Join Today













Site Sponsor
Page 2 of 2 FirstFirst 12
Results 7 to 10 of 10
  1. #7
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    I thought I had gotten it but I can't seem to zero out my meid..I've put in all the addresses I could find on the different threads (which I will post here one I get this figured out) but still no luck. I was able to find two more instances of my meid with one of the addresses you posted(the first one actually) but my meid still isn't cleared.

    One thing that did slightly confuse me though was this statement: "2. Under "Scan Memory" leave the start address as 0000:0000 and set the "End Address" to 2000:0000
    *Very important, do not let the phone reboot this is why I set the address range to C000:0000 if you go over this value the scan will go out of range and reboot the device automatically." I set the start and end to what you said but where does the C000:0000 come in at.

    Oh, and one more thing..what I went to save the bin files, it gave me an out of range error for the last two..why would it do that?

    Thanks for any help, this has been a great write up...just wish I knew the password to that automation file that wcars05 posted..

  2. #8
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    Conrad, try this...
    1) scan your phone using CDMAWS for ESN/MEID locations
    2) zero out those locations using QXDM...do not reboot phone until step 7
    3) in QXDM, verify that your ESN is zero'd out by typing "RequestNVItemRead esn". You'll know it's zero'd out if both the Tx and Rx response says all zeros
    4) in QXDM, verify that your MEID is zero'd out by typing "RequestNVItemRead meid". You'll know it's zero'd out if both the Tx and Rx response says all zeros
    5) if either ESN/MEID is not zero'd out from the QXDM output, rescan the phone in the appropriate locations and you should see new ESN/MEID locations show up. If you are using CDMAWS 2.7, this should be easy to do for ESN...for MEID you will have to dump memory location to a bin file and manually scan for the MEID using a hex editor for the appropriate offsets.
    6) if you were lucky enough to get all zeros in both steps (3) and (4), then immediately put the phone into into MEID mode with "RequestNVItemWrite scm 0x3a" followed by a "RequestNVItemWrite meid 0xA100000XXXXXXXX" to write the new MEID.
    7) reboot

    Somehow these phones can shift ESN/MEID locations around and the only way I've found to locate all these dynamic addresses is repeat steps (1)-(4) until QXDM verifies everything is zerod out.

  3. #9
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    If you are using CDMAWS 2.7, the amount of work required will vary depending on whether it's your ESN (easier) or MEID (more work) that keeps reverting back. This is because CDMAWS 2.7 has a feature to scan memory locations for your ESN, but MEID searching is only available in newer versions of CDMAWS.

    Since it's your MEID that is not zero'd out, you will have to grin and bear it and keep doing more scan dumps. I don't have an explanation for it, but I have noticed that the phone will shift MEID locations around as commands are issued to the phone (this includes commands we send to try and zero the ESN/MEID out). So here's what I would do if I were you:

    Do NOT reboot the phone until you make it to step (5)!!!

    0) Either use CDMAWS or QXDM to send your SPC to the phone.

    1) Scan readable memory locations with CDMAWS 2.7. Use start as 0000:0000 and end as 2000:0000. You will get output like this:

    ----------------------------------------------
    Scanning memory for readable areas:
    Unreadable area from: 0000:0000
    Readable area from: 0103:C000
    Unreadable area from: 0161:C000
    Readable area from: 1075:C000
    Unreadable area from: 1079:0000
    Readable area from: 1082:C000
    Unreadable area from: 10D5:4000
    ----------------------------------------------

    Just a note, you may miss small memory areas when you use a step byte of 16384 as suggested by the guide. For example, the actual first readable area might be 0102:FF84 instead of 0103:0000. By using a smaller step byte size, you can nail down the start readable addresses down to a single byte! I have had cases where I found ESN/MEID locations in these areas and it drove me crazy trying to figure out what I was doing wrong.

    2) For each of the readable areas, you then need to go to "Memory" tab and dump these locations to a bin file. For example, for the first readable area you would use Start as 0103:C000 and size of 99999999. Remember the 0103:C000 as this is the offset (0x0103C000) you will put into Wcar's tool once you open the dumped bin in his tool. It looks like his tool is misreporting found MEID locations by 1 byte, so you will have to adjust your MEID locations for this.

    3) Once you have obtained the MEID locations from Wcar's tool, then open up QXDM and zero all MEID locations you found in step (2). After you are done use the command "RequestNVItemRead meid" to see if both the Tx and Rx responses from QXDM are all zeros. If so, you can move onto step (4). If not, you will need to repeat steps 2-3 and you should find more MEID addresses magically appear. Repeat until you can move onto step (4).

    4) Immediately after you have verified MEID is zero'd out, type in "RequestNVItemWrite scm 0x3a" followed by a "RequestNVItemWrite meid 0xA100000XXXXXXXX" to write your new MEID. Verify the new MEID has been written by typing in "RequestNVItemRead meid".

    5) Now you can finally reboot your phone! After it has rebooted, you need to change MDN and MSID, followed by the profile 0 and profile 1 to get EVDO data working.

    It's a long and tedious process (and moreso when searching for MEID locations) to keep dumping the memory locations but this is the only foolproof way I have found to make sure everything zero's out. I have done 5 Hero's now and each phone is different. Sometimes you get lucky and only one scan/dump is needed. But usually after the 2nd redump I can always zero out a pesky Hero.

    Good luck

  4. #10
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    The method posted by sledwrecker and details I gave work for any phone...it's not specific to the Hero so should work on your Eris. On the byte size its fine to start with 16384 but gradually lower this so you can pinpoint the exact start address down to a single byte. The byte size is the step size(in Decimal) that CDMAWS uses to sample the memory locations to see if its readable. By using 16384 it's quicker to roughly map out the readable memory locations but you could miss the actual start readable location unless you start to reduce the step size to zero in on the start location. So you just have to iterate using smaller step sizes until you get the exact start address down. Example

    1) start 0000:0000 to stop 2000:0000 step 16384 -> Readable area from: 0103:C000
    2) start 0103:8000 to stop 0103:C000 step 256 -> Readable area from: 0103:BF80
    3) start 0103:BF80 to stop 0103:C000 step 1 -> Readable area from: 0103:BF87

    You need to do this for all the readable blocks to pinpoint the exact start address to scan. Finally, if you have ESN blanked out...don't revert it back to the original number!!! You're only creating more work for yourself. Focus on zeroing out the MEID. Follow the steps as I've outlined it...it will work just pay attention to the details. Your task is to be persistent to find those dynamic MEID locations that keep shifting around


 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Samsung sprint spc
    By pichon830 in forum Samsung 16 Digit Passwords
    Replies: 9
    Last Post: 10-19-2018, 11:41 PM
  2. how to put in dm samsung m330 sprint?
    By barrios in forum General Disscusion
    Replies: 10
    Last Post: 12-09-2012, 11:02 AM
  3. Need Samsung PST 1.0.006 for Sprint
    By terawave in forum Samsung Bins and DLL's
    Replies: 1
    Last Post: 01-26-2011, 07:06 PM
  4. [SOLVED] Full Flash Samsung Reclaim to Metro PCS
    By ljay67 in forum Flashing Samsungs to Metro PCS
    Replies: 10
    Last Post: 10-23-2010, 12:32 PM
  5. Samsung Reclaim MEID
    By greentag in forum General Disscusion
    Replies: 1
    Last Post: 09-18-2010, 03:27 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •