Announcement

Collapse
No announcement yet.

KPC650 ESN Swap

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • KPC650 ESN Swap

    hypothetically, could a kpc650 air card be used by transferring an esn off a active cellphone? i have seen this discussed on defcon15 youtube video but what all would need to be done for it to actually authenticate on the network? i would think it would be the same as cloning from cellphone to cellphone, but since they are two different types of devices would the "numbers" be compatible between the two? The video was very informative but I think it may have left out some important stuff, so hopefully someone can add to the purely educational learning experience.

    tools needed:

    qpst
    bitpim for easy hex dumps
    hexeditor
    checksum calc

    after looking through file explorer, for the swap to work i would think these files need to edited/swapped:

    1. - swap or edit esn on air card with cell esn via nvm $sys file (question- does the original aircard $sys file need to be edited, checksum and reloaded or can you just backup/copy the cell phone $sys file to cpu & then overwrite the air card $sys with that one in QPST?)

    2. - edit all other nvm files to replace any air card phone numbers with new cell phone numbers (found places in nvm_data, nvm_cdma, nvm_display)

    anything else need to be edited? where would the .MIN file be changed/found as I didnt see anyplace on the air card with the .min ext.? Would the nvm_factory or nvm_minlock need to be edited? is there any other hidden files that need to be found & edited?

    would authentication on the system for the air card work by using it as a dun modem like tethering the cell (#777) with the above edits or would more things need to be done like editing an A-key if the card has one? any steps missing here?

    1st problem - even after steps 1 & 2, the original aircard phone # (MIN) still displays in the QPST properties (qpst configuration, etc) even though the ESN # is showing as changed and all NVM files show the new cell phone numbers in a hexdump.. there must be something else that needs to be edited - also aircard will not authenticate on system..

  • #2
    Re: KPC650 ESN Swap

    bump... nobody has answers? still need a way to get the card authenticated on the network, what have i missed?

    Is King Tuna on here, I know his video is what got me interested in this...
    Last edited by thehackmeister; January 29, 2008, 03:16.

    Comment


    • #3
      Re: KPC650 ESN Swap

      Originally posted by thehackmeister View Post
      bump... nobody has answers? still need a way to get the card authenticated on the network, what have i missed?
      What have you missed?
      Possible answers:
      1) No one who knows the answer, has read the thread yet.
      2) No one here knows.
      3) People know, but no one cares to answer you.

      A "bump" is considered spam/power posting. See the Rules, which you agreed to abide by when you joined the DC Forums. Specifically, see Rule 5.

      Originally posted by [URL="https://forum.defcon.org/showthread.php?t=6777"
      The Rules[/URL]]
      5. Spamming, Power posting, and Advertising:

      ...

      Do NOT post "Me too", "useless/empty" , "HI I'm NEW! " , "bump-up" , "duplicated/crossposted" style content.
      While the Rules tend to be somewhat relaxed in the Community Talk area, understand that bumps like this are apt to annoy the very people from whom you are seeking help.
      Last edited by Thorn; January 29, 2008, 04:54.
      Thorn
      "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

      Comment


      • #4
        Re: KPC650 ESN Swap

        Thanks for posting rule 5, but just to clarify, are you saying I should not have not wrote "bump" before the rest of my last post??? ;)

        "nobody has answers? still need a way to get the card authenticated on the network, what have i missed?

        Is King Tuna on here, I know his video is what got me interested in this..."

        Comment


        • #5
          Re: KPC650 ESN Swap

          Originally posted by thehackmeister View Post
          Thanks for posting rule 5, but just to clarify, are you saying I should not have not wrote "bump" before the rest of my last post??? ;)

          "nobody has answers? still need a way to get the card authenticated on the network, what have i missed?

          Is King Tuna on here, I know his video is what got me interested in this..."
          Are you not able to comprehend English? If nobody answered you, then nobody gives a shit. This is not tech support, and your attitude is going to guarantee that "help will not arrive in time." What on earth makes you think that bumping your previous missive (using the term "bump" just made it even ruder) was acceptable? Personally, I'm hoping the next reply to this is from /dev/null

          *wanders off muttering to self about manners*

          Comment


          • #6
            Re: KPC650 ESN Swap

            Originally posted by thehackmeister View Post
            Thanks for posting rule 5, but just to clarify, are you saying I should not have not wrote "bump" before the rest of my last post??? ;)
            No, I'm saying that the entire post was unnecessary.

