Better Mobile App

XDA IIs unlocking method

OK IMEI-CHECK charge £20 to unlock the phone, and I say fair enough. Why am I posting this? Did you know that their method is probably writing a NEW locking code using some other algorithm? If you run their software, it will inflate and write (about 4K of data if i remember correctly) in the part of the Radio ROM, where you only get access from the bootloader (memory address h'0' to h'10000'). Now here's the thing: I bet if I call T-mobile and ask for the unlocking code, it won't work in my phone, as these guys are actually modifying the Radio ROM without even telling you. Have you guys thought about insurance? For those who don't pay £9.99 or whatever extra cover, what if you pricey and precious pda goes bonkers? I think they should tell you *before* doing anything, about any possible problems.
Come on you guys, someone said he has compiled a few logs/imei numbers. Let's crack this thing, it has been done before for xda I and II, why can't we do it for IIs/IIi?

If that's the case, then I wonder what's in those .uif files they ask you to send back to them? Could it be a backup of the sections of the radio ROM that they're replacing?
Also, if they're writing a fixed set of data to the radio ROM, how come everyone seems to have different unlock codes? Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
-no1

Just had another thought - what if they're replacing code in the radio ROM with code from the Himalaya so that the unlock process then works in the same way as the Himalaya?
Has anyone tried using the xda2unlock tool after running the program from IMEI-Check??? I can't test this just now, so it's just a guess.
-no1

Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
Click to expand...
Click to collapse
Yes I believe that's what they actually do. I tried to run their utility with a debugger but it does not allow execution as long as a debugger is running, nice one IMEI-CHECK. However, I have done a full USB port logging when the utility runs and I found out that they write a new image between addresses 0 and 10000 of the radio rom, and that they also read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes.
Yesterday I discovered something odd...after running their application, and by inserting a different SIM card, the attempts counter for the unlocking code had a negative value of several millions. Now I suspect that by writing in adresses 0-10000, i think they replace the default unlocking utility which allows to enter the code.
Another idea I will try will be to run a debugger in the PDA (if I can find one) and see if I can capture the memory address with which it compares the input code.
Come on guys, especially you who did the unlocking utility for XDA II!! Give us some help here!!!!

Zouganelis,
That's excellent that you've been able to sniff the USB traffic. Keep up the investigations!
I wonder why they'd need to read sections of the ROM? If they're replacing the calculation algorithm section of the ROM with their own code, then they should already know how to calculate the unlock code - i.e. they shouldn't need the user to send them back the .uif file.
This makes me wonder if the code they are replacing is just a copy of the code from another device e.g. the Himalaya.
If they are replacing with code from the Himalaya then the unlock process may revert back to how it works on the Himalaya.
Has anyone been able to test this by running the xda2unlock tool for the Himalaya *after* running the IMEI-Check program?
Does anyone have the source code for xda2unlock by the way? I tried searching for it, but it doesn't seem to be available.
-no1

Another thing, does anyone know if it's possible to back up and restore this secret area of the radio ROM using the backup to SD method? I assume that when you dump your radio ROM to SD card it's not including this part of the ROM???
I want to be able to fully restore any bits that the IMEI-Check tool is changing, just in case.
-no1

Come on guys, anyone else trying to crack this thing? We need someone who knows how to disassamble/reverse engineer this log file. It can't be that hard! Also, I think the key to understanding what their little proggy does, is to manage to run a debugger when the unlock program runs. It has some mechanism of detecting a running debugger and it quits if you have a debugger running at the same time. I bet my MDA III that some experienced programmer can overcome this and fool their application? I am running out of ideas guys and I am really against paying these thieves 20 quid for nothing. They MUST have done this using the previous unlocking methods for XDA I and II. Does any1 know who did those unlockign utilities? These guys must help us!!!

Have you tried to run OllyDbg as a debugger tool to see what is happening? Your earlier findings were very interesting...let me study this and get back to you all...
One remark upfront though: I do not think they are modifying your Radio ROM....this would mean that if you upgrade/replace your current Radio ROM, you would be SIM-lock free...and I do not think that is the case...

OK, some initial observations:
1. Lousy software...hard to use for novices...why have the phone enter BL mode automatically (using enterBL.exe)...I think we can do better!
2. Since the phone must be in BL mode, I do think it extracts some info from the radio ROM, but the SIM-Lock could also reside in the Extended ROM, since this is usually customized by the provider?
3. Interesting to see that the same proggie and procedure is used for all XDA-X models
4. Can anyone post a file (output of the proggie) of what they have mailed these folks, as an example?
5. I was always under the impression that the SIM-Lock resides in the SIM itself, so this is a software workaround? What happens if you upgrade your ROMs...you need to go through this process again? Does anyone have experience with this?
Thanks, and let's get this thing cracked!

