I have an unlocked Kaiser, but i was just curious if a SIM unlock application is being worked on or not...

im pretty sure sim unlock happeend months ago :)

i meant is there an application that is being worked on to just plug in and unlock from home without having the hassle of calling in your provider or anything like that...because i remember when i was on the Wizard and the Hermes, there was an app to run a CID And SIM unlock at once...so i was curious to see if an app like that is being worked on for the Kaiser

im pretty sure sim unlock happeend months ago :)

@ekw: The OP was referring to the free sim unlock app as there is for the wizard and hermes. Of course there is eBay or others for a fee.

This is a good question and I would be happy to know the answer, because I'm about to pay to simunlock my Kaiser... Anyone knows if someone is working on a simunlock application for the Kaiser ?

This is a good question and I would be happy to know the answer, because I'm about to pay to simunlock my Kaiser... Anyone knows if someone is working on a simunlock application for the Kaiser ?
I know for sure someone working on it ... myself :)

What a good news !!! How are you dealing with this, do you think it may work soon ?
Whatever, thanks a lot for your efforts !

There are 2 main CPUs, one is running radio (ARM9) and the other Windows (ARM11). The ARM9 is very secure, it runs a hypervisor which controls ram and flash access. The unlockcode entered by the user is validated by ARM9 (part of radio code). The radio code can't be tweaked because of a trusted bootload process which loads the radio only if checksum is correct. However, I found a way to break in the secure ARM9 (by software) and dump it's entire ram memory when it is running in idle mode (tri-color mode). I'm trying to dump memory after sending AT commands like "AT@SIMLOCK". With a standard SPL you can't send AT commands, but meanwhile I hacked this and I can send AT commands now. Unfortunately after sending AT commands I can't dump radio ram. So I am working on a hack for that. Anyhow, once I can dump radio ram after a AT@SIMLOCK I'm sure I can find the 8-digit unlock code. Even if it sits in encoded form in ram it will then be a piece of cake. Now in the event I can't find a hack to dump radio ram after AT, then I have a plan B where I load and execute my own code and read flash bypassing the HV.

That's the status in a nutshell :D
You will have to be patient or buy codes ...

There are 2 main CPUs, one is running radio (ARM9) and the other Windows (ARM11). The ARM9 is very secure, it runs a hypervisor which controls ram and flash access. The unlockcode entered by the user is validated by ARM9 (part of radio code). The radio code can't be tweaked because of a trusted bootload process which loads the radio only if checksum is correct. However, I found a way to break in the secure ARM9 (by software) and dump it's entire ram memory when it is running in idle mode (tri-color mode). I'm trying to dump memory after sending AT commands like "AT@SIMLOCK". With a standard SPL you can't send AT commands, but meanwhile I hacked this and I can send AT commands now. Unfortunately after sending AT commands I can't dump radio ram. So I am working on a hack for that. Anyhow, once I can dump radio ram after a AT@SIMLOCK I'm sure I can find the 8-digit unlock code. Even if it sits in encoded form in ram it will then be a piece of cake. Now in the event I can't find a hack to dump radio ram after AT, then I have a plan B where I load and execute my own code and read flash bypassing the HV.

That's the status in a nutshell :D
You will have to be patient or buy codes ...

You must have so much fun! :D Any places where you can learn how to mess that low level with devices?

Thanks Jocky for these informations. It seems that you're pretty close to simunlock the Kaiser.
Thanks a lot for your work !

There are 2 main CPUs, one is running radio (ARM9) and the other Windows (ARM11). The ARM9 is very secure, it runs a hypervisor which controls ram and flash access. The unlockcode entered by the user is validated by ARM9 (part of radio code). The radio code can't be tweaked because of a trusted bootload process which loads the radio only if checksum is correct. However, I found a way to break in the secure ARM9 (by software) and dump it's entire ram memory when it is running in idle mode (tri-color mode). I'm trying to dump memory after sending AT commands like "AT@SIMLOCK". With a standard SPL you can't send AT commands, but meanwhile I hacked this and I can send AT commands now. Unfortunately after sending AT commands I can't dump radio ram. So I am working on a hack for that. Anyhow, once I can dump radio ram after a AT@SIMLOCK I'm sure I can find the 8-digit unlock code. Even if it sits in encoded form in ram it will then be a piece of cake. Now in the event I can't find a hack to dump radio ram after AT, then I have a plan B where I load and execute my own code and read flash bypassing the HV.

