Related
OK IMEI-CHECK charge £20 to unlock the phone, and I say fair enough. Why am I posting this? Did you know that their method is probably writing a NEW locking code using some other algorithm? If you run their software, it will inflate and write (about 4K of data if i remember correctly) in the part of the Radio ROM, where you only get access from the bootloader (memory address h'0' to h'10000'). Now here's the thing: I bet if I call T-mobile and ask for the unlocking code, it won't work in my phone, as these guys are actually modifying the Radio ROM without even telling you. Have you guys thought about insurance? For those who don't pay £9.99 or whatever extra cover, what if you pricey and precious pda goes bonkers? I think they should tell you *before* doing anything, about any possible problems.
Come on you guys, someone said he has compiled a few logs/imei numbers. Let's crack this thing, it has been done before for xda I and II, why can't we do it for IIs/IIi?
If that's the case, then I wonder what's in those .uif files they ask you to send back to them? Could it be a backup of the sections of the radio ROM that they're replacing?
Also, if they're writing a fixed set of data to the radio ROM, how come everyone seems to have different unlock codes? Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
-no1
Just had another thought - what if they're replacing code in the radio ROM with code from the Himalaya so that the unlock process then works in the same way as the Himalaya?
Has anyone tried using the xda2unlock tool after running the program from IMEI-Check??? I can't test this just now, so it's just a guess.
-no1
Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
Click to expand...
Click to collapse
Yes I believe that's what they actually do. I tried to run their utility with a debugger but it does not allow execution as long as a debugger is running, nice one IMEI-CHECK. However, I have done a full USB port logging when the utility runs and I found out that they write a new image between addresses 0 and 10000 of the radio rom, and that they also read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes.
Yesterday I discovered something odd...after running their application, and by inserting a different SIM card, the attempts counter for the unlocking code had a negative value of several millions. Now I suspect that by writing in adresses 0-10000, i think they replace the default unlocking utility which allows to enter the code.
Another idea I will try will be to run a debugger in the PDA (if I can find one) and see if I can capture the memory address with which it compares the input code.
Come on guys, especially you who did the unlocking utility for XDA II!! Give us some help here!!!!
Zouganelis,
That's excellent that you've been able to sniff the USB traffic. Keep up the investigations!
I wonder why they'd need to read sections of the ROM? If they're replacing the calculation algorithm section of the ROM with their own code, then they should already know how to calculate the unlock code - i.e. they shouldn't need the user to send them back the .uif file.
This makes me wonder if the code they are replacing is just a copy of the code from another device e.g. the Himalaya.
If they are replacing with code from the Himalaya then the unlock process may revert back to how it works on the Himalaya.
Has anyone been able to test this by running the xda2unlock tool for the Himalaya *after* running the IMEI-Check program?
Does anyone have the source code for xda2unlock by the way? I tried searching for it, but it doesn't seem to be available.
-no1
Another thing, does anyone know if it's possible to back up and restore this secret area of the radio ROM using the backup to SD method? I assume that when you dump your radio ROM to SD card it's not including this part of the ROM???
I want to be able to fully restore any bits that the IMEI-Check tool is changing, just in case.
-no1
Come on guys, anyone else trying to crack this thing? We need someone who knows how to disassamble/reverse engineer this log file. It can't be that hard! Also, I think the key to understanding what their little proggy does, is to manage to run a debugger when the unlock program runs. It has some mechanism of detecting a running debugger and it quits if you have a debugger running at the same time. I bet my MDA III that some experienced programmer can overcome this and fool their application? I am running out of ideas guys and I am really against paying these thieves 20 quid for nothing. They MUST have done this using the previous unlocking methods for XDA I and II. Does any1 know who did those unlockign utilities? These guys must help us!!!
Have you tried to run OllyDbg as a debugger tool to see what is happening? Your earlier findings were very interesting...let me study this and get back to you all...
One remark upfront though: I do not think they are modifying your Radio ROM....this would mean that if you upgrade/replace your current Radio ROM, you would be SIM-lock free...and I do not think that is the case...
OK, some initial observations:
1. Lousy software...hard to use for novices...why have the phone enter BL mode automatically (using enterBL.exe)...I think we can do better!
2. Since the phone must be in BL mode, I do think it extracts some info from the radio ROM, but the SIM-Lock could also reside in the Extended ROM, since this is usually customized by the provider?
3. Interesting to see that the same proggie and procedure is used for all XDA-X models
4. Can anyone post a file (output of the proggie) of what they have mailed these folks, as an example?
5. I was always under the impression that the SIM-Lock resides in the SIM itself, so this is a software workaround? What happens if you upgrade your ROMs...you need to go through this process again? Does anyone have experience with this?
Thanks, and let's get this thing cracked!
HappyGoat,
My understanding is that SIM lock is implemented by the phone itself rather than the SIM card.
In the case of our HTC devices, there seems to be a small area of the radio ROM that does not get written to (even when you upgrade your ROM). This area is where the SIM lock is located, and probably other information such as your IMEI number.
This is probably why your IMEI and SIM lock information never get replaced when you upgrade your ROMs. I seem to remember that an older version of the xda2unlock tool was able to change your IMEI number but it got pulled for legal reasons.
When I unlocked my Himalaya, it stayed unlocked even after later upgrading the ROMs, so the state of the SIM lock is being stored somewhere. It can't be on the SIM because what if you change your SIM after you unlock it? The phone would need to be able to read your old SIM to check if the phone is locked!
Zouganelis,
Have you got any idea if it's possible to back up the areas of the radio ROM you mentioned to SD card? Like the current SD card backup method, but getting ALL of it?
-no1
Happygoat and no1,
i am pretty sure they write to the radio ROM some data they inflate from their "unlocking" executable file. How do I know this? Well, when I put a different SIM into my XDA IIs, after I enter the pin code, the simlock application comes up (simlock.exe under \windows\) which checks for the correct unlocking code. Now usually, you have 3 attempts available to do this, before the phone locks and says "contact customer services" or whatever. After I run their application, the counter had a value of -2billion or something, making it impossible to lock it. Interestingly enough, the memory adresses to which they WRITE, are between 0 and 10000. Is it a coincidence the simlock.exe application is 10.5kB? I don't think so!! i think they write their own simlock application to reset the counter, and then they read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes. The simlock code MUST be here!! i will post the log from the USB port sniffing tomorrow, as I don't have these files right now. It's pretty obvious to see how the bootloader works. Anyone with past experience especially with CE based devices will be able to figure out how to read these last two chunks of the radio rom.
Here's a link with some interesting files, RED has posted in the past:
http://www.pgwest.com/phone-files/
Username: xda
Passwrod: blueangel
I do agree with no1 regarding the simlock, I think this is exactly the way it works.
no1, I don't know how to do any backup to the SD card, but if you really know what you are doing in the bootloader, try reading from the memory addresses I mentioned earlier.