HappyGoat,
My understanding is that SIM lock is implemented by the phone itself rather than the SIM card.
In the case of our HTC devices, there seems to be a small area of the radio ROM that does not get written to (even when you upgrade your ROM). This area is where the SIM lock is located, and probably other information such as your IMEI number.
This is probably why your IMEI and SIM lock information never get replaced when you upgrade your ROMs. I seem to remember that an older version of the xda2unlock tool was able to change your IMEI number but it got pulled for legal reasons.
When I unlocked my Himalaya, it stayed unlocked even after later upgrading the ROMs, so the state of the SIM lock is being stored somewhere. It can't be on the SIM because what if you change your SIM after you unlock it? The phone would need to be able to read your old SIM to check if the phone is locked!
Zouganelis,
Have you got any idea if it's possible to back up the areas of the radio ROM you mentioned to SD card? Like the current SD card backup method, but getting ALL of it?
-no1

Happygoat and no1,
i am pretty sure they write to the radio ROM some data they inflate from their "unlocking" executable file. How do I know this? Well, when I put a different SIM into my XDA IIs, after I enter the pin code, the simlock application comes up (simlock.exe under \windows\) which checks for the correct unlocking code. Now usually, you have 3 attempts available to do this, before the phone locks and says "contact customer services" or whatever. After I run their application, the counter had a value of -2billion or something, making it impossible to lock it. Interestingly enough, the memory adresses to which they WRITE, are between 0 and 10000. Is it a coincidence the simlock.exe application is 10.5kB? I don't think so!! i think they write their own simlock application to reset the counter, and then they read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes. The simlock code MUST be here!! i will post the log from the USB port sniffing tomorrow, as I don't have these files right now. It's pretty obvious to see how the bootloader works. Anyone with past experience especially with CE based devices will be able to figure out how to read these last two chunks of the radio rom.
Here's a link with some interesting files, RED has posted in the past:
http://www.pgwest.com/phone-files/
Username: xda
Passwrod: blueangel
I do agree with no1 regarding the simlock, I think this is exactly the way it works.
no1, I don't know how to do any backup to the SD card, but if you really know what you are doing in the bootloader, try reading from the memory addresses I mentioned earlier.
Keep it up guys, i think we know what their software does, we now need to find out how to read properly the output log.
Regards,
Zouga

Hi zouganelis and no1,
Thanks for the explanations and comments...all makes sense to me now, excellent.
Zouganelis, thanks for the website...that is the stuff I was looking for, cheers!
I do indeed think we are close...will report back later.

So... if they need the .uif file AND the IMEI number, could it just be a case of using the IMEI code to decrypt the contents of the .uif file? In other words the IMEI code is the decryption key??? But what kind of encryption are they using?
I think they used simple XORing in the past for encrypting the radio, OS, and extended ROMs, but this changed slightly for the Blueangel. I wonder if they used a similar method?
-no1

Interesting thought...and a simple one...which explains they can turn around a request so quickly...
You might be correct...the IMEI could bear the encrypted code for simlock or not. Nowadays, encryption standards are:
DES
MD5
SHA
DES is relatively easy to "crack", SHA being the hardest...they are one-way encryptions, which mean they can not be reversed. The only way to get a match is to try...I have numerous proggies for this and will explore this option...

OK, did some more googling, found the following. There appear to be only 3 companies or people who can do this, which makes it even more interesting...
1. www.imei-check.com (UK)
- Download proggie
- Send them back the output and EMEI number
- Receive unlock code
2. Ebay guy (Canada): http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=43312&item=5763970199&rd=1&ssPageName=WDVW
- Sends you software
- You will run this software and it will generate a log file (data cable required).
- You'll need to email us this log file and we will send you the unlock code with instructions as soon as possible
Looks like same procedure as EMEI-CHECK
3. www.UnLockItNow.com (Company in Malta): http://www.unlockitnow.com/remote/unlock/by_cable/Pocket_PC/unlock/XDA_IIs_unlock.php
Not sure what process they use, but looks the same.
-----------------------------------------
Then I also came across this interesting story: http://www.modaco.com/index.php?showtopic=200968
This guy writes (edited):
I happend across an official O2 email address that I sent an (abbreviated) SIM unlock request, briefly stating why I needed my XDA IIs to be SIM unlocked, and providing my O2 account number and the handset IMEI number. 30 minutes later and I was emailed back an unlock code.
No ifs, no buts, no questions asked and no payment required.
I placed my Orange SIM card in the IIs, waited for it to boot, entered the code and was greeted with "Unlock Code Accepted." Both dialling out and receiving calls on my Orange account no problemo.
...
Bearing the above in mind, I'm not going to directly post the email address, but will gladly pass it on via PM.
Click to expand...
Click to collapse
The interesting part here is that he only had to give his EMEI number, nothing else...and received an unlock code.

If you take the official route of unlocking your phone through your network provider, all they need is your IMEI number because they can calculate your unlock code from that.
I'm not 100% certain how the process works, but I'm fairly sure the algorithm they use to generate the unlock code is different for each handset manufacturer. I think the network provider either has to send your IMEI to the handset manufacturer for them to calculate the unlock code, or possibly the provider is given a database of unlock codes for all the handsets they purchase. This might explain why it sometimes takes them a few days or weeks to get back to you with the unlock code.
So figuring out how they convert the IMEI number to the unlock code would be another way to attack the problem. Although, I think it would probably be very difficult to figure out what hashing algorithm they're using to generate the code. But if it can be done, then it would certainly make things a hell of a lot easier!
-no1

SH*TE I have been writing a post for about half an hour now explaining the files and as soon as I logged in it was lost. :evil: :evil: :evil: :evil: :evil:
Anyways, here we go again. I am posting the files I promised yesterday. The are three JPEGs which are handwritten notes from the first time I run their application, and a log file from the second time I run the application. Here's the thing: the first time, the software send a read command for the addresses 0-10000 of the radio rom (rrbmc x 0 10000) and store in the x variable. Then it probably compared the checksum with their data, and it didn't match, so they deleted this part of the rom (rerase 0 10000) and they written their own version of it stored in a vector called data (rw data 0 10000). So far so good.
The second time I run the software, it sent again the rrbmc command but this time it didn't erase or written anything, so I guess it does actually what I said before with the checksum.
Another important remark:
The first time I run the software, the software requested some information from the device (rinfo) and the xda replied:
BlueAngel B120 C6B23C704A59520150993080051FF87B
After it finished writing, it sent the same command once more and this time the xda replied:
BlueAngel B120 C6 BE3A709999541E509810802FD775B0
Now the second time I run the application, the rinfo command returned:
BlueAngel B120 C6BC3C70B329B2B1509980809FE49B11
Can these be some form of HEX encryption keys or something?
Happygoat maybe you could use them in your nice proggies?
Anyhow, I think this is all for now. The commands in the logs should be straight forward to understand, it's just the data part which needs real decoding of some sort.
Hope it helps, regards Zouga

