Join Today













Site Sponsor
Page 1 of 2 12 LastLast
Results 1 to 6 of 10

Hybrid View

  1. #1
    Apprentice
    Join Date
    May 2010
    Location
    Royal Palm Beach, Florida
    Posts
    138
    Rep Power
    68

    Default UnFlash Sprint Samsung Reclaim?

    iz there a way to totally revert all settings on this phone back to factory?

  2. #2
    Premium Member bigglou23's Avatar
    Join Date
    Jan 2010
    Location
    Colorado
    Age
    48
    Posts
    342
    Rep Power
    1457

    Default

    Quote Originally Posted by ljay67 View Post
    iz there a way to totally revert all settings on this phone back to factory?
    I think its ##RTN#, you will need to get the spc first though.

  3. #3
    Apprentice
    Join Date
    May 2010
    Location
    Royal Palm Beach, Florida
    Posts
    138
    Rep Power
    68

    Default

    already set to all 0's haha thanks tho dude

  4. #4
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    How To: Sprint HERO MEID / ESN repair on official 2.1 builds
    Yes, it can be done! No need to downgrade radios, ROOT or spend countless hours trying to figure out how to downgrade your OS. It is possible to complete the repair on the latest Sprint 2.27.651.6 release

    Tools Needed:
    - QPST 2.7 build 359
    - QXDM 03.09.19
    - CDMA WS 2.7
    - HxD Hex Editor Tool
    - HTC Sync (for drivers)
    - HTC Diag Drivers

    Information Needed:
    MDN for your wireless network
    MSID for your wireless network

    Preparing the device and Connections to the PC

    1. Install latest official rom from here
    2. Connect the phone via USB
    3. On the phone dial ##3424# to enter DIAG mode
    4. Install drivers if needed (on some systems it will find all the right drivers BUT the HTC Diag driver. For me I had to manually force it to take the x64 driver in Windows 7. Once you add the driver it functions perfectly.)
    5. Open device manager and look for the device under "Modems" -> HTC USB Modem
    6. Double click on HTC USB modem and go to the "modem" tab and note the COM port.
    7. Open QPST Configuration
    8. Click on "Ports" tab
    9. If the port you wrote down is not here click "Add New Port"
    10. Uncheck "Show Serial and USB/QC Diagnostic ports only" and your port should appear on the list.
    11. Highlight it and click "ok" to add.
    12. Close QPST

    **** You have now established a connection with your device ****

    Establishing a connection with CDMA WS 2.7 (preparing for memory scan and dump)

    1. Open CDMA WS 2.7
    2. Under COM Settings (AT Mode) select your COM port for your device, leave baud rate at 115200
    3. Click "Connect"
    4. Click "Read" (This is not necessary but I do it to ensure I have a good connection to the device. The "read" output will display the phone information in the fields on the left. If you don’t see this information populate you have not established a connection with the device and need to verify your COM port settings and try again.)
    5. Click the "Security" Tab
    6. Under SPC make sure it is set to "Default (nv_read)" and click "Read"
    7. It will display your SPC in the empty box. WRITE THIS DOWN for later!
    8. Click on "SPC" button and click on "Send"
    9. If you have done everything correctly you will get a popup that says "SPC is correct. Phone Unlocked."
    10. Click "ok"
    * Leave CDMA WS 2.7 open and move to the next section.

    Scanning for readable memory locations with CDMA WS 2.7

    1. Click the "Memory" Tab
    2. Under "Scan Memory" leave the start address as 0000:0000 and set the "End Address" to 2000:0000
    *Very important, do not let the phone reboot this is why I set the address range to C000:0000 if you go over this value the scan will go out of range and reboot the device automatically. If the phone reboots start the scans over again, the memory locations will change after any reboots.
    3. Set the step byte to 16384
    4. Click "Start” and you will get spew in the output window similar to this: (these are my exact scans for the Sprint
    2.27.651.6 Release)
    ----------------------------------------------
    Scanning memory for readable areas:
    Unreadable area from: 0000:0000
    Readable area from: 0103:C000
    Unreadable area from: 0161:C000
    Readable area from: 1075:C000
    Unreadable area from: 1079:0000
    Readable area from: 1082:C000
    Unreadable area from: 10D5:4000
    Readable area from: C000:0000
    ----------------------------------------------
    5. Once the scan completes copy the text outputted to notepad and save the file locally.

