[GUIDE]TBH inspired Free wireless tethering hack instructions for Droid 3

Search This thread
By:
Advanced…
C

cellzealot

Senior Member
Jan 4, 2008
1,314
815
Philadelphia, PA
I don't mind however you would like to host it.

Regarding your questions about the D3 and the band unlock, there is no NV editing to band unlock the D3 because they changed the may the lock mechanism works and removed it from the NVM and made it inaccessible in the signed radio image. Since only signed radio images can be flashed, they can't be modified.

Fortunately, as you will note in the thread on this forum, there is a band unlocked Chinese radio from the XT883 that can be flashed to the D3 because they are identical hardware and the signatures are accepted. This means that you can run that radio under all of the stock builds available and most of the custom ROMs that I have seen reports about, including ICS builds. You need to use an edited build.prop as well to get the radio properly recognized had configured for GSM use.

Unlocking the SIM is a separate matter and also does not involve the NVM.

So, I am not certain if that answers your questions or not, but the NV edits like those on the original firmware builds for D2G and Pro were considered far too vulnerable to tampering and were changed at the behest of VZW almost immediately after release.
 
  • Like
Reactions: TimelesslyPrecise
TimelesslyPrecise

TimelesslyPrecise

Senior Member
Oct 13, 2010
476
80
SouthWest Florida
cellzealot said:
I don't mind however you would like to host it.

Regarding your questions about the D3 and the band unlock, there is no NV editing to band unlock the D3 because they changed the may the lock mechanism works and removed it from the NVM and made it inaccessible in the signed radio image. Since only signed radio images can be flashed, they can't be modified.

Fortunately, as you will note in the thread on this forum, there is a band unlocked Chinese radio from the XT883 that can be flashed to the D3 because they are identical hardware and the signatures are accepted. This means that you can run that radio under all of the stock builds available and most of the custom ROMs that I have seen reports about, including ICS builds. You need to use an edited build.prop as well to get the radio properly recognized had configured for GSM use.

Unlocking the SIM is a separate matter and also does not involve the NVM.

So, I am not certain if that answers your questions or not, but the NV edits like those on the original firmware builds for D2G and Pro were considered far too vulnerable to tampering and were changed at the behest of VZW almost immediately after release.
Click to expand...
Click to collapse

****e..
i recall that.. the hack was discovered for the old BB, but the new broke it.

Well, with the RadioCOmm.. do you think i have the capability to change\force the 1700 band for upload? (as far as editing and manipulating the baseband?)
possibly, comparing the values between the chinese radio, and the US radio?

Do i have this type of flexibility with the Radio and RadioComm?
do i have this type of flexibility with QPST, DFS, or CDMAware?


Thanks for the resonses
 
J

jb265536

New member
Jan 5, 2010
1
0
Oh no!

Performed all the steps as listed on Rooted Droid 3. Tether still doesn't work, but now I can't download anything from the Google Play store without wifi. Everything else works, internet on browser, etc. Was interested in reversing the hack, by by copying in the original values for 8013, 8014, etc. in the appropriate locations and see if this does anything. Does anyone have the Dec Values saved pre-hack?

John
 
J

Jason Roach

Senior Member
Oct 18, 2011
347
79
If those r the numbers u used then that the problem. I think its 8041 8042... so on
There is an awesome video on youtube by TweakMyDevice that shows exactly how do it and he even mentioned that its the exact way for the d3
Sent from my DROID3 using XDA
 
Last edited:
TimelesslyPrecise

TimelesslyPrecise

Senior Member
Oct 13, 2010
476
80
SouthWest Florida
jb265536 said:
Performed all the steps as listed on Rooted Droid 3. Tether still doesn't work, but now I can't download anything from the Google Play store without wifi. Everything else works, internet on browser, etc. Was interested in reversing the hack, by by copying in the original values for 8013, 8014, etc. in the appropriate locations and see if this does anything. Does anyone have the Dec Values saved pre-hack?

John
Click to expand...
Click to collapse

Ouch.. Def put those values back... Try the values listed in the guide..

If it still doesn't work, try another ROM... Aosp gingerbread, or ics. I couldn't get tether working with steel Droid or stock... But this hack did allow for it to work with ics..