Keep it up guys, i think we know what their software does, we now need to find out how to read properly the output log.
Regards,
Zouga
Hi zouganelis and no1,
Thanks for the explanations and comments...all makes sense to me now, excellent.
Zouganelis, thanks for the website...that is the stuff I was looking for, cheers!
I do indeed think we are close...will report back later.
So... if they need the .uif file AND the IMEI number, could it just be a case of using the IMEI code to decrypt the contents of the .uif file? In other words the IMEI code is the decryption key??? But what kind of encryption are they using?
I think they used simple XORing in the past for encrypting the radio, OS, and extended ROMs, but this changed slightly for the Blueangel. I wonder if they used a similar method?
-no1
Interesting thought...and a simple one...which explains they can turn around a request so quickly...
You might be correct...the IMEI could bear the encrypted code for simlock or not. Nowadays, encryption standards are:
DES
MD5
SHA
DES is relatively easy to "crack", SHA being the hardest...they are one-way encryptions, which mean they can not be reversed. The only way to get a match is to try...I have numerous proggies for this and will explore this option...
OK, did some more googling, found the following. There appear to be only 3 companies or people who can do this, which makes it even more interesting...
1. www.imei-check.com (UK)
- Download proggie
- Send them back the output and EMEI number
- Receive unlock code
2. Ebay guy (Canada): http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=43312&item=5763970199&rd=1&ssPageName=WDVW
- Sends you software
- You will run this software and it will generate a log file (data cable required).
- You'll need to email us this log file and we will send you the unlock code with instructions as soon as possible
Looks like same procedure as EMEI-CHECK
3. www.UnLockItNow.com (Company in Malta): http://www.unlockitnow.com/remote/unlock/by_cable/Pocket_PC/unlock/XDA_IIs_unlock.php
Not sure what process they use, but looks the same.
-----------------------------------------
Then I also came across this interesting story: http://www.modaco.com/index.php?showtopic=200968
This guy writes (edited):
I happend across an official O2 email address that I sent an (abbreviated) SIM unlock request, briefly stating why I needed my XDA IIs to be SIM unlocked, and providing my O2 account number and the handset IMEI number. 30 minutes later and I was emailed back an unlock code.
No ifs, no buts, no questions asked and no payment required.
I placed my Orange SIM card in the IIs, waited for it to boot, entered the code and was greeted with "Unlock Code Accepted." Both dialling out and receiving calls on my Orange account no problemo.
...
Bearing the above in mind, I'm not going to directly post the email address, but will gladly pass it on via PM.
Click to expand...
Click to collapse
The interesting part here is that he only had to give his EMEI number, nothing else...and received an unlock code.
If you take the official route of unlocking your phone through your network provider, all they need is your IMEI number because they can calculate your unlock code from that.
I'm not 100% certain how the process works, but I'm fairly sure the algorithm they use to generate the unlock code is different for each handset manufacturer. I think the network provider either has to send your IMEI to the handset manufacturer for them to calculate the unlock code, or possibly the provider is given a database of unlock codes for all the handsets they purchase. This might explain why it sometimes takes them a few days or weeks to get back to you with the unlock code.
So figuring out how they convert the IMEI number to the unlock code would be another way to attack the problem. Although, I think it would probably be very difficult to figure out what hashing algorithm they're using to generate the code. But if it can be done, then it would certainly make things a hell of a lot easier!
-no1
SH*TE I have been writing a post for about half an hour now explaining the files and as soon as I logged in it was lost. :evil: :evil: :evil: :evil: :evil:
Anyways, here we go again. I am posting the files I promised yesterday. The are three JPEGs which are handwritten notes from the first time I run their application, and a log file from the second time I run the application. Here's the thing: the first time, the software send a read command for the addresses 0-10000 of the radio rom (rrbmc x 0 10000) and store in the x variable. Then it probably compared the checksum with their data, and it didn't match, so they deleted this part of the rom (rerase 0 10000) and they written their own version of it stored in a vector called data (rw data 0 10000). So far so good.
The second time I run the software, it sent again the rrbmc command but this time it didn't erase or written anything, so I guess it does actually what I said before with the checksum.
Another important remark:
The first time I run the software, the software requested some information from the device (rinfo) and the xda replied:
BlueAngel B120 C6B23C704A59520150993080051FF87B
After it finished writing, it sent the same command once more and this time the xda replied:
BlueAngel B120 C6 BE3A709999541E509810802FD775B0
Now the second time I run the application, the rinfo command returned:
BlueAngel B120 C6BC3C70B329B2B1509980809FE49B11
Can these be some form of HEX encryption keys or something?
Happygoat maybe you could use them in your nice proggies?
Anyhow, I think this is all for now. The commands in the logs should be straight forward to understand, it's just the data part which needs real decoding of some sort.
Hope it helps, regards Zouga
Zouga,
Thanks alot for the info...and your patience!
I downloaded a program called USB Monitor, which supposedly logs all data transferred via the USB port...is that the proggie you used as well?
What I want to do is run the IMEI-CHECK program on my device a few times in a row..since it was never SIMLOCKED, I wonder what the output will be...and if they will be different.
I suggest other people run this software as well with a USB port logger, so we can compare logs, and perhaps figure out precisely what we need to do.
Regarding the encryption, I will have a look. I do not think that the data you gave me (C6BC3C70B329B2B1509980809FE49B11) is encrypted...looks like plain ol' HEX to me...will do some more research.
What I think would be the ultimate solution, is to develop an app that calculates the unlock code based upon IMEI number...easy to use, no workarounds, and something I understand: Encryption...
Yes, I am biased...but I am reading up on ass'y code right now to get my arms around this thing...so bare with me...
Hi HappyGoat,
It's good that finally you guys got interested in this! Yes it is the same piece of software I used to sniff the port, it would be interesting to see the output of your unlocked device. Could you please post it as soon as you have it? I hope we can crack this!!
Come on guys, don't just complain for the £20 charge, give us some help here!! We should all run the software and log the data to compare them, as HappyGoat suggested. Then we should all be HappyXdaUsers
Looking forward to some news,
Zouga
Zouga,
Can't download the zip file (bottom one) for some reason...reports that file can not be found...can you try again please?
Cheers,
HG
Been trying everything on the Internet and managed to make some headway with Monet (Virgin Lobster 700tv) unlock (this might work for Meteor/C700 as well).
1. Firstly you need to get rid of the 'registry security policy' lock.
Download cert install sp.zip:
[see attachment]
a. copy "SP_AllowCertificateInstall.cab" to the root of Monet memory or card
b. Use file explorer on monet to navigate to file. Click to run. Should run ok.
c. Unzip "SDA_ApplicationUnlock.zip" on PC and run "SDA_ApplicationUnlock.exe" whilst Monet is connected via activesync
2. Copy registry editor onto Monet. I used PHM, but others should work. Note install PHM loader on PC whilst monet is connected via activesync. It might install correctly on Monet, it might not. This does not matter. Just navigate on your PC to Program Files\phm and find the .exe file and copy to root of Monet memory or card.
