Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,738,152 Members 54,389 Now Online
XDA Developers Android and Mobile Development Forum

[HOW-TO] [CDMA] Backup your HA and AAA keys

Tip us?
simonsimons34 Old
#1  
Guest
Thanks Meter
Posts: n/a
Default [HOW-TO] [CDMA] Backup your HA and AAA keys

Sometimes when you flash a new radio, or you mess around in QPST you can break your data. Whats behind the breakage you may ask? Its your AAA and HA shared secrets.

A little background information:

The HA key is what gets you 1x data on your carrier. This is carrier specific, however is NOT phone specific. This could be google'd if you really required it.

The AAA key:
This IS device specific, you cant google it. Its connected to your account, and the way to get it is not what some consider easy. This is what gets you EVDO speeds, with out it you are stuck on 1x. If you call your carrier they will not give it to you either.


Continuing on to more information...

We will need a few tools to backup the keys, some free some not.
Team BlueRidge Sense 2.1 (it contains proper apps for using DM PORT)
QPST (free find it online)
CDMA Workshop (the demo should be fine, you could also borrow it)
HTC DIAG drivers (Just google it and find the installation guide)
Time
A hex editor


Now for the fun.... (If something seems too vague, google it)

First, we must get msl, use the app MSL Reader in the market.

Now, dial ##PORT# on the you will get a menu, hit enable, and then
go ahead and enter your MSL.

Now, lets open QPST, set up the phone, and go to EFS in the services tab of QPST

Now in EFS, make a folder called "open sesame door" without quotes all lower case in the root directory of the file system

reboot your phone

Now---- Open CDMA workshop and connect to the com port of your phone

Lets do memory read here, see where stuff is

Readable area from: 013D:0000
Unreadable area from: 01EA:0000
Readable area from: C000:0000
Process is stopped at: C0F1:0000

That says, we can read 013D:0000 and C000:0000 Ill save you time and tell you we need to dump 013D:0000 however (for all vm ive seen)

So now, lets go back to cdma workshop (should be there already) and choose to read Memory, make sure eeprom is not checked

Start address will be 013D:0000 (what i mentioned earlier)
size 99999999

This will scan the phone and dump everything into a .bin

Lets get a snack while this dumps... It will take a while

_________________________________________________

Okay, now the thing is dumped, lets call this scan1.bin

Open this in hex now, and hit ctrl+f

search for the word "secret" No quotes of course

now (for vm) you will see vmug33k that is your HA key, the first one showed under secret is ALWAYS HA key

look down one line, whalla, your aaa key is right below. (BACK THIS UP email it to yourself take a picture, ect, DONT LOOSE IT EVER, YOU WONT GET IT BACK)

so now you have your keys backed up, i cant tell you what you can or cannot do with them, it is up to you the end user, however i cannot endorse flashing phones or any illegal activity. In the mannor I am providing this, it is to ONLY save your aaa key incase of a bad radio flash, if you ever find a leaked radio.
The Following 4 Users Say Thank You to For This Useful Post: [ Click to Expand ]
 
Wikd
Old
#2  
Wikd's Avatar
Senior Member
Thanks Meter 569
Posts: 1,347
Join Date: May 2011
Location: Benton
You're right Simon, you will not get that AAA secret back, better hope you have warranty if you lose it (i know from experience). Thanks for this.

On another note, do you know if their is a way to increase max speaker volume through qpst on this phone?
Sprint G3

Need Dropbox?
 
gadgetdaddy
Old
#3  
Senior Member
Thanks Meter 20
Posts: 176
Join Date: Jan 2011
Does it allow you to write also?
simonsimons34 Old
#4  
Guest
Thanks Meter
Posts: n/a
What do you mean write?
 
kagevazquez
Old
#5  
Senior Member
Thanks Meter 75
Posts: 366
Join Date: Aug 2011
Location: Jamaica Queens
To another device

Sent from my HTC_A510c using Tapatalk
simonsimons34 Old
#6  
Guest
Thanks Meter
Posts: n/a
You can but I can not say how as it's illegal in some cases. If you, the end user choose to, it is up to you. I can not endorse it, however, I can say, qpst is your friend

Sent from my HTC_A510c using Tapatalk
 
Majinko
Old
#7  
Junior Member
Thanks Meter 0
Posts: 1
Join Date: Jul 2009
You say line below but that's a bit vague seeing as you don't say what offset length your using. Are you using 8, 10, 16 offset or what?
How long is the AKEY?
I'm a bit confused. I had it with QXDM but it doesn't work under Vista so I can't look it up the easy way.

Any help would be appreciated.
 
insink71
Old
(Last edited by insink71; 24th May 2012 at 03:54 PM.)
#8  
insink71's Avatar
Senior Member
Thanks Meter 249
Posts: 604
Join Date: Nov 2010
Location: Greenville, SC

 
DONATE TO ME
QXDM runs on Win7, don't know why it wouldn't on Vista... [the key is one must run it in XP compatibility mode]. That being said, the above tutorial references a tool in QPST [which doesn't require compatibility mode] called EFS Explorer; then switches to CDMA ware. It works as prescribed; no QXDM needed [QXDM didn't work for me attempting the easy way; doesn't display second set of info].
On specific question, if you open the dumped file in a hex editor [like HxD], you can visually see your aaa key after searching, as the tutorial suggests you do. I didn't need to put any offsets in my hex editor. You will find the aaa key to be 10 characters I believe for our phones [or more [[double that]] in binary].
Hope that helps; thanks for the tut Simon.

Rob

Sent from my PC36100 using Tapatalk 2

Phones:
HTC:
  • Droid Eris - desirec
  • Droid Incredible 2 - vivow
  • EVO 4G - supersonic
  • Evo Design 4G - kingdom
  • Google G1 - dream
  • G2 - vision
  • One V - primoc
  • Wildfire S - marvelc & marvel
LG:
  • Google Nexus 4 - mako
Motorola:
  • Droid Bionic - targa
Samsung:
  • Google Galaxy Nexus - maguro

Tablets:
  • (Asus) Google Nexus 7 - grouper
  • B&N Nook Color - encore
  • HP Touchpad 32GB - tenderloin




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...