As I said before to reset the SPC "MSL" of the iPhone 4 or 4's you need to edit the "carrier.pri" file and change this part of the file. *BACKUP* *BACKUP* *BACKUP*
From
[Only registered and activated users can see links]
To
[Only registered and activated users can see links]

Here is the text version.
<key>Security Grouping</key>
<dict>
<key>Field Service Code</key>
<string>000000</string>
<key>NAM Programming code</key>
<string>000000</string>
<key>Number of Subsidy Lock/SPC Attempts</key>
<integer>15</integer>
<key>OTKSL (One-Time Subsidy Lock)</key>
<string>000000</string>
<key>Service Programming Code (SPC)</key>
<string>000000</string>
<key>Service Programming Code Change Enabled</key>
<true/>
</dict>

I RECOMMEND USING pLIST Editor for Windows, or any pLIST Editor to keep the format correct and file valid.

Q.) Why did you post only how to do it and not just post the files ?
A.) Because A) My files have certain values I dont want you to have, B) You dont learn anything from it. C) Stop being lazy.

Q.) It doesn't appear to be working.
A.) Try increment the bundle build version, carrier pri version only increment it by 1.

Q.) It's still not working :(
A.) Get CDMATool.com, should get it anyway.

Worked very well with Sprint iphone 4 ios 5.0.1
Didn't work on Sprint iphone 4S same ios 5.0.1, any idea what could be the problem? I did the same as you mentioned and it worked on the 4, not the 4S?!

I did not personally test this on a 4/s sorry i should have made that clear. I had one person test and reported it worked for them. Ill see what they did.

i tested this on 4s. wouldn't get signal. I incremented version in couple different places then finally got signal. to test if unlock worked, what is a sure way to confirm? would a dialer code such as ##spc# confirm??? (it doesn't work, just dials out) I dont wanna sign up for an account only to fail ota...

You can try ##akey i do not have a 4's to do further testing.

I have the 4s, I can dial the ota update and get answer but getting the ota update from my carrier fail cause the assume spc 0's. ##akey asks for spc password 0's rejected. Script didn't work. I will keep increasing the version by one several times and see what will happen. If you have any thoughts let me know, am willing to test and report back results.

I tried this method too , wont work , ota fail coz spc isnt zeroed. Could anyone explain where do i need to increase bindle version ?

the bundle version found the version.plist file, but did that, didn't work!
Somebody telling me he saw one mobile from sprint a 4s that someone was able to zero the SPC. Don't know how they did it. Won't tell us the way!, guess he wants to make money out of this.

Dont have a 4S sorry, youll have to try other things, mybe get a 4S from verizon and compare.

i thought sprint doesnt use akey? ##akey just dials out, does not ask for spc on sprint (##2539).

With sprint it dials out cause it is disabled by default. If you enable it, it will work and asks you for the SPC password.

so when i do ##akey, asks for spc i enter 0's then asks for 26 digit akey. i'm able to generate akey with rich's post on meid calculator and i get success.

so this proves spc is reset to 0s but i'm not able to ota with pageplus on bad esn 4s... #737 connects to pageplus, *228 dials verizon and fails ota, *22890 dials verizon and fails, *22800-08 ota fails. any suggestions? gotta figure out min mdn setting next i guess...

so when i do ##akey, asks for spc i enter 0's then asks for 26 digit akey. i'm able to generate akey with rich's post on meid calculator and i get success.

so this proves spc is reset to 0s but i'm not able to ota with pageplus on bad esn 4s... #737 connects to pageplus, *228 dials verizon and fails ota, *22890 dials verizon and fails, *22800-08 ota fails. any suggestions? gotta figure out min mdn setting next i guess...

Yea I've been trying to get a Sprint 4s to ota on pp and ntelos with no luck did the spc hack version increments and all still no dice

Sent from my DROID4 using Tapatalk 2

Yea I've been trying to get a Sprint 4s to ota on pp and ntelos with no luck did the spc hack version increments and all still no dice


Are you telling us that the hack did reset the spc for the sprint 4s to 0's? But still not accepting OTA?
if SPC 0's, would you please tell me in details how you did it. Cause for me, it didn't work. Not zeros at all.

Are you telling us that the hack did reset the spc for the sprint 4s to 0's? But still not accepting OTA?
if SPC 0's, would you please tell me in details how you did it. Cause for me, it didn't work. Not zeros at all.

Yes the hack does work when you dial ##akey it asks for your spc when you enter 6 0's it accepts it but it still won't ota

Sent from my DROID4 using Tapatalk 2

Sprint disables the OTA function, look at the carrier bundle you will see a section for OTA and its set to false.

Yes the hack does work when you dial ##akey it asks for your spc when you enter 6 0's it accepts it but it still won't ota

Sent from my DROID4 using Tapatalk 2

[Only registered and activated users can see links]
And for your OTA issue, I think you should install the commcenter patch and change your plist file to your carrier plist file along with the prl. If no plist file for your carrier, try any plist that worked with your carrier and OTA was successful. I think it should work. Please send me the detailed step by step, cause I tried sever times and SPC won't reset to 0's.

amoamare, welcome back to this post. I think you referring to akey having option to true/false. No option for ota on 4s in both regular and ota bundles.


