hey all.i have problem with my htc tornado.so i triyed to update rom,and i have "data crashes" when sim card inserted.so what i must to do with my phone?i tried to use any unlockers for that and any ROM's,but it still data crashes.
so what should i do with that?
Here is your answer
As gutek85 already pointed to my post, let me add that your problem has nothing to do with ROM upgrades. ROM upgrades (aka "flashing") have different parts you usually do not touch (Splash-Screen, Radio + Low-Level-loaders: IPL and SPL) and those that you want to change (OS - aka "Windows Version").
None of those are touching the "encrypted block".
When getting a device from anyone, always check if the device can work with your SIM Card. If you get the "data crashes" message - see the post referenced. If you get a message about entering an unlock code then your device is SIM locked.
The Lokiwiz tooling can remedy this problem and (if applied correctly and with care) supply you a SIM unlocked and CID unlocked device.
i was bought this phone and unlock it with code one year ago..
i think its need some soft operation
The diagnosis is 100% sure. If you have the message "data crashes..." when inserting your SIM and trying to get Radio contact, then your encrypted block IS corrupted. If everything was ok after you unlocked the device, why did you bother to do something more to that? What went wrong? I never had problems with lokiwiz - enough written about it in my kitchen post.
Please mind that to my knowledge all tools dealing with unlocking (lokiwiz or wizardunlock, which does not work on my Tornados) are reading the whole encrypted block (just 64k), modify something inside (either remove CID lock or remove SIM Lock - some even claim to change the IMEI) and then write back the whole block. So if anything goes wrong to the things these tools are writing in the encrypted block, your only way to get back is to restore the original block. If you do not have it any longer - you are lost if on your own. You can play around for hours or days (and fail) or pay 10GBP to the imei-check.uk guys and you are done - your choice.
Luckily you can still use the device as a WinMo music player or alike - just GSM Radio will not work as long as your encrypted block is broken.
i can pay 10 GBP...they send me block's or they send me code only?
look it up here: http://imei-check.co.uk/c600_unlock.php
C600 is one of the many Tornado variants - it will work for you as well.
Is it posible to write backuped encrypted block from another Tornado phone?
It could be a solution for people like kviaff...
No it does not work - you can try (if you backup the original to restore later). It seems that the IMEI (read with *#06#) is taken from another (hidden?) place and it must match the one stored in the encrypted block.
This is why the "data crashes..." message appears! The IMEI do not match. I had received such a wrong written Tornado board (from AlainL - we had a thread about this here in the forum, in my kitchen thread I believe) and it could successfully be recovered with the imei-check.uk method (paying them, of course).
Mind that the lokiwiz will not take care of existing lock-backup.bin files in its directory. The next call to any option will overwrite the previous. It could be safeguarded in the batchfile (for those who are batch wizards), but you can rename this yourself before calling the next option.
What if I change my imei (with Wizard Service Tool) to imei of the phone with corrupted encrypted block and then create backup? Maybe it can help fix problem...
Well you are the only one that has reported that the Wizard Service Tool works on the Tornado - and only with the 6.5 ROM from SGregory.
I don't know what actually these tools are doing in detail to the devices - and time as well as effort to investigate on this is not worth it if you just shell out 10 GBP to have it working again.
You would also first need to find out which kind of corruption the encrypted block actually has. It could well be that a non-matching IMEI is just one of many reasons to issue this "data crashes..." message (it was for me - as reported).
You should know (you do, I think) that changing the IMEI is illegal and you must obviously obey the rules how an IMEI is constructed. So why bother with all this?
kviaff must discuss what he did to the device with the guys at imei-check.uk and ask them if their procedure will recover it. We can only guess here as he did not tell how that happened to his device yet.
I know, that imei changing is illegal, but in situations of service it's legal. Similar to Windows Mobile modifications (you know it, I think) But back to the cost of reconstructing, 10 GBP is enough money to fix it by myself. In Poland i can buy SPV C600 for equivalent 15-20 GBP (in good condition) so it's uneconmic
I have one reserve C600 so I'll experimented with it (I'll make a backup copy of course) So wish me luck and of course will inform you of the results
By searching for something else I found this blog and finally also this XDA thread. I have not checked the tool yet (maybe will never do) - but in case anyone dares?!
