to make the switch i have 7 BOOST CDMA LINES and plenty of donor's also i have about 9 boost cdma c290 would one of them work or does it need to be a higher end HS thanks to all
sdwyz74 said:
i just got my EVO and i was wondering if you could help me in the right direction to make the switch i have 7 BOOST CDMA LINES and plenty of donor's also i have about 9 boost cdma c290 would one of them work or does it need to be a higher end HS thanks to all
Click to expand...
Click to collapse
I am in the same boat as this guy, but have read and got to the point of making calls, txt, and mms. I just need data!!! I am so close...so close. CDMA WS will not read the c290. I get that it fails to answer. I used BITPIM to get the NVM settings of the c290, but I need to know how to take the key information to place into the EVO. Error 67 is driving me nuts!!!
Please someone help with getting data on my boost evo. I have managed to get talk and text working but cannot get data. Any assistance in this matter would be greatly appreciated.
I have read several forums and none of those methods are working for me.
Thanks in advance.
bosstalk said:
Firstly, When I do the requestnvitemread ds_mip_ss_user_prof in QXDM I get the ha shared hex passwd but all zeros for the AAA shared hex passwd. Isnt it suppose to be a combo of letters and numbers? Please advise.
Click to expand...
Click to collapse
For profile 0 aaa password you need to send this:
requestnvitemread hdr_an_auth_passwd_long
Good luck.
i have a tp2 on a cdma account.
what i did is use a cdma info from a NON activated boost phone. (use you imagination) no more detail on that.
once i was done i simple activated the phone and it activated and downloaded the ha and aaa.
let me know if this works as i am trying to get this to work
For ##DATA# is ##3282# and to pull the hex value use QXDM (you can find it on the net) and you will need QPST for the port server. In QXDM on most phones you send the MSL of the phone then request to read the password:
spc (your 6 digit msl)
requestnvitemread hdr_an_auth_passwd_long
On some phones you can get it with:
requestnvitemread ds_mip_ss_user_prof
And to get the dial-up 6-digit AAA password of profile 1 just add a 1 at the end:
requestnvitemread ds_mip_ss_user_prof 1
Ok I finally got my data icon to show up and my 1x data to work and the way I did it is I got my 6 digit AAA password from the donor rant phone straight from the device itself than I entered under profile 0 and profile 1 in my epic in QPST service programming secret as my ha user name and the 6 character password with text string selected. I used the same user name and password for both profiles because its the only way I get any data. But I can only get 1x. I tried changing primary & secondary servers but makes no difference. Any ideas why Im not getting 3g?
edit: n/m i figured it out
savior02 said:
Ok I finally got my data icon to show up and my 1x data to work and the way I did it is I got my 6 digit AAA password from the donor rant phone straight from the device itself than I entered under profile 0 and profile 1 in my epic in QPST service programming secret as my ha user name and the 6 character password with text string selected. I used the same user name and password for both profiles because its the only way I get any data. But I can only get 1x. I tried changing primary & secondary servers but makes no difference. Any ideas why Im not getting 3g?
edit: n/m i figured it out
Click to expand...
Click to collapse
If your donor is 1x that's all you're getting. And you don't use the same password. Provisioning is 16 hexadecimal digits and your account password is 6
Both use HA password "secret" (without quotes, of course)
m4f1050 said:
If your donor is 1x that's all you're getting. And you don't use the same password. Provisioning is 16 hexadecimal digits and your account password is 6
Both use HA password "secret" (without quotes, of course)
Click to expand...
Click to collapse
Ok I finally got it working on 3g the thing is my donor is a rant and is very difficult to extract the 16 hex from it. Everything is working now but my voicemail doesnt notify me of new ones.

[Q] evo 4g slow 3g help please !!!!!