Take your time, read through the guide, and have faith. You can do it :)

Sent from my SGH-T959 using XDA
 
yanger

yanger

Senior Member
Aug 21, 2010
136
8
Any easy methods to just flash a file to make the change happen vs using the extra software?
 
J

Jason Roach

Senior Member
Oct 18, 2011
347
79
i lose my connection to google when i activate the tether and it causes it to run slow, the icon just stays white. any ideas? d3 rooted mav 4.0
 
y0himba

y0himba

Senior Member
Sep 16, 2008
451
54
In a house.
www.y0himba.net
dsw361 said:
"I have not confirmed that this works for Droid 3 it may only work on Motorola 4g phones so maybe someone can confirm if it works or not as i have already done the radiocomm hack."
Click to expand...
Click to collapse

I think he posted this as an idea, since it worked on another device, without verifying it worked on the Droid 3, then prematurely posted it to the other threads telling folks the other methods were not needed.

I am sticking with the radiocomm method.
 
I

insanespain

Senior Member
Nov 30, 2011
88
3
I've been sifting through this thread for awhile now. I've got a couple questions if someone could answer them. I was originally going to do this hack, but then hopped on the ics kick back on hash's alpha 4 and I've been on ics until now. Tether ALWAYS worked on ics roms without doing any hacks at all. But the lack of being able to send mms and the lack of video camera has finally made me go to mavrom. I've been unable to get tethering to work with any of the market apps, which brings me here. Why does it work on ics without this hack, but not on gb? And is there a flashable zip that I can use with safestrap instead of messing with the radiocomm software?

Sent from my DROID3 using Tapatalk 2
 
TimelesslyPrecise

TimelesslyPrecise

Senior Member
Oct 13, 2010
476
80
SouthWest Florida
insanespain said:
I've been sifting through this thread for awhile now. I've got a couple questions if someone could answer them. I was originally going to do this hack, but then hopped on the ics kick back on hash's alpha 4 and I've been on ics until now. Tether ALWAYS worked on ics roms without doing any hacks at all. But the lack of being able to send mms and the lack of video camera has finally made me go to mavrom. I've been unable to get tethering to work with any of the market apps, which brings me here. Why does it work on ics without this hack, but not on gb? And is there a flashable zip that I can use with safestrap instead of messing with the radiocomm software?

Sent from my DROID3 using Tapatalk 2
Click to expand...
Click to collapse

I don't know why it works on ics, but not the other roms.. Same issue here :p
It would be nice to know..

But, look a few posts up, there are links for the clockwork recOvery flasher zips which you can use to bake things easier..



Sent from my SGH-T959 using XDA
 
C

cybersud

Member
Mar 28, 2008
6
0
Impact of new DROID3 update?

I have been using this hack for awhile on my VZW Droid 3 and it works great.

I recently got notification of an update to the OS to a new version. Does anyone know if this messes up the tether hack? I don't want to update if I lose tethering.

Thanks in advance.
 
TimelesslyPrecise

TimelesslyPrecise

Senior Member
Oct 13, 2010
476
80
SouthWest Florida
Is it ics?

It might mess it up.. Not sure.. Most of the time, factory updates ruin root and possible radio hacks, like this one..

Couldn't hurt to test it out and report back.. If it does break it, you can always use an sbf back to older state. Check around the forum for older sbf files.
 
C

cybersud

Member
Mar 28, 2008
6
0
Thanks for the note.

I am currently on the original Verizon distribution, but now I am getting a notice about version 5.7.906.en.US as being available.

I wondering if anyone else was running that version and if the radio hack still worked. I have looked far and wide and in some places it says moving to the new version is no impact and then in others it says it breaks it. So, I am confused.

Any input appreciated.

Thanks
 
Last edited:
C

cellzealot

Senior Member
Jan 4, 2008
1,314
815
Philadelphia, PA
Any update to the radio will overwrite the NV edits, so you will simply need to redo the procedure.

This method will always work for 3g devices because of the nature of how they authenticate the data connection.
 