Possibly the data-crashes goes away if everything is re-constructed in the encrypted block for a new IMEI (or the original one)? Should have found it in January this year when I payed IMEI-CHECK.UK the bucks to recover a Tornado board.
I'll try it and write if it works with "Data craches..." problem
tobbbie said:
Well you are the only one that has reported that the Wizard Service Tool works on the Tornado - and only with the 6.5 ROM from SGregory.
I don't know what actually these tools are doing in detail to the devices - and time as well as effort to investigate on this is not worth it if you just shell out 10 GBP to have it working again.
You would also first need to find out which kind of corruption the encrypted block actually has. It could well be that a non-matching IMEI is just one of many reasons to issue this "data crashes..." message (it was for me - as reported).
You should know (you do, I think) that changing the IMEI is illegal and you must obviously obey the rules how an IMEI is constructed. So why bother with all this?
kviaff must discuss what he did to the device with the guys at imei-check.uk and ask them if their procedure will recover it. We can only guess here as he did not tell how that happened to his device yet.
Click to expand...
Click to collapse
I can vouch for the fact that Wizard Service Tool works on Tornado. I had Super CID unlocked my mob using some other method and then while doing some random stuff, had changed the IMEI to something like 000..123..90 or something just for fun's sake. Then a few months later, India passed a law which made phones with invalid IMEI useless. So, I had to use some software to recover my IMEI from a memory block, forgot which one I used ( I had erased the IMEI off from the surface below battery due to another freakish accident ) Then I used WST to restore my earlier IMEI.
Most probably you have loaded the WM65 ROM from Gregory - there it works and the "data crashes" message is suppressed (by the ROM). The corrupted block would not work with any other ROM and the WST would not work with any other as well.
At least these are the conclusions from gutek85 so far.
Mind that the WST is not the IMEI changer for the wizard!
It's posible to read original IMEI from (original) CID block with WST.
CID Action => Read CID block
Ok, finally I tried the IMEI change Wizard on one of my spare Tornados. Result is:
it works in changing the IMEI, if the device was ok before the change then there is still no "data crashes" after the change
it should NOT work in getting rid of the "data crashes" message because obviously the encrypted block is not linked to the IMEI of the device but to a HW characteristic of the device itself.
If I remember right (when searching for a solution for my old "data crashes" PBA) the encrypted block is linked to the Disc-On-Chip-ID which is HW unique per DOC in each device. It cannot be linked to the IMEI because otherwise a change of the IMEI would have created the data-crashes message. I have checked if the encrypted block is changed by the IMEI Update Wizard - and it is not. It is still possible that the "encrypted block" is extending beyond the 64k that lokiwiz is backing up.
So it is a nice tool to play with but has no real purpose for those who are legal owners of their devices. There is plenty of information regarding the consequences of changing the IMEI (legal and technical), so let me pick the simplest: If you change your device type (the first 6 digits) then the network may treat your device in a wrong way and you could experience strange behavior of e.g. MMS or configuration messages.
If you pick the IMEI of an existing (and connected) device you may bring the legal owner in problems - not only yourself.
For the curious:
In the scope of changing the IMEI the tool reads (and decrypts?) a block of 16k. It saves it temporarily in its program directory under "pdocread.dat"
after change (before write back) it holds the changed data there as well. For the Tornado you see that the IMEI is stored at offset x'300C safeguarded by some checksum at x'3008.
Mind: "IMEI Change Wizard" is NOT the "Wizard Service Tool (WST)"
I also finally succeeded to make the WST run with a stock WM5 Tornado. You have to manually add one policy setting:
HKEY_LOCAL_MACHINE\Security\Policies\Policies
add there a DWORD "0000101a" and set it to the value "1". This is what the "Cert_SPCS.cab" does but this will run only on PPC devices and not on a smartphone. Not sure though which of the operations from the WST will actually work on the Tornado and which will kill the device in one or the other way.