Zouga,
Thanks alot for the info...and your patience!
I downloaded a program called USB Monitor, which supposedly logs all data transferred via the USB port...is that the proggie you used as well?
What I want to do is run the IMEI-CHECK program on my device a few times in a row..since it was never SIMLOCKED, I wonder what the output will be...and if they will be different.
I suggest other people run this software as well with a USB port logger, so we can compare logs, and perhaps figure out precisely what we need to do.
Regarding the encryption, I will have a look. I do not think that the data you gave me (C6BC3C70B329B2B1509980809FE49B11) is encrypted...looks like plain ol' HEX to me...will do some more research.
What I think would be the ultimate solution, is to develop an app that calculates the unlock code based upon IMEI number...easy to use, no workarounds, and something I understand: Encryption...
Yes, I am biased...but I am reading up on ass'y code right now to get my arms around this thing...so bare with me...

Hi HappyGoat,
It's good that finally you guys got interested in this! Yes it is the same piece of software I used to sniff the port, it would be interesting to see the output of your unlocked device. Could you please post it as soon as you have it? I hope we can crack this!!
Come on guys, don't just complain for the £20 charge, give us some help here!! We should all run the software and log the data to compare them, as HappyGoat suggested. Then we should all be HappyXdaUsers
Looking forward to some news,
Zouga

Zouga,
Can't download the zip file (bottom one) for some reason...reports that file can not be found...can you try again please?
Cheers,
HG

ROM upgrade success after a big issue ...

Hi folks,
Although I am generally not timid about modding certain products (such as my computers and TiVo), I do like to first take my time before diving in until I'm sure I've read most of the relevant threads and have gathered up the complete suite of software tools in one place. The resources on this site and the work of folks such as DCD and nueChem are amazing and outstanding and I want to say thanks for that.
As of yesterday, I felt read to take the plunge installing the bootloader, 3.27 radio ROM and DCD 2.3.2 kitchen build on my XV6800. However, I didn't just go with the stock kitchen. I added a couple of additional OEM packages from Alex.Kaiser.v4.OEM.Packages (the nue LED and audioparam packages and Resco File Explorer 2007 in particular).
The updating went great and I was able to OTA reprogram my phone without needing to call Verizon. However, I noticed that something wasn't right.
First, my phone had no connection data onboard so the phone didn't know to dial #777 for a data link and my attempts to enter this manually didn't give me any success.
Second, my PC wouldn't see the device unless I deselected the "advanced network features" (or similar, I forget the exact wording) checkbox.
Third, I couldn't install CAB files. They'd terminate immediately with an "installation was unsuccessful" message.
Finally, once I was able to establish a connection to the PC, I could add and remove files from the device *only* from the PC. Attempts to delete files from the device itself were met with a file permissions error.
After playing around for a while trying every tweak I could think of, I tried using Resco Explorer and, after a few minutes, got a registration code error/warning message. This made me wonder if this package was the problem: preventing certain types of file access due to it being in a limited-functionality mode from lack of a proper reg code.
So, I rebuilt the ROM without it and now all is well! I'm loving the new dialer and comm manager as well as the active GPS (I've tested it only with Google Maps and GPSToday so far and it gets to within half a block). Not sure how well EV-DO Rev A is working yet. I tethered the phone and ran an online speed check, obtaining 1.2Mbps download but only 60kbps upload. It's possible this is related to my local coverage (Nyack, NY), so I'll try this again from a known-good Rev A area.
Anyway, just wanted to relay my experience in case it proved useful to anyone.
One other thing: I used PIM Backup to backup my data beforehand since my sycing is generally done on my work machine and I was doing the ROM updating from home. Upon restore, it wouldn't restore my email messages because it didn't find the corresponding account. So, it's important to note that this account info isn't backup up and that you first need to create the account before doing the restore step (making sure to name the account the same as before so that it matches up).
David

