IMEI changing kit for GTA02

Michael Spacefalcon msokolov at ivan.Harhan.ORG
Sat Feb 8 01:54:44 CET 2014

joerg Reisenweber <joerg at> wrote:

> you recall that single line I actually censored?

line 60, I assume.

> (Must have been the only time
> in my life I did this) In the changelogs, around moko5 or something.

Considering the time proximity between this hack and the moko5->moko6
change in which you (not you personally, but the company) went backward
from the sensible approach (used in most other TI-based products too)
of storing configuration items in FFS to the non-sensible approach of
hard-coding them in the fw, let me make a guess: the crappy Weendoze-
only host tools for development and production which TI gave you (for
FFS programming in this case) were unreliable, and you were looking
for a way to avoid needing to do any FFS programming through the RVTMUX
interface (TI's official way) at all.  Of course the IMEI is one item
which can't be hard-coded in the fw, and if you didn't want to (or
couldn't) use the "proper" RVT/ETM-based method of programming, then
you had to hack in some other way, such as a special AT command.

But I assume that the issues with TI's production testing and
programming tools must have been solved in time for GTA02A7 mass
production, as my unit came with a /pcm/IMEI (IMEISV really) setting
which cannot be programmed via that AT at SC hack, only via the proper
RVT/ETM channel.

I also find it cute that all mass-produced GTA02 units (at least the 4
that have been liberated so far: mine, David's, Norayr's and Giacomo's)
came with a few files in FFS (/pcm/CGM[IMR]) which are not used by any
of your fw's from moko6 onward, only by moko5 - surely flashing a GTA02
back to moko5 is NOT recommended (I even remember seeing admonitions
somewhere to never do that), yet those files seem to be there just to
support those people who might do that...  Wasn't it your inability to
write these strings into FFS reliably that made you go back to hard-
coding them?

When I made leo2moko from TI's standard Leonardo baseline, I had to
add a bit of extra code to display these CGMI/CGMM strings with some
extra wrapping around them.  If one were to run TI's totally "vanilla"
code on a GTA0x modem with this "MokoFFS" factory programming,
something in their ATI layer gets confused because apparently it
expects the strings to be wrapped in angle brackets, but the strings
featured in /pcm/CGM[IMR] in factory-programmed MokoFFS don't have
those angle brackets.

Oh well, history is what it is.

> It actually been a weird "secret" AT command to change the IMEI, it claimed
> in changelogs that it had some really weird formula to add birthday^5 to old
> IMEI or sth and append that to the new IMEI, for "authentication" - and it
> never worked afaik.

So I assume we are in agreement then that this "secret" AT at SC command
is NOT recommended for use?

Anyone who needs to change their IMEI for some good reason (because
they need to be ultra-anonymous when going from one disposable prepaid
SIM to another, or because they need to use some GSM network that
wrongfully blocks their FR's factory IMEI) should use the kit I have
just published.  This method does work - I've tested it on
T-Mobile USA :-).


More information about the community mailing list