Also nice free remote registry editor here (works from PC whilst phone is connected via activesync):
http://www.breaksoft.com/Blog/Utilities/2005/1/Mobile_Registry_Editor.aspx
Excellent 'free' combined file explorer and registry editor (perhaps for later - after app. unlock) SGS:
http://www.handango.com/PlatformPro...925777&Ntt=registry&productId=195244&R=195244
3. Using phm (or the registry app you like) change the four keys specified in this guide (you might find the above process has already reset 1001 and 101b:
http://wiki.spv-developers.com/HTC_Application_Unlock_Guide
They are:
Under HKEY_LOCAL_MACHINE\Security\Policies\Policies:
a. Change the DWORD named "1001" to 1 (could originally be 2)
b. Change the DWORD named "1005" to 40 (could originally be 16)
c. HKEY_LOCAL_MACHINE\Security\Policies\Policies\0000 1017 = 128 or 16 (before) 144 (after)
d. HKEY_LOCAL_MACHINE\Security\Policies\Policies\0000 101b = 1 (this key might not exist, if so, create it).
4. Restart
5. HOORAY. Now your phone is fully application unlocked.
-----the following procedure is to SIM Unlock, this currently does not work. Possibly spv-services will be updated at some time to work with the Monet---->
6. Now download spv_services:
http://www.spv-developers.com/forum/showthread.php?t=236
a. copy the cert.cab file to you Monet. Select and run using File explorer. it should run fine.
b. Next step. Run SPV_services from PC whilst phone still connected via Activesync. Should unlock ..... however I get checksum error....
Will investigate. Anyone have any luck please say. At least we can now get the phone app.unlocked.
------------------------->
Note: I have read that the phone might again become app.locked if you do a hard reset. If this is the case, just follow the above again.
rgds
colonel said:
(...)
b. Next step. Run SPV_services from PC whilst phone still connected via Activesync. Should unlock ..... however I get checksum error....
(...)
Click to expand...
Click to collapse
So this thread should not be named Full unlock for HTC Monet :>
apparently wen i tell spv services to use simlock tool. it freezes at a blue screen trying to load a php.. this is after i input AGREE into the box..
it opens fine b4 that.. am i doing anything wrong?
bongmaster said:
apparently wen i tell spv services to use simlock tool. it freezes at a blue screen trying to load a php.. this is after i input AGREE into the box..
it opens fine b4 that.. am i doing anything wrong?
Click to expand...
Click to collapse
SPV-Services needs to access the internet.
A php is an active type of web page.
It would appear that there is something blocking it from access the internet. Most probably a firewall on your PC, either the internal windows one, or a 3rd party package you have installed. You need to check this.
If its for the Monet I wouldn't bother anyhow as SPV-Services can not currently SIMunlock this phone.
rgds
colonel said:
SPV-Services needs to access the internet.
A php is an active type of web page.
It would appear that there is something blocking it from access the internet. Most probably a firewall on your PC, either the internal windows one, or a 3rd party package you have installed. You need to check this.
If its for the Monet I wouldn't bother anyhow as SPV-Services can not currently SIMunlock this phone.
rgds
Click to expand...
Click to collapse
1st thing i checked was the firewall..
i know wat a php is i run a phpbb forum and yea it is a Monet (lobster 700)..
shame ( i really need to unlock the networks on it ) i have an O2 sim and wen i put it in it askes for a network unlock code.. if only i had that code.. any idea how to obtain it?
the only way currently is to use virgin or a commercial service
If you put at least £30 of talk time on your virgin account, they will send you the unlock code for free.
Otherwise search google or this forum for a commercial unlocking service.
rgds
colonel said:
1. Firstly you need to get rid of the 'registry security policy' lock.
Download cert install sp.zip:
http://www.spv-developers.com/forum/showthread.php?t=425
Click to expand...
Click to collapse
Hi, I have a question. I would like to try it but the link above shows: Invalid Thread specified. If you followed a valid link, please notify the administrator :-(
burticek said:
Hi, I have a question. I would like to try it but the link above shows: Invalid Thread specified. If you followed a valid link, please notify the administrator :-(
Click to expand...
Click to collapse
Edit: Never mind. I have found it ;-)
Virgin Lobster
I have followed all the instructions
I get an error when running the sim lock to as follows:
Encrypted checksum not found
I then use a vodafone sime and get Network is locked. PLease input unlock code.
Any ideas?
SteveW
classicxda said:
I have followed all the instructions
I get an error when running the sim lock to as follows:
Encrypted checksum not found
I then use a vodafone sime and get Network is locked. PLease input unlock code.
Any ideas?
SteveW
Click to expand...
Click to collapse
simunlock is not working yet on the monet.
this procedure only app. unlocks
rgds
c.
Lobster unlock
What would it cost to do this?
Cheers
SteveW
just phone virgin if yu have a lobster. they require £30 of airtime to be purchased before they give you the code
Application Unlock for HTC Monet
Hi colonel
I have been trying in vain to do an application unlock on my Lobster 700tv. I have managed to install and run the "SP_AllowCertificateInstall.cab" which went ok. The "SDA_ApplicationUnlock.exe" also ran ok. However, running PHM required a copy to be placed on the Monet which I did. Attempting to run the "setup.exe", gave the following message:
"ALERT: Setup is Not a Valid Windows CE Application"
Because of this, I attempted to change the registry keys using "Mobile Registry Editor.exe" which seemed to do the job. However, applications still wont work (I'm trying to install TomTom Navigator 6).
I have since managed to load and run "MobileRegistryEditor.exe" on my phone without problems but I still cannot get TomTom Navigator 6 to run, although it loads onto the storage card ok.
Please can you help?
Regards,
leadweight
leadweight said:
Hi colonel
I have been trying in vain to do an application unlock on my Lobster 700tv. I have managed to install and run the "SP_AllowCertificateInstall.cab" which went ok. The "SDA_ApplicationUnlock.exe" also ran ok. However, running PHM required a copy to be placed on the Monet which I did. Attempting to run the "setup.exe", gave the following message:
"ALERT: Setup is Not a Valid Windows CE Application"
Because of this, I attempted to change the registry keys using "Mobile Registry Editor.exe" which seemed to do the job. However, applications still wont work (I'm trying to install TomTom Navigator 6).
I have since managed to load and run "MobileRegistryEditor.exe" on my phone without problems but I still cannot get TomTom Navigator 6 to run, although it loads onto the storage card ok.
Please can you help?
Regards,
leadweight
Click to expand...
Click to collapse
I also have been trying to unlock my Lobby to no avail.
Used a couple of reg editors but when u change the values the phone comes back "Unable to perform this operation".
I also used the HTC unlocker which came back with the same message.