Good job
So there is still no way to fix Encrypted Block for free... Maybe someone could crack IMEICheck tool for avoid keyfile or make keyfile generator I tryed, but haven't enough knowledge...
Related
Hi guys.
Try to decide which to get between these two. It looks quite similar in what they do? Which one would you prefer? Don't matter the cost..they're just worth paying for. Which is better for non rooted phone?
anyone at all?
Never heard of the 2nd one but I am looking for a replacement for wavesecure
The only difference i can see between cerberus and TA is that cerberus can take photo. Apart from that, anything else guys?
Theft Aware saved my phone, Cerberus... hmmphh
[UPDATE] Tested "in the field"
Yesterday night I came to a friend's party and couldn't find my phone, so first thing I tried to dial it and see where I forgot it- went to check the car, but the phone wasn't there. The strange thing was that I was directed immediately to the voicemail, as if my phone was powered off..
Then I noticed my wife's phone has got an sms from Theft Aware, that the sim was replaced with a new number (including the new number). I called the new number, and got no answer but was able (via sms command) to get the phone's location, then I sent an sms to the new owner that I'd like to have the phone back and a number where I can be reached, then locked the phone.
At the same time I tried to operate similar thing with cerberus via their android client which is easy to operate. Nothing happened.
I tried again to call the new owner- he answered- told him I've got his phone number, location and photo (this was a bluff because cerberus did not work). The new owner was so surprised that he immediately offered to bring it back, which he did. I got my phone back after barely 30 minutes.
When the phone was back I checked my mailbox, and noticed that I got a mail from cerberus:
IP address: 109.64.199.59
An unauthorized SIM card has been inserted into your device.
Number: null
Network
Operator: 42502 ()
Subscriber ID: null
SIM card
Operator: ()
Serial: null
This is an automated message, please do not reply.
Nothing really useful...
Cerberus app did take a photograph, though, but it showed my own face back at home- the photo was taken only AFTER I have entered my unlock pattern, so it was no real use.
So, when really needed Theft Aware vs. cerberus: 1-0.
Nowadays Theft Aware is free, bundled with Avast! antivirus and some other bla bla (which can be manually uninstalled), so I just can't see no reason whatsoever why not install this useful program. Within minutes, all Android phone owners in the party started looking for Avast's TA and iphoners started looking for something similar for their own kind
You can probably disregard all the BS I wrote before (below), but whatever...
[OLD][BS]
TA is only sms-based. Perhaps they are working on some web-interface but not sure where it stands (beta stage?).
With Cerberus it is possible to send commands from their website and from a small applet/client (e.g. you can install it in a friend's phone) that is very useful if you don't have a computer nearby. Cerberus can also trigger the cameras, record audio, splash a message+speech in full screen ("Hey, thief! Bring it back") etc. Cool, perhaps also useful.
TA can be installed as system app, and with a name of your choosing to add further "security".
Cerberus installs as user app, but it is possible to download from their website a zip file that can be flashed as system app (or installed via ROM Manager) but not sure how many users are aware of this option. Anyway, it will still show as "cerberus" in lots of places, so it cannot be considered as stealthy as TA.
Both have many disadvantages- if the thief has access to the phone (some people don't use any pin/pattern lock, eh???) then he can deactivate TA or Cerberus from the list of device administrators and in a few seconds rendering both of them useless.
Both won't survive the flashing of a new rom, but I doubt that most "casual thieves" will go away to flash a rom in a stolen phone.
Some other sms applications using notification may override TA. That's what happens with GO SMS, for example- GO SMS will display the sms with code and everything, and TA won't work at all. There are workarounds, but it is an annoyance.
Major disadvantage of TA is the same code used to enter the application is also the one used in SMS commands! The dev is well aware of this issue but thinks it is too much for a user to remember two different codes (one for entering app, second to confirm sms commands). Thus, a thief can just get the sim out of your stolen and put it in any other phone. Then, when you start sending sms with commands to your stolen phone, you'll be actually providing the thief with your unlocking code... Next he turns on the stolen phone (with whatever sim- original or one of his choice), unlock it with the code you've just sent him by sms.. It's THAT easy. I am not sure how cerberus will act, in a similar case.
