I've read a few posts regarding the device ID changing from OS to OS flashes. I've been using Black from the beginning and it didn't seem to change the Device ID. Slingmedia and other programs installed OK.
I recently flashed LVSW ROM and it changed the ID. I had to get new registration codes from my programs because of this. I am afraid to flash new ROMS often now because of changing the device ID. These companies probably won't continue to change the codes for us forever.
I thought that the device ID is static based on the hardware itself. How can this change with a new OS? Can it be changed back without flashing another ROM? Can it be prevented from changing with a new flash?
The device ID is generated dynamicly after every hardreset.
http://blogs.msdn.com/jasonlan/arch...card-wipe-and-encryption-what-s-the-deal.aspx
Very interesting, but I wonder if other apps are using ( and used in WM5 ) the "same" ID ... In any case, there's gotta be a way to see and change it one way or another. "The doors are everywhere, you just have to know how to open them"
doedoe said:
The device ID is generated dynamicly after every hardreset.
http://blogs.msdn.com/jasonlan/arch...card-wipe-and-encryption-what-s-the-deal.aspx
Click to expand...
Click to collapse
I don't believe this at all. I think it's more likely the device is taking a one-way hash to the manually input device ID (see below) and SIM ID, plus some randomizer to create a unique identifier for the storage card encryption. My guess is this process runs when you check the box to encrypt the card. If anyone knows this to be different, please share how to locate the unique device ID.
Some ROMs has the Device ID (Settings -> System -> About -> Device ID) pre-populated with things like TyTn, or other text. I think the differences in some of the earlier ROMs was screwing everybody up because close attention wasn't paid to this. The first thing I've done each time I re-flash is change this to WM_[my-windows-logon], because when the device syncs with Activesync the first time, it goes with some combination of what's there plus your logon. Anyway, I've manually set this to WM_[myname] (yes, this is an example, 'myname' is not my logon) before syncing with Activesync. I've done this on Black 2.5, 3.0.1, one of LVSW's ROMs, and Custel's 2.5. I have yet to need a new sling code or tomtom code.
Maybe I didn't do such a great job of explaining this, but all you have to do is look at Activesync and see what it thinks your device ID is. If you've registered software, pay attention to this name and simply enter it after a re-flash. Multiple flashes means you need to delete the device partnership in Activesync each time, and when you manually code it to WM_(yournamehere) or whatever you have now, I bet you have no problem with sling or tomtom.
If anyone can confirm this, we should place it in the wiki.
Device ID
The device ID does not change after every hard reset, however with certain roms it can change the ID, at this time there is no fix for the changing ID problem. I also have a few programs that are teathered to the device ID instead of the IMEI.
My advice is, Keep track of which roms you load and on what dates you load them. Do like I do, before you install a new rom, run a Sprite backup (or whatever program u use) on your device (do a full, including storage card) backup. Then if your ID changes, you can reinstall the rom that worked with all your apps and run the backup app, I have had to do this several times and all of my apps are still working and registered.
You just have to decide what is more important, the rom, the working (registered) app, or continuing to ask for a replacement registration key.
100Tbps said:
Maybe I didn't do such a great job of explaining this, but all you have to do is look at Activesync and see what it thinks your device ID is. If you've registered software, pay attention to this name and simply enter it after a re-flash. Multiple flashes means you need to delete the device partnership in Activesync each time, and when you manually code it to WM_(yournamehere) or whatever you have now, I bet you have no problem with sling or tomtom.
Click to expand...
Click to collapse
It may work for those apps, but it isn't that easy for Infogation Odyssey (TomTom competitor), to name one. Has to be some deeper hashing algorithim in the ROM or whatnot. It changed around the time the 17xxx builds started appearing and I've always wondered if it could have a "dogfood" link.
Here are some MSDN articles on the issue:
http://blogs.msdn.com/jehance/archive/2004/07/12/181116.aspx
http://blogs.msdn.com/jehance/archive/2004/07/12/181067.aspx
http://blogs.msdn.com/windowsmobile/archive/2006/01/09/510997.aspx
We need a good programmer to figure this out
My Experiences
I have suffered from this very problem. My device ID stayed the dame from WM5, to XDA 0.1 > XDA 0.2 > Black 2.0 > Black 2.5
I then went to Black 3.0.1 and my device id changed. Infact, after getting a new licence string, the program that needed it (PocketHeroes) would bomb out whenever it tried to verify the new licence. This problem persisted in LVSW 3.3.