N

nodixe

Senior Member
May 12, 2011
111
7
This question is directed @cellzealot or any other such knowledgeable person: I woul like like to revisit insanespain's question a few posts above. I am coming from a DX so I am familiar with TBH tether patch but once I found 2nit aosp roms I never needed it as the wireless tether app would allow the hostedap (infrastructure mode) setup in settings. Then again on my D3 it is similar where the aosp based ICS roms allow hostedap setting. I was wondering why/what's the difference? Also is there a rom that has a working hotspot and hdmi mirror mode?

Sent from my DROID3 using xda premium
 
ovelayer

ovelayer

Senior Member
Mar 19, 2011
596
363
spokane
nodixe said:
This question is directed @cellzealot or any other such knowledgeable person: I woul like like to revisit insanespain's question a few posts above. I am coming from a DX so I am familiar with TBH tether patch but once I found 2nit aosp roms I never needed it as the wireless tether app would allow the hostedap (infrastructure mode) setup in settings. Then again on my D3 it is similar where the aosp based ICS roms allow hostedap setting. I was wondering why/what's the difference? Also is there a rom that has a working hotspot and hdmi mirror mode?

Sent from my DROID3 using xda premium
Click to expand...
Click to collapse

yes you can still teather with the .906 update..i have never done the tbh hack..
if you dont wanna do the hack try wifi teather for root users on the market combined with most of the newer roms..i use eclipse 3.0 and together i wifi teather great and free..
 
N

nabilalk

Member
Jan 22, 2010
26
1
Ridiculously simple

Much much easier than it looks from the description. Piece of cake, once all the RC program and the drivers were installed, this took less than 5 mins. Thank you OP
 
  • Like
Reactions: faylix
R

redsox985

Senior Member
Aug 30, 2011
688
87
PA
Unless our radios are written upon activation of the phone and it's done specific to our number, the 8040-8043 strings that I pulled from my replacement D3 matched those pulled from a previous D3. Would they be the same for all of us? Plus, 8041-8043 are all the same.
 
C

cellzealot

Senior Member
Jan 4, 2008
1,314
815
Philadelphia, PA
Yes, the strings are the same for all devices. The way the hack works is by making the values in 8041, 8042 and 8043 match the values in 8040 meaning that the NAI and Tethered NAI show the same authentication to the network.
 
You must log in or register to reply here.

Similar threads

Hashcode
[WIP][KERNEL][KEXEC] JB ROMS For Droid 3 [03/06: BT/SPEAKERPHONE FIX]
Replies
2K
Views
492K
sd_shadow
sd_shadow
Hashcode
[SELFKANG ICS AOSP ROM] CM9/ICS for Droid 3 -- [BETA 2012-03-11]
Replies
2K
Views
378K
Endoroid
Endoroid
tspx23
Guide - Unlock XT862 for T-mobile/ATT
Replies
539
Views
212K
sd_shadow
sd_shadow
psouza4
  • Sticky
[Guide] root and unbrick [UPDATED 6/14/2013]
Replies
156
Views
143K
D
doogald
Deodexed
  • Locked
Can this Root Droid 3?
Replies
808
Views
140K
NeoS
NeoS

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 61
    F
    faylix
    Wireless Tethering is one of the main things I miss about not having root. I specifically bought a wifi only Xoom because I knew I could just tether it to my phone. When I switched to the droid 3 believing it would come unlocked it was like a kick in face.

    Recently I came across a thread from Team Black Hat describing a way of enabling free tethering on Verizon without root. In their write up they provide a flashable zip. Useless for us as we don't have root, or a recovery, but it got me thinking. All credit for this goes to Team Black Hat. They rock, I really hope they are working on rooting the droid 3 because they are android gods.
    The original thread by TBH can be read here.

    I'm not going to go too in depth here, because if you screw you have the possibility to brick your pretty new device. Also, It goes against your TOS with Verizon, and who knows one day they might work out a way to tell who is doing this. The more people who know and use this trick, the more likely it is they will find some way of detecting and or closing the hole.

    But I couldn't leave my XDA brothers out of the loop! :D So with the standard disclaimer (I'm not responsible for anything you do, anything that comes of something you do, blah blah, you know the deal) I will outline the steps required to enable free tethering on our wonderful Droid 3s.