Lobster headache
Hi bocsta
I had problems to start with but I had failed to read colonel's instructions correctly. I couldn't get PHM to run on my phone so I tried some of colonel's other suggestions. I found that "SGS Explorer" did load ok and I used its registry editor to change the registry keys as listed. I am assuming that my phone is now unlocked but TomTom Navigator 6 will not run.
Can someone please help before I throw my lobster back in the sea?
Regads .....
leadweight said:
Hi bocsta
I had problems to start with but I had failed to read colonel's instructions correctly. I couldn't get PHM to run on my phone so I tried some of colonel's other suggestions. I found that "SGS Explorer" did load ok and I used its registry editor to change the registry keys as listed. I am assuming that my phone is now unlocked but TomTom Navigator 6 will not run.
Can someone please help before I throw my lobster back in the sea?
Regads .....
Click to expand...
Click to collapse
Colonels zip file comes nack as not a valid archive ?
Where can I find the first file in his list being : SP_AllowCertificateInstall.cab ???
Find File
bocsta said:
Colonels zip file comes nack as not a valid archive ?
Where can I find the first file in his list being : SP_AllowCertificateInstall.cab ???
Click to expand...
Click to collapse
The file you require is "cert install sp.zip"
You can get it by clicking on colonels attached files link on the bottom left of his list.
Regards
leadweight said:
The file you require is "cert install sp.zip"
You can get it by clicking on colonels attached files link on the bottom left of his list.
Regards
Click to expand...
Click to collapse
Have you tried downloading it recently The zip file says it is not a valid archive or is damaged ?
bocsta said:
Have you tried downloading it recently The zip file says it is not a valid archive or is damaged ?
Click to expand...
Click to collapse
I have just tried it again and it downloaded ok. I'm not sure why you have had problems - keep trying as it could be just a glitch.
Regards ...
leadweight said:
I have just tried it again and it downloaded ok. I'm not sure why you have had problems - keep trying as it could be just a glitch.
Regards ...
Click to expand...
Click to collapse
Yes it dowmloads OK. I just cant unzip it. Can you try to unzip it please ?
If it fails and you still have the Zip file that you unzipped originally cann you please PM it to me ?
Thanks
i think most of you x01ht users in japan are aware that softbank issued a new rom update that has the new open.softbank.ne.jp password hard-coded as part of the rom image and so there's no way to extract it via extended rom or otherwise (it's not in the preconfig cabs/xmls either). they've also announced that after april 1, the old password which most of in japan are currently using will no longer work so we either upgrade to the new softbank rom or we can't access the open network.
anyway, i've been fiddling with this all night and i think i have a solution that i've tested on a couple of different roms but i'm hoping you guys can give it a try as well so that we can call this a solution to the problem. basically, i made the assumption that the password was somewhere hidden and encrypted in the registry though i had no idea where so basically all i did was do a registry dump with a clean install of the new sb rom, went into connections and deleted the softbank connection, then did another registry dump. finally, i did a compare of the before and after using windiff, figured out what changed and i ended up with the attached two reg files. one adds "SoftBank" as one of the connections (hklm.reg) and the other is the encrypted password (hkcu.reg). you need to import these using the registry plug-in that comes with resco explorer (just dl the trial) as that's what i used and it seemed to work. also, after you do the imports, MAKE SURE you power off (not reset) and then power back on. sometimes the registry settings don't stick if you simply reboot.
to really verify this works, you should first go in and delete your existing SoftBank connection in settings->connections tab->connections->manage existing connections (under internet). if you're not confident then go ahead do a backup beforehand or you can just run the sb extended rom again if you can't get it to work. i've tried this with the sb rom as well as an i-mate rom and it's working perfectly...i'll test it with a couple other tomorrow as well. if this works for you guys, i'll go ahead and make it into a cab file.
update: okay, i've gone ahead and made it into a cab so you don't have to muck around with importing reg files. so just download the cab if you want to run a simple cab install. the zip file contains the reg files if you want to manually import yourself. i've tested both and they work fine. again, i must emphasize that you power off after installing it and not just soft reset. try it out and let me know.
FOR THOSE OF YOU DOING CLEAN INSTALLS:
i didn't realize this but when you do a clean install, you still have to install a couple of the sb extended roms before you run my cab. specifically, you need to run PP_ConnVKK_1.33.761.1.CAB and Provisioning.exe to set up the device to even be able to accept the new password/settings. run PP_ConnVKK_1.33.761.1.CAB first and then Provisioning.exe...now once you run provisioning.exe, you'll find that it automatically creates the old SoftBank connection for you under internet->manage existing connections with the OLD password. go ahead and delete this connection, reboot (optional) and then run my cab (new sb settings.cab). power down and up again and it should work.
just to be sure i did a file compare of the [HKEY_CURRENT_USER\Comm\RasBook\SoftBank] "Entry" and "DevCfg" keys/entries with the old SoftBank setting active and with the new SoftBank settings active and the file compare showed that the contents were completely different. i was worried that maybe somehow the system was just somehow reviving the old password and not actually using the new one but this does not appear to be the case.
UPDATE:
after some more experimenting, it seems that the cab just restores the sb connection with whatever username/pass that you had installed previously. if you delete the the new opensoftbank username connection and then run the cab, it restores the opensoftbank username/password. if you delete the old "open" username connection, it restores that. very strange since the file compare shows that this registry dump (taken from new rom with new settings) is significantly different than a dump taken from a rom with the old settings yet it is somehow restoring the old settings. thanks for looking into this but for now, i think we have to say that this isn't working. so it seems that password is not simply stored in the registry. it must be in some hidden file that this registry dump somehow activates. in any case, i'll keep working over the coming weeks. sorry for getting everyone's hopes up.
Wow, I think that is great news for every Softbank customer!
Thanks it worked for me. I guess I will find out in April if it will work. I will cross my fingers.
Great job!!
You are the man! Great!!
thanks for checking! are you saying you're unsure if the file actually contains the NEW password and not the old one? well, it's definitely the new password as i created these files using only the new rom, a reg editor and a file compare tool so the old password never entered the picture.
you can actually run this exercise yourself and just repeat the steps i did if you want to be sure as the methodology is pretty simple. all i did was find where the encryped passwd was stored in registry and just imported it over to a different rom as is, encryption in tact. i've made no attempt to hack the actual passwd--we still have no idea what it is but as long as we can use the new settings, finding out what the passwd actually is unnecessary.
jokinawa said:
Thanks it worked for me. I guess I will find out in April if it will work. I will cross my fingers.
Click to expand...
Click to collapse
i haven't tried this yet, but if it works for you using the new ap opensoftbank now, i believe you don't have to wait until april to see if it'll work. those who've already upgraded theirs to the new rom should be using that new ap already.
i must try this myself later today.
trialdei, thanks for the great work.
that is indeed a great news, I was also wondering how to find this in the registery but was not sure that the different key I found were the correct ones. I will try on my other Hermes tonight and we shall see ! But the very promissing point here is that potentially I can even use these files for my universal and the mteor... which means... if you don't like the crap of the SB roms... just buy a WM5 device everywhere U want and put these regkeys !!!
