T-Mobile / Metro PCS unlock app MOD - Page 2 - GSM-Forum

bolaloka · 09-04-2017, 15:35

Quote:

Originally Posted by iamimei

I already done for s7 tmobile app. but only work for s7. I already know the flow chart of the tmobile app for s7

So you managed to unlock s7? If so could you share how you did it? I can't seem to decompile the app to java and recompile because somethings get corrupt.

nitagro · 01-27-2018, 15:12

Bump....this method needs to be figured out. Since 2015, it is surprising no one has been able to find a way to crack the unlock app.

drpav · 02-04-2018, 05:11

I have a T-Mo LG V20 and struggling for last 2 months to get it unlocked. 3rd party unlocking price is more than the phone itself. Can somebody help??

chlakh11787 · 02-05-2018, 01:58

Me toi i have LG T-Mobile v 20 needed unlock

Zoilus · 02-13-2018, 02:12

I don't know if somebody tried this before....but Since the device app checks the imei, is it possible to put a good imei of an unlocked phone, into another phone, try to unlock it using device app, if it becomes permanently unlocked, can you then change the imei again? and will the phone stay unlocked?

Digitpress · 12-20-2018, 21:28

Pretty much was described here: https://forum.xda-developers.com/v20...nlock-t3821051
here are some updated about the device algo:

Device send 2 requests to t-mobile server
1. First request includes IMEI (signed by certificate)
2 Second request includes IMSI

if change imei by using any MITM tools it wont work as this will brake the signature. I used Frida to inject new imei into the unlock app request on the fly.
____
/ _ | Frida 12.1.1 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at http://www.frida.re/docs/home/
Spawned `com.tmobile.simlock`. Resuming main thread!
[Samsung SM-G386T::com.tmobile.simlock]-> hook start...
Called - deviceID()
3528290656XXXXX

and the reply is "Server not responding. Please try again later"

The send request to server send IMSI only. And I am able to hook it using Frida. But this wont work as the unlock eligibility results or device flags got during the 1st server request.

ace2957 · 12-21-2018, 01:01

Can you pm me so we can talk more about this topic please?

stendro · 10-23-2021, 23:57

Here is the tmo v20 h918 unlock app that was linked in post #11 If I understand this google mess correctly this new link should work. gdrive /file/d/0B5Lqys5p5m_YWDJ3S3hJeHY0d28/view?usp=sharing&resourcekey=0-UU0gjP75hMWlj2CbLAqW3g can't post proper links... but you should figure it out easily enough

01-27-2018, 15:12	#17 (permalink)
nitagro Freak Poster Join Date: Nov 2011 Posts: 116 Member: 1691165 Status: Offline Thanks Meter: 5	Bump....this method needs to be figured out. Since 2015, it is surprising no one has been able to find a way to crack the unlock app.

02-04-2018, 05:11	#18 (permalink)
drpav Junior Member Join Date: Jun 2013 Posts: 1 Member: 1962646 Status: Offline Sonork: drpavno1 Thanks Meter: 0	I have a T-Mo LG V20 and struggling for last 2 months to get it unlocked. 3rd party unlocking price is more than the phone itself. Can somebody help??

02-05-2018, 01:58	#19 (permalink)
chlakh11787 Freak Poster Join Date: Oct 2006 Location: Basel Age: 43 Posts: 446 Member: 378892 Status: Offline Thanks Meter: 51	Me toi i have LG T-Mobile v 20 needed unlock

02-13-2018, 02:12	#20 (permalink)
Zoilus Major Poster Join Date: Nov 2015 Posts: 40 Member: 2487860 Status: Offline Thanks Meter: 1	I don't know if somebody tried this before....but Since the device app checks the imei, is it possible to put a good imei of an unlocked phone, into another phone, try to unlock it using device app, if it becomes permanently unlocked, can you then change the imei again? and will the phone stay unlocked?

12-20-2018, 21:28	#21 (permalink)
Digitpress Junior Member Join Date: Aug 2012 Location: New York, NY, USA Posts: 24 Member: 1801276 Status: Offline Sonork: 100.1647654 Thanks Meter: 7	Pretty much was described here: https://forum.xda-developers.com/v20...nlock-t3821051 here are some updated about the device algo: Device send 2 requests to t-mobile server 1. First request includes IMEI (signed by certificate) 2 Second request includes IMSI if change imei by using any MITM tools it wont work as this will brake the signature. I used Frida to inject new imei into the unlock app request on the fly. ____ / _ \| Frida 12.1.1 - A world-class dynamic instrumentation toolkit \| (_\| \| > _ \| Commands: /_/ \|_\| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at http://www.frida.re/docs/home/ Spawned `com.tmobile.simlock`. Resuming main thread! [Samsung SM-G386T::com.tmobile.simlock]-> hook start... Called - deviceID() 3528290656XXXXX and the reply is "Server not responding. Please try again later" The send request to server send IMSI only. And I am able to hook it using Frida. But this wont work as the unlock eligibility results or device flags got during the 1st server request.

12-21-2018, 01:01	#22 (permalink)
ace2957 Junior Member Join Date: Dec 2015 Posts: 25 Member: 2503830 Status: Offline Thanks Meter: 11	Can you pm me so we can talk more about this topic please?

10-23-2021, 23:57	#23 (permalink)
stendro Junior Member Join Date: Dec 2020 Location: Norway Posts: 1 Member: 2974557 Status: Offline Thanks Meter: 0	Here is the tmo v20 h918 unlock app that was linked in post #11 If I understand this google mess correctly this new link should work. gdrive /file/d/0B5Lqys5p5m_YWDJ3S3hJeHY0d28/view?usp=sharing&resourcekey=0-UU0gjP75hMWlj2CbLAqW3g can't post proper links... but you should figure it out easily enough