Modem Unloker Free For All - GSM-Forum

Souhail · 03-05-2010, 16:43

Modem Unloker Free For All

List Models :

[Huawei]

E156
E155
E1550
E1552
E156G
E160
E160G
E161
E166
E169
E169G
E170
E172
E176
E1762
E180
E182E
E196
E226
E270
E271
E272
E510
E612
E618
E620
E630
E630+
E660
E660A
E800
E870
E880
EG162
E880
EG162
EG162G
EG602
EG602G

[Vodafone]

K2540
K3515
K3520
K3565
K3520
K3565

B,r Souhail_gsm

B,r Maverick_lp28

mouradsamsung · 03-05-2010, 17:09

Quote:

Originally Posted by Souhail

Modem Unloker Free For All

List Models :

[Huawei]

E156
E155
E1550
E1552
E156G
E160
E160G
E161
E166
E169
E169G
E170
E172
E176
E1762
E180
E182E
E196
E226
E270
E271
E272
E510
E612
E618
E620
E630
E630+
E660
E660A
E800
E870
E880
EG162
E880
EG162
EG162G
EG602
EG602G

[Vodafone]

K2540
K3515
K3520
K3565
K3520
K3565

B,r Souhail_gsm

B,r Maverick_lp28

wht's about source code ??????,,,,

sweunlockers · 03-05-2010, 19:00

it's not protected so why dont obtain the source code self?

sergeymkl · 03-05-2010, 20:11

also uses "hwe620datacard" / "e630upgrade" constant, like all others...

but anyone reversing this would see would not do the extra work.

its clear, that these constants are non need. execution time and code size
can be shortened if you directly use the always constant results.

maybe its not important on modern PCs, but in small MCUs this is very important.

The only needed constants are:
unsigned char cs_unlock[] = "5E8DD316726B0335";
unsigned char cs_flash[] = "97B7BC6BE525AB44";

maverick_lp28 · 03-05-2010, 21:23

Quote:

Originally Posted by sergeymkl

also uses "hwe620datacard" / "e630upgrade" constant, like all others...

but anyone reversing this would see would not do the extra work.

its clear, that these constants are non need. execution time and code size
can be shortened if you directly use the always constant results.

maybe its not important on modern PCs, but in small MCUs this is very important.

The only needed constants are:
unsigned char cs_unlock[] = "5E8DD316726B0335";
unsigned char cs_flash[] = "97B7BC6BE525AB44";

join me in sonork

adamsquall · 03-05-2010, 21:27

very big thanks for this mate.....

arcos.teami · 03-06-2010, 23:16

souhail where do you find it ?
i know only 1 person use this mod!!!!

sergeymkl · 03-07-2010, 02:01

here's how the unneeded constants are derived:
MD5 ("hwe620datacard") = a32fe72c5e8dd316726b0335d5513ba0
MD5 ("e630upgrade") = aa91cee297b7bc6be525ab44cdc63be0

murlidhar · 03-07-2010, 04:12

Quote:

Originally Posted by Souhail

Modem Unloker Free For All

List Models :

[Huawei]

E156
E155
E1550
E1552
E156G
E160
E160G
E161
E166
E169
E169G
E170
E172
E176
E1762
E180
E182E
E196
E226
E270
E271
E272
E510
E612
E618
E620
E630
E630+
E660
E660A
E800
E870
E880
EG162
E880
EG162
EG162G
EG602
EG602G

[Vodafone]

K2540
K3515
K3520
K3565
K3520
K3565

B,r Souhail_gsm

B,r Maverick_lp28

tankxxxxxxxxxxxxx verryyyyyyyyyyy much

**TestBox2** · 03-07-2010, 05:14

Quote:

Originally Posted by sergeymkl

also uses "hwe620datacard" / "e630upgrade" constant, like all others...

This two constant take it from Oroginal Huawei Update tools .

so also : "hwe620datacard" / "e630upgrade" Use for verification acccess to upgradefirmware ordashboard.

also checking working is FW ID Modem not = Update Tool FW ID.

also possible disable this procedure of verification by Replace WF ID on Update too with value as in Modem FW ID.

And you can upgrade wf w/o insert flash code .

Step2:

If you want to make Ur KeyGen of Flashing code = you can replace hash password on Execute Firmware Upgrader 'e630upgrade';

As replace value 'e630upgrade' to 'e999upgrade' and you get FW Upgrade Tool with different hash password who need different value for calculate ittem.

B.R. TestBox2 team.

**TestBox2** · 03-07-2010, 05:18

Step3:

Getting Unknown value for bruteforce needed hash password by reversing IMEI + NCK to Hash Password.

This methode you can use for found needed value for calculate validate codes.