Good job Man !!!
Yes this is great news, I think we might still need the password to use the phone as a modem connected to a notebook.
I think that is exactly what softbank does not want us users using the connection for since we would use the internet more.
okinz said:
Yes this is great news, I think we might still need the password to use the phone as a modem connected to a notebook.
I think that is exactly what softbank does not want us users using the connection for since we would use the internet more.
Click to expand...
Click to collapse
actually, i don't think you need to enter the password on the pc side at all to use the phone as a modem. check this post:
http://forum.xda-developers.com/sho...etooth+set+TyTN+to+be+discoverable#post987712
how about us with new sb rom... i don't see any wireless modem application on my phone... do you have a cab file for the wireless modem app alone?. i can't find it from ftp...
guys,
softbank is blocking the modem usage with a pc and it seems that's controlled at their open ap. i don't believe that's anything to do with the password nor the applications you use. you can fire up dun on your pc with x01ht connected via usb or bt, but the connection will fail.
harryk1372 said:
guys,
softbank is blocking the modem usage with a pc and it seems that's controlled at their open ap. i don't believe that's anything to do with the password nor the applications you use. you can fire up dun on your pc with x01ht connected via usb or bt, but the connection will fail.
Click to expand...
Click to collapse
i think you're probably right but then i wonder what's the point of establishing the new password in the first place if the modem usage isn't an issue for them either way? all of the x01ht's making their way to hk and abroad aren't going to be used on the sb network anyway. the new read-only radio rom takes care of simlocking already so the new passwd solves what? they just don't like the idea of people running around with foreign language roms accessing their network?
trialdei said:
so the new passwd solves what? they just don't like the idea of people running around with foreign language roms accessing their network?
Click to expand...
Click to collapse
i think they don't want people without the flat rate data tariff contract to use the open ap to cap the monthly pay. there are quite a few people in japan who just had the vodafone contract and running universal or hermes bought from elsewhere.
now that i have your registry solution for the new password, i cannot resist testing it on my universal. if it works, i don't have to retire my universal after april 1. thanks again.
trialdei said:
basically, i made the assumption that the password was somewhere hidden and encrypted in the registry though i had no idea where so basically all i did was do a registry dump with a clean install of the new sb rom, went into connections and deleted the softbank connection, then did another registry dump. finally, i did a compare of the before and after using windiff, figured out what changed and i ended up with the attached two reg files.
Click to expand...
Click to collapse
great job, trialdei. i have not tried this yet, but i will not have to give up a2dp if this works with the docomo rom!! many thanks!
i'm a newbie on this topic softbank open access.
so what is the main purpose of having this option available for the user.
is it allow the user to have the internet access over the softbank network.
and also if possible, please guide where i can find addititional softbank open access setup instruction, besides the information is already provided by trialdie's original post on this string.
please advice.
found the existing thread on softbank open access (unlock softbank x01ht thread). got the answer from there.
great!
this is great! i was having problems with the new sb rom and asukal's mui... i can't seem to get any network signal or even passthrough connections with that combination..
i'll try this one with the new htc rom from south africa, it may work for me.
great work dude!
no connection appears even after importing the reg with docomo rom... i will try it again when i have more time.
qtotter said:
no connection appears even after importing the reg with docomo rom... i will try it again when i have more time.
Click to expand...
Click to collapse
hi qtotter,
you need to make sure your registry settings are sticking...did you power off/on. the below new registry keys/entries should show up if you did it right:
[HKEY_CURRENT_USER\Comm\RasBook\SoftBank]
"Entry"
"DevCfg"
[HKEY_LOCAL_MACHINE\Comm\ConnMgr\Providers\{7C4B7A38-5FF7-4bc1-80F6-5DA7870BB1AA}\Connections\SoftBank]
"ConnectionGUID"
"SecureLevel"
"Secure"
"AlwaysOn"
"RequirePw"
"Enabled"
"EntryType"
"DestId"
if you don't see these new keys/entries then your registry changes aren't sticking.
trialdei said:
i think most of you x01ht users in japan are aware that softbank issued a new rom update that has the new open.softbank.ne.jp password hard-coded as part of the rom image and so there's no way to extract it via extended rom or otherwise (it's not in the preconfig cabs/xmls either). they've also announced that after april 1, the old password which most of in japan are currently using will no longer work so we either upgrade to the new softbank rom or we can't access the open network.
anyway, i've been fiddling with this all night and i think i have a solution that i've tested on a couple of different roms but i'm hoping you guys can give it a try as well so that we can call this a solution to the problem. basically, i made the assumption that the password was somewhere hidden and encrypted in the registry though i had no idea where so basically all i did was do a registry dump with a clean install of the new sb rom, went into connections and deleted the softbank connection, then did another registry dump. finally, i did a compare of the before and after using windiff, figured out what changed and i ended up with the attached two reg files. one adds "SoftBank" as one of the connections (hklm.reg) and the other is the encrypted password (hkcu.reg). you need to import these using the registry plug-in that comes with resco explorer (just dl the trial) as that's what i used and it seemed to work. also, after you do the imports, MAKE SURE you power off (not reset) and then power back on. sometimes the registry settings don't stick if you simply reboot.
to really verify this works, you should first go in and delete your existing SoftBank connection in settings->connections tab->connections->manage existing connections (under internet). if you're not confident then go ahead do a backup beforehand or you can just run the sb extended rom again if you can't get it to work. i've tried this with the sb rom as well as an i-mate rom and it's working perfectly...i'll test it with a couple other tomorrow as well. if this works for you guys, i'll go ahead and make it into a cab file.
update: okay, i've gone ahead and made it into a cab so you don't have to muck around with importing reg files. so just download the cab if you want to run a simple cab install. the zip file contains the reg files if you want to manually import yourself. i've tested both and they work fine. again, i must emphasize that you power off after installing it and not just soft reset. try it out and let me know.
Click to expand...
Click to collapse
its great but it did not work in my o2 xda exec.
thanks
SoftBank's known 3G/HSDPA flat-rate packet data connection setting that has hacked from old X01HT ExtROM (user name: "open", password started from "oz...") will be unusable on end of March.
The user name of new setting (available at current ROM that released on end of Nov. 2006) has changed as "opensoftbank", and still no one hacked the password itself.
However, finally I found a way to create the connetcion, using some files dumped from current X01HT ROM.
To create SoftBank's connection that can be used continuously after Apr. 1 2007, you need ROM COOKING as follows, because at least the file WIFIwake.exe should be in the ROM to make the connection.
Step 1. Cook your ROM (add following 2 files in attached ZIP) and update device.
