help unlocking mogul spc/msl code
 

Has anyone tried unlocking their Mogul? I tried Bitpim to search the nvm files with no luck.any help would be appreciated

I have 2 Sprint Moguls that I want to put on the market and maybe flash to Cricket. But their not like the ppc & xv 6700, the nvm folder is empty. Anyone else working on this?

have u tried qpst?

what drivers are u using to get bitpim to recognize the phone?

QPST requires spc code to access filesystem. And the 6700 drivers work, just ##3424# for diag. mode

trying to locate the esn file also. no luck looks like they've hidden everything

Try to use CDMA-Workshop Latest software from CDMA-Ware.com

and Use Qualcomm Mode for diagnostic mode and then try Different method to read SPC.

You may get Success by this way.

See the CDMA-Workshop Latest Release there you can read SPC / MSL using Different Methods

http://www.cdma-ware.com/pic/spec/workshop_5.gif

how do you get cdma workshop to work. i cant get it to recognize my phone

Using CDMA Workshop when I click Read under SPC It tells me

"Phone ask for SPC. SPC (6 Digits) is required.

what settings are you using

I used the 6700 drivers and under device manager in windows it said qualcomm serial port com4.. so i set it to com 4 and hit connectm than read and it got all the other info, ESN, phone, NAM etc...

MBaran: how did you get your computer to recognize the Mogul by using the 6700 drivers? i tried it and i couldnt. Did you rename the sys files to qxmdmxp.sys? I tried the demo version and it was not able to read my mogul. Im using Win XP 32 bit, whats yours?

im using vista32 with the std drivers that i think come with the pam software.

i will attach them as i think they are okay to post?

even with that driver, the SPC code cant be read. Best option i recommend for you is to connect it to sprint for 1 day and cancel the account, as that's what i did. Once you activate the MSL will be given to you by the rep.

I know.. I just wish I had written it down when I first activated my phone...

if you still using sprint, just call tech or activations department to get it from them. they will give it to you right away.

we'er looking in the wrong place, no nv_sercurity file where there spc code was in the 6700's. here's my nv folder minus my esn (i zero'd it out) but feel free to look :evil3: also the new rom update contains programs that will change the spc, need someone to reverse the code, i tried to disassemble and debug but need help :cussing:

p.s you need qpst v215 to view nv file

the file that i beleive need to be recoded are the rapitool & ppst patch. anyone else have any ideas?

There is a cab file which gets installed into Mogul and that Cab file have 2 file

1. PPSt_Keygen.dll
2. WriteDMData.exe

means WriteDM is Writting the SPC with Help of PPSt_keygen.dll

here PPST_Keygen must be Calculating some Logic on ESN and should be Producing the Exact ESN which was Company were Provided, here We can learn the Logic of Sprint that How they Calculate SPC on ESN.

Hello Dissassembler please Crack PPST_Keygen.dll so it only return 000000 value to Exe which it calls so we can means we can set 000000 to Phone

Or Make any Program which can Call this Dll and and Generate SPC as per the Phones ESN???????????

hpnasik i thought you were a programer, lol.....but i see were on the same page. I tried to Dissassemble & debug with pe explorer and debuggy with no luck, but i think you said exactly what needs to be done!

Have you tried to dump the exports on PPST_Keygen.dll?
dumpbin /exports PPST_Keygen.dll or link /dump /exports PPST_Keygen.dll

i opened the PPST_keygen.dll with a hex viewer and i found GetSPC, i think this means it reads the current spc and then writes it back. thats just what i think it is. some one with another ppc phone sprint compatible install this cab and if spc is changed, it has the logic for the SPC Calculator.

how to dump/export .dll?

we need some programers from xda developers on this

dumpbin /exports PPST_Keygen.dll > exports.txt

or

link /dump /exports PPST_Keygen.dll > exports.txt

Then just post the text file

I'll take a look when I get home.. though I have to admit.. I'll need to read up on the whole SPC ESN thing as I am not sure what I would be looking to do with the function even if i got it working.

the spc code allows you to access the built-in pst(phone support tool) then u can unlock the phone to different carrier

can this bult in pst software modify the esn on the phone to?

Here ya go... all the functions...

Dump of file PPST_KeyGen.dll

File Type: DLL

Section contains the following exports for PPST_KeyGen.dll

00000000 characteristics
45E52608 time date stamp Wed Feb 28 00:49:44 2007
0.00 version
1 ordinal base
18 number of functions
18 number of names

ordinal hint RVA name

1 0 0000317C GetAAASSD
2 1 000036C0 GetAKEY
3 2 00002468 GetAOC
4 3 00003AA4 GetCheckSUM
5 4 00003174 GetHASSD
6 5 00002B84 GetHDRANPASS
7 6 00002AEC GetHDRANUID
8 7 000024FC GetIMSIS
9 8 00002460 GetMDN
10 9 0000316C GetMIPDUN
11 A 000030C8 GetNAI
12 B 000027F0 GetOTKSL
13 C 00002ADC GetPPPUMPASS
14 D 00002AD4 GetPPPUMUID
15 E 00002AE4 GetSIPDUN
16 F 0000250C GetSPC
17 10 00002504 GetTIMSIS
18 11 00002440 TestFunction

Summary

1000 .data
1000 .pdata
1000 .rdata
1000 .reloc
3000 .text

Imports System.Runtime.InteropServices

Public Class mySPC
<Runtime.InteropServices.DllImport("PPST_Keygen.dl l", EntryPoint:="GetSPC")> Public Shared Function GetSPC1(ByVal src As Double) As Long
' Leave function empty - DLLImport attribute forwards calls to GetSPC to

Private Sub btnGetSPC_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnGetSPC.Click
txtSPC.Text = "FAILED"
txtSPC.Text = GetSPC1(5407309929)
End Sub
End Class



I have Created this Program and tried to Import the the Dll and run getSPC Function but Getting Error




http://hptrade.com/download/ppc6700/...Capture001.JPG

http://hptrade.com/download/ppc6700/...Capture003.JPG

http://hptrade.com/download/ppc6700/...Capture004.JPG

WOW \:D/ Your on the right track!!!! what software created that ?

is that .net? were can I get it?

excellent progress, you have any ideas about the errors

I am assuming "5407309929" is your phone number? Have you tried it with your msl code? Or as GetSPC() without any parameters? Or, I know there is a lot of "ors", they could be returning the value of the SPC as parameter and an error code from the return.

without paying a crapload of money.. go for visual studio express...

thnx vinny. are you having any luck? what else if anything is needed to make some more progress, I have a mogul at our disposal

Nothing !!!

The Post have been Deleted

check the patch ppst file. i believe it involved in the proccess also

I've looked at the code for GetSPC and it looks like it takes 2 parameters, not just one. The function starts like this So, there is another parameter that is needed, I'm going too look at the rest of the files today if I have enough time. Maybe I can figure out what those parameters are.

Also, I'm new to the CDMA scene, I'm from IDEN originally. Is there a good faq or text available to learn of what all these codes/acronyms are used for?

EDIT: Parameter 1 looks to be a structure, where the first dword is a pointer to a string of '1234', and the second dword is NOT 0.