SmartProtect Anti-Theft Software with SMS Auto-Responder and MortScript support

IMPORTANT.. CHECK ON THE FIRST PAGE FOR UPDATES.
WARNING : This software has some pretty powerful features so use at your own risk. Importantly, please read the instructions below.
Hi guys.
This is my first software using .NETCF for Windows Mobile Phone. I know this software is peanuts compared to what is out there, but I wish this would be useful to all of you as well. This software helps you track and recover your phone once stolen or lost. Features includes :
1. A Thief or Lost Prevention Software with SMS Auto-Responder and GPS Capability created for Windows Mobile Devices.
2. When you forget your phone and can''t remember where you put it, you can SMS your phone to get the exact location via GPS information if your phone has GPS Capability or approximate location based on Cell Location.
3. You can SMS your phone for other information such as IMSI, IMEI or even remotely reboot your phone etc.
4. This software is also equipped with Thief Prevention system which will automatically SMS your partner phone number if the SIM has been changed against the registered SIM.
5. This software supports registration of Multiple SIM Cards and of Multiple Phone Conctacts as Partners.
6. When your phone has been stolen, it will automatically SMS relevant information such as IMEI, SIM Card Number or IMSI, GPS Location if supported or Cell Location.
7. It is able to also auto-delete Phone Memory Contacts if the phone has been stolen.
8. It is password protected and the password is encrypted with AES-Encryption.
9. Its un-install proof. It requires special procedure to uninstall the protection, so even if you uninstall it, it is still working.
10. It has MortScript support.
You need atleast .NETCF 2.0 for this app to work (which most Windows Mobile has so not to worry).
Note that Cell Location depends on your device. It should be working but the problem is not all devices interfaces with RIL functionality so it may or may not work.
For testing, kindly use Emulation Mode to determine if the application will work on your phone before using these features :
1. Make Phone Unusable
2. Protected Folders
3. Delete Contacts on SIM Change
Emulation mode will run the protection, however on test mode only and not real mode. Therefore, it will just produce a log file to tell you of the action it is supposed to make (however since its a test mode, it does not do that action). If everything is fine, make sure that after testing, to disable the emulation mode.
This was only tested on GSM-based phones. If you have Non-GSM Based phone, and you want to try it out, kindly do and let me know.
This software also can accept SMS Commands from the partner phone so that it can return informations as commanded by you explicitly. Here are the SMS Commands that you can send. Note though that the SMS is only accepted when :
1. The SMS came from a partner phone. (You need to register the phone as a partner phone first).
2. The password is correct. Password is based on the password that you have saved when you configure SmartProtect on your phone. The password is authenticated by the phone once the SMS Command is received.
3. When the SMS Command is correct.
The SMS commands syntax is :
::/[command],[password]
example :
::/getGPSLocation,mypassword
Available Commands are :
getIMEI - Retrieves the IMEI Number
lockMyPhone - makes your phone unusable
enableLockPhone - Enable the Lock Mechanism of your Phone. When your phone is stolen, your phone will become unusable.
rebootPhone - Reboots your phone.
deleteContacts -Deletes your mobile phone contacts. It does not delete the SIM Card Contacts.
unregisterPhone - Unregisters the sender as a partner phone.
disableSecurity - Disables the security mechanism of your phone. This requires restart to take effect.
enableSecurity - Enables the security mechanism of your phone.This requires restart to take effect.
getIMSI - Retrieves the IMSI Number.
alertContacts - alerts your contacts that your phone has been stolen.
getCellLocation - Gets the approximate location based on Cell Tower that your phone has registered to.
getGPSLocation - Retrieves the GPS Coordinates.
exitApp - When you use getGPSLocation command, this application stays in the memory. This command exits the application. However, this applications will still be activated if any of the command is received.
registerPhone - Registers your sender as partner phone number.
listCommands - List the commands available for the Software.
versionInfo - Retrieves the current version of the SmartProtect.
deleteProtectedFolders - Removes the protected folders.
disableEmulation - Disabled the emulation mode.
stopAlert- Stops the alertContacts action.
stopAlert- Stops the alertContacts action.
runPreScript- Runs the pre-action MortScript you've defined.
runPostSCript- Runs the post-action MortScript you've defined.
runAllScripts- Runs all the MortScripts you've defined.
To install the software, unzip the file and run the setup.exe. Make sure you connect your device to the computer for syncing.
Leave your comments if you have suggestions, concerns or reported bugs here[/url]
This has not been tested on Non-GSM based phone.
IMPORTANT :
Please follow the procedure below to update the software :
1. From the partner phone. SMS your phone with the command ::/exitApp,[password]. This is to make sure that the SMS module is not loaded in the memory or update may fail.
2. Uninstall the SmartProtect. (optional)
3. Install the latest SmartProtect. If you didnt uninstall smart protect, it will ask you if you want to uninstall the older SmartProtect. Just click.
4. Once installed, Run SmartProtect to verify that your settings is still there.
5. Once verified, click either exit or save.
6. You will be notified that there's a need to restart the phone. Proceed to restart.
7. To verify its installed, SMS your phone with ::/versionInfo,<password>. This should yield the latest version.
Thanks!!
REMOVAL INSTRUCTIONS :
Please follow the procedure below to remove the software :
1. Uninstall SmartProtect 1.1 from your Mobile Phone.
2. From the partner phone. SMS your phone with the command ::/exitApp,[password]. This is to make sure that the SMS module is not loaded in the memory or update may fail.
3. Install SmartProtectRemove.CAB to your mobile phone.
3. Run the SmartProtectRemove
4. Enter the appropriate password you've configured for SmartProtect. Click on Remove SmartProtect.
5. Reboot/soft reset your phone.
6. To verify that it has been removed, SMS any commands to your phone. It should get thru now.
Thanks!!
THOSE WITH SMS MODULE OF SMARTPROTECT NOT WORKING
Kindly run SmartProtect on Emulation Mode and test by sending SMS commands. The emulation mode works for all commands except for disableemulation, versioninfo and listcommands. Then the resulting log, kindly send to me for debugging purposes. Note that in emulation mode, no SMS will be sent out and all actions are recorded on the log file
Version 1.1.5
Updates.
1. Added Reboot messages if required during exit.
2. Added About Message
3. Changed title to SmartProtect on the first screen.
4. Added OpenCellID Link on the SMS.
Version 1.1.6
Updates.
1. Fixed Deletion of Protected Folders. When in-use Deletion module quits the deletion process.
Version 1.1.7
Updates.
1. Performance enhancement.
2. Fix a minor bug. When a number saved on the Partner Number is not on your address book, there's a tendency that the sms command may not get executed.
Version 1.1.8
Updates.
1. Fixed issue for users with non-english ROM where SMS command is not executed
2. Added MortScript support. You can now run Mort Scripts for Pre-process (before the security is invoked when the phone is compromised) and Post-Process (After the security is invoked). Note that you need to ensure that your Pre-process script ends, as the security will only be invoked when it ends. MortScripts will run only when the phone is compromised.
3. Support for AppToDate for automatic updates. (I have not tested because I can't download AppTodate. I will do a test later).
4. Additional commands such as runPreScript, runPostScript, stopAlert
5. Modified the way alertContacts command is executed.
Version 1.1.9
Minor Update
1. Added SMS Command to the Emulation Mode. In Emulation Mode, log will be produced whenever an SMS command is received and executed. Logs are stored on the Emulation Log.
Version 1.2
Minor Update
1. Fixed issue wherein those with partner number that starts with 0 (example 0917) is not recognized when an SMS is sent. (because the phone recognize it as +63917)
Version 1.2.2
Minor Update
1. Updated Resolution for Finger-Friendly Devices.
2. Integrated the Remove functionality to SmartProtect Configuration
3. Modified the Right-Menu. Instead of Save, it includes other settings normally found on tabs.
4. Internal changes. Libraries were integrated to make it more re-usable to each components.
Version 1.2.3
Minor Update
1. Broken AppToDate file..
Version 1.2.4
Minor Update
1. Removed Debug Statements..
Note. You can use apptodate.cab to automate updates. AppToDate is provided and developed by Paul from Modaco. Thanks!!