For general instruction of Hermes' ROM cooking, see the Wiki and related resouces.
addfile Out.xml
addfile WIFIwake.exe(A.xml and Initial.exe aren't needed)
Step 2. Install ConnSBM.CAB (included in ZIP)
The connection will be created, however password entry is still empty at this moment.
Step 3. The files are in ROM, so you need to set to "Menu -> Show All Files" on File Explorer to make ROM-attributed files visible (or, use similar option for 3rd party's file explorers, such as Resco or GSFinder+).
Step 4. Run WIFIwake.exe from \Windows folder.
The password will be created into the connection made by ConnSBM.CAB at Step 2.
To confirm whether success or not, check the connection "Internet > SoftBank", and click "Edit -> Next -> Next". If "****************" is shown at the Password field, the password has been successfully created.
If the password is not created, maybe WIFIwake.exe (non-ROM attributed) exists on \Windows. After running Initial.exe, WIFIwake.exe is copied onto storage from ROM. You need to delete it before retry, if you have run Initial.exe before install ConnSBM.CAB or lost setting.
BTW, I guess this way can be applied not only Hermes, but also Universal and/or any other HTC devices those can edit OS ROM (at least, I have successed on WM6 for Universal).
Enjoy AT YOUR OWN RISK !
Great work, a lot of japanese people was pursuing this for long time! Congratulations
Awesome, I had been doing this same thing for 3-4 days no and getting nowhere.
Mad props to you.
I have the Hermes and I'll be going to work as an engineer in Japan from April. I have installed the DoCoMo ROM for the moment (simply because out of the two ROMs, it's the one to have Bootloader 1.0.4, I have no trouble reading Japanese, and I need a Japanese input that's a bit more stable than Bagoj's IME).
However I'm wondering exactly what this thread would enable me to do... I'm planning on getting a subscription with either SoftBank or DoCoMo (whichever provides SIM cards/accepts to register a foreign phone).
If I get a SoftBank subscription, would this enable me to somehow cheat the subscription on getting more Internet for free? Or if that's wrong, what exactly would it enable me to get?
I haven't looked into the phone subscription system at the moment, but soon will. Whatever this thread exactly means could be a huge help in any choice I would have to make.
Many thanks for your help in advance,
Cheers,
Yannick
Hmm, I get the connection added but when I try to run the initial.exe from Windows is doesnt do anything. Using 3DES Custom.
@itamae
What Does The File intial.exe Do Exactly?
@jokinawa
How Is The Connection Created Without Running initial.exe?
Cheers
mousey_ said:
@itamae
What Does The File intial.exe Do Exactly?
@jokinawa
How Is The Connection Created Without Running initial.exe?
Cheers
Click to expand...
Click to collapse
I finally got the program to work. Funny thing is that I could nt cook a ROM with the initial.exe in it of it would not install. I was using the Rom Koch 0.99 release. So if I just copied the files over to a fresh install of a ROM it worked but I had to click initial.exe about 4-5 times before the "loading" graphic appeared.
I am assuming that it either installs a dll with the password encoded in it of he knows the password and didn't want it to become public. Initial.exe puts the connection password in the connection that ConnSBM.CAB creates.
Without the initial.exe running you have the connection with a blank password.
Files
Seeing as how none of these files are in the ROM itself is there any way you can post a list of file to help us re-create the process?
Well done !!!
Finally we'll be able to upgrade to XDA Live of Crossbow without fearing to lose our flat rate !!
Alcibiade said:
Well done !!!
Finally we'll be able to upgrade to XDA Live of Crossbow without fearing to lose our flat rate !!
Click to expand...
Click to collapse
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
This is wonderful news indeed! Now we only need a way to cook Japanese fonts and stable input into new ROMs and life would be perfect...
Great!
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
Every time I cooked the "addfiles" the initial.exe would not run properly and create the connection. If I cooked the other files minus the initial.exe and the cab it still wouldnt create the password. I could only get it to work by copying the files after flashing. Anybody get it to work in a cooked rom?
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
mmmh cooked the latest LVSW and it s working great
Thanks, thanks thanks a lot for this itamae !!
Alcibiade said:
mmmh cooked the latest LVSW and it s working great
Thanks, thanks thanks a lot for this itamae !!
Click to expand...
Click to collapse
@^#)(!^@$ MMS Lite doesnt work
More EASY way has been found!!!
Another Japanese SoftBank user has found more easier way to add the new SB connection.
Now you DON'T need any ROM cooking. Please move to new thread.
http://forum.xda-developers.com/showthread.php?p=1172318
Alcibiade said:
By the way anybody courageous and kind enough to cook it with the latest WM6 version and post the ROM ?
I am trying to do that but I am learning from scratch... and it will probably take me a huge amount of time
Actually the best would be to compile it with some utilities to be able to read Japanese fonts and input Japanese...
Click to expand...
Click to collapse
posted here, OS also Japane,,どうだ!参ったか!
http://forum.xda-developers.com/showpost.php?p=1181259&postcount=48
I am not sure to understand the "cook" the ROM... are you talking about the OS part? The Radio or the Extended rom ?
Cheers
help
great to hear that u made it work. but still i cant get the softbank ap settings work
i got The connection created but however password entry is still empty .i tryed the way u have told. is there a easy way out. i use a o2 xda exec.
i would be really be happy if u could let me know
thanks
take care
suren
ysi said:
great to hear that u made it work. but still i cant get the softbank ap settings work
i got The connection created but however password entry is still empty .i tryed the way u have told. is there a easy way out. i use a o2 xda exec.
i would be really be happy if u could let me know
thanks
take care
suren
Click to expand...
Click to collapse
after copy Out.xml & WIFImake.exe to /windows folder, click on WIFImake.exe then the passwd will be inserted there!
thanks for the mail but still i did not
may be some thing wrong with my rom
thanks
Follow instructions in Blue 1pm est
Step 1: Talk and Text
What you need:
A QPST
B. HTC Diagnostic drivers for the Hero
C A Windows PC with either win7, XP or Vista running in 32 bit mode (64 bit will not work)
e. Cricket's 01039.prl -- get it here
fast PRL change dial ##PRL# and phone will enter prl mode, just browse to your sdcard and select 1039PRL, hit menu to change prl. Phone reboots. now call *228 to activation and program. NOW SKIP TO STEP 2.
step 1 long route
1. Once you have all of the items above installed, go to your number pad on your ERIS and dial ##3424# and hit Call. You will see a screen come up on the ERIS called the "DM Command Service."
2. Now, plug in your phone via the USB and your computer should install the necessary drivers. These will be the drivers mentioned above.
3. Once they are installed, open QPST Configuration, Listed under the QPST Folder on your start menu.
4. Click Ports, then click "Add New Port". You should see a port in the left part of the window. If not, unselect the button that says "Show Serial And USB/QC Diagnostic Ports Only".
5. Select the port and Click OK. There may be several ports, so repeat this process until you see a port where it says "Surf..."