    Scanning for MEID and ESN memory locations using the addresses you have found with CDMA WS 2.7

    1. While still on the "Memory" Tab move your attention to Memory / Eeprom
    2. Take the first readable area from the scan you have done and enter it into the "Start Addr.:" field. Example 0103:C000
    3. for Size (bytes) make the value 99999999
    4. Click "Read" and you will get a popup window to "save" a .bin file. I name mine the address range I'm scanning. Example 0103C000.bin
    5. The Scan will complete and you will get a dialog box saying the file name and how many bytes were written, click "ok"
    6. Do the same for the next two "Readable Area" address ranges. The last one may take a while (20-30 minutes)
    * Do Not Scan on the C000:0000 address range, there are NO MEID or ESN values in this range and if you scan this range you will get the "out of range" error and your phone WILL reboot and you WILL have to start the scanning process over again.
    7. Once you have scanned all three address ranges move on to the next section. Do not close CDMA WS 2.7 yet.
    Do NOT reboot or disconnect your phone

    Getting your ESN and MEID addresses

    1. While still in CDMA WS 2.7 go back to the "Security" Tab.
    2. Under "ESN" click "Read" This will output your ESN in this format -> 81380CRA:2F5D28D1
    3. Copy the first part of the ESN only to notepad, the second portion is not needed.
    4. Close CDMA WS 2.7, we are done with it for now.
    5. Open QXDM
    6. Under "Options" on the main menu click "Communications.."
    7. Set "Target Port" to your COM port for your device.
    8. Click "Ok"
    9. Click "View" on the main menu, navigate to New -> Common -> Command Output (this will open a black command prompt window in QXDM.)
    10. in the "Command" text field at the bottom of QXDM type "RequestNVItemRead meid" and press enter.
    11. Your MEID string will be displayed as fallows, copy this to notepad with your ESN.
    22:25:40.971 meid = 0x00A10000053179FF
    12. Minimize QXDM, we are done with it for a while.

    Preparing your MEID and ESN values and flipping them

    1. In Notepad take your ESN and MEID values and strip them of the 0x00's as follows:
    MEID = 0x00A10000053179FF
    Change to = A10000053179FF

    2. Now flip the values as shown and add a space between every two values:
    MEID Original = A10000053179FF
    MEID Flipped = FF 79 31 05 00 00 A1

    ESN Original = 81380CRA
    ESN Flipped = RA 0C 38 81

    3. Now move to the next section, make sure to save this notepad file.

    Finding your Memory Locations using HxD

    1. Open HxD
    2. Go to File and click Open and navigate to the location you saved your .bin output files from your memory scans in CDMA WS 2.7
    3. Load the first one
    4. Click on the very first "black text" value in the top left corner, this will ensure you are starting your search from the very TOP of the dump file.
    5. On the File menu click "Search -> Find" or do a Cntrl + F
    6. Change the drop down Datatype to "Hex-Values"
    7. Copy and paste your "reversed" MEID values WITH the spaces into the "Search For:" field
    8. Click OK.
    * My first set of address ranges never had any MEID or ESN values, the Second always had 3 of each and the Third had 4
    to 5.
    9. Once you find a location make a note of it in notepad.
    Example of locations found This is your location to note ---> 00006EA0 05 00 00 00 01 00 00 00 B6
    00 00 00 09 01 01 00
    10. Search for all the other MEID and ESN locations using this same method. To search for the next location go to file menu "Search -> Find Again"
    *Note. When writing the memory locations down in notepad always group the MEID's and ESN addresses found under the memory scan locations from CDMA WS 2.7, this is very important for later when you do your calculations!
    Example:
    1075:B900 <-Memory Location from CDMA WS 2.7
    MEID
    00011490
    ESN
    00000090

    1082:8600 <-Memory Location from CDMA WS 2.7
    MEID
    00099C20
    ESN
    0009FE90
    11. Once you have found all the locations from all your .bin files move onto the next section.

    Converting the memory locations found to HEX values

    Now that you have found almost all the values (there's hidden ESN values you will scan for later ) you will now need to calculate your hex values which will give you the exact memory location addresses for each of your MEID and ESN memory locations.

    1. Open this Hex calculator website
    2. Under the "Required Data Entry" enter the memory location from CDMA WS 2.7 in the "Enter a Hex Value" field.
    Example 1075:B900 (remove the : ) -> 1075B900
    3. In the "Enter a Second Hex Value" field enter the location you found in HxD Example 0001C810
    4. Click "Calculate"
    5. Copy the output from "Calculated Hex Addition" to notepad next to the value you used fro the addition and add a 0x to the front of each value.
    6. Repeat for each of the MEID and ESN addresses, make sure you change the CDMA WS 2.7 memory address values when you move into another scanned memory section.

