Display IMEI + PIN blackberry - GSM-Forum

Lombard · 07-21-2012, 20:11

Helllo all hope your having a good weekend. Can someone help me please and tell me how to decode the IMEI info I read from a 9300 phone today.

For example I can read in the buffer on my USB sniffer MEP MFI all the service data in normal text however I search for my IMEI or PIN in raw text and also in hex but I can find it. How is this encoded ? I want to download and display?

I am assuming these bytes are the first few of my IMEI

F8 32 04 C1 69 95 AE CB D8 F

Thanks

chelm · 07-24-2012, 23:58

I would imagine the imei isnt available if you cant see it with all the other info in the buffer. Are you sure this is being read? Did you convert the hex to dec?

Lombard · 07-25-2012, 00:06

Thanks for the reply it must be there as I am using the read IMEI and getting the reply just dont know how to output its as 123451234512345 for example.

After much studing I did notice the pin is returned backwards so I did manage to read that for example my pin 2f ca ba can be found ba ca 2f. However this is hex anyway so not hard to find just needed reversing.

Just the imei left as the problem. Anyone?

COVVA · 07-25-2012, 22:24

I think:

1. Searh jtags pinous to qcom (Jtagfinder)
2. enable jtag with short test point
3. Read dump you can use orttag riffbox etc--
4. Use debugger.. ida pro olly etc---

-------------------------------------------------------------------
I post tomarrow jtag pinouts..

Ypu can analize reversing loader no rtas--- you know..

imei+pin security are in cefs and efs only read efs no crypted ando boom--

-----------------------------------------------------------------------

Option 2:

Desolde samsung ic flash in blackberrys and read info

chelm · 07-26-2012, 02:26

Covva sounds interesting I wait for that as well but I think the OP is asking how to convert the bytes recieved from commands send over a USB channel though like example

Send read imei command
GET Hex answer = F8 32 04 C1 69 95 AE CB D8 he want to display imei i.e 350151254512365

COVVA · 07-29-2012, 17:34

Mr Chelm how are you sniffering blackberry ports ?????

Lombard · 08-05-2012, 13:43

Hello covva this was my post sorry for the delay i have been away. The issue is simply this I am opening calsoft channel sending the read IMEI command.

This returns the bytes i ok which I can see on my USB sniffer. However I just cant seem to convert the bytes returned to display the imei number.

For example

Open calsoft
send read imei command
use readfile to get buffer

Now this is where i am stuck tried converting to decimal or long dec still no luck.

printf("IMEI = %d",buffer)

printf("IMEI = %04x",buffer)

I seen delphi examples in this forum but doesnt seem to be poss for good old C.

code-R · 08-09-2012, 20:07

read imei on blackberry from snip, just hexdec.
maybe you wrong get buffer data.
can you post send/rec all from snip?

<::GSM PunJabi::> · 08-14-2012, 03:19

Anybody have the pin outs???

07-21-2012, 20:11	#1 (permalink)
Lombard Insane Poster Join Date: Jun 2004 Location: Glasgow Age: 43 Posts: 82 Member: 69993 Status: Offline Thanks Meter: 4	Display IMEI + PIN blackberry Helllo all hope your having a good weekend. Can someone help me please and tell me how to decode the IMEI info I read from a 9300 phone today. For example I can read in the buffer on my USB sniffer MEP MFI all the service data in normal text however I search for my IMEI or PIN in raw text and also in hex but I can find it. How is this encoded ? I want to download and display? I am assuming these bytes are the first few of my IMEI F8 32 04 C1 69 95 AE CB D8 F Thanks

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Working IMEI changed phone?	Barjo	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	2	03-01-2015 11:49
what prog changes imei on 6110 and how do i do it?	Ravetrancer	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	3	07-31-2012 20:09
Nokia 51xx/61xx imei changer ver. 1.10??????	Ravetrancer	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	8	04-06-2012 16:22
6110 imei changer !!!!!!	Ravetrancer	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	5	11-21-2011 01:44

07-24-2012, 23:58	#2 (permalink)
chelm Junior Member Join Date: Jul 2012 Posts: 5 Member: 1789190 Status: Offline Thanks Meter: 0	I would imagine the imei isnt available if you cant see it with all the other info in the buffer. Are you sure this is being read? Did you convert the hex to dec?