That's the status in a nutshell :D
You will have to be patient or buy codes ...

thanks for your hard work. I was hoping I could have mine unlocked for vacation but I guess I just gotta wait for ATT to get me my code ;)

Just wanted to say Kudos on this. I am ready for a new PDA phone and was thinking the ATT variant. Problem is, I have tmobile. I would be doing the same thing you are doing, but I do not own the phone...yet

I've an unlocked tilt..i originally had t-mobile..i got hold of a friend who had an at&t connection to call the customer service and unlock it...
all that for getting it done for free..lol
i am sure there would be thousands who will be grateful to you jocky..
or anybody else who comes out with the unlock app

hehe just give olipro a kaiser and he'll get it done fast :p or just wait till he gets his polaris and most likely method to sim unlock that will work with kaiser.

hehe just give olipro a kaiser and he'll get it done fast :p or just wait till he gets his polaris and most likely method to sim unlock that will work with kaiser.
We'll see ...

We'll see ...

oh, so that's how it is bitch?

by the way dear, I'm sure you're already aware the Kaiser Hard-SPL is an MFG SPL... although I guess if you *really* wanted then you could trace PortRouterHandler and code your own function in ASM (see Hard-SPL developer edition for examples) also be aware of initialising the radio which is performed by this code (namely Radio_Image_Run) hence why you're finding that you can't dump the RAM any more because that gets allocated to the radio as soon as it becomes active.

although I guess if you *really* wanted then you could trace PortRouterHandler and code your own function in ASM (see Hard-SPL developer edition for examples) also be aware of initialising the radio which is performed by this code (namely Radio_Image_Run) hence why you're finding that you can't dump the RAM any more because that gets allocated to the radio as soon as it becomes active.
The problem is to change radio state from AT command mode back to QC DM download mode. Rerouting ports did not solve this for me, but try your luck with an undocumented AT command. I'm sure you'll find it.

The problem is to change radio state from AT command mode back to QC DM download mode. Rerouting ports did not solve this for me, but try your luck with an undocumented AT command. I'm sure you'll find it.

he'll definatly find it quicker than you. oh and by the way nothing is undocumented for olipro. he has access to everything :p

Our hearts are with you, brave ones..:D

make it happen people (thanks for trying, either way!!!)

H.

The problem is to change radio state from AT command mode back to QC DM download mode. Rerouting ports did not solve this for me, but try your luck with an undocumented AT command. I'm sure you'll find it.

you misunderstood part of Olipro's post, he didn't mean to reroute ports to dump the RAM - you can't dump it because by that time the radio image is run. (it is run when you issue those AT commands, not before that.)

i would say dumping the flash would be much more more interesting - the other option you mentioned (obviously i don't mean the flash you read with pdocread).

you said it is a piece of cake even if encrypted, well, let's be optimistic.

and, well, we don't have a kaiser, that's a reason for having not tried to deal with the unlocking so far, but you do have one, so it would be interesting to work together.

There are 2 main CPUs, one is running radio (ARM9) and the other Windows (ARM11). The ARM9 is very secure, it runs a hypervisor which controls ram and flash access. The unlockcode entered by the user is validated by ARM9 (part of radio code). The radio code can't be tweaked because of a trusted bootload process which loads the radio only if checksum is correct. However, I found a way to break in the secure ARM9 (by software) and dump it's entire ram memory when it is running in idle mode (tri-color mode). I'm trying to dump memory after sending AT commands like "AT@SIMLOCK". With a standard SPL you can't send AT commands, but meanwhile I hacked this and I can send AT commands now. Unfortunately after sending AT commands I can't dump radio ram. So I am working on a hack for that. Anyhow, once I can dump radio ram after a AT@SIMLOCK I'm sure I can find the 8-digit unlock code. Even if it sits in encoded form in ram it will then be a piece of cake. Now in the event I can't find a hack to dump radio ram after AT, then I have a plan B where I load and execute my own code and read flash bypassing the HV.

That's the status in a nutshell :D
You will have to be patient or buy codes ...

What software are you using to do all of this?

please forgive my stupid reply but i was playing with imei-check.co.uk's KAISERv1Unlock.exe. i wanted to find out what this program ticks. well so far all i found out is the xml pave this program follows to help unlock the kaiser.

my only problem now is i am not familiar past here.

hope this helps to find a way to unlock the sim on the kaiser.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">

<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="SIM Unlock" type="win32"/>

<description>Unlock</description>

<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>

</assembly>

my oher stupid question i have....does any one know on how to open a .ued file?

if so what program do i need to use?

the reason why is the kaiserv1.exe reads the phone and then makes a file with the phone imei number.ued and savs it to my computer screen.

please forgive my stupid reply but i was playing with imei-check.co.uk's KAISERv1Unlock.exe. i wanted to find out what this program ticks.
It's a mockup. The filename contains the IMEI and that's all they need.
They just resell unlockcodes. Don't waste your time on it.