well hear it is i have everthing working on my evo 4g thats on boost mobile.
Now the problem is that i get the 3g @ the top but when i checked the
speed it is so slow my donor phone is the tp2 it gets good speed when
i check it. I have read through the fourms and tried everthing but still
can get 3g to work right.now i can get everything off the touch tp2 but
the aaa password for profile 0 i thank it the 12 digit number when i try to
recive it it all zeros. now the next thing is that ppp the um is reded out
so i leave it the an is where i put my information but not sure what i need
to put hear i have the 6 digit password not sure where that goes. i know people
will say read but i have and i am just not getting it. so i turned to the fourms
for some with the tp2 that have done this to help. If u can not put the info hear
then can u email it to me if my email is need it then leave me a comment and i will send it to u but if so u can put it in the post. i do not want to get banned from this site. not sue if this is alloud hear so please can someone help me
i been @ this for a long long while now and want to enjoy my evo with the rest of the people hear.
I'm not too sure if it works on boost mobile but you could always try Techknowfile's PRL hack, which allows you to use Verizon's 3g when it is stronger than Sprint's 3g. I.E. Sprint has terrible signal at my house but Verizon is wonderful so now I can actually use my phone in my house! His hack can be found in HTC EVO's Android development.
Sent from my PC36100 using XDA App
Did you read the ha and aaa with qxdm? And did you read both profile 0 and profile 1
HTC EVO 4g on Boost mobile
Android version 2.3.5
bandbase 2.15.00.0808
Also did you copy the nv files from the donor?
HTC EVO 4g on Boost mobile
Android version 2.3.5
bandbase 2.15.00.0808
i did read bot profile 0 and 1 but i cant get the password in the right order
and i can't get the shared aaa password off the donor phone to put in
profile 1 i thank that the one for the 3g.
Open qxdm
Command
Enter "password 01f2030f5f678ff9"
Enter " requestnvitemread DS_mip_ss_user_Prof"
This will be profile 0 the sprint keys
Starting from where it says mm_ha_SHARED_secret[0] write down the number in order after the 0x. Do this for every one till you hit 0x00. Do the same for the AAA shared secret. After coping profile 0 enter
Requestnvitemread DS_mip_ss_user_prof1
Do the same here.
After you have both sets of ha and AAA keys disconnected from donor phone and connect to evolution. Goto. Qpst service programming and the m.IP tab. Open profile 0. In the ha shared secret box click enter hex value and enter the ha shared secret from Prof. 0 and do the same for the AAA shared secret. Then click ok. Now open profile 1 and copy your donor profile 1 ha and AAA keys the same and click ok. Once finished click write to phone.
Make sure you are following instructions.... you just copy them in the order they are in.
Sent from my PC36100 using XDA App
The NV files are for 3g aswell. Did you copy those?
Sent from my PC36100 using XDA App
tho34,
You stated tp2, is that HTC TouchPro2 WM6. 5 phone? I might be able to help. This particular phone had Profile 1 not in a common place.
edit:
Sprint has HA set to the word "secret" or in hex 736563726574 for both profiles. So look for that first in data you extracted from #####, the Profile 0 AAA will be 16 bytes long or 32 digits. The Profile 1 AAA will be 6 bytes long and looking at these bytes in hex editor it will be 6 ascii characters like "xs9f5w". So check this first. If you have Zeros for AAA then you first have to extract correct data. This is the same for Boost CDMA.
Flagmax thanks for your help i will try that but what about the ppp config
do i need to put that information in as well and if u could email not sure
if putting my email hear is aloud yes it is a touch pro 2 the donor
You will need to match up everything on both phones using QPST.
You have not answered my question in previous post, clarify tp2.
We can keep talking in here for now. It might help others.
oh yeah i want to thank everyone for the responce
i still may need help.
oh sorry it is a touch pro 2
Flagmax what about the ppp tab is their information i need to
put their to
tho34 said:
Flagmax what about the ppp tab is their information i need to
put their to
Click to expand...
Click to collapse
Yes there few places you need to correct the MEID. But as I said before, open up both phones in qpst and match it up. You press CTRL-D on red boxes.
Sent from my HERO200 using Tapatalk
Flagmax thanks man i will try it when i get home
from work. Flagmax if i need your help agin on this matter
can i just post it hear.
well have not been able to get the 3g speed yet
will gonig back to stock help me out.

[Q] [Help] Evo 4G Error after Flash "Error 5 Switch 877"