B.R. TestBox2 team

sergeymkl · 03-07-2010, 05:25

@Dorian:
I already know algo from v4mpire reversing, see here:
http://bb5.at/huawei.php?imei=123456789012347

some more infos for YUMERA:

now he has almost all he need to know algo...
but i can't ruin the challenge totally

VM_Hacker · 03-07-2010, 13:24

Quote:

Originally Posted by TestBox2

Step3:

Getting Unknown value for bruteforce needed hash password by reversing IMEI + NCK to Hash Password.

This methode you can use for found needed value for calculate validate codes.

B.R. TestBox2 team

Thanks! Now, i got the Hash Password the first and last 8 digits need to discard?

sergeymkl · 03-07-2010, 13:28

Nothing needs to be bruteforced...
What is "Hash password" are you all talking about?

VM_Hacker · 03-07-2010, 13:39

Quote:

Originally Posted by sergeymkl

Nothing needs to be bruteforced...
What is "Hash password" are you all talking about?

as what he said in step 3 IMEI + const HASH = HASH Password

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
KULANKENDI Ver 2.70 All modems totally free for KKBox/Dongle users	gsminfo	Kulankendi Box / Dongle	6	03-09-2010 21:08
02.03.2010 New FW and SW for modems added free for all Kulankendi Users !	gsminfo	Kulankendi Box / Dongle	2	03-07-2010 21:36
KULANKENDI Ver 2.70 All modems totally free for KKBox/Dongle users	gsminfo	Service Products News & Updates	0	03-04-2010 16:41
panasonic gd 87 new unloker free 4 all vist	sunnyc	Panasonic	15	04-19-2004 09:46

03-05-2010, 19:00	#3 (permalink)
sweunlockers Freak Poster Join Date: May 2009 Location: Sweden Posts: 208 Member: 1039343 Status: Offline Sonork: Dont have sonork Thanks Meter: 54	it's not protected so why dont obtain the source code self?

03-05-2010, 20:11	#4 (permalink)
sergeymkl Freak Poster Join Date: Jun 2009 Location: !!!! AWAY FROM BOARD, STUDY !! Posts: 363 Member: 1055354 Status: Offline Thanks Meter: 252	also uses "hwe620datacard" / "e630upgrade" constant, like all others... but anyone reversing this would see would not do the extra work. its clear, that these constants are non need. execution time and code size can be shortened if you directly use the always constant results. maybe its not important on modern PCs, but in small MCUs this is very important. The only needed constants are: unsigned char cs_unlock[] = "5E8DD316726B0335"; unsigned char cs_flash[] = "97B7BC6BE525AB44";

03-05-2010, 21:27	#6 (permalink)
adamsquall Freak Poster Join Date: May 2008 Location: philippines Age: 45 Posts: 235 Member: 771806 Status: Offline Thanks Meter: 51	very big thanks for this mate.....

03-06-2010, 23:16	#7 (permalink)
arcos.teami Registered User Join Date: Apr 2005 Age: 46 Posts: 74 Member: 136427 Status: Offline Thanks Meter: 15	souhail where do you find it ? i know only 1 person use this mod!!!!

03-07-2010, 02:01	#8 (permalink)
sergeymkl Freak Poster Join Date: Jun 2009 Location: !!!! AWAY FROM BOARD, STUDY !! Posts: 363 Member: 1055354 Status: Offline Thanks Meter: 252	here's how the unneeded constants are derived: MD5 ("hwe620datacard") = a32fe72c5e8dd316726b0335d5513ba0 MD5 ("e630upgrade") = aa91cee297b7bc6be525ab44cdc63be0

03-07-2010, 05:18	#11 (permalink)
TestBox2 Product Manager Join Date: May 2008 Location: Ukraine Age: 45 Posts: 3,234 Member: 772096 Status: Offline Sonork: 100.69222 Thanks Meter: 8,277	Step3: Getting Unknown value for bruteforce needed hash password by reversing IMEI + NCK to Hash Password. This methode you can use for found needed value for calculate validate codes. B.R. TestBox2 team

03-07-2010, 05:25	#12 (permalink)
sergeymkl Freak Poster Join Date: Jun 2009 Location: !!!! AWAY FROM BOARD, STUDY !! Posts: 363 Member: 1055354 Status: Offline Thanks Meter: 252	@Dorian: I already know algo from v4mpire reversing, see here: http://bb5.at/huawei.php?imei=123456789012347 some more infos for YUMERA: now he has almost all he need to know algo... but i can't ruin the challenge totally

03-07-2010, 13:28	#14 (permalink)
sergeymkl Freak Poster Join Date: Jun 2009 Location: !!!! AWAY FROM BOARD, STUDY !! Posts: 363 Member: 1055354 Status: Offline Thanks Meter: 252	Nothing needs to be bruteforced... What is "Hash password" are you all talking about?