IMEI changing kit for GTA02

[Michael Spacefalcon]

Hello fellow freedom lovers,

I have just released the first version of the kit that allows a Neo
Freerunner user to set his/her IMEISV to any value of his/her choice.
Download it here:

ftp://ftp.ifctf.org/pub/GSM/GTA02/ffs-edit-kit-r1.tar.bz2

Operating instructions are inside the tarball.  The way in which this
kit works is completely independent of what firmware version you have
in flash: it can be moko11, leo2moko, or even blank or corrupt flash.
(Just like with fc-loadtool, the chain starts with Calypso's on-die
boot ROM, i.e., the wonderful hardware unbricking feature TI gave us
in this baseband chip, similar in principle to FR's NOR U-Boot which
is extra hardware just for unbricking.)

Please also note that many vendors' "standard" proprietary firmwares
include undocumented AT commands for setting the IMEI, and as my
experiments indicate, moko11 appears to be one of them:

ftp://ftp.ifctf.org/pub/GSM/hacks/imei-hacks-r1.tar.gz

However, I do not recommend using that AT at SC command, as the half-baked
implementation does not make the proper distinction between IMEI and
IMEISV, and the last 16th digit of the complete IMEISV (which is what
the modem actually uses and sends over the air) ends up being set to a
"random" value that is an artifact of the obfuscation scheme.

As an example, the original factory IMEI of the GTA02 I use for FC
development is 35465101-961584-0; the original factory programming of
the complete IMEISV is 35465101-961584-00.  However, if one uses that
AT at SC hack to change it, it is then impossible to revert the complete
IMEISV back to this original setting using the same AT at SC command!  If
one feeds the correct obfuscated AT at SC string for setting
35465101-961584-0, the full IMEISV gets set to 35465101-961584-01
instead of the original factory 35465101-961584-00.

In contrast, the FFS editing kit linked above allows you to set all 16
digits of the IMEISV to whatever you choose; the kit provides the
mechanism and you decide on the policy for what the SV digits should be.

However, considering that those with a desire to play with their IMEIs
would probably find an AT command much more convenient than the rather
cumbersome (albeit powerful) XRAM-agent-based mechanism presented in
my current kit, I plan on making a new version of leo2moko that will
include a new AT command for setting the IMEISV.

I will not be replicating the obfuscated AT at SC command, instead it
will be a different AT command that sets all 16 digits explicitly and
works without any obfuscation.  The syntax I propose is:

AT+SIMEISV="1234567890123456"

If anyone has an argument for a different syntax, please speak up now.

Viva la Revolucion,
SF