So glad I finally found guys who are doing things and helping people out (thanks to all you administrators, amaamore, rich hathaway, whitey, and all). I have an iPhone 4s from sprint running 5.01 with modem firmware 1.0.13. I jailbroke and put prl using ssh and i'm able to dial cricket. I have patched commcenter with v.backspace.jp from cydia. But then I read (most of this forum) that I need to reset the msl before I ota. It says to "look at the old 4.2.7 or 4.2.6 Bundle from Verizon" and then something about security with scripts to msl and copying into my bundle. Does this mean I should be making my own bundle and adding scripts there?

This msl script from 4.2.7 is supposed to be in the zeppelin_us bundle? Is there a way to extract from 4.2.7 ios ipsw? Chris in other posts said he has bricked a ton of iPhones with simple scripts so I'd be more comfortable to perform the msl actions manually (if that would be safer).

Again, i've read the whole forum into the night and don't see much interest on this topic so if anyone cares to elaborate I'll sincerely appreciate.

ps. when will they have ability to cook roms for iPhones like they do at xda developers?

sprint dialer codes so far, please reply with more if you know and i'll update here

##873283# updates prl
*#06# Display's your IMEI

Latest: rich hathaway is amazing at helping me understand the iPhone, thanks man.

Per amoamare, this is what he says about setting spc to 0s:

_____________
IF YOU HAVE A SPRINT PHONE AND WANT TO RESET THE MSL TO 0'S
Look at the old 4.2.7 or 4.2.6 Bundle from Verizon, you will see at the bottom something about security with the scripts for MSL, COPY THAT AND PASTE IT IN YOUR BUNDLE. After a reboot you will have all 0's for your MSL. YOu can then activate the phone on cricket.

Also you need to increment your bundle version by 1

Passwords are in HEX so cricket would be 637269636B6574
[Only registered and activated users can see links]

I will add more including how to read from CDMWS i0S 5 does not seem to write passwords this way so thats the last thing needs to be figured out is getting the phone to write the password to the nv.
___________

Rich hathaway has provided this script for us. If you read any of his posts, you should be familiar with his warnings about running scripts (I was always thinking of script files but its just keys in the plist file) Use a plist editor instead of notepad because it will warn of some improper placement errors or other scrip errors.

Here's my theory, correct me if wrong please:

jb, install iFile, install commcenter patch using v.backspace.jp/repo

There are 2 bundles on sprint 4s, sprint_ota_us.bundle and sprint_us.bundle. I think they're symlink'd but there are couple more files on the sprint_us (backups???).

get carrier.plist file from sprint_us bundle and open with plist editor ([Only registered and activated users can see links])

Add entries:

<key>Security Grouping</key>
<dict>
<key>Service Programming Code (SPC)</key>
<string>000000</string>
<key>Service Programming Code Change Enabled</key>
<true/>
<key>OTKSL (One-Time Subsidy Lock)</key>
<string>000000</string>
<key>Number of Subsidy Lock/SPC Attempts</key>
<integer>15</integer>
<key>Field Service Code</key>
<string>000000</string>
<key>NAM Programming code</key>
<string>000000</string>
</dict>

Increment bundle version by 1. I think here amoamare means the version.plist BuildVersion (my version is 1.0 so it would be changed to 2.0???)

[Only registered and activated users can see links]

Reboot

I guess only way to tell if spc was changed to 0s is to connect to cdma ws or qpst. Gotta get cdma ws or qpst to read nv with com port posts elsewhere.

Everyone talking about verizon phones this and that but what about sprint, its so much harder because of spc not being 0s from default?

My 4s connects to cricket by putting prl with rich's prl method but i'm not even trying to activate cause i know spc is not 0s...

Peace

Tried it on 4, worked, BUT didn't work in the Sprint 4S!
Why? what changed?

Unfortunately this

<key>Service Programming Code (SPC)</key>
<string>000000</string>

will not set the spc to zeros on the 4S. I have tried every method imaginable from plist files to ipcc injection to commcenter patching, nothing works. Seems like either the command is not valid or they locked out spc changing on the 4S.
The only thing I can think for now is to change the prl and mdn/min through plist files with commcenter patched.
If anyone has some bright ideas please share it.

BillA

this is an explanation i've received from a user here:

akey you entered wont hold , in sprint i4 its associated with meid and will reset to default after reboot. no matters you write it via dialer or via dfs . my buddy has dfs with activated iphone account , we tried to write akey and no luck, it remains the same after phone reboots. you cant have voice and sms without correct akey . Our local ota fails because phone wont accept akey that ota sends to it during programming. thats the problem i found why it dont want ota in our network.

I think some folks here know whats going on - if meid repair is now possible i'm certain spc reset is as well....

just remembered.... courtesy of our main man rich hathaway (sometimes i wonder how this man figures this stuff out....)

the spc address location for the sprint iphone4 is 0x54058. i wont tell you how to read/change it but that is a good start for you just knowing where it is.

I've tried connecting iphone to cdmaws via amoamares diag mode post - was able to read most of the fields except spc, memory, etc and of course writing back didn't work. wasn't able to read with qxdm but its cause prob don't know how to use it....

Also just downloaded PagePlusPRLforSprintPhones.prl - wonder if this prl would make a difference? (trying to get sprint 4s on pp)...