            Originally posted by thehackmeister View Post
            "nobody has answers? still need a way to get the card authenticated on the network, what have i missed?

            Is King Tuna on here, I know his video is what got me interested in this..."
            No user by name is on these forums. If you're talking about the video of the DefCon 15 presentation on EVDO by King Tuna, then I know him, and to my knowledge he does not participate on any forum.
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: KPC650 ESN Swap

              Originally posted by shrdlu View Post
              Are you not able to comprehend English? If nobody answered you, then nobody gives a shit. This is not tech support, and your attitude is going to guarantee that "help will not arrive in time." What on earth makes you think that bumping your previous missive (using the term "bump" just made it even ruder) was acceptable? Personally, I'm hoping the next reply to this is from /dev/null

              *wanders off muttering to self about manners*
              Though I agree that, "bumping," a thread like that is a rule violation, as addressed by Thorn, and the poster was being a bit rude, please let the mods take care of these things. If this thread is moved to /dev/random, then anyone can flame anyone else about items in the thread. (We're keeping /dev/random as a place where users mostly moderate themselves, except for spam, illegal content and Politics & Religion.)

              Maybe we'll find that this system of, "only mods should flame users," as a default for all forums unless exceptions are made, is not very effective. Maybe we'll find having a Sandbox forum where only playing nice is allowed, and everywhere else users have less restricted rules, as found in /dev/random. We have no correct answer, but continue to search for balance. :-)

              In an ideal system, moderators would do nothing, and users would handle problems on their own. (This seems to be the primary method for handling problems on dc-stuff, and seems to work well for the list members, as they are still subscribed.) Such a method requires the least amount of control, and allows for more freedom of expression, but allows small groups of people to gang up on others or let users seeking attention, troll. Fortunately, most of dc-stuff's list members seem to understand how to deal with trolls, but on a web-based forum, we have users less experienced in such things. We've found no perfect solution, but we keep looking.



              thehackmeister: I won't close your thread because of the above, but please be patient and try other sources while you wait for an answer. If you do get an answer to your question, I encourage you to follow-up your post with the results, and help other people looking for answers to the same questions, as they will probably find this thread with the help of google when they search for the same answers.

              As demonstrated above, we do enforce rules here, and I agree with what Thorn posted.

              Thanks everyone! :-)

              Comment


              • #8
                Re: KPC650 ESN Swap

                Originally posted by TheCotMan View Post
                Though I agree that, "bumping," a thread like that is a rule violation, as addressed by Thorn, and the poster was being a bit rude, please let the mods take care of these things.
                Sure. I plead lack of caffeine, yer honor.

                Originally posted by TheCotMan View Post
                If this thread is moved to /dev/random, then anyone can flame anyone else about items in the thread. (We're keeping /dev/random as a place where users mostly moderate themselves, except for spam, illegal content and Politics & Religion.)
                This is the funny part (to me). I didn't mean /dev/random, the forum dumping ground. I meant /dev/null, as in where I wanted to place him (again, consider lack of caffeine). I actually like dipping into /dev/random now and then (the forum, not the random bit collector), and only use /dev/null for "special" routing issues.

                Comment


                • #9
                  Originally posted by shrdlu View Post
                  Are you not able to comprehend English? If nobody answered you, then nobody gives a shit. This is not tech support, and your attitude is going to guarantee that "help will not arrive in time." What on earth makes you think that bumping your previous missive (using the term "bump" just made it even ruder) was acceptable? Personally, I'm hoping the next reply to this is from /dev/null

                  *wanders off muttering to self about manners*
                  sorry, i didnt realize people in here were so sensitive.. i promise to work on my forum etiquette.

                  Originally posted by Thorn View Post
                  No, I'm saying that the entire post was unnecessary.

                  No user by name is on these forums. If you're talking about the video of the DefCon 15 presentation on EVDO by King Tuna, then I know him, and to my knowledge he does not participate on any forum.