07-25-2012, 00:06	#3 (permalink)
Lombard Insane Poster Join Date: Jun 2004 Location: Glasgow Age: 43 Posts: 82 Member: 69993 Status: Offline Thanks Meter: 4	Thanks for the reply it must be there as I am using the read IMEI and getting the reply just dont know how to output its as 123451234512345 for example. After much studing I did notice the pin is returned backwards so I did manage to read that for example my pin 2f ca ba can be found ba ca 2f. However this is hex anyway so not hard to find just needed reversing. Just the imei left as the problem. Anyone?

07-25-2012, 22:24	#4 (permalink)
COVVA Cheater -Don't Deal with him- Join Date: May 2005 Location: Colombia Posts: 660 Member: 142645 Status: Offline Sonork: 100.1604204 Thanks Meter: 239	I think: 1. Searh jtags pinous to qcom (Jtagfinder) 2. enable jtag with short test point 3. Read dump you can use orttag riffbox etc-- 4. Use debugger.. ida pro olly etc--- ------------------------------------------------------------------- I post tomarrow jtag pinouts.. Ypu can analize reversing loader no rtas--- you know.. imei+pin security are in cefs and efs only read efs no crypted ando boom-- ----------------------------------------------------------------------- Option 2: Desolde samsung ic flash in blackberrys and read info

07-26-2012, 02:26	#5 (permalink)
chelm Junior Member Join Date: Jul 2012 Posts: 5 Member: 1789190 Status: Offline Thanks Meter: 0	Covva sounds interesting I wait for that as well but I think the OP is asking how to convert the bytes recieved from commands send over a USB channel though like example Send read imei command GET Hex answer = F8 32 04 C1 69 95 AE CB D8 he want to display imei i.e 350151254512365

07-29-2012, 17:34	#6 (permalink)
COVVA Cheater -Don't Deal with him- Join Date: May 2005 Location: Colombia Posts: 660 Member: 142645 Status: Offline Sonork: 100.1604204 Thanks Meter: 239	Mr Chelm how are you sniffering blackberry ports ?????

08-05-2012, 13:43	#7 (permalink)
Lombard Insane Poster Join Date: Jun 2004 Location: Glasgow Age: 43 Posts: 82 Member: 69993 Status: Offline Thanks Meter: 4	Hello covva this was my post sorry for the delay i have been away. The issue is simply this I am opening calsoft channel sending the read IMEI command. This returns the bytes i ok which I can see on my USB sniffer. However I just cant seem to convert the bytes returned to display the imei number. For example Open calsoft send read imei command use readfile to get buffer Now this is where i am stuck tried converting to decimal or long dec still no luck. printf("IMEI = %d",buffer) printf("IMEI = %04x",buffer) I seen delphi examples in this forum but doesnt seem to be poss for good old C.

08-09-2012, 20:07	#8 (permalink)
code-R Major Poster Join Date: Mar 2009 Location: FixDigital.Net Posts: 43 Member: 1001189 Status: Offline Sonork: 100.1619784 Thanks Meter: 21	read imei on blackberry from snip, just hexdec. maybe you wrong get buffer data. can you post send/rec all from snip?

08-14-2012, 03:19	#9 (permalink)
<::GSM PunJabi::> Freak Poster Join Date: Sep 2011 Location: Hacking in Motion (HIM) Posts: 333 Member: 1664146 Status: Offline Sonork: 100.1611754 Thanks Meter: 68	Anybody have the pin outs???