Now I am on Black 3.5 and my device id has reverted. My origional licence works fine and the app is 100% stable. My only guess is that a certain build of the kernal had a flaw with the deviceid and this has been naturally replaced by a newer version.
Device ID
The device ID (name) that is used for activesync is not the same as the device ID used for certain programs. The device ID that we are refereing to is a 12 digit code that looks like XXXX-XXXX-XXXX where X = the ID for each device.
lewnetoons said:
The device ID (name) that is used for activesync is not the same as the device ID used for certain programs. The device ID that we are refereing to is a 12 digit code that looks like XXXX-XXXX-XXXX where X = the ID for each device.
Click to expand...
Click to collapse
How can I see this 12 digit code?
Anybody going to write a program to change this? if legal!
lewnetoons said:
...clip...
My advice is, Keep track of which roms you load and on what dates you load them. Do like I do, before you install a new rom, run a Sprite backup (or whatever program u use) on your device (do a full, including storage card) backup. Then if your ID changes, you can reinstall the rom that worked with all your apps and run the backup app, I have had to do this several times and all of my apps are still working and registered.
You just have to decide what is more important, the rom, the working (registered) app, or continuing to ask for a replacement registration key.
Click to expand...
Click to collapse
I say, that is a great suggestion. :thumbsup
What's happening here is the platform ID portion of the Device ID is changing. This is because many roms here (including mine) use IMGFS components from the Universal. When this occurs, the platform ID portion of the Device ID changes from Hermes to Universal as well.
It appears that even the Official WM6 released today does indeed change the Device ID for instance with Tomtom Traffic.
I am having to take this original wm6 off now and stick with a development version of wm6 until i can convince tomtom to change my device id which they wont do. They are so useless....
just so other users are aware.
Hello all,
I need to know the S/N of several xDAs by programming (.NET). I'm getting a Device ID with this format: {E6461300-EB04-0801-59FF-3D511C9E393A}, but i need to get the serial number printed below the battery in order to match the Device ID with the S/N. Is there any way to convert Device ID to get S/N? Otherwise, is there any way to get the S/N (a registry key for example)?
Thanks a lot and regards,
Mario.
I need to copy/create new device. Let's say I have in Google Play device list 1 device: Lenovo 8..., now i need NOT TO CHANGE THE EXISTING id, imei or whats ever, but to create a new one, pretending i bought another one. So in the list will appear ANOTHER device. I tried to change imei, id, model, manufacturer but all this gives just RENAMING same device NOT creating new.
Hi!
I am currently working to get my G4 (H815T) unlocked, and although not officially supported by LG, I am looking to reverse engineer the unlock.bin files that one can get through developer.lge.com, also got in touch with Swedish support, whom actually got a so called specialist to try to obtain a file for me, so perhaps there is hope that I will get my hands on one! (prob not going to happen, but the guy is breaking internal rules to try to help me so possible)
Regardless of LG Sweeden, to get started with the reverse engineering project I need a unlock.bin file from a H815 (EU version) anyone on the forum willing to provide one?
jjbredesen said:
Hi!
I am currently working to get my G4 (H815T) unlocked, and although not officially supported by LG, I am looking to reverse engineer the unlock.bin files that one can get through developer.lge.com, also got in touch with Swedish support, whom actually got a so called specialist to try to obtain a file for me, so perhaps there is hope that I will get my hands on one! (prob not going to happen, but the guy is breaking internal rules to try to help me so possible)
Regardless of LG Sweeden, to get started with the reverse engineering project I need a unlock.bin file from a H815 (EU version) anyone on the forum willing to provide one?
Click to expand...
Click to collapse
Ensure that you read the following thread. Completely. Besides many important information you will also find unlock files and why you can't do anything with it:
https://forum.xda-developers.com/g4/help/unlock-technical-steps-to-make-unlocked-t3165391
If you still have interest to do something here let me know. Best is to use IRC. You can find me on freenode in the channel #Carbon-Fusion .
.
