HTC Codes!!!

[Victor]

Anyone to have idea from following:

Why factory codes are different from real unlock codes.


Example:

HTC Desire 310

imei: 351912064140446
factory code: 20164128
real unlock code: 75897934

[dest]

Some carriers change code in phone that comes from factory. Maybe that's why?

[Victor]

Quote:

Originally Posted by dest

Some carriers change code in phone that comes from factory. Maybe that's why?

Yes I know that. And asking if anybody dig in that mathematics.


Here is the question:

- Operator change code? (no logic in this)
- Or Phone come from factory with code and PREPARED LOCK.
- Or phone have automatic mechanism to self change code as HTC ONE S.


Regards: Victor

[Haltec]

Htc phones are branded and simlocked in regional rework ASC's.


Haltec

[102]

Quote:

Originally Posted by Victor

Yes I know that. And asking if anybody dig in that mathematics.


Here is the question:

- Operator change code? (no logic in this)
- Or Phone come from factory with code and PREPARED LOCK.
- Or phone have automatic mechanism to self change code as HTC ONE S.


Regards: Victor

What’s a ‘branded’ phone then?
A branded phone will have your carrier’s logo during boot (usually), and it will also usually have apps which are installed by the carrier and cannot be removed.

Then I think Operator changed this code.

[jodge]

I'v already asked earlier my direct code supporter (local carrirer employee). They don't do anything with the phones. It's a factory business

[ecs87]

Quote:

Originally Posted by 102

What’s a ‘branded’ phone then?
A branded phone will have your carrier’s logo during boot (usually), and it will also usually have apps which are installed by the carrier and cannot be removed.

Then I think Operator changed this code.

The boot logo can be changed easily. The apps can too. These both relate to The AP side of things whereas SIM locks are on the CP/BP side of the phone.

[BesfortShalaTec]

Also victor, I have same question like you, some of htc codes always fail, and replay i get is operator changed codes ! and i also talked directly to my sources inside operator ! they are to bassic on encoding ! they don't change anything, and also i wonder ! how some get complete htc database ! how they taken !
i am glad victor for opening this thread, i am sure we will get an answer. !

[loniryan]

this code writen on ''htc p51'' partition.. near imei area..i can acces it via jtag...it has written by htc ''manufecter'' during first flash in hex format...alsohtc is sharing sim locks and factory codes with operators which buy this models from (High Tech Computers)HTC.

simlock code is NCK CODE

[amitgoody]

factory code unlocks all level access
and real code or carrier code is only one level code

[Victor]

Quote:

Originally Posted by amitgoody

factory code unlocks all level access
and real code or carrier code is only one level code

Not 100% but is similar. Factory codes are as default codes on all levels. And lock is with customized code.

[jodge]

Quote:

Originally Posted by loniryan

this code writen on ''htc p51'' partition.. near imei area..i can acces it via jtag...it has written by htc ''manufecter'' during first flash in hex format...alsohtc is sharing sim locks and factory codes with operators which buy this models from (High Tech Computers)HTC.

simlock code is NCK CODE

not always stored in the p51. Just If the phone QC based (Tegra and MTK not the same at all) just the old desire series...the ONE series using different partition and encoding... etc
The p51 business is just a small part.

The nck-imei-cid are simple plain text. No crc, no any kind protection The simlock area sometimes encoded with AES128 like the desireX Or the desire300 sometimes not like the desire500 and desireC. I belive it's a simple bug. And lot more bugs (I'v seen some interesing things in IDA )

If you have root acces you don't need jtag. In this case you able to dump all partitions.

[loniryan]

İ think i have to learn from you how to dump partition with just root acces and a little commands,

[Victor]

... Another pair!

Code:

GBKey 1.72
Model selected : HTC Desire 310
Power off the phone and insert USB cable now...
Detected : PreLoader USB VCOM Port (COM13)
Waiting response...
Detected : Gadget CDC VCOM Driver (COM29)
Connecting...
Reading info...
IMEI  : 351912063566211
Connecting...
Connected to server Ok
Checking GBKey...
GBKey Ok

Model       : HTC Desire 310
IMEI        : 351912063566211
NW  Lock    : OPEN   Code : 30096139 <<<<<------------ CUSTOMIZED CODE
NS  Lock    : OPEN   Code : 09844488 <<<<<------------ FACTORY CODE
SP  Lock    : OPEN   Code : 09844488
CP  Lock    : OPEN
SIM Lock    : OPEN
Writing info...

Unlocked Ok

[jodge]

yepp as a said the MTK platform totally different

here is a qc platform desire500 p51 screenshot

https://www.dropbox.com/s/ukda4qs442gvmqu/hexa.PNG?dl=0
there is just the provider and the nck nothing more

@loniryan

Code:

adb shell
su
dd if=/dev/block/mmcblk0p7 of=/sdcard/htc.bin