How to fix C35 IMEI with ZeeSiemensG3

[TriMesh]

Yes, you can fix the IMEI with a program that you probably already have - you will also need a debugger, and some ability to use it. I used the integrated debugger in Visual Studio 6.

1) Start ZeeSiemensG3 - press any key<br />2) Start Visual Studio<br />3) Select "attach to process" and select ZeeSeimens as the process to attach to.<br />4) Select "break" from the debug menu<br />5) Hit F10 until you reach the point where the program is checking the response string from the phone (look for the "rep cmp" instruction).<br />6) Put a breakpoint on the next ret instruction, and hit F5<br />7) Plug the phone in - the program should break.<br />8) Hit F10 until the output window displays the "IMEI: xxxxxxxxxx" line.<br />9) Just before the call just executed, there are two push &lt;address&gt; lines - bring the address pointed to by the first one up in a memory browser window<br />10) In this window, you should see the IMEI in ASCII - just replace it with the new one<br />11) Hit F5<br />12) Done. Your IMEI is fixed.

On my machine, the addresses are as follows:

End of look for phone routine: 0x402b30<br />Instruction after printf call for IMEI: 0x401abb<br />Data area holding IMEI: 0x40db18

Although these will probably change, the differences between them should not.

Pete

<FONT COLOR="#ffff00" SIZE="1">[ 19 December 2001 10:44: Message edited by: TriMesh ]</font>

[DeJe]

[quote]Originally posted by TriMesh:<br /><strong>Yes, you can fix the IMEI with a program that you probably already have - you will also need a debugger, and some ability to use it. I used the integrated debugger in Visual Studio 6.

1) Start ZeeSiemensG3 - press any key<br />2) Start Visual Studio<br />3) Select "attach to process" and select ZeeSeimens as the process to attach to.<br />4) Select "break" from the debug menu<br />5) Hit F10 until you reach the point where the program is checking the response string from the phone (look for the "rep cmp" instruction).<br />6) Put a breakpoint on the next ret instruction, and hit F5<br />7) Plug the phone in - the program should break.<br />8) Hit F10 until the output window displays the "IMEI: xxxxxxxxxx" line.<br />9) Just before the call just executed, there are two push &lt;address&gt; lines - bring the address pointed to by the first one up in a memory browser window<br />10) In this window, you should see the IMEI in ASCII - just replace it with the new one<br />11) Hit F5<br />12) Done. Your IMEI is fixed.

On my machine, the addresses are as follows:

End of look for phone routine: 0x402b30<br />Instruction after printf call for IMEI: 0x401abb<br />Data area holding IMEI: 0x40db18

Although these will probably change, the differences between them should not.

Pete</strong><hr></blockquote>

Hi Trimesh, would you like inform to me, where I get the Visual Studio 6, I want to test your way

thanks

[TriMesh]

I would imagine that you can get Visual Studio from most warez sites, although probably described as "MS Visual C++" - I can't tell you for sure, since I brought my copy in a shop (what was I thinking) <img src="smile.gif" border="0">

Having said that, any debugger that can attach to a running process should be OK, although the F10 step and F5 run commands will almost certainly be different. I just used what I had to hand.

[OrbiTel]

Hi man,

*** work a tri and say wenn is working !

OrbiTel

[TriMesh]

Typical, following up to my own posts <img src="smile.gif" border="0">

After a bit more experimenting, it looks like the load addresses are always the same (on Win95/98 machines, anyway). As a result, all you need to do is set a breakpoint at 0x401abb, and then edit the data at 0x40db18. If the data area doesn't contain the original IMEI at the point the BP is hit, then something went wrong <img src="frown.gif" border="0">

[Lead]

Good work, TriMesh!

[Keni]

Hi guys!

The VS6 download here: <a href="ftp://ftp.cs.virginia.edu/pub/msvc++/" target="_blank">ftp://ftp.cs.virginia.edu/pub/msvc++/</a>

Regards Keni

[brainman]

Interesting solution! Very good work TriMesh!

[questman]

I don't have Visual Studio 6. Can i use Visual Studio 5 ?

[rr]

Hi All!<br />Tested .Working!!!<br />WBR.

[s3nt4]

I try to debug, but my phone M35 got dead.<br />Is this way only for C35 ?<br />Anyone tested except C35 ?

[TriMesh]

I've only tried it with a C35i (I don't have any other Siemens phones available) - but I would assume that it would work with any of the phones that ZeeSiemensG3 supports.

This may be a stupid question, but did you type the new IMEI into the ASCII part of the memory display window? If you type it in in hex, you will kill the phone for sure. All I can suggest is that you try and recover the phone using the repair option in Zeimens 1.22, and then try again.

If this doesn't work, then you'll have to use a log/map approach. Sorry, I can't help you there, but there are several people who can.

Pete

[erogsm]

Hi TriMesh!<br />Please could you tell me what does it mean you functional F5 and F10, because I used other Borland C++ debugger<br />Thanks in advance<br />Is F5-RUN<br />F10- Stepbystep, or I'm wrong<br />P.S. Software for C35 and M35 is the total same, and If somebody try this solution with C35 and if works that means must also with M35 too<br />Regards

[TriMesh]

Yes, F5 is run, and F10 is step (strictly, step over, since it treats calls as a single instruction, rather than following the execution flow).

Thanks for the information about the M35 - I suspected that they were very similar or identical, but wasn't sure.

Incidentally, the requirement for the debugger is only temporary - I'm in the process of disassembling the code that does the calculations, and once it's back into 'C' I will write a standalone IMEI changer based on it.

At the moment, it's writing the IMEI/IMEI+PhoneID bits correctly, but generating junk for the locks and phonecode - It's just a case of tracing through the code and finding out where it went wrong :-)

Pete

<FONT COLOR="#ffff00" SIZE="1">[ 22 December 2001 13:37: Message edited by: TriMesh ]</font>

[ken]

Hi TriMesh, you mean I should not try your way now it still has some ploblems ?