Shattered Screen? Turn Your Broken Device into a Complete Media Center!

A cracked screen usually means you’ll have to spend a hefty … more

Gmail 5.0: Material Design and Multiple Account Support

Google started to materialize many of its applications right after announcing the … more

Some of Our Favorite Features in Android 5.0 Lollipop

Android 5.0 Lollipop is the latest major revision to Google’s mobile operating … more

Sony SmartEyeglass SDK Developer Preview Released

A little over a month ago in Tokyo, Japan, Sony unveiled its new SmartEyeglasstechnology. … more
Post Reply

[HOW-TO] [CDMA] Backup your HA and AAA keys

OP simonsimons34

simonsimons34
16th April 2012, 01:28 AM   |  #1  
Guest
Thanks Meter: 0
 
n/a posts
Sometimes when you flash a new radio, or you mess around in QPST you can break your data. Whats behind the breakage you may ask? Its your AAA and HA shared secrets.

A little background information:

The HA key is what gets you 1x data on your carrier. This is carrier specific, however is NOT phone specific. This could be google'd if you really required it.

The AAA key:
This IS device specific, you cant google it. Its connected to your account, and the way to get it is not what some consider easy. This is what gets you EVDO speeds, with out it you are stuck on 1x. If you call your carrier they will not give it to you either.


Continuing on to more information...

We will need a few tools to backup the keys, some free some not.
Team BlueRidge Sense 2.1 (it contains proper apps for using DM PORT)
QPST (free find it online)
CDMA Workshop (the demo should be fine, you could also borrow it)
HTC DIAG drivers (Just google it and find the installation guide)
Time
A hex editor


Now for the fun.... (If something seems too vague, google it)

First, we must get msl, use the app MSL Reader in the market.

Now, dial ##PORT# on the you will get a menu, hit enable, and then
go ahead and enter your MSL.

Now, lets open QPST, set up the phone, and go to EFS in the services tab of QPST

Now in EFS, make a folder called "open sesame door" without quotes all lower case in the root directory of the file system

reboot your phone

Now---- Open CDMA workshop and connect to the com port of your phone

Lets do memory read here, see where stuff is

Readable area from: 013D:0000
Unreadable area from: 01EA:0000
Readable area from: C000:0000
Process is stopped at: C0F1:0000

That says, we can read 013D:0000 and C000:0000 Ill save you time and tell you we need to dump 013D:0000 however (for all vm ive seen)

So now, lets go back to cdma workshop (should be there already) and choose to read Memory, make sure eeprom is not checked

Start address will be 013D:0000 (what i mentioned earlier)
size 99999999

This will scan the phone and dump everything into a .bin

Lets get a snack while this dumps... It will take a while

_________________________________________________

Okay, now the thing is dumped, lets call this scan1.bin

Open this in hex now, and hit ctrl+f

search for the word "secret" No quotes of course

now (for vm) you will see vmug33k that is your HA key, the first one showed under secret is ALWAYS HA key

look down one line, whalla, your aaa key is right below. (BACK THIS UP email it to yourself take a picture, ect, DONT LOOSE IT EVER, YOU WONT GET IT BACK)

so now you have your keys backed up, i cant tell you what you can or cannot do with them, it is up to you the end user, however i cannot endorse flashing phones or any illegal activity. In the mannor I am providing this, it is to ONLY save your aaa key incase of a bad radio flash, if you ever find a leaked radio.
The Following 4 Users Say Thank You to For This Useful Post: [ View ]
23rd April 2012, 03:53 AM   |  #2  
Will32's Avatar
Senior Member
Flag Benton
Thanks Meter: 635
 
1,419 posts
Join Date:Joined: May 2011
More
You're right Simon, you will not get that AAA secret back, better hope you have warranty if you lose it (i know from experience). Thanks for this.

On another note, do you know if their is a way to increase max speaker volume through qpst on this phone?
23rd April 2012, 06:26 AM   |  #3  
Senior Member
Thanks Meter: 21
 
176 posts
Join Date:Joined: Jan 2011
Does it allow you to write also?
simonsimons34
23rd April 2012, 11:41 PM   |  #4  
Guest
Thanks Meter: 0
 
n/a posts
What do you mean write?
24th April 2012, 01:51 AM   |  #5  
Senior Member
Jamaica Queens
Thanks Meter: 75
 
369 posts
Join Date:Joined: Aug 2011
More
To another device

Sent from my HTC_A510c using Tapatalk
simonsimons34
24th April 2012, 01:57 AM   |  #6  
Guest
Thanks Meter: 0
 
n/a posts
You can but I can not say how as it's illegal in some cases. If you, the end user choose to, it is up to you. I can not endorse it, however, I can say, qpst is your friend

Sent from my HTC_A510c using Tapatalk
7th May 2012, 01:02 AM   |  #7  
Junior Member
Thanks Meter: 0
 
1 posts
Join Date:Joined: Jul 2009
You say line below but that's a bit vague seeing as you don't say what offset length your using. Are you using 8, 10, 16 offset or what?
How long is the AKEY?
I'm a bit confused. I had it with QXDM but it doesn't work under Vista so I can't look it up the easy way.

Any help would be appreciated.
24th May 2012, 03:36 PM   |  #8  
insink71's Avatar
Senior Member
Flag Greenville, SC
Thanks Meter: 253
 
607 posts
Join Date:Joined: Nov 2010
Donate to Me
More
QXDM runs on Win7, don't know why it wouldn't on Vista... [the key is one must run it in XP compatibility mode]. That being said, the above tutorial references a tool in QPST [which doesn't require compatibility mode] called EFS Explorer; then switches to CDMA ware. It works as prescribed; no QXDM needed [QXDM didn't work for me attempting the easy way; doesn't display second set of info].
On specific question, if you open the dumped file in a hex editor [like HxD], you can visually see your aaa key after searching, as the tutorial suggests you do. I didn't need to put any offsets in my hex editor. You will find the aaa key to be 10 characters I believe for our phones [or more [[double that]] in binary].
Hope that helps; thanks for the tut Simon.

Rob

Sent from my PC36100 using Tapatalk 2
Last edited by insink71; 24th May 2012 at 03:54 PM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Wildfire S Android Development by ThreadRank