GUIDE: Flash Samsung Galaxy Phones to Sprint, SERO, Boost, or any Sprint MVNO

[mrhunter13]

i bet u 100 no 1000 thats not tru ...u might be missing something ...send me your nam file and ill look at what u have ...because i have a pre-configured nam file that i use for all my boost and sprint flashes ..I use 1 donor to do everything ..aw as far as the lg phones theres a trick to flashing them i bet u if u read the phone and look at the evdo settings in cdma workshop or what ever u using that the data keys did not stick...theres a special way u write the name in to the lg phones....

[AlpineMan]

@mrhunter13, are you ok with sharing your findings here so that those on the same boat can apply your method to get 3G working on S5's and above? Myself, personally, since I'm on Cricket already, I won't be able to use it...but I'm always interested in learning new things.

Thanks.

[F_X]

mrhunter13 it would be deeply appreciated if you may share your knowledge here. As AlpineMan mentioned, it's interesting to learn new things especially for the LG. These were the only devices that gave me a hard time for the keys to stick, honestly never stuck onto the device. I do want to thank you AlpineMan, though I had to learn on my own about brute forcing and using pESN, it is deeply appreciated that you've provided the solution here also to flash onto Boost. Had to do my own digging here and there about a year and a half ago until I got it. Glad to see that you're sharing your knowledge without asking anything but charity donation in return. May you always be blessed for as we give shall we receive. Cheers brother!

[ecs87]

Quote:

Originally Posted by mrhunter13

i bet u 100 no 1000 thats not tru ...u might be missing something ...send me your nam file and ill look at what u have ...because i have a pre-configured nam file that i use for all my boost and sprint flashes ..I use 1 donor to do everything ..aw as far as the lg phones theres a trick to flashing them i bet u if u read the phone and look at the evdo settings in cdma workshop or what ever u using that the data keys did not stick...theres a special way u write the name in to the lg phones....

The nam section is only used for talk and text. Theres a section for data in the NAM section there that im 100% sure no one is touching unless they want to force 2g connection only. Have you tried activating 2-3 phones using the same donor info while that donor is also on an active account and using data simultaneously for over 10-15 minutes?

[AlpineMan]

We appreciate you sharing @mrhunter13!

On a Sprint Galaxy S3 w/ stock Sprint 4.1.3 ROM, you're able to read keys easily. So this is a good phone to pull keys from. I believe the steps below is what needs to be done to get consistent 3G working on flashed Sprint S5's and above.

1. Acquire the brute forced MEID from your S5, S6, etc. via DFS.
2. I'm just going to assume here that you've successfully activated this MEID on Boost.
3. Flash this MEID on the S3 (or another donor that you're able to read keys from). Don't worry about the 32 character AAA key of your S5, S6'etc. (not sure on this one yet). You should know what steps are involved here. If not, see post #1.
4. Reboot the phone.
5. Connect to WiFi. Do an update profile on the S3 or run the Sprint Zone app and activate the S3.
6. If successful, you should be able to read Profile 1 username and AAA key from the S3 using your favorite flashing tool. DFS, QPST, etc.
7. Flash this Profile 1 username and AAA key to your S5, S6, etc.
8. Don't touch your S5, S6's, etc's Profile 0.

If my understanding is right, this should get you 3G w/o using a donor. Well...technically you used a donor to pull the keys.

On a side note...when you flash an S3 and you forget to backup NV Item 1192, it's funny that you can recover the original value by simply putting the original MEID back on the phone and doing a ##786# reset. This tells me that the original NV Item 1192 is stored somewhere, or perhaps even more intriguing...it may be a calculated value. If it's a calculated value, this means you can put ANY MEID on your S3, do a ##786# reset, and you're able to generate and read NV Item 1192 that's associated with ANY MEID. Again, this is only readable on Android 4.1.3 or below on the Sprint S3.

Unfortunately, I do not have edit privileges of my older posts. This means it may be a little harder to piece things together as we discover errors here and there or new things to streamline any steps.

[ecs87]

Quote:

Originally Posted by AlpineMan

We appreciate you sharing @mrhunter13!

On a Sprint Galaxy S3 w/ stock Sprint 4.1.3 ROM, you're able to read keys easily. So this is a good phone to pull keys from. I believe the steps below is what needs to be done to get consistent 3G working on flashed Sprint S5's and above.

1. Acquire the brute forced MEID from your S5, S6, etc. via DFS.
2. I'm just going to assume here that you've successfully activated this MEID on Boost.
3. Flash this MEID on the S3 (or another donor that you're able to read keys from). Don't worry about the 32 character AAA key of your S5, S6'etc. (not sure on this one yet). You should know what steps are involved here. If not, see post #1.
4. Reboot the phone.
5. Connect to WiFi. Do an update profile on the S3 or run the Sprint Zone app and activate the S3.
6. If successful, you should be able to read Profile 1 username and AAA key from the S3 using your favorite flashing tool. DFS, QPST, etc.
7. Flash this Profile 1 username and AAA key to your S5, S6, etc.
8. Don't touch your S5, S6's, etc's Profile 0.

If my understanding is right, this should get you 3G w/o using a donor. Well...technically you used a donor to pull the keys.

