Dex
01-31-2010, 02:02 AM
This was originally posted on MF by tonycortes i copied it and its pasted below hope it helps
I've updated my guide, enjoy, larger ranges (takes a few more seconds to read, but higher success rate):
1) Install QXDM (2.08 Release Recommended)
2) Install Blackberry Desktop Manager (Should create two RIM Virtual Ports on PC)
3) Run Blackberry Desktop Manager the entire time (Device should show connected)
4) Using UniCDMA or CDMA WORKSHOP read MSL/SPC from the following:
Sprint BB MSL/SPC are usually located here: 0x10700000-0x10720000
Blackberry 8130 Pearl
Address: 0x106C0000 Length: 1703936
Address: 0x10130000 Length: 500000
Blackberry 8330 Curve
Address: 0x10700000 Length: 1703936
Blackberry 8703e
Address: 0x10050000 Length: 1703936
Blackberry 8800
Address: 0x10630000 Length: 1703936
Blackberry 8830 WE
Address: 0x10600000 Length: 500000
5) With WinHex (or equivalent HEX Editor) search for 6-digit code in the memory dump by using the GATHER TEXT feature in the SPECIALIST menu. Use this tool to filter out unnecessary characters. I recommend setting the GATHER TEXT feature to 6 succession, only numbers and have Unicode characters tolerated.
6) Once you obtain the SPC/MSL, exit UniCDMA and run QXDM.
7) Configure QPST (globe in system tray) and QXDM to the correct ports, phone must show detected.
8) Using QXDM (ensure VIEW is set to COMMAND OUTPUT) type the following commands:
a) mode offline-d
Turns radio off and sets to service mode. Check phone radio is off.
b) spc "******"
Replace asteriks with the 6 digit code. Output should read successful.
c) pr_list_wr 0 "C:\prl_1039.prl"
If needed change file path to location of PRL. Output should read successful.
d) nv_write sec_code {"000000"}
Optional: use this command to change code to zeros or another 6 digits.
e) mode reset
Reboots phone to reset mode.
9) Finally, through the phone type #4357* (#HELP*) to verify the PRL write.
10) To access NAM Programming, dial ##6digitMSL and press SEND
NOTE: If your PRL reverts (Sprint) back to original, you will need to disable NAM_LOCK and change the REGISTRATION ID to 2004 or your local HOME SID.
QXDM NAM Lock Disable:
a) nv_read nam_lock (should read enabled, which we'll change in the next command)
b) nv_write nam_lock 0 0 (disables)
For the Registration ID, you can change it via three common methods: UniPST, QXDM, or within the phone.
UniPST Reg ID
Use the RIM 7250c DLL and change the REGISTRATION ID and ID LIST to 2004 or your HOME SID
QXDM Reg ID
These commands will change ID to 2004, you can change the HEX values to modify it to your HOME SID
2.x Series:
mode offline-d
spc "000000"
nv_write_item 11055 0xD4 0x07
nv_write_item 11089 0x01 0xD4 0x07
mode reset
3.x Series:
mode offline-d
spc "000000"
requestnvitemidwrite 11055 0xD4 0x07
requestnvitemidwrite 11089 0x01 0xD4 0x07
mode reset
Within Phone Reg ID
Dial ##6digitMSL and press SEND
Show menu, select Edit REG ID
Enter your desired REG ID and remove all other entries
Save changes
additional notes: try to credit those who help. the 2004 reg id tip is due to another member, portax
I've updated my guide, enjoy, larger ranges (takes a few more seconds to read, but higher success rate):
1) Install QXDM (2.08 Release Recommended)
2) Install Blackberry Desktop Manager (Should create two RIM Virtual Ports on PC)
3) Run Blackberry Desktop Manager the entire time (Device should show connected)
4) Using UniCDMA or CDMA WORKSHOP read MSL/SPC from the following:
Sprint BB MSL/SPC are usually located here: 0x10700000-0x10720000
Blackberry 8130 Pearl
Address: 0x106C0000 Length: 1703936
Address: 0x10130000 Length: 500000
Blackberry 8330 Curve
Address: 0x10700000 Length: 1703936
Blackberry 8703e
Address: 0x10050000 Length: 1703936
Blackberry 8800
Address: 0x10630000 Length: 1703936
Blackberry 8830 WE
Address: 0x10600000 Length: 500000
5) With WinHex (or equivalent HEX Editor) search for 6-digit code in the memory dump by using the GATHER TEXT feature in the SPECIALIST menu. Use this tool to filter out unnecessary characters. I recommend setting the GATHER TEXT feature to 6 succession, only numbers and have Unicode characters tolerated.
6) Once you obtain the SPC/MSL, exit UniCDMA and run QXDM.
7) Configure QPST (globe in system tray) and QXDM to the correct ports, phone must show detected.
8) Using QXDM (ensure VIEW is set to COMMAND OUTPUT) type the following commands:
a) mode offline-d
Turns radio off and sets to service mode. Check phone radio is off.
b) spc "******"
Replace asteriks with the 6 digit code. Output should read successful.
c) pr_list_wr 0 "C:\prl_1039.prl"
If needed change file path to location of PRL. Output should read successful.
d) nv_write sec_code {"000000"}
Optional: use this command to change code to zeros or another 6 digits.
e) mode reset
Reboots phone to reset mode.
9) Finally, through the phone type #4357* (#HELP*) to verify the PRL write.
10) To access NAM Programming, dial ##6digitMSL and press SEND
NOTE: If your PRL reverts (Sprint) back to original, you will need to disable NAM_LOCK and change the REGISTRATION ID to 2004 or your local HOME SID.
QXDM NAM Lock Disable:
a) nv_read nam_lock (should read enabled, which we'll change in the next command)
b) nv_write nam_lock 0 0 (disables)
For the Registration ID, you can change it via three common methods: UniPST, QXDM, or within the phone.
UniPST Reg ID
Use the RIM 7250c DLL and change the REGISTRATION ID and ID LIST to 2004 or your HOME SID
QXDM Reg ID
These commands will change ID to 2004, you can change the HEX values to modify it to your HOME SID
2.x Series:
mode offline-d
spc "000000"
nv_write_item 11055 0xD4 0x07
nv_write_item 11089 0x01 0xD4 0x07
mode reset
3.x Series:
mode offline-d
spc "000000"
requestnvitemidwrite 11055 0xD4 0x07
requestnvitemidwrite 11089 0x01 0xD4 0x07
mode reset
Within Phone Reg ID
Dial ##6digitMSL and press SEND
Show menu, select Edit REG ID
Enter your desired REG ID and remove all other entries
Save changes
additional notes: try to credit those who help. the 2004 reg id tip is due to another member, portax