Thanks. Great Tools. Will try it out.
Beta?
Freeware after final release?
I am current using IIWPO both my phone and my other half's phone, which has help my other half recovering HTC Trinity when it was lost.

CWKJ said:
Thanks. Great Tools. Will try it out.
Beta?
Freeware after final release?
I am current using IIWPO both my phone and my other half's phone, which has help my other half recovering HTC Hermes when it was lost.
Click to expand...
Click to collapse
Yap, Freeware after final release. I'm thinking of adding further features but I'll probably save it on the next version. I'll stabilize this version first.
Btw, unlike IIWPO, this software uses your SIM Card as registration instead of Owner Information. Every SIM Card has a unique number which can be used as a Unique Identifier of the owner of the phone.
Thanks!!

Yep, I know and understand your point.
But most with the feature you have are not freeware.
Thank you very much for the effort.
Trinity has GPS.
Flame does not.
Edit: Need to uninstall IIWPO before trying this?

mayo98 said:
Btw, unlike IIWPO, this software uses your SIM Card as registration instead of Owner Information. Every SIM Card has a unique number which can be used as a Unique Identifier of the owner of the phone.
Click to expand...
Click to collapse
What about phones that don't contain SIM cards?

CWKJ said:
Yep, I know and understand your point.
But most with the feature you have are not freeware.
Thank you very much for the effort.
Trinity has GPS.
Flame does not.
Edit: Need to uninstall IIWPO before trying this?
Click to expand...
Click to collapse
Hi,
You don't need to uninstall IIWPO. This does not interfere with the registry IIWPO is using.
Thanks!!

smotrs said:
What about phones that don't contain SIM cards?
Click to expand...
Click to collapse
Hi Smotrs,
That's a good question. The answer is maybe it won't work. I haven't tried the application in Non GSM phone. You may try and let me know if it works. I'm happy to add that feature.
I'm using TAPI to get the Subscriber ID. I'm not sure if this will return the same CDMA subscriber ID. But for GSM, this is equal to the IMSI which is the Sim card Number.
Thanks!!

I discovered a bug but minor. If the phone is in PIN mode for a while and the SmartProtect kicks in, even if the SIM Card is correct, the application will detect a wrong SIM Card (probably because the SIM has not been registered yet??) and therefore sends SMS. Once the PIN has been keyed in, and the SIM has been registered, the protection stops.
The bug does not always happen. Only when the PIN Mode has been idle for a while.
I'll fix this by adding a detection of PIN entry.
Just to let you all know.
Thanks!!

A couple of questions...What do you mean by make the phone unuseable?....Also is their some type of way that you can send a hard reset command to the phone (which also delete's files on the Memory Card as well)?

d_preston215 said:
A couple of questions...What do you mean by make the phone unuseable?....Also is their some type of way that you can send a hard reset command to the phone (which also delete's files on the Memory Card as well)?
Click to expand...
Click to collapse
Hi,
The application will blank the screen and therefore unusable. He can't see what's happening on the screen. He is able to receive a call though and answer it via the Keypad. He can receive SMS but he can't see it.
For your feature request, I have thought of that and will add that as well. My thought is like this. Users are able to choose which folders (Phone Memory and Memory Card) they want to be protected so in the event that the phone is stolen, these folders are either automatically deleted or deleted based on trigger via SMS. I've plans to add this feature on the next version after the final version (unless there's not much bug to be fixed which means I have time to add the feature for the final release). For now, my plan is to stabilize and fix minor bugs to make it final before adding the new features.
But not to worry though, I'll definitely add this as I've thought of this as well.
Thanks!!

Is there any way (such as if the phone is recovered) to make the phone re-useable, or is a hard-reset the only solution?