Hi guys,
Long story short: My phone lost its developers lock and I can no longer unlock it again without having to hard reset my phone (this will restore the portal urls in the registry).
My issue is I have sms's dating back to when i got the phone (htc hd7) at launch and I really dont want to loose these. It's not an option for me to loose them.
What I need to know is if there is any way of backing this sms data up without it being developer unlocked? The reason why I cant unlock it is because I removed the Portal url info in the phones registry prior to me going legit with a developers account and I forgot to change it back. This is now preventing the phone from checking that I have a legitimate developers account.
Any help appreciated.
Do you have a backup of the phone (Zune restore point) from when you were unlocked? You can restore that, and you'll be unlocked again and still have all the SMS you've received prior to taking that backup. Not perfect, but it should work...
Odd that an official dev-unlock (via AppHub) doesn't work. My phone has the PortalURL values wiped (to prevent it from continuously resetting my interop-unlock) but the Windows Phone Developer Registration tool can still access my phone and sees it as currently being unlocked. Maybe it's becuase I first unlocked with the official unlock, then applied "keep unlocked" (the Portal reg values) and interop-unlock?
That said, to use any of the SMS backup tools you'll need at least an interop-unlock as well, and if your firmware version is too recent that's not currently possible. Even if you previously had WP7 Root Tools installed, you wouldn't be able to run it.
Hi all, i am hoping for some assistance in decoding/working out where the SIM lock is held in the radio of my Japanese Sharp 005SH (Android 2.3.4, Snapdragon processor). Putting another carriers sim just shows a USIM-MEP screen, and no possibility of entering an unlock code like many other Android phones.
The Japanese hacking community have managed to get full root, unlock the NAND and also a secondary Miyabi LSM lock, but they are unwilling to discuss removing the SIM lock (somewhat taboo here or something)
However on repeated requests, they have written a kernel which allows me to get a dump of the raw data in the radio NAND chip, and given me the hint that using QualcommDumpAnalyser, it should be able to be found. "Qualcomm NAND programming isnt particularly unique or difficult, so if you know how that works, you should be able to work it out"
Unfortunately i dont.
I have the dump of the radio (a 100mb img file), and QualcommDumpAnalyser, but not sure where to go from there. Opening the dump file in a hex editor doesnt give any obvious clues - no mention of LOCK, USIM, MCC/MNC, or even my IMEI.
Is there someone who can give me some clues on how to proceed from here? I can supply the radio dump if required
Hi!. I am the same guy from the Howard Forums . I think you should upload it anyways. Maybe some expert sees this, decides to download it just to check it out, and it ends up being a piece of cake for him/her to modify
Is there any progress on this? I have a 003SH and am tired of CPR constantly.
Relocated from email discussion:
Hey, great tool[editorial: I think in reference to: http://code.google.com/p/cdmaworkshoptool/ ]. Would it be possible for me to get a copy of the most recent build? I'm looking into some things on the galaxy s3 because we lose the min and phone number on non-stock roms. -C
to C:
Most recent build is .2 which is public.. What exactly do you mean by lose? As in they must be reprogrammed after.a rom is flashed? Does the, normal version of dev term you have downloaded fail to write the number back?
3:39 PM (2 hours ago)
to me
It's a temporary problem with cm10. Development has been slow. It's lost on the first reboot and then mms doesn't work. In android, under status about it lists "My Phone Number" as unknown and Min as unknown. Just trying to see if I can write them while the OS is booted.
to C:
To write a mdn and min typically you would connect to the phone in diagnostic mode.. Send mode offline. Send spc. Then simply write mdn and min from the nam part of the interface.. There are typically three nv items which dev term writes for mdn, and min. Then, mode reset will reset and you can confirm if this wrote the nv item..