It's a mockup. The filename contains the IMEI and that's all they need.
They just resell unlockcodes. Don't waste your time on it.



where did you get this information?

Welcome back dreamteam :D

where did you get this information?
By analyzing it. Hint: check their spelling, also, unlockcode resellers can't deliver if mfg date is too recent, the customer must wait...

As for the status of my own sim unlocker, I am happy to announce *free* SIM unlockers for Kaiser, Niki and other models in the next days. Wish me a speedy recovery of a bad flu. Oh, also in the pipeline is a free program to make your Kaiser superCID :)

Dude you rule ! I just imagine of doing half the stuff you do , keep up the good work , I just got my Kaiser today and so far it makes me feel like a noobie again.

wish you get well soon, and get some theraFlu.

jockyw2001, you the man...thanks for your hard work...I am ordering the Vario III tomorrow ;)

Welcome back dreamteam :D


By analyzing it. Hint: check their spelling, also, unlockcode resellers can't deliver if mfg date is too recent, the customer must wait...

As for the status of my own sim unlocker, I am happy to announce *free* SIM unlockers for Kaiser, Niki and other models in the next days. Wish me a speedy recovery of a bad flu. Oh, also in the pipeline is a free program to make your Kaiser superCID :)

Thanks man, You are absolutely one of the greatest!
Cheers, HJ

Great news, i'm waitting this for so long time
Many thanks jockyw2001.
Rgds

yeah jocky you are the best! thx so much!
grezz

As for the status of my own sim unlocker, I am happy to announce *free* SIM unlockers for Kaiser, Niki and other models in the next days. Wish me a speedy recovery of a bad flu. Oh, also in the pipeline is a free program to make your Kaiser superCID :)


Congratulations on your persistent hard work, you've done it! :eek: :D

http://haacked.com/images/haacked_com/WindowsLiveWriter/CreateYourOwnMotivatorPoster_AA0E/Persistence2.jpg

looking forward to this, then i'll actually be able to use my new toy for making and receiveing phone calls.

You almost make me wish I bought a cheapo simlocked Kaiser back when... almost :D

Seriously, congratulations to you and all simlocked Kaiser users, well done! :eek:

I got my phone for free from the father in law, with a broken screen. Cost me $90 to get a new lcd from Hong Kong and took about 30 minuted to figure out how to get it apart. then another 10 or so to get the new rom on it, now i just need to sim unlock it and i'm golden. Sure makes me glad i didn't waste money on an iphone.

any news about the program that generete the unlock code?

been reading my a** off trying to find a sim unlock. Can't wait! :D

I wish you lucky. I'm waiting for this. If you are sucessfull, i promise, i'll donate something for you. It'll be not so much (coz i cannot) but it'll pay your pizza or something like this, :)

I wish you lucky. I'm waiting for this. If you are sucessfull, i promise, i'll donate something for you. It'll be not so much (coz i cannot) but it'll pay your pizza or something like this, :)

damn i wish this is done... i will donate as well smth, especially since i got two guys willing to pay me for unlocking their kaisers.
on the other hand, since we havent heard anything from jocky one month now, i bet he encoutered other problems along the way...

on the other hand, since we havent heard anything from jocky one month now, i bet he encoutered other problems along the way...
Haven't heard once month of me :confused:
Well you lost your bet :D

Status: I'm packaging the thing and it will be released in the week end

Great !!! Great !!! Great !!!

Take all the time you need to deliver us a great unlocker, we will be patient !!! :D :D :D

Haven't heard once month of me :confused:
Well you lost your bet :D

Status: I'm packaging the thing and it will be released in the week endHi,

Wonderfull...

Regards,

I dont need to unlock my tytn 2...But I just think its funny to do..:D:D

Haven't heard once month of me :confused:
Well you lost your bet :D

Status: I'm packaging the thing and it will be released in the week end

GREAT!! Saves me paying $50 to Tupisdin.

go jocky, go jocky, go. we will be anxiously waiting for your final result on unlocking kaiser. my opinion (i think you are about to do it) :)

brilliant news! i dont know if to sell my kaiser now though lol

Great news!!!! Keep up the good work!

if I can get mine unlock before next friday then will be very happy because I will be travelling and need to use the local sim card ;) thanks!!!