Looks like an awesome app! What a great idea. I'll hold out for someone else to test it on their non GSM phone, but can't wait.
I think the protected folders idea is fantastic, that way a person could make sure all their pictures etc are gone.

mssmison said:
Looks like an awesome app! What a great idea. I'll hold out for someone else to test it on their non GSM phone, but can't wait.
I think the protected folders idea is fantastic, that way a person could make sure all their pictures etc are gone.
Click to expand...
Click to collapse
Thanks!!.
Let me see if I can find an emulator to test this out. Unless someone can point me to a site to download an emulator for CDMA ? Thanks!!

d_preston215 said:
Is there any way (such as if the phone is recovered) to make the phone re-useable, or is a hard-reset the only solution?
Click to expand...
Click to collapse
Hi,
Normally, just insert the correct SIM Card and it will work. But, for example--
Let's say you manage to recover the phone but the SIM Card has already been thrown by the thief.The solution here is to :
1. Send an SMS from your partner phone to the recovered phone with the disableSecurity command. This will disable the security of the phone.
2. Send an SMS from your partner phone a resetPhone command to reboot the phone. This is to apply the disabled changes you've SMS'ed previously.
2. Run SmartProtect and register the SIM Card
3. Enable Security.
Your phone will then be protected with the new SIM Card in-place.
Thanks!!

Updated the software with the following changes :
1. Fix for PIN Mode issue.
2. Use schedule instead of sleeping during interval run, to make the software more responsive to SMS Commands once the protection runs.
Let me know if you need further information or if the update didn't go thru well.
Thanks!!

To survice hardreset, cook your own rom.

Configuring the setting and found some question, possible improvement and suggestion.
Suggest to put a warning message that User to backup their contacts before trying out one of the feature "Delete Contact on SIM Change".
But on SIM change, it will be deleting the changed SIM Contacts, not my SIM's contacts or Phone's memory contacts.
Anyway, I am backing up my contacts now before I click that option.
Suggest to also get the "Owner Information" sent in SMS like IIWPO when the content change so you may know more things about this thief.
My question is, if phone is unusable, how to send SMS? Or you are just locking the voice but not the SMS?
If you go to "Settings->Remove Programs", you see JLG SmartProtect, you can still remove program, make this invisible.
You have SmartProtect in "StartUp" which is needed, but the program should be running is secret invisible mode upon power up and not visible to the thief.

mayo98 said:
Hi,
Normally, just insert the correct SIM Card and it will work. But, for example--
Let's say you manage to recover the phone but the SIM Card has already been thrown by the thief.The solution here is to :
1. Send an SMS from your partner phone to the recovered phone with the disableSecurity command. This will disable the security of the phone.
2. Send an SMS from your partner phone a resetPhone command to reboot the phone. This is to apply the disabled changes you've SMS'ed previously.
2. Run SmartProtect and register the SIM Card
3. Enable Security.
Your phone will then be protected with the new SIM Card in-place.
Thanks!!
Click to expand...
Click to collapse
Or you can register 2 SIM Card. Chances of you losing 2 phones together is slim. Once the phone is back, insert the other SIM Card, it will be ok.
Looking at the feature, it should able to register more than 1 SIM, right?

After Configure, only switching on the Sercurity Mode, with my first SIM, I tried to test by switching to another SIM.
Upon power up with another SIM, the SmartProtect tried to execute from "StartUp" but gives an error message.
Tried getting into SmartProtect from "Program", it gives the same error message.
Putting back the original SIM, able to get into the configurating program.
Is this the correct behaviour?

CWKJ said:
After Configure, only switching on the Sercurity Mode, with my first SIM, I tried to test by switching to another SIM.
Upon power up with another SIM, the SmartProtect tried to execute from "StartUp" but gives an error message.
Tried getting into SmartProtect from "Program", it gives the same error message.
Putting back the original SIM, able to get into the configurating program.
Is this the correct behaviour?
Click to expand...
Click to collapse
Hi,
The first one seems to be an error. Is it an application error ?Can you click on details of the error and show me the screenshot ?
Second one is a correct behaviour. SmartProtect will not get executed until you've inserted the correct SIM Card. This is to protect it from someone else configuring other than you (assuming your phone was lost).
I've released a latest update on the first page. Can you try that one ? I will give you instructions on private on to configure manually first as I'm encountering errors on my post application.
Thanks!!

Call Recording CMDA Sprint

Works for my sprint touch pro.
1) install S2A
http://forum.ppcgeeks.com/showthread.php?t=53600
2) install and follow instructions
http://forum.ppcgeeks.com/showthread.php?t=54856

Cant you just put the phone on speaker and go to programs - voice recorder and record the phone call that way?

I can confirm this is working on my Sprint Touch PRO!
Thanks!!!

pinny said:
Hey, this will not work on CDMA, it's in the wrong forum,
I think the mod's should move it, (or make it work for CDMA?)
Click to expand...
Click to collapse
Thats funny cuz I def just installed it and it's working on my Sprint Touch Pro

Hey, you're right, I think I installed the S2A from smotrs maybe that's why it didn't work,
but now it's good,
(I will edit my previous post, so not to confuse people).

It doesnt work on MightyROM 4.11. Other callers voice is soft.
DOH

TheRealM80 said:
It doesnt work on MightyROM 4.11. Other callers voice is soft.
DOH
Click to expand...
Click to collapse
I second that. Motherflippin. Is there a reg setting missing somewhere, or is it an audio driver issue?