6. Take not of which port says Surf, then open CDMA Workshop. Do not close QPST Configuration yet.
7. On the right side of the window select the same port as was in QPST with the word "Surf..." next to it and click "connect".
8. Click on the Security Tab on the top of the screen and click "Read" under the SPC/User Lock, ensuring that the default setting is listed in the drop-down menu.
9. Select the 6 digit number it generates and copy it.
10. Go back to the QPST Configuration and click on "Start Clients" and click on "Service Programming".
11. It will come up with a window displaying active phones. You should see one, the Surf....(whatever). Select it and click OK.
12. Click "read from phone". It will ask you for an MSL/SPC Code. Paste the 6 digit code you copied earlier and click Ok. In the settings tab you will see a box for the MSL/SPC code. Replace whatever is written in it with six zeros (000000). Click "write to phone". Ignore any errors that occur.
13. Click The CDMA Tab. Under Directory Number enter your 10 digit cricket number.
14. Click The Display Tab and type "Cricket" in the Banner.
15. Click the Roaming Tab and click "Browse" under the Preferred Roaming box.
16. Find and select the 01039.prl that you downloaded.
17. Click Write to Phone on the bottom. Ignore any errors that occur.
18. Unplug phone and dial *228.
Step 2. Setting up Web
What you need:
The same programs and drivers listed above
Anycut.apk-- get it in the android market place VIA Wifi.
1. Connect Phone Via QPST and open Service Programming. (See steps 1-3, 10 above)
2. Once you have begun Programming, click "Read From Phone". It will ask you for an SPC/MSL code. That code should now be six zeros (000000) -see step 12 above.
3. Click M.IP (may be M.IPv6 and set Mobile IP Behavior as MOB + Simp...
4. Select any profiles (there should be 1 or 2) listed under User Profiles, and click edit. Do the following for all profiles.
5. Make sure that "Profile enabled" is checked and enter in the following:
NAI: [email protected]
Tethered NAI: [email protected]
6. Change home address, primary ha, and secondary HA to all zeros.
7. On both HA Shared and AAA Shared Secret, click enter text string and type in the following password (all lower case): cricket
8. click ok
9. Set active user as 0.
10. Click PPP Config
11. The "Um" Button
12. Under user ID enter [email protected] as well as for tethered NAI. If a text box is black with red lines in it, click it and press ctrl D. Enter cricket in the password box.
13.Click "AN" Button and repeat step 12.
14. Click "write to phone". Ignore any errors that occur.
YOUR DONE NOW
NexT Follow instructions from the 3rd post. Below by Token419 to apply cricketmmsweb.zip in recovery for fully functional web/MMS/and apps
15. Install the anycut.apk mentioned above on your HTC ERIS. If you need help with that, pm me and I will explain a few ways to do it.
16. Open Anycut and click New Short Cut.
17. Click Activity and scroll down to Proxy Settings. Select it and Click Ok on the window that comes up.
18. Go to The home screen on your Hero and find the Proxy Settings on your hero.
19. For Hostname enter: wap.mycricket.com and for port enter 8080.
Step 3: MMS!
What you need:
a. Android SDK---
b. Modified Telephony.db --
c. Have Eris phone flashed for talk text and web (see above if you have not done this).
1. Unzip android sdk to a place where you can find it (the shorter the directory name the better as you will soon see. Mine is saved in C:\android
Also unzip the telephony.db into a folder where you can find it. Mine is saved in C:\android
2. In windows xp click start, then run, then type cmd and hit enter. In Vista or windows 7 click start and type cmd in the search and hit enter.
3. Navigate to the folder where you unzipped the Android SDK. If you are not familiar with the command prompt, I will make a list of the commands I enter in blue. The rest you see will be the text that will be generated by the command prompt: CD the directory of adb!!! ex. type cd hit space the drag the tools folder into cmd window. now you can adb push/adb pull etc.
4. Type the Following command
C:\android\tools>adb root
* daemon started successfully *
adbd is running as root
--------------------------------------------------------------------------------------
5. Send the Modified telephony.db to the phone with the following command (keep in mind that you will need to substitute the directory I am using for the one where your telephony.db file is located
C:\android\tools> adb push c:\android\telephony.db /data/data/com.android.providers.telephony/databases/telephony.db
85 KB/s (4096 bytes in 0.046s)
6. Unplug your Phone and hold the power button to turn it off. Turn it back on and there you go!
some roms arent allowing the telephony.db to work giving 245kb/s or any other like 130kb/s.
My advice is if you get one to work, do a Nandroid back up, so you will always have a working web browser and MMS.
Download link 1 Download Link 2
.....space.....
Your instructions/title look exactly like Brandonharrison's post on howard forums, if you got the instructions from him it may be nice to give him credit Also you may want to change the words "Hero" to "eris" since this is an eris guide also you can skip the part about spc unlocking from CDMA WS, since the eris comes factory with spc of 000000.
Anyways if your tracking the thread on howard you can update the web portion, to what i posted to get full market and apps working, credit goes to the team at howard forums who worked on getting it working for the motodroid. i simply modified their work so that it would work on the eris.
As promised here is a zip file containing 2 flashable zips:
One will handle the OS side to get Web/MMS up and running
The other will only do the web portion (Some people don't have good luck with the MMS that i did)
Download from the attachment below, or from here:
http://www.multiupload.com/EKQ8CC27Y9
As always, make a nandroid backup first
download the zip and read the readme inside for instructions
token419 said:
your instructions/title look exactly like brandonharrison's post on howard forums, if you got the instructions from him it may be nice to give him credit also you may want to change the words "hero" to "eris" since this is an eris guide also you can skip the part about spc unlocking from cdma ws, since the eris comes factory with spc of 000000.
Anyways if your tracking the thread on howard you can update the web portion, to what i posted to get full market and apps working, credit goes to the team at howard forums who worked on getting it working for the motodroid. I simply modified their work so that it would work on the eris.
Feel free to delete everything after step 2 substep 14 and replace with my instructions if you wish, to simplify the process for any new comers. (we are working to get this edited in brandons post over at howard currently since he can no longer edit his post)
as promised here is a single flashable zip that will hande the os side to get web/mms up and running
download from the attachment below or from here:
http://www.multiupload.com/lx7zvgloc2
as always, make a nandroid backup first
download the zip and read the readme inside for instructions
Click to expand...
Click to collapse
so does the same process work for metro pcs and where can i get those files
Should work with any carrier so long as you know the proxy information and apn settings, in my zip you can modify the autostart.sh file and change the port numbers and ip addresses to match your carrier, then you can edit the apn to match your carriers settings as well and you should be good.
Im working on getting one for metro for you all, but i dont have all the info required and iv been busy with work, its really simple to do, i just haven't gotten around to it yet.
token419 said:
Your instructions/title look exactly like Brandonharrison's post on howard forums, if you got the instructions from him it may be nice to give him credit Also you may want to change the words "Hero" to "eris" since this is an eris guide also you can skip the part about spc unlocking from CDMA WS, since the eris comes factory with spc of 000000.