On a side note...when you flash an S3 and you forget to backup NV Item 1192, it's funny that you can recover the original value by simply putting the original MEID back on the phone and doing a ##786# reset. This tells me that the original NV Item 1192 is stored somewhere, or perhaps even more intriguing...it may be a calculated value. If it's a calculated value, this means you can put ANY MEID on your S3, do a ##786# reset, and you're able to generate and read NV Item 1192 that's associated with ANY MEID. Again, this is only readable on Android 4.1.3 or below on the Sprint S3.

Unfortunately, I do not have edit privileges of my older posts. This means it may be a little harder to piece things together as we discover errors here and there or new things to streamline any steps.

I think you meant to say 4.1.2

You can get a S3 higher than 4.1.2 but then youre adb logcatting the keys out of the phone.

You cant generate 32 character keys by changing the MEID and doing a RTN. Itll give you the wrong one. I assume its calculated based on HWID (and other variables; not just MEID). It will however restore the ORIGINAL 32 character password.

And as far as i know the MEID in the HDR AN long and Profile 0 settings have to be active. Most phones being flashed are blacklisted meaning their MEIDs cannot be active. Therefore if the original MEID is kept in thise settings and the rest of the phone is flashed, itll show 3G, but itll only be on 1xRTT. You need an ACTIVE MEID attached to the HDR AN long and Profile 0 settings to get EVDO Rev.A

[AlpineMan]

Oops... 4.1.2.

Are you able to read NVITEM 1192 on the S5, S6, etc? If so, perhaps flash this on the S3 to generate Profile 1 via Update Profile?

[mrhunter13]

Quote:

Originally Posted by ecs87

Im not ignoring you, youre kinda skipping over my questions...i know everything that you previously posted. I dont disagree with it other than reusing the same HDR AN long username and password (same for profile 0). Profile 1 is updated OTA. Every time an account change is processed under that MEID the AAA password changes. Im not concerned about profile 1, its not supposed to be cloned to multiple phones that are active on the same network anyway. By the way the data section isnt part of the NAM section. CDMA workshop may have it labeled completely wrong. I use DFS.

Either way, Im not talking about the NAM or profile 1. Im talking about profile 0 and HDR AN long. The two most misunderstood flashing settings. Are you cloning the same HDR AN long and Profile 0 settings to more than one phone? Thats the original question. I already know how to flash them, thanks to you. What i doubt is that an ACTIVE HDR AN long and Profile 0 setting can be used on more than one active phone at once without data cutting out.

u killing me because u and alpineman have me the ideal on how it worked a few months ago i asked u how to get 3g or at least 1x on the s5 u said u can try to write the nam profiles from an old phone like he sanyo and then update the profile on the phone ....so u gave me the ideal there but with the s5 u can not just update the profile because the phone will pull the wrong information since u are not changng the meid so thats u find a phone that u can pull the profile 1 information then just mix together the profiles together ...so thats how u can reuse a hdr long ...come on think!!! lol I was not a sprint flasher until i started dealing with the s5

[ecs87]

If you're able to update the profile using the same MEID (the Sprint one) then the phone is still active on Sprint. EVDO Rev.A will work...until that account is no longer in service then you will drop down to 1xRTT. The MEID in the HDR AN long and Profile 0 usernames ([email protected]) NEED to be active for you to get EVDO Rev.A or else you'll just get 1xRTT.

Also....

Quote:

Have you tried activating 2-3 phones using the same donor info while that donor is also on an active account and using data simultaneously for over 10-15 minutes?

And by "same donor info" I don't mean the NAM or Profile 1; these two things change between any CDMA phone (or at least SHOULD change). I'm strictly speaking about HDR AN long and Profile 0.

[mrhunter13]

Quote:

Originally Posted by ecs87

If you're able to update the profile using the same MEID (the Sprint one) then the phone is still active on Sprint. EVDO Rev.A will work...until that account is no longer in service then you will drop down to 1xRTT. The MEID in the HDR AN long and Profile 0 usernames ([email protected]) NEED to be active for you to get EVDO Rev.A or else you'll just get 1xRTT.

Also....


And by "same donor info" I don't mean the NAM or Profile 1; these two things change between any CDMA phone (or at least SHOULD change). I'm strictly speaking about HDR AN long and Profile 0.

i just showed alpineman on teamviewer ..i think u would have to see what i have and see what doing for u to understand

[AlpineMan]

From what @mrhunter13 showed me, post #21 is accurate (except for Android 4.1.3...needs to be 4.1.2) and has all the steps needed to get a unique Profile 1 to get 3G working.

It is the same idea that Pageplus flashers use to get keys OTA.

[mrhunter13]

its like 1 or 2 things u have to do extra but yes u can figure it out ....now

[ecs87]

Quote:

Originally Posted by AlpineMan

From what @mrhunter13 showed me, post #21 is accurate (except for Android 4.1.3...needs to be 4.1.2) and has all the steps needed to get a unique Profile 1 to get 3G working.

It is the same idea that Pageplus flashers use to get keys OTA.

Have you looked in the settings to confirm EVDO REV.A? Sprint phones dont have a 1x icon and will display a 3G icon regardless of 1xRTT or EVDO REV.A.

[mrhunter13]

he has not tried it yet...its 3g all day evdo rev a b

[AlpineMan]

Unfortunately, no way for me to try at this time. I have no Sprint phones to play with.