Azzadeen ([Only registered and activated users can see links]), make sure your phone's on 5.0.1. Go back to first post and make sure to add the security section to your bundle and then go and increment version by .1 and you should get signal (i incremented couple different places then went back and changed to original till i got signal).

Nobody gonna send you step by step guides (amoamare done like 10 step by steps but peoples still having problems). Take the general idea and EXPERIMENT. Its questions like these that keep rich, amoamare, whitey, etc from helping out cause all they see is help this, step by step that, and answer the same questions. Read the whole forum and take notes. backup and experiment (and share your results).

Nobody has gotten the SPC zeroed out on a Sprint 4S. The one who claims did it, most likely it's just a regular model 4 (A1349) or a Verizon 4S (A1387). The Sprint 4S obviously stores the SPC in a different way, not resettable by just a simple script.
But of course there's gotta be a way...

that script doesnt work anymore on 4s because the 4s after 5.1 the phone checks on the baseband level,not just the commcenter anymore,so an exploit is needed before any change can be made.
the script works up to 5.0.1 but not after.

I have a sprint 4s 5.01, the script does work but still not able to ota.

well thats because on the sprint one ota is disabled bro.

I heard there is a way to enable it....

patch commcenter,then make a custom bundle is how,but it will only work on 5.0.1 or before,like i said after that the pri sig checks with not only commcenter but at the baseband level also.

My commenter is patched and I have edited my bundle but I must be missing a key to enable ota... I don't see a flag to enable it so I must have to add it but where o where....

it is disabled in 3 places.did you find them all 3?

I found ota disabled in 2 places only :(

1) otapa disabled in carrier.pri in sprint_us
2) otapa disabled in carrier.pri in sprint_ota

But this is 2 different bundles....

There were links from amoamare and ljm1715 for their bundles that enabled ota but their links are down... Anyone have it?

the ota bundle is a diff bundle and you dont need to worry about anything in it.you only need to worry about the sprint us bundle,and those bundles for ip4 will not work for 4s

Ive been tinkering all week. Only found 1 instance of ota in carrier.pri and I did enable and I incremented bundle version but still fails. My meid is in page plus but I guess I need to find the other 2 instances of ota. i think I'm blind cause I can't see it anywhere..

Also, in carrier.plist there's a key for supported carrier id.... Does it matter? It's set to 310SPR, I changed to 310vzw still no go..

that key controls only the bundle to be accepted.nv item 260 needs to have the 4th byte set to a value of 1 and then you should make a bundle out of the verizon one and your phone will ota.

Off subject: The supported carrier Id key is in the bundle but the iPhone reads an nv item to determine which bundle to use, correct? Otherwise changing this key would cause iPhone to look for a different bundle?

Every time I make a change in the bundle I have to increment bundle version?

I looked through carrier.prl which is the only file unreadable but thats not where nv items are at... I know there is a decompiler ida pro but that's probably not it. Can i get a hint: Do I use a hxd on a system file to read the nv item?

also i assumed you know,but you will need commcenter patched before editing your bundle.

and do not change the anything in the pri or the pri revision/version it checks at the commcenter and baseband levels now

My commenter is patched and iTunes is unlocked just trying to figure out how to change nv item 260...

It sounds like something I would change with a hex editor... Am I close?

I have a Sprint iPhone 4S with iOS 5.1.1 and I need to set the SPC to 000000. The problem is I deleted all my bundles. How can I set the SPC so I can do OTA programming?

hey guys I have a Sprint iPhone 4S running 6.1.2 and I was looking through the Sprint Bundles and found under "Security Grouping" you can change the SPC code; I changed it to 000000

I also enabled Service Programming Code Change Enabled to ON. Could someone help me with getting this to PagePlus?

This looks promising...
223

I'm confused, are you still working on the same iPhone? Cause, if you've been at it for the amount of time that it seems like then you might need actual physical help getting it done. It's a fairly simple and straight forward thing to get it to where it will at least do OTA, what part are you having problems with?

I'm confused, are you still working on the same iPhone? Cause, if you've been at it for the amount of time that it seems like then you might need actual physical help getting it done. It's a fairly simple and straight forward thing to get it to where it will at least do OTA, what part are you having problems with?

It doesn't look like the SPC I set took effect it's still prompting me for the SPC password when I ##2539

It must be checking somewhere else, the baseband?

guys,you cannot change the spc on the 4s iphone by adding any script like you could on the ip4.when you can write the spc to that phone then you can full flash it. and it will not ota without the spc being set to 0's as well as either the sprint bundle being modded or inject my or another bundle that has ota enabled.which also means you probly need cc patched,there is a way to do it without patching cc but its not public.