Anyways if your tracking the thread on howard you can update the web portion, to what i posted to get full market and apps working, credit goes to the team at howard forums who worked on getting it working for the motodroid. i simply modified their work so that it would work on the eris.
Feel free to delete everything after step 2 substep 14 and replace with my instructions if you wish, to simplify the process for any new comers. (we are working to get this edited in brandons post over at howard currently since he can no longer edit his post)
As promised here is a single flashable zip that will hande the OS side to get Web/MMS up and running
Download from the attachment below or from here:
http://www.multiupload.com/LX7ZVGLOC2
As always, make a nandroid backup first
download the zip and read the readme inside for instructions
Click to expand...
Click to collapse
Hey the zip file is corrupt. I tried downloading it a few times still the same thing.
Puxxie said:
Hey the zip file is corrupt. I tried downloading it a few times still the same thing.
Click to expand...
Click to collapse
Sorry about that, i reuploaded the file as well as modified the attatchment.
Use at your own risk, there are 2 flashes inside the zip, one for web and one for Web+mms, some people cant get the MMS to work, works fine for me, but not sure why it doesnt work for others.
Make a nandroid backup first as always and feel free to mod it however you want
You don't need QPST, and it is in fact easier WITHOUT QPST
You don't need Windows Vista or Windows 7 (or windows at all).
Thank you for your contribution for this community.
I posted a thread for full functionality as well, with a different methodology.
And "flash" is a misnomer. All of the kids who think they're cool "flashing" phones to cricket don't even know what they're saying.
This phone can be all but fully PROGRAMMED for Cricket, and the "flashing" part is just to save you time transferring iptables to the phone.
http://forum.xda-developers.com/showthread.php?t=685165&highlight=cricket
Your little thread needs some help don't flame in my post.... if your going to create a flash solution. ..please edit it fully like I made an attempt to do. And not just say "follow instructions from HF" that was pretty wack!
You don't need QPST, and it is in fact easier WIT
And "flash" is a misnomer. All of the kids who think they're cool "flashing" phones to cricket don't even know what they're saying.
This phone can be all but fully PROGRAMMED for Cricket, and the "flashing" part is just to save you time transferring iptables to the phone.
http://forum.xda-developers.com/showthread.php?t=685165&highlight=cricket
Click to expand...
Click to collapse
Good luck with that inputting on phone feel free to take a look at my fully detailed Motor Droid to cricket in android development thread
-------------------------------------
Sent via the XDA Tapatalk App
qpst wont read my phone any thoughts or links?
i tried everything
You don't need, QPST.
Just open up your phone, then dial ##778 (call).
ALL of the settings you need to edit in QPST are available in your phone's built in program, EPST.
bigslanki said:
Your little thread needs some help don't flame in my post.... if your going to create a flash solution. ..please edit it fully like I made an attempt to do. And not just say "follow instructions from HF" that was pretty wack!
Good luck with that inputting on phone feel free to take a look at my fully detailed Motor Droid to cricket in android development thread
-------------------------------------
Sent via the XDA Tapatalk App
Click to expand...
Click to collapse
bigslanki,
No flaming intended. I was being serious when I said thank you for your contribution. All I've done is copied and pasted things from other sources that have worked for me as I've tried them. I should edit it more fully and maintain it better. Thank you for your suggestion.
I haven't used QPST since the days of ##778 on this phone, and I was only suggesting that less tech-savvy people, who may have trouble getting QPST working just right in Windows, might have an easier time without it.
All is well. Thank you, seriously, for your contribution.
What is the newest/easiest way?
Looks like alot of advancements have been made in the last 3 or 4 months to make the process easier. Is this thread still the best way to get an eris setup on Cricket with full functionality?
Please help out a noob! I've read so many posts, tried so may methods...I think I am SOOOOO close! But I just can't get the web/mms working.
Thanks!
Will this work for HTC Incredible? I seem to be stuck. *228 calls cricket but a voice says they can not program my phone. I have tried nearly ALL the prl files for cricket available on the link. I can call 611 from it also and speak to a csr but that was little/no help..
Please change this to hero thanks
Web on Eris
So if my Eris is already activated on Cricket with talk and text, will flashing for web (rooting etc..) de-activate my phone?
EthicsDesign said:
So if my Eris is already activated on Cricket with talk and text, will flashing for web (rooting etc..) de-activate my phone?
Click to expand...
Click to collapse
If you have a 3g indicator in the notification bar of your phone (as long as you have Mobile Network turned on - hold the power button, and turn it on, if it's not on already), then you're ready to flash the web/mms flash.
Flashing the web/mms flash or ANY kind of flash from Recovery will NOT affect your talk/text abilities whatsoever. It can only enhance the ability of your phone to do things.
I recommend flashing the Cricket v10 flash from token419's thread here, then using APN Backup & Restore to backup your APNs, modify them, then Restore them to make MMS work perfectly:
http://forum.xda-developers.com/showthread.php?t=730289
Let me know where you get stuck, if you get stuck.
Here's what I did, exactly, to get my ex-gf's working 100%
http://forum.xda-developers.com/showpost.php?p=7665352&postcount=135
thank you!
I also called a cricket store to ask this quistion, the guy mentioned that after today, cricket will launch there own google android phone, so anyone with a flashed android phone will have to pay the $60 Plan. any idea if this is true?
EthicsDesign said:
thank you!
I also called a cricket store to ask this quistion, the guy mentioned that after today, cricket will launch there own google android phone, so anyone with a flashed android phone will have to pay the $60 Plan. any idea if this is true?
Click to expand...
Click to collapse
That's not true.
But if you go into the store, and ask for your Android phone to be on Cricket, then yes, you'll have to pay for the plan.
Otherwise, unless they're keeping inventory of customer provided equipment (which they never have before), you're fine.
In their notes they just have 'customer-provided equipment' listed, not HTC Droid Eris.
I wouldn't worry about it. My ex-gf has this going on, so we'll see. Sprint is $69.99 for a better/faster/more reliable network, so if Cricket does this, they might lose out to that, unless people really use the unlimited minutes.
Quick question. I am very new to the android unlocking scene but I have done a good amount of research. Step 1 of this guide shows us how to get text and talk working for cricket (and I'm assuming Metro as long as you load the Metro prl). What I want to know is Step 1 EXACTLY the same as getting MetroFlashed minus adding the esn to Metro's db?
The reason I want to know is because I got my phone MetroFlashed and set up data and mms. The next day I did a hard reset. Contrary to others beliefs doing so put me back on Verizon so I brought it back to be flashed again. Now I'm reading this and would like to know if Step 1 is all I need to do to get back on Metro in the event I need to do another hard reset for whatever reason.