Still doesnt work on MightyROM 4.12 either.
DOH
C'mon people lets figguure dis out.
Thanks
-80

Works with Juggalo's rom perfectly

Yeah its not working on MightROM 4.12 for me either. My voice sounds fine.....incoming caller can barely be heard

It's working on my Sprint Touch Pro, but the incoming voice is very faint. Anyone sort this out yet?
Thanks!

To anyone that have had any success with true, real recording (read: not plain sound bleeding from the speaker to the mike):
Could you please post your results to http://forum.xda-developers.com/showthread.php?t=496303 in order to be able to collect all the working model & ROM & hack combos in a nicely formatted chart / list and not forcing users to read thru 50-60 page-long threads?

mxl180 said:
Works for my sprint touch pro.
1) install S2A
http://forum.ppcgeeks.com/showthread.php?t=53600
2) install and follow instructions
http://forum.ppcgeeks.com/showthread.php?t=54856
Click to expand...
Click to collapse
Is this supposed to work with the Stock ROM from Sprint the way it comes originally? or do we have to have one of the custom ROMs installed?
I tried it on my new Touch PRO and after the step to install the wavedev.dll and soft reset, I get an error saying "voicecmd.exe experienced some error plese restart voicecmd.exe." and after that when making or receiving call the other party can't hear me, nor can I play any audio out of the device.

Detailed instructions for installing ICR for Sprint's Touch Pro w/ manufacture's ROM
SoloStyle said:
It's working on my Sprint Touch Pro, but the incoming voice is very faint. Anyone sort this out yet?
Thanks!
Click to expand...
Click to collapse
SultanH said:
Is this supposed to work with the Stock ROM from Sprint the way it comes originally? or do we have to have one of the custom ROMs installed?
I tried it on my new Touch PRO and after the step to install the wavedev.dll and soft reset, I get an error saying "voicecmd.exe experienced some error plese restart voicecmd.exe." and after that when making or receiving call the other party can't hear me, nor can I play any audio out of the device.
Click to expand...
Click to collapse
Here is what I ended up doing on my Sprint Touch Pro, which has its manufacture's ROM (version 2.01.651.6) and runs on wm6.1, to install ICR successfully:
1) Note: In these steps, you will end up replacing some files in the Window's folder. The consequence is that you will not be able to delete the ICR program entirely once you do the replacements. If you do delete the ICR program partially, you will not be able to re-install it without doing a hard reset.
2) Note: To achieve the file replacements in the wildow's folder, my instructions have file renaming scheme. Others use a program called Total Commander to do it.
3) Go to the Windows' folder (which you will find under Start, Programs, File Explorer, select Device and click "Up" until you are at the highest level, then click on Windows's foler). Click on Menu, and choose "Show all files."
4) In the Windows folder, find and copy the file wavedev.dll to your microSD card. It is important that you obtain a copy of this file before you do anything else if your phone is CDMA such as those for Sprint Touch Pro. According to another post in PPC Geeks forum, GSM phones should not do this step, but it wouldn't be bad to save file in case you want to erase programs and this file is needed.
5) Install Conflipper Slide 2 Answer.cab and do a soft reset (You must change the original S2A to this CDMA S2A or any other CDMA S2A that allows a red light to appear on your screen when you start call recording. None of the original Sprint S2A's will work. This S2A will look the same as the original Sprint one, but it will have the red light capability and thus be compatible with the ICR program). (You may also use Juggalo_X's CDMA S2A, but I did not try it. If you do want to try Juggalo_X's CDMA S2A, be aware that he has a black and white version. The white version is like your original HTC/Sprint version of S2A. I tried his black version, but it would not erase when I wanted to erase it. But that could be from the ICR program that I had installed.)
6) Install InCallRecording_Wavdev DLL.cab and do a soft reset. (There are many versions of ICR CAB, but I was successful with this one. I did not try all the other ones.) After soft resetting, you will get some sort of page pop up saying something like "voicecmd.exe experienced some error please restart voicecmd.exe." Ignore this for now, and be aware that at this time you will not be able to talk on you phone because the ICR program replaced the file wavedev.dll in your Window's folder with its own version of this file, which is not compatible with Sprint's Touch Pro.
7) Extract the two files in ICR_BEEP.zip (ICR_BEEP.wav, ICR_BEEPBEEP.wav) to Windows folder. This purpose of these two files is to stop ICR from beeping during recordings that the ICR program will play every minute or so. In some state's you may legally have to let ICR beep to warn the other person that the call is being recorded. So before replacing these beep files and using ICR, check your local laws for compliance.
8) This step may not be necessay, but I never tried ICR installations without it to find out: Extract voAMRNBEnc.dll file to Windows' folder. (If it does not allow to do it, first extract it to your microSD card and rename to something else like XXXvoAMRNBEnc.dll. Now extract the renamed file to Windows' folder. Find the same file that already exists in Windows folder "voAMRNBENC.dll" and try to rename this file to something else like ZZZvoAMRNBEnc.dll, which you will delete later. Now go to your renamed file (XXXvoAMRNBEnc.dll) and name back to voAMRNBEnc.dll. Soft reset and come back to Windows' folder to delete ZZZvoAMRNBEnc.dll. Soft reset again.)
9) Do not do this step if your phone is GSM: If your phone is CDMA, go to your microSD card and copy the file wavedev.dll, which you had copied to your microSD in step 2. Then, go to the windows' folder and paste it there. The files will come up as "Copy of wavedev.dll," and make sure that you do not change this name (i.e., do not delete "copy of" portion of the name). (Because the ICR program that you installed put its own wavedev.dll file in the Window's folder and eliminates the original one, this step is necessary to restore the original wavedev.dll file that was in your Window's folder.) Now, soft reset, and your phone can should be able to have sound again. Now, the error message following the installation of the ICR CAB mentioned in step 6 should not come up after soft resetting.
10) For Sprint's Touch Pro, the in-call recording requires that you put the call on speaker, but the sound quality is very good. (I don't know whether the conversation is being recoded by the mic from what the phone's loud speaker says or internally by the ICR program. However, when I turned on the speaker and blocked it with my hand, the sound quality of the other person calling did not change.) Additionally, the ICR program only works during phone calls. After the call is connected, click on menu in the call screen, and choose "Start Recording."
Disclaimer: Use my instructions at your own risk. Back up all your data, and be prepared to hard reset your phone if your phone gets missed up in the process.
Good websites for the above derived info:
http://forum.xda-developers.com/showthread.php?t=476316&page=2
http://forum.ppcgeeks.com/showthread.php?t=54856
http://forum.xda-developers.com/showthread.php?p=3489845
http://forum.xda-developers.com/showthread.php?t=474920
Good luck and please post your results plus detailed instructions as I have for other phones like Sprint's Touch pro2. I may buy it once they release the official wm6.5, and I want to be able to use ICR with Sprint Touch Pro2 running on wm6.5. And somebody tell HTC to lighten up and let your U.S. customers have ICR too. Other primitive phones in the U.S. have it, so their legal concerns is blown out of proportions!