    Team Black Hat said:
    TeamBlackHat is releasing for the public the only permanent 3G Hotspot hack. Please be responsible and do not abuse this release. MyDroidWorld and TeamBlackHat are not responsible for your behavior nor your bills.
    Click to expand...
    Click to collapse


    I did this on a windows 7 64 bit pc. The radiocom software would def be happier with a 32 bit xp system, it will throw a lot of errors, but it will work. More on that in a second.

    1st. You need the most recent drivers for your computer so that your computer can see your phone. You can get them off the Motorola website, same as if you were going to use adb or RSDlite. The file I downloaded from the moto support site was called MotoHelper_2.0.49_Driver_5.0.0.exe

    2nd. You need a copy of Radiocom. Radiocom is a piece of software thats supposed to be for moto employees only and allows you to read and write data directly to your software radio. You need to search the internet for it, because its a copyrighted file I can't post it for you. You need to find the latest version. The best version I found was RadioCOmm_v11.11.11_Install.msi - You also need the .net framework installed on your computer. You can get that from Microsoft's site for free.

    3. You need a USB cable and a droid 3.

    Now... crack a beer and lets get down to business.

    1. Install the moto drivers and the .net framework. Install Radiocom. It will give you all sorts of errors, but it will install.

    2. Next, find it under your start menu. Right click on it, and select "trouble shoot compatibility" I just ran with the suggested settings. Basically what this does is run the application under XP compatibility mode. Now take a sip of beer, you are gonna get some error messages but don't tweak.

    a. You will still get the first screen that says do you want ot the following program from an unknown company to make changes on your computer - check yes.

    b. it will say motorola datacard drivers 1.5.9 : this installation is intended for 32-bit os versions only.please use the 64bit version on this machine. click okay.

    c. Installation incomplete: the installer was interrupted before motorola datacard drivers 1.5.9 could be instaled. You need to restart the installer to try again. hit close.

    d. Warning: Motorola Dataard Drier installlation package ersion mismatch. the version supplied with this tool does not match the installed version on the machine. WE cannot guiarantee proper radio enumeration unless you install the latest version. the installation package will start again the next tiem this tool is started. Click OK

    e. This version of RadioCOmm is more that 2 months old. This version may be out of date. Please visit the PDO compass webpage and download the latest version of RadioComm. - Click OK.

    Radiocom will start! Phew!

    you will have to select the chipset at start: I selected CDMA 1x (MSM 7500) w/ Android. I don't know if this is the best or most accurate one. I actually spent 45 minutes trying to search for exactly what our chipset base was... but I decided to be brave (or stupid) and went with this one and it worked. after it boots, Under settings in radiocom, USB, Select PST USB Driver.

    3. Now, Connect your droid 3 to your computer and put it in PC mode. If you installed the drivers correctly you should get this cool little screen showing your phone and telling you some info about it that pops up from motos software. in radiocom software in the upper right of the screen right under the RC logo, the lgiht should turn green to show the phone is connected. You can test by pushing the GET button under the SW version. It should return your Android software version. DON'T PUSH ANY OTHER BUTTONS. YOU COULD REALLY SCREW SOMETHING UP.

    Now a little background, you can read TBH's awesome explanation, but the quick and dirty one is that moto's software radio uses three different 128 char string identifiers for data requests. Thats how they can tell the difference between your phones web browser asking for data, and a laptop or Xoom connected to your phone asking for data. We are going to use Radiocom to make all three strings match the first string - so all data appears to be just for the phone. After doing so - your verizon installed hotspot app will work and the usb tethering option will too! ta da!

    Team black Hat has made a screen shot showing all the steps required it can be viewed here.

    I'll also try including it right here but i'm not sure how it will look:

    RC_Tether_1.jpg


    3. now take a deep breath... use the arrows in the Radiocom program to find the tab marked P2K 1.

    Look at the image and in your Radiocom program in the bottom left there is a box called STELEM/ RDELEM. First Select Dec entries.