Okay so I have flashed many evo's before by rooting, downgrading radio, etc, etc. But this one I have wrote the MEID, Nam1, Nam2, all that information HA AAA keys etc. But it gives me Error 5 switch 877 whenever I try to call. Any information on this one?
Possible ESN not written? I followed this guide and all went well except when trying to make a call.
QXDM shows the same MEID/ESN as the incognito. All information in the phone matches. I am using prof 0 which is [email protected] or whatever. Should I switch the profile?
PRL I used the one from the incognito. I never tried switching around profiles though but I will now, and will fill you in.
Any help is appreciated!
DJLarBear said:
Okay so I have flashed many evo's before by rooting, downgrading radio, etc, etc. But this one I have wrote the MEID, Nam1, Nam2, all that information HA AAA keys etc. But it gives me Error 5 switch 877 whenever I try to call. Any information on this one?
Possible ESN not written? I followed this guide and all went well except when trying to make a call.
QXDM shows the same MEID/ESN as the incognito. All information in the phone matches. I am using prof 0 which is [email protected] or whatever. Should I switch the profile?
PRL I used the one from the incognito. I never tried switching around profiles though but I will now, and will fill you in.
Any help is appreciated!
Click to expand...
Click to collapse
It appears to be a stack error(Error Code 5: Database locked).Cant find anything on the switch 877,yet.
Diablo67 said:
It appears to be a stack error(Error Code 5: Database locked).Cant find anything on the switch 877,yet.
Click to expand...
Click to collapse
Could you explain that to me a little bit, what is a Database lock?
Also, I noticed that on phones that are not activated, it says the same thing Error Code 5, different switch though.
The phone shows the Incognito's MEID, ESN, MIN#, MDN#, etc... Idk why its acting up.
Diablo67 said:
It appears to be a stack error(Error Code 5: Database locked).Cant find anything on the switch 877,yet.
Click to expand...
Click to collapse
Okay so I was wrong about the switch 877 part, it is switch 787. I have tried many things and still nothing is working... It seems to be stuck on profile 1 and I can't switch it to prof 0 for some reason. I am getting data and such but no calls/texts
Still having this problem if anyone cal help. Error Code 5... Every time I call idk why I have double even triple or maybe even quadruple checked everything that I have written to the phone!

[Q] AAA and HA key backup and restore?

Hello,
Probably this was asked for numerous other posts but no answer was ever found.
Has anyone found a way to read AAA and HA key on L900?
Specifically, NV item 1192 and 466. Tried CDMA Workshop to read and QXDF give out No Access message. DFS does read AAA but no HA key. Also writing does on DFS does return success but it doesn't write.
srk2040 said:
Hello,
Probably this was asked for numerous other posts but no answer was ever found.
Has anyone found a way to read AAA and HA key on L900?
Specifically, NV item 1192 and 466. Tried CDMA Workshop to read and QXDF give out No Access message. DFS does read AAA but no HA key. Also writing does on DFS does return success but it doesn't write.
Click to expand...
Click to collapse
AAA key i know is some unique 32 digit alphanumeric thingy, but isn't the HA key always "secret" ?
LordLugard said:
AAA key i know is some unique 32 digit alphanumeric thingy, but isn't the HA key always "secret" ?
Click to expand...
Click to collapse
I'm 100% sure that's what I'll get but I still would like to access that instead of keep getting the error message.
I need to find out how to get that unique 32 digit code for AAA
Sent from my SPH-L710 using xda premium

Prevail Epic 4G Touch Boost donor

I know that there are numerous threads on this site about using a Galaxy Prevail as a donor but everyone seems to figure it out and never end up posting how. Once their problem was solved they just mark the thread as solved or fixed and that's the end of that thread.
I've been using this thread http://forum.xda-developers.com/showthread.php?t=1419488 as a guide but that is for an Ingocnito which is so much easier. I've flashed a EVO 4G using Incognitos but right now all I have is a Prevail and am feeling like it is possible but I'm missing something here.
I know you're supposed to write the backed up NV Items from the donor to the new phone but you can't do that if you only have raw NV Items from using this method to get the NV Items and HA/AAA keys
Code:
command:
su
# dd if=/dev/stl5 of=/sdcard/cdma.rfs
I used this guide (http://forum.xda-developers.com/showthread.php?t=1987463) to get the HA and AAA keys but I just want some clarification since the AAA key should be 12 characters (6 from the two grouped characters) but those screenshots show 14 characters. Am I wrong or something?
Finally, when using QPST Service Programming and inputting the keys are both HA and AAA entered as hex values or just as text strings?
Has anyone successfully done the Prevail as a donor? Help would be greatly appreciated.
(I'm guessing I'm going to have to just write profile 0's information and use the Update Profile on the phone to do the rest but I keep getting errors. Sometimes it shows that the username and passwords are incorrect or client authentication errors. So I'm thinking that the HA and AAA are wrong. (HA is universally 736563726574 so I think that is at least right.)

Categories

Resources