    Here are all the values I found:

    0103:8900 <-Memory Range

    MEID
    N/A

    ESN
    N/A

    1075:B900 <-Memory Range

    MEID
    00011490 = 0x1076cd90
    00018080 = 0x10773980
    0001C810 = 0x10778110

    ESN
    00000090 = 0x1075b990
    000139C0 = 0x1076f2c0
    0001B580 = 0x10776e80
    0001D310 = 0x10778c10

    1082:8600 <-Memory Range

    MEID
    00099C20 = 0x108c2220
    00184DB0 = 0x109ad3b0
    00184E80 = 0x109ad480
    00191FB0 = 0x109ba5b0
    00000000 = 0x015CF49C

    ESN
    00000000 = 0x015D52C8
    00033060 = 0x1085b660
    00099790 = 0x108c1d90
    0009FE90 = 0x108c8490
    000AB670 = 0x108d3c70
    000B09E0 = 0x108d8fe0
    00000000 = 0x015D52C8

    7. Once you have found all your values and have done all your calculations save the notepad file and move to the next section.

    Zeroing out your ESN and MEID values in QXDM

    At this point if you followed the instruction QXDM should be minimized and still connected to your phone. Your phone should still be SPC unlocked and there should have been NO reboots in the entire process. If you did get a reboot you will need to rescan your memory addresses as they change when the phone is rebooted.

    1. Maximize QXDM
    2. Go to the file menu and select "View -> New -> Common -> Memory Viewer"
    3. Change the drop down box next to "Rows" from 8 to 16
    4. Now carefully copy a MEID or ESN address from your saved notepad file to the "Address" field and press enter. Example: 0x108D8FE0
    5. Find your FLIPPED ESN or MEID address in the string and change ONLY those values to 00 (zero's)
    DO NOT CHANGE ANYTHING ELSE EVEN IF IT IS CLOSE OR OFF BY EVEN ONE DIGIT!!!! (You may permanently damage your phone!)

    6. Once you change the MEID or ESN to zero click "Write" The values will change from red to black indicating they have been written.
    7. Do this for all the rest of your MEID and ESN values and when you have finished move to the next section.

    Verifying you have Zero'd out your MEID and ESN

    1. Bring the Command Output Window back to the front.
    2. In the Command field at the bottom type "RequestNVItemRead meid" it should display:
    22:25:40.971 DIAG TX item:
    22:25:40.971 meid = 0x0000000000000000
    22:25:40.971 DIAG RX item:
    22:25:40.971 meid = 0x0000000000000000
    3. If your MEID is zero'd out proceed to step 4.
    If your MEID is not zero'd out. Don’t bother proceeding to ESN you MUST zero out your MEID before you can change your ESN.
    * If your MEID did not zero out and you used all the address locations you could possibly find by scanning I highly suggest going through the forums and trying all the MEID addresses people have submitted. I will also include a master list of all the ones I can find at the bottom of this post.
    4. In the Command field at the bottom type "RequestNVItemRead esn" it should display:
    23:39:40.442 DIAG TX item:
    23:39:40.442 esn = 0x00000000
    23:39:40.442 DIAG RX item:
    23:39:40.442 esn = 0x00000000
    5. Now unplug the phone from the USB cable and Reboot it.!

    Verifying your MEID is now Zero'd out after reboot
    1. Once your phone reboots dial ##3424# and reconnect the USB cable.
    2. in QXDM you need to SPC unlock the phone so in the command field type "SPC [your MSL]" Your MSL we noted early on!
    3. Press enter and you should see:
    23:44:37.981 s23:44:38.011 RequestItem "Send Service Programming Code Request" 0x31 0x32 0x33 0x34 0x35
    0x36
    spc 123456
    23:44:38.120 DIAG TX item:
    23:44:38.120 Security Code[0] = 0x31
    23:44:38.120 Security Code[1] = 0x32
    23:44:38.120 Security Code[2] = 0x33
    23:44:38.120 Security Code[3] = 0x34
    23:44:38.120 Security Code[4] = 0x35
    23:44:38.120 Security Code[5] = 0x36
    23:44:38.120 DIAG RX item:
    23:44:38.120 SPC Result = Correct
    Your phone is now unlocked and ready to for the MEID and ESN to be verified.
    4. In the Command field at the bottom type "RequestNVItemRead meid" it should be zero'd out.
    5. In the Command field at the bottom type "RequestNVItemRead esn" it will have reverted to the original ESN.
    This is expected!
    6. Now go back into "Memory Viewer" and zero out all the ESN addresses again.
    7. Once you have zero'd out all the ESN addresses verify the ESN is zero'd out by typing "RequestNVItemRead esn" into the command field with the command prompt brought to the front.
    8. Regardless of if the ESN is completely zero'd out or not proceed to the next step. This is how you uncover the hidden ESN memory entries and any locatons that may have changed from the reboot!
    *Do Not disconnect the phone or reboot it!