Region unlock procedure oppo find x 2 neo Dual Sim

This guide is a copy paste from this thread:
[GUIDE] Switch software region to Upgrade to ColorOS 11 and enable Dual Sim.
I want to write this here so it's all in one place and not scattered around different threads. Apologies for the bad formatting in some parts as this is on of my first contribution. Most of this is copied from this thread: I am adding onto this...
forum.xda-developers.com
For my oppo find x 2 neo it worked.
I remind you that it precedes it and has your danger
I am not responsible for any damage or blockages
DISCLAIMER: Use this at your own discretion. So far, when it works, it doesn't wipe any personal data
and nearly no issues are caused. Still, I am not responsible for bricked devices, broken warranties or lost data.
If you haven't already, enable Developer Options and USB Debugging.
Next, download the Oppo_Free_Unlock_v1.0.zip file from the attachments and extract it somewhere.
Before you run anything, though, there's a little preparation that needs to be done.
Open Device Manager and expand the Network Adapters category.
Find your Ethernet adapter and double click it to open its properties.
Go to the Advanced tab and find the Network Address option in the Property pane.
Under the Value pane, select the radio button next to the text box and paste in the following: 704D7B61ABCD.
If you don't have an Ethernet adapter, try to find another network adapter here that has the Network Address property. It may help to install VirtualBox, since it will add fake Ethernet adapters.
Close the properties window and close Device Manager.
Go to where you extracted the unlock tools. Open Sec5.exe.
Make sure your device is in MTP mode, and then press the Unlock button.
After about a second, a string of numbers and letters should show up in the left pane. A few seconds later, "OK" should start flashing in the right pane. If it says "device not found" or something similar, make sure MTP Mode is activated. Press "Stop unlocking" and close the window.
Open the phone app on your device and dial *#3954391#. Then dial *#391#. A screen should come up with a whole bunch of regions listed. Choose this one: "Singapore Ex". Note: This Version has Theme Store, but no Ringtone Maker. Feel free to try other versions. EDIT: DO NOT CHANGE TO A REGION WITH CARRIER, ESPECIALLY THAILAND AS YOU WON'T BE ABLE TO CHANGE BACK! AT LEAST WHILE ON ANDROID 10. STICK WITH THOSE THAT END IN EX. Once you have done this, it appears that you can always bring up the region menu when dialing the numbers..
Your phone should now reboot. Once it's rebooted, your region will have changed.
Every time you changed region and want to change it again you need to use the software. You can get a code that you can use every time to change the region instead of using this software every time. (Update- one person report that this code(token) wont work for every time as his STAMP code changed.)
For this you need to: Open the dialer app , dial *#9434# ,press authtokendecrypt. You will see a IMEI and STAMP. Open the Sec5.exe and write the IMEI and STAMP shown on your phone in the blank space of the IMEI and STAMP in the software and press Generate a token, you will see a string of numbers and letters, write it on the token blank text box and click authtokendecrypt. Now you will see every text written in green. Now you can follow the steps in the guide but skip the steps that have to do with sec5. The Token that the software gave you is the same code that you need to enter in the *#9434# every time you want to change region so you do not need to use the software ever again.
UPDATE: Currently, it doesn't seem to work anymore for some people. Try installing Loopback network driver ( How to install Loopback) and uninstalling or disabling all other network drivers. If you are afraid of doing this with your own device you can use a Virtual Machine, too. I tried it this way.. Rest of the process is the same, just change the network address in Device Manager the same way as before.
Now that you are on the Pakistan Version, you can also run the device in dual sim mode, which was disabled in EU Mode. Some users have ordered Dual-Sim-trays on AliExpress and are now able to use it in this way. Also this might open up the path to unlock the bootloader, since that is limited to chinese devices only. I have not tried this out yet, though.
In theory, changing your region like this should work on any OPPO device running at least Android Pie (9). It may even work on earlier versions.
NOTE: This will not work for Chinese variants. These codes are filtered and will only work for international variants.

this guide no longer works with the new updates for both x2 pro and neo so let's avoid posting things that are not valid there is already a tutorial

*#3954391# and *#391#not working in color os 11 solution plz