    Rdelem means read, and STELEM means write.

    now this is very very important. Do not screw this part up. make sure again you have selected Dec entries, because if you enter the numbers below in hex mode and then hit DEC they will change and you will be reading and writing the wrong values which is BAD.

    In Dec Mode

    For ElementID: enter 8040
    Record # 1
    offset 0
    length 128

    Now Hit RDELEM. the box in the top right should go green, a bunch of numbers should flash through but most importantly right next to where you entered the element ID and record number the box that says Data (hex only) will now have a 128 char string in there. Hilight the entire 128 byte string and copy it.

    4. You are now going to change the element ID to 8041 (record, offset, length stay the same) and hit RDELEM. If you compare these two numbers they are different, this is how moto knows you are tethering. You would have to paste both into a word file becuase they both end in a bunch of 00's so in the tiny data box they look the same, but trust me they are different. Select the data in the databox for 8041 and delete it. Paste the number from 8040. Now hit STELEM. Again you should see a bunch of numbers go through that box on the top right and it should be green.

    5. Now you are going to do the same things for element numbers 8042, and 8043. Remember each time to hit RDELEM first, paste the value from 8040, then hit STELEM.

    6. Now hit the restart button next the text box top center. You phone will restart. it will say something scary at first like SIm card not found. This is normal. Give it a Second and it will be right back to normal, you will have your 3G icon and be able to make calls, send texts etc.

    EXCEPT.... Now you can use the verizon mobile hotspot application and it won't send to that verizon website that says "would you like to pay for tethering?" - you have just successfully hacked your radio to make verizon believe all data requests are phone data requests.

    Ta DA!@

    We might not have root yet, but now we have free wireless tethering! I have had this running for about 24 hours and everything seems perfectly functional. My xoom connects right away to my phone and the distance is actually pretty good (like from bed to desk.. not just pocket to hand). Speeds are functional, just like you would get on the phone.

    I hope I have made the wait for root just a little easier for my fellow XDA'ers... I know despite the fact I'm taking the Bar exam in 3 days I still check the forums every hour hoping against hope for some new news of root .... or hell... even video chat working in talk (gchat/huddle/etc).

    Again I take no credit for this, All thanks to Team Black Hat! But if you wanted to press the thanks button it would make feel all warm and fuzzy inside =)

    - faylix / local
    View
    4
    C
    cellzealot
    Here is a zip file containing two .NVM seem tables for use with RadioComm NV/SEEM feature which writes these files in a single operation.

    One file will write these SEEMs enabling tethering on any Moto Droid device and the other will write the default values to disable it on any Moto Droid device.

    Or you can open them up in Wordpad to just read the data and write it manually if you prefer.
    View
    3
    C
    cellzealot
    Nice job! ;)

    There is actually a great deal more to discuss regarding the NVM of the D3 and I will be doing so.

    These instructions and screenshots should actually be updated to reflect the MDM6600 global chipset in the D3 and other global Droid models.

    I am currently working on a comparison of a dump of the D3 NVM and an unlocked Droid Pro 3.8.7 engineering build to see if its possible to isolate the band unlock and apply it to the new radio.
    So far it doesn't look good because there are so many differences in the radio NVM between them, but I have only just started examining it.

    Thanks for giving credit where due and i emphasize that this is a very dangerous practice right now if you abuse it and VZW is making a concerted effort to identify and penalize such users.
    View
    3
    C
    cellzealot
    Here is an updated screenshot that should help some of you with issues.
    You can read the SW Version and MEID but it will hang reading Flex version so don't bother with that.
    Note that the GUI will change dramatically with the correct chipset base and the RDELEM/STELEM module is now on the P2K4 tab instead of P2K1 tab.

    Some of the other steps outlined in the OP may also be unnecessary depending on your PC config.

    Yes, I am using a newer version of RadioComm than you will find available on the web but this will work with any 11.X.X version.

    Droid3_RadioComm_NAI.jpg
    View
    2
    F
    faylix
    cellzealot said:
    Hehe, folks here aren't too generous with the thanks button...I have no idea why.
    Click to expand...
    Click to collapse

    bunch of mean people on XDA.... :p

    - faylix / local

    (finally rooted my droid and on darkdroid blah blah).
    View

New posts