    Now put the phone into AIRPLANE MODE, let is sit for a minute and then Re-Enable CDMA (disable airplane mode) Now proceed!

    Finding the last hidden ESN entries using CDMA WS 2.7
    1. Close QXDM
    2. Open CDMA WS 2.7 and establish a connection with the phone as outlined in the above section(s.)
    3. Click the "Security" tab.
    4. Click "Read" under ESN
    5. Your Original ESN should now be displayed
    6. Under ESN change the drop down box value to "Universal, RAM method"
    7. Click "Write"
    8. A "Choose Action" box will appear. Select "Scan Memory for ESN addresses" and click OK
    9. A "Choose Addresses" box will appear. Set start address to 0000:0000 and end address to C000:0000
    10. Click OK
    11. The phone will now scan through all the memory locations looking for the ESN up to C000:0000 It will take about 20 minutes to complete.
    Output will look like this:
    Scanning memory for ESN addresses:
    ESN address has been found at: 0104:2B18
    ESN address has been found at: 0104:3148
    12. When the scan completes it will ask you to save it to a file, name it ESN_Scan and save it with your other notepad files!
    13. Close CDMA WS 2.7 and proceed to the next section.

    Zeroing out the last ESN addresses and writing the MEID

    1. Re-Open QXDM
    2. In the command field at the bottom type "RequestNVItemRead meid" and verify MEID is still zero'd out! (If not you will need to rescan all your memory locations! I know.. it sucks!!!)
    3. If MEID is still zero'd out open "Memory Viewer"
    4. Now open the "ESN_Scan.txt" file you saved and search for each address by removing the : and adding a 0x to the front. Example 0x01042B18
    5. Zero out all of the ESN entries in the same manner as described earlier, click "write" when finished.
    6. Once all the ESN memory address locations are zero'd out go back to the command output window and type "RequestNVItemRead esn" in the command field at the bottom and hit enter.
    7. With luck your esn should report as follows:
    00:09:13.344 DIAG TX item:
    00:09:13.344 esn = 0x00000000
    00:09:13.344 DIAG RX item:
    00:09:13.344 esn = 0x00000000
    8. The ESN is now zero'd out! Try to write your MEID by using the following command "RequestNVItemWrite meid 0x00A100000XXXXXXX"
    9. If it succeeds it will show:
    00:11:53.415 DIAG TX item:
    00:11:53.415 meid = 0x00A100000XXXXXX
    00:11:53.415 DIAG RX item:
    00:11:53.415 meid = 0x00A100000XXXXXX
    10. Your MEID has now successfully been written and your ESN will be automatically generated from your MEID.
    Disconnect the phone and reboot it and verify the MEID has stayed changed!

    Changing your MDN and MSID
    Now that your phone has been repaired you need to update your MDN and MSID to reconnect to the network for voice and text messages.
    1. Turn on the Phone
    2. Dial ##[your MSL]# to allow you to enter EPST. Your MSL should not have changed from the one you noted earlier before the MEID repair but If it did go to the steps above on how to find your MSL with CDMA WS 2.7
    3. Chose "Edit Mode"
    4. Edit your Mobile Directory Number (MDN) and enter the one for your wireless network
    5. Click "Ok"
    6. Edit your MSID and enter the one for your wireless network
    7. Click "Ok"
    8. Press the "Menu" key and select "Commit Modifications" and the phone will reboot.
    9. Once rebooted try to dial out and send yourself a text message!

    You are done! Enjoy!

  5. #5
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    Questions and Answers:

    Q: After I get Data working I am prompted that there is an update avaliable to download from Sprint. The update is to build 2.31.651.7 Can I upgrade?
    A: Yes, the MEID, ESN and Data values will not change after the upgrade.

    Q: Can I downgrade to Sprint 2.27.651.5 to Root?
    A: Absolutely, the MEID, ESN and Data values do not change after the downgrade.

    Q: Can I install custom ROMS?
    A: Yes, once you have changed the MEID and ESN the only way to revert it back is by doing a ##786# and hitting "Menu" then "Reset" This will wipe your device and restore factory settings and values.

    Q: Can I choose "Wipe / Factory Reset" when flashing custom roms in Recovery Mode?
    A: Yes, most custom ROM's insist you must use the WIPE option in recovery before flashing the new ROM. You will not lose any of the MEID, ESN or Data Settings.