Sent from my LG-H815 using XDA Labs
steadfasterX said:
Ensure that you read the following thread. Completely. Besides many important information you will also find unlock files and why you can't do anything with it:
https://forum.xda-developers.com/g4/help/unlock-technical-steps-to-make-unlocked-t3165391
If you still have interest to do something here let me know. Best is to use IRC. You can find me on freenode in the channel #Carbon-Fusion .
.
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Ah, I see, was not aware that the community had a go at this...
So after reading the thread my understanding is basically that the unlock.bin is a standard action authorization token. Used in an OEM action authorization protocol.
So the unlock.bin would normally be generated with a action authorization nonce (It takes the form "::<8 bit action id>:<16 client random bytes>" with all fields hex encoded.) It looks like in this case LG has opted to use the Device ID and IMEI instead of the AAN.
The AAN would be signed to a OAK. (Override Authorization Key, basically it is a public key that is set in the device during manufacturing and that is used to validate action authorization tokens. It is stored as the OAK time-based authenticated EFI variable under the Fastboot GUID of 1ac80a82-4f0c-456b-9a99-debeb431fcc1. The content of this variable is the SHA256 sum of the OAK certificate., and as I understand the developers in the thread you linked to have been able to crack it.)
The AAT token (unlock.bin) should then be a PKCS #7 signed document, where the body takes the form "::<8 bit action id>:<16 client random bytes>:<16 auth agent random bytes>" with all fields hex encoded. The auth agent random bytes added when creating the authorization is to prevent an attacker from mounting an attack by supplying known plain-text values. (this fits perfectly with what we have seen when trying to read the unlock.bin files using HEX editors)
The token must contain all certificates required to validate the signature chain of the token.
The action authorization agent must verify that the nonce is exactly in the prescribed format. (LG website when requesting IMEI and Device ID)
The action authorization agent must verify that the action ID in nonce is a recognized value. (Valid IMEI and Device ID)
If possible, the action authorization agent should verify that the serial number of the G4 is valid. (So custom Device-ID's and IMEI's will not save us)
So what LG is doing here is a a OEM action authorization protocol, basically it is a simple challenge response where the device's Fastboot generates a nonce in this case they just use the Device ID and IMEI, then the OEM action authorization agent signs the nonce and approved action using its private override authorization key (OAK) to generate an authorization token, (this would be the developer.lge.com side of things and the private key is the one the developers in the thread need, but can't crack) and then the device's Fastboot validates the action authorization token (unlock.bin) and executes the action. (bootloader=unlocked)
Now we understand the policy, but even if we got the private key, when flashing a modified unlock.bin fastboot would need to validate that there is no extra data after parsing the token,verify that the signature's certificate chains to the OAK set at manufacturing, verify that all values in the token body have the prescribed values and verify that the value returned by the "oem get-action-nonce " command matches the value in the token body (IMEI and Device-ID)
So to my knowledge we have no chance to unlock the dam thing, that is unless we can find a backdoor to change the bootloader policy mask from state 0 to 1, then the signature enforcement chain described in the thread you linked too would be disabled, but I don't know how this could be done.
jjbredesen said:
...
Click to expand...
Click to collapse
Can you help me on manually verifying the chain?
I extracted all certs and all other parts which are possible. I can verify the certificate chain itself without problems (yes that one is easy) but I want to do the same steps the boot process takes to verify.. I want to use standard Linux commands or python code to do so if possible. Like verifying the digest it whatever is needed..
There is nothing I want to break here but the device needs to do these steps so it must be everything needed for this in the device itself.
I just want to do it manually. Could you guide me how?
.
Sent from my LG-H815 using XDA Labs
[Some background]I had already unlocked bootloader and flashed a ROM,but due a power surge my mother board become dead took it to service center the replaced it,now that I'm trying to unlock my bootloader it is not unloking,I'm on stock zui(nougat).
I didn't remember my earlier serial number and after mobo replacement my IMEI no. changed so I downloaded unlock file on the serial number which was in my phone(it also matched with adb devices command),but there was error,so I downloaded one more unlock file from the serial number behind my device(after replacement there was a sticker on the back of phone which had the new imei and a serial number ,so i thought maybe this works)but it agin failed so what might be the issue here?I have done this before and I am pretty sure I am doing it right(I read the guide before the procedure).Please help or suggest something,I really hate ZUI.
It says in the error: cannot load flash