                  Yes, I am trying to reach King Tuna from the Defcon15 conference. If you could forward a message to him on my behalf it would be greatly appreciated. Perhaps he can email me if he is not a member of any forums. I tried contacting him at wardriving world but they said he is no longer there. I think I am about 99% complete with his EVDO hack and really need to know what else I need to do. If you need an email for him to contact me, let me know. Thanks
                  Last edited by TheCotMan; January 29, 2008, 16:28. Reason: Merged 2 posts into 1.

                  Comment


                  • #10
                    Re: KPC650 ESN Swap

                    Originally posted by thehackmeister View Post
                    Yes, I am trying to reach King Tuna from the Defcon15 conference. If you could forward a message to him on my behalf it would be greatly appreciated. Perhaps he can email me if he is not a member of any forums. I tried contacting him at wardriving world but they said he is no longer there. I think I am about 99% complete with his EVDO hack and really need to know what else I need to do. If you need an email for him to contact me, let me know. Thanks
                    Sorry, my contact with him was via WarDriving World. I hadn't realized that he'd left there.
                    Thorn
                    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                    Comment


                    • #11
                      Re: KPC650 ESN Swap

                      Originally posted by TheCotMan View Post
                      Though I agree that, "bumping," a thread like that is a rule violation, as addressed by Thorn, and the poster was being a bit rude, please let the mods take care of these things. If this thread is moved to /dev/random, then anyone can flame anyone else about items in the thread. (We're keeping /dev/random as a place where users mostly moderate themselves, except for spam, illegal content and Politics & Religion.)

                      Maybe we'll find that this system of, "only mods should flame users," as a default for all forums unless exceptions are made, is not very effective. Maybe we'll find having a Sandbox forum where only playing nice is allowed, and everywhere else users have less restricted rules, as found in /dev/random. We have no correct answer, but continue to search for balance. :-)

                      In an ideal system, moderators would do nothing, and users would handle problems on their own. (This seems to be the primary method for handling problems on dc-stuff, and seems to work well for the list members, as they are still subscribed.) Such a method requires the least amount of control, and allows for more freedom of expression, but allows small groups of people to gang up on others or let users seeking attention, troll. Fortunately, most of dc-stuff's list members seem to understand how to deal with trolls, but on a web-based forum, we have users less experienced in such things. We've found no perfect solution, but we keep looking.



                      thehackmeister: I won't close your thread because of the above, but please be patient and try other sources while you wait for an answer. If you do get an answer to your question, I encourage you to follow-up your post with the results, and help other people looking for answers to the same questions, as they will probably find this thread with the help of google when they search for the same answers.

                      As demonstrated above, we do enforce rules here, and I agree with what Thorn posted.

                      Thanks everyone! :-)
                      I appreciate the reply. I do have my EVDO issue posted on a few other forums and have spent many hours trying to figure this out. I don't have an IT background so most of this is a new learning experience for me. The extent of my knowledge is basically tinkering with my cell phone after many hours spent on HOFO with good results. I happened to run across the Defcon 15 video and went out and snagged a KPC650 card and figured i would give it a try and the results I posted above are as far as I got.

                      I apologize for the bumping and the attitude but I'm sure you know the feeling of working on a project and getting so close & then coming to a brick wall. Basically at this point I'm just looking over the same information, then redoing it again & again in hopes i will catch something that gives me different results, it gets frustrating.

                      Anyway, enough rambling... I hope you can appreciate my dilemma sitting here with a card that I would think should be working, but unfortunately is not.

                      Comment


                      • #12
                        Re: KPC650 ESN Swap

                        i think my problem may be with the swapping of the SYS file, instead of editing the original SYS file on the card, i actually uploaded a backed up one from the phone since they looked to be the same size.. soooo there may have been some extra stuff in the file that is causing the problem with authentication.. i think you may have to edit the original SYS file from the card & reload it for this to work properly.. basically i cut a few corners and that may be the problem i'm having.. unfortunately i didnt save the original card SYS file so I'm pretty much SOL at this point unless there is some other way to restore everything on the card to the original data?

                        Comment


                        • #13
                          Re: KPC650 ESN Swap

                          Originally posted by thehackmeister View Post
                          sorry, i didnt realize people in here were so sensitive.. i promise to work on my forum etiquette.
                          LOL Hackmeister! Been there done that 48 posts ago!

                          https://forum.defcon.org/showthread.php?t=9010

                          Contribute and be wise if not careful in here.

                          Comment

                          Working...
                          X