    Q: I've zero'd out my ESN and MEID but my ESN keeps coming back, or I can not write my MEID. I get "unable to build buffer" error.
    A: After you zero out your MEID and ESN put the phone into airplane mode then turn off airplane mode and rescan for your ESN addresses. This should uncover the last one or two ESN values not found by initial scans.

    Q: My MEID says it is zero'd out but after a reboot it comes back, what am I doing wrong?
    A: You are missing one or more MEID or ESN values that are not showing up in the memory scans. Depending on the radio flashed to the phone I was unable to find atleast one every time. Use the MEID or ESN addresses I have posted below and try to find your missing location. Zero it out and reboot the phone and see if it sticks

  6. #6
    BANNED
    Join Date
    Apr 2011
    Posts
    16
    Rep Power
    0

    Default Re: UnFlash Sprint Samsung Reclaim?

    MEID and ESN Address locations by Radio / Rom

    Here are all the MEID and ESN addresses I have found through the forums or by doing my own scans. If you cannot zero out your MEID I suggest trying the ones listed under the radio / rom you currently have on your device.

    1.29 Radio 1.56 Radio Fresh 2.4.0 Sprint 2.1_5 Sprint 2.1_6
    MEID MEID MEID MEID MEID
    0x0142201C 0x0142201C 0x1076cd90 0x1876a650 0x1076cd90
    0x01422028 0x01422028 0x10773980 0x18771240 0x10773980
    0x015B46DC 0x015B46DC 0x10778110 0x187759d0 0x10778110
    0x1876A658 0x1876A658 0x108c2220 0x0142201C 0x108c2220
    0x18771248 0x18771248 0x108c2230 0x015B46DC 0x109ad3b0
    0x187759D0 0x187759D0 0x109ad3b0 0x188bf9a0 0x109ad480
    0x188BF9AC 0x188BF9AC 0x109ad480 0x189aaae0 0x109ba5b0
    0x189AAAEC 0x189AAAEC 0x109ba5b0 0x189aabb0 0x015CF49C
    0x189AABBC 0x189AABBC 0x0142201C 0x189b7cf0
    0x189B7CF0 0x189B7CF0 0x015B46DC

    ESN ESN ESN ESN ESN
    0x015ADA85 0x015b8cF9 0x1076f2c0 0x1876cb80 0x1075b990
    0x015ADB53 0x015AF5C5 0x10776e80 0x18774740 0x1076f2c0
    0x015AF5C5 0x015ADA85 0x10778c10 0x187764c0 0x10776e80
    0x015AF58F 0x015ADB53 0x1085b660 0x015BA508 0x10778c10
    0x015AF693 0x015AF5C5 0x108c1d90 0x18858de0 0x015D52C8
    0x1876CB80 0x015AF58F 0x108c1e60 0x188bf510 0x1085b660
    0x18774744 0x015AF693 0x108c8490 0x188bf5e0 0x108c1d90
    0x187764CC 0x1876CB80 0x108d8fe0 0x188c5c10 0x108c8490
    0x18858DE8 0x188c6b14 0x015D52C8 0x188c9a20 0x108d3c70
    0x188BF514 0x18774744 0x10776E84 0x188d6760 0x108d8fe0
    0x188BF5EC 0x187764CC 0x10778C18 0x015D52C8
    0x188C5C18 0x18858DE8 0x1085B668
    0x188CEB58 0x188BF514 0x108C1D94
    0x188D13F0 0x188BF5EC 0x108C1E6C
    0x188D6760 0x188C5C18 0x108C8498
    0x18D4133D 0x188CEB58 0x108CC2A8
    0x188D13F0 0x108D8FE0


 
Page 1 of 2 12 LastLast

Similar Threads

  1. Samsung sprint spc
    By pichon830 in forum Samsung 16 Digit Passwords
    Replies: 9
    Last Post: 10-19-2018, 11:41 PM
  2. how to put in dm samsung m330 sprint?
    By barrios in forum General Disscusion
    Replies: 10
    Last Post: 12-09-2012, 11:02 AM
  3. Need Samsung PST 1.0.006 for Sprint
    By terawave in forum Samsung Bins and DLL's
    Replies: 1
    Last Post: 01-26-2011, 07:06 PM
  4. [SOLVED] Full Flash Samsung Reclaim to Metro PCS
    By ljay67 in forum Flashing Samsungs to Metro PCS
    Replies: 10
    Last Post: 10-23-2010, 12:32 PM
  5. Samsung Reclaim MEID
    By greentag in forum General Disscusion
    Replies: 1
    Last Post: 09-18-2010, 03:27 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •