On Fri 07 February 2014 22:25:23 Michael Spacefalcon wrote: > Hello fellow freedom lovers, > > I have just released the first version of the kit that allows a Neo > Freerunner user to set his/her IMEISV to any value of his/her choice. > Download it here: > > ftp://ftp.ifctf.org/pub/GSM/GTA02/ffs-edit-kit-r1.tar.bz2 > > Operating instructions are inside the tarball. The way in which this > kit works is completely independent of what firmware version you have > in flash: it can be moko11, leo2moko, or even blank or corrupt flash. > (Just like with fc-loadtool, the chain starts with Calypso's on-die > boot ROM, i.e., the wonderful hardware unbricking feature TI gave us > in this baseband chip, similar in principle to FR's NOR U-Boot which > is extra hardware just for unbricking.) > > Please also note that many vendors' "standard" proprietary firmwares > include undocumented AT commands for setting the IMEI, and as my > experiments indicate, moko11 appears to be one of them: > > ftp://ftp.ifctf.org/pub/GSM/hacks/imei-hacks-r1.tar.gz > > However, I do not recommend using that AT@SC command, as the half-baked > implementation does not make the proper distinction between IMEI and > IMEISV, and the last 16th digit of the complete IMEISV (which is what > the modem actually uses and sends over the air) ends up being set to a > "random" value that is an artifact of the obfuscation scheme. > > As an example, the original factory IMEI of the GTA02 I use for FC > development is 35465101-961584-0; the original factory programming of > the complete IMEISV is 35465101-961584-00. However, if one uses that > AT@SC hack to change it, it is then impossible to revert the complete > IMEISV back to this original setting using the same AT@SC command! If > one feeds the correct obfuscated AT@SC string for setting > 35465101-961584-0, the full IMEISV gets set to 35465101-961584-01 > instead of the original factory 35465101-961584-00. > > In contrast, the FFS editing kit linked above allows you to set all 16 > digits of the IMEISV to whatever you choose; the kit provides the > mechanism and you decide on the policy for what the SV digits should be. > > However, considering that those with a desire to play with their IMEIs > would probably find an AT command much more convenient than the rather > cumbersome (albeit powerful) XRAM-agent-based mechanism presented in > my current kit, I plan on making a new version of leo2moko that will > include a new AT command for setting the IMEISV. > > I will not be replicating the obfuscated AT@SC command, instead it > will be a different AT command that sets all 16 digits explicitly and > works without any obfuscation. The syntax I propose is: > > AT+SIMEISV="1234567890123456" > > If anyone has an argument for a different syntax, please speak up now. > > Viva la Revolucion, > SF
you recall that single line I actually censored? (Must have been the only time in my life I did this) In the changelogs, around moko5 or something. It actually been a weird "secret" AT command to change the IMEI, it claimed in changelogs that it had some really weird formula to add birthday^5 to old IMEI or sth and append that to the new IMEI, for "authentication" - and it never worked afaik. cheers jOERG -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments (alas the above page got scrapped due to resignation(!!), so here some supplementary links:) http://www.georgedillon.com/web/html_email_is_evil.shtml http://www.nonhtmlmail.org/campaign.html http://www.georgedillon.com/web/html_email_is_evil_still.shtml http://www.gerstbach.at/2004/ascii/ (German)
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