Maybe a noob question but..

I have my AT&T Tilt since a week or so.. and, even if I was among the people encountering the 'white screen' (and even if now I'm not able to flash anything anymore (http://forum.xda-developers.com/showthread.php?p=1824102#post1824102)) now I have my Tilt flashed with the Dutty's Dual Touch v3 and I'm almost satisfied.

I'll leave for Italy for few months, and the AT&T operator told me that upon my request they'll give me an unblocking SIM code to use my Italian SIM in Italy.
That's ok.

The question is.. Could that AT&T code works on my AT&T Tilt modded with Dutty's rom, and if yes... where do I should type/insert the code they'll pass me?

Thanks in advance!

Maybe a noob question but..

I have my AT&T Tilt since a week or so.. and, even if I was among the people encountering the 'white screen' (and even if now I'm not able to flash anything anymore (http://forum.xda-developers.com/showthread.php?p=1824102#post1824102)) now I have my Tilt flashed with the Dutty's Dual Touch v3 and I'm almost satisfied.

I'll leave for Italy for few months, and the AT&T operator told me that upon my request they'll give me an unblocking SIM code to use my Italian SIM in Italy.
That's ok.

The question is.. Could that AT&T code works on my AT&T Tilt modded with Dutty's rom, and if yes... where do I should type/insert the code they'll pass me?

Thanks in advance!

When you stick in a new SIM, it asks you for a code and you just type it in there. Very easy and straight forward process. But if you put the wrong code in 5 times, it automatically carrier locks so be careful when typing it in. :)

Awaiting till weekend to see the unlocking jobs coming ..... com on, keep it up right !!!

When you stick in a new SIM, it asks you for a code and you just type it in there. Very easy and straight forward process. But if you put the wrong code in 5 times, it automatically carrier locks so be careful when typing it in. :)

aawwww.... ok! So simple!

Thank you very much for the info. ;) :)

When when when!!?

When when when!!?
sunday 17:00 central time

sunday 17:00 central time

aww, I was hoping it would be today.... anyways I can't wait!

i'll be waiting in exitement,

only downside is that i have to wait until 23:00 local time :(

Wow this is great! I am excited too! You guys rock..

il be waiting to i have orange and a orange lock but just for fun
regards b

1 hour and 35 mins..... to go....

can't wait for it mate ;) I have my new MDA Vario III for testing as well ;)

whats the time over there? Here in the Netherlands its already 11:17 PM

stil waiting morning shift haha

Seems to be a few of us up still waiting lol.;)

yeahh i'm waiting too here in holland :p

too bad it isn't released yet, i can't wait any longer today :( have to get up early tomorrow.

Anyway, Jocky keep op the good work! It's probably being released any time now.

lol...I am in London here 22:35 now...I am still working till maybe 3am...I will check it ;) hah

lol...I am in London here 22:35 now...I am still working till maybe 3am...I will check it ;) hah

I have to wake up tomorrow at 7 am (have to work at t-mobile shop). But I will go to sleep at 3 am.. Gonna watch a movie now and what and see.. See ya guys later..

He was there in time, but didn´t post anything:
:(
View Profile: jockyw2001
jockyw2001
Senior Member
Last Activity: Today 11:05 PM

Ya its now 17:00 GMT -4:00 hours no post yet....a lot of hype, and nothing for unlocking :(

:)

Look again:

http://forum.xda-developers.com/showthread.php?p=1835096#post1835096

One hour and 3 minutes off, but so what, it's here!!!

Thanks dude!

Cheers,
Cacti

hi did it!

Ya its now 17:00 GMT -4:00 hours no post yet....a lot of hype, and nothing for unlocking :(

boy u are impatient :D

here (http://forum.xda-developers.com/showthread.php?t=361039) ya go

worth waiting....London 00:02am now and I see it ;) Thanks again Jocky, u the man ;)

Anyone got a report it works?

:mad: It doesn't work now

:mad: It doesn't work now

it works for me on my mda vario 3, but i had to do it on another laptop cause it wont work on vista

it works for me on my mda vario 3, but i had to do it on another laptop cause it wont work on vista

Well that's good enough for me (I don't actually need to unlock, as mine wasn't locked, this is just interest).

Congratulations on a job well done Jocky!

It works in vista but you need to use the xp activesync drivers. It wasn't plug and play but it worked.

it works!!!

unlocked my new T-mobile MDA Vario 3 and tested with my Vodafone sim card ;)

I am using XP SP2...remember to read the instruction properly, marked down your radio version ;)