Did that answer any questions?
to C:
Having never tested a galaxy s iii I'm not sure if devterm should work... There is alot of chatter online about a program called ets, you might look.for that if devterm doesn't work. Please let me know if you are able to successfully write on the galaxy siii.
to me
We are able to write to it with qpst. I actually got the numbers back, but I'm not sure how. Now Im in the process of seeing if I can figure out how to replicate it. What is supposed to happen when you put it into reset mode? It doesn't work for me after that.
to C:
After mode reset the radio of the phone will literally reset.. Some phones this will actually turn off and on the whole phone.. Some will just show no.service temporarily... After mode reset.cdmadevterm will disconnect.from phone.. There are alot of variables, but typically if.qpst could write the phone devterm should also be able.. The mdn and min are really quite simply three nv items, I suspect the subsystem that normally stores this information is being overwritten or formatted by cyanogen...
if you have ever used cdma worksop or qxdm the mode offline and mode reset is functionally the.same..
to me
Thank you so much for going back and forth with me on this. I really appreciate it. The only major difference I noticed between an nv dump on stock and cm is that cm has a lock code for some reason. What is this ETS software you're referring to? CDMA workshop is a bit too expensive unfortunately.
Although I am not totally familiar with the tool it is linked on XDA in another section:
http://forum.xda-developers.com/showthread.php?t=1696621
I wonder if this might have something to do with the chipset not being qualcomm? On the other hand if you said it worked with qpst maybe they are somehow compatible?
The VIA tool probably won't work since we do have a qualcomm chipset. I still have not figured out how i managed to get it to work once but it came up with the unlock sim message I put in the code for my phone that I Found in nvram and then I tried the spc and a few other things and eventually hit dismiss. It said that it could not connect or something to that effect. Then I checked and it had my phone number as 000-000-xxxx which xxx was that unlock code. Then I restarted and I had the number again. I'm wondering if I somehow got the phone to let go of how its storing the phone number.
Hm. If it is qualcomm I would think that cdmaDevTerm should work... this is how one would normally write the mdn and min with devterm:
http://www.chromableedstudios.com/techninjutsu/howtowritemdnminwithcdmadevterm
Perhaps if this doesn't work you could include the response to the NV write from the LogQ tab to help understand the behavior? Maybe the rom is activating a different Nam profile or something?(I'm not sure if I even have a spot on the UI for that in devterm but a log might help understand)
(for logging purposes you may want to trying writing a fake phone number for privacy)
I guess my question also is: are you trying to figure out why the rom does this? or just a good way to fix it when it does?
I've been wondering lately, is there any solution to make a lost/stolen phone really unusable even after flashing etc?
Yes i know a couple method about google dashboard or google email verification, but as a flashing junkies, i look at that method is easily crackable.
I've been wondering too, is there any tech to make the phone unusable via IMEI blocking (user requested)? Unusable means like maybe the phone will no longer getting SIM services even after switching to any SIM cards -or- better if it still locks the phone and showing user editable lockscreen info - both even after flashing/changing email (since IMEI will still intact even after flashing unless you format the EFS which will resut in blank IMEI = no SIM services).
Then the phone manufacture support it by making an imposible (or hardly possible) IMEI changes, it can do via software or dedicated IMEI chip hardware.
The point i'm trying to make is if there is a tech like that, it will surely making a higher chance of someone retruning an accidentaly found phone and wishing for a reward afterward rather than having a thought of flashing it then re-use/sell it. The cost of making a locked lost/stolen phone usable again should be high enough that people wont bother to do it.
Well i believe i'm not searching enough to found the answer, but i guess there isn't yet exist any techonlogy to make a lost/stolen phone barely/fully unusable even after changes via software/hardware. It's been almost 10 years since android cames up,
I think we should push this to google/phone manufacture.
It's just my opinion, let me hear what is your thought.
And i'm wishing too somebody get inspired and take an action (since i'm just a lazy guy)
PS: sorry if there is a grammar mistake.
Can do nothing with IMEI there are many easy ways to change IMEI number of android device ???