Results 1 to 14 of 14
  1.    #1  
    Apologies for the long post.

    Now the excitement about the unlock patch is over, I thought it would be the right time to kick off a new thread to find the actual unlock code. For those that don't realize the value of the code itself: it will surely remain valid after future firmware upgrades, and since we can safely assume that HS will make it much harder to patch the new firmware versions, having the unlock code itself will be a much easier solution.

    Here's what I have found so far. Note that if you aren't familiar with palm coding and assembly then most of this will go straight over your head. Note as well that I'm only using official information and tools provided by P1 so I don't see how there could be anything illegal about this.

    What I used:

    * serial cable (no, a USB cable won't help you with this)
    * from the Treo developers resources on the P1 site: Palm Debugger and the Palm Debugger Tutorial, and the public header files

    What I achieved:

    * some of you may remember my posts about the PhnLibGetOperatorLock API. This API uses the GetOperatorLock systrap that is listed in PhoneTraps.h. It turns out that right above this systrap there's also a SetOperatorLock systrap. After a bit of googling, I could calculate the number of this systrap. It's 823. I'm using this value a little further down in the post.

    * first thing I tried was to reconstruct the a PhnLibSetOperatorLock. I haven't been able to work out the right correct parameters. If we could work out those parameters, we might be able to create a brute force attack program.

    * then I decided to go the nasty & diry route and dig into the assembly. One thing that is really nice about the Palm Debugger is the 'il' command: it disassembles the code around any address that you give it. The other thing that is nice is that you can set breakpoints on systraps, saving you a lot of time in finding the part of the code that is of interest to you.

    * here are the steps to find the unlock assembly code

    1. make sure the wireless mode is on, hook up the serial cable, and Shift-Hotsynch to go in debug mode
    2. on your PC, shut down HotSynch manager, launch the Palm Debugger, and configure it to connect to the device
    3. Hit F12 to break, then enter ATB 823 to set a breakpoint on the SetOperatorLock breakpoint, then hit F5 to go again.
    4. On the Treo, enter an unlock code (*#*#<8 digits>#)
    5. Back on your PC, the Debugger has stopped right at the systrap. Now you can F11 to step into and F11 to step over the code.

    You can find a copy of three debug sessions in this zip

    In session 1, I go all the way through the code using F11 and F12. It looks to me like at some point it's testing whether the Treo is using the serial port (ha, how smart of HS!) and because of the Serial Port Timeout it will not go to the ReadyToUnlock subroutine (see session 4).

    In session 2, I've simply listed the values of the registers right after the systrap.

    In session 4, I've done extensive 'il' commands to find most of the relevant subroutines.

    Enjoy and please post if you can take this to the next level.
  2. #2  
    Although I can provide little in the way of help, this thread should stay up to help maintain awareness of this issue. The current solution is only temporary. (Or permanent, if you never feel like upgrading again). I sincerely hope Mol and the rest of the people responsible for finding the original unlock can pull through in finding the unlock code.

    Oh and
    It looks to me like at some point it's testing whether the Treo is using the serial port (ha, how smart of HS!)
    Damn HS *shakes fist in air*
  3. #3  
    Begining to think MOL = man of leisure (LOL)
    Can't help mister, but this time, if you get the goat, you should reward yourself with a day out in Edinburgh... lunch is on me!
    Awaiting exchange unit from HS UK. Why?
    Oh the embarassment of it! I tried to remove the orange screen print from casing... used a product designed to remove medical adhesive... and watched the casing blister and split...
    80 for an exchange. Hopefully not another Orange unit... fingers crossed for an unlocked beastie. Sent it back with 2.09 upgrade and no orange stuff in unit. They were not interested in the IMEI either... just wanted my cash.
    Bit of a tangent, good luck with the quest!
  4. #4  
    Well, great that you found out all these things!

    From my point of view though you can unlock your own device as often as you want but should not post it here.

    I think it is fine, that the operators sponsor handspring to sell the treo cheaper (I think they should sell it for half the price and have 10 times more people buying it..). By providing the crack you steal money from the operators.

    I would like to buy a Treo at a cheaper price but I don`t want to unlock it myself. I respect the operators price model.

    Do what you want and everybody else decide for yourself what you want to support (hackers / the operator who's service you use daily).

    Regards, Hugo

    BTW: No matter what tools you use, unlocking the phone when it is locked and especially posting it here cannot be legal!
  5. #5  
    Originally posted by hugo
    BTW: No matter what tools you use, unlocking the phone when it is locked and especially posting it here cannot be legal!
    Response number 1: do not tell me you used the patch to unlock the phone. If you didn't, admire you. If you did, hummm, interesting...

    Response number 2: sorry sir, I just do not understand why unlocking a phone is illegal.

    Hacking a software is illegal because it will then be used without paying the software developer loyalty fees; compromising a computer is illegual because you are accessing and potentially use other people's data/information/resource without permission.

    But what is the logic behind claiming unlocking illegal? Am I paying monthly service charges to my carrier? Yes. Did I pay for the handset? Yes. So what is wrong?
  6. #6  
    Moved my stuff to 'unlock debate' out of respect to MOL, please do not fill this thread with PISH about morals and Legality issues!

    It is in the General discussion room where it belongs!
    Last edited by scudder; 01/29/2004 at 02:56 PM.
  7.    #7  
    Could we please try to stay on topic? This is supposed to be a technical thread.

    Feel free to start another one on the moral/legal/ethical aspects of unlocking.

    Thx.
  8. #8  
    :-)
    Last edited by scudder; 01/30/2004 at 02:23 AM.
  9. #9  
    Moved to general chat unlock debate by scudder
    Last edited by treo6.5; 01/29/2004 at 03:09 PM.
  10. #10  
    Great stuff Treo 6.5. but lets take it elsewhere... this is not hardware stuff, join me in general.. Mol is right
  11. #11  
    Thanks again Mol for opening a threat like this. Like I said before I am not technical enough here to help, however willing to try everything on my treo's.

    And about legal or not: in The Netherlands unlocking your phone in ANY way is legal and if necessary I would be honoured to post any supposed to be but not legal solution on my website, if not too big even permanently.

    My treo's are in the hands of Mol and his friends, legal or not, allowed by HS or not, supported by AT&T/Orange and other **** or not. Like many others, bought on eBay, they are mine.
  12. #12  
    MOL you are the man.

    i dig your **** baaadly; i don't understand much of it, but i'm willing to learn, and you provide tools to improve my knowledge and spark my intelligence over the threshold of shyness.


    bring it on bud, i have much much more to learn from you.
    you give me motivation and excitement over new frontiers of expertise.

    love,
    k

  13.    #13  
    bump

    Am I the only one that is still willing to look into this? There must be somebody out there that knows how to get around the serial cable check, no? If you're comfortable posting it then please PM me.
  14. #14  
    > ...But what is the logic behind claiming unlocking illegal? Am I
    > paying monthly service charges to my carrier? Yes. Did I pay for
    > the handset? Yes. So what is wrong?

    What is wrong is that the USA Congress passed a law that makes it illegal to reverse engineer copyprotection.

    Isn't that a-MAZING?

    And doesn't it seem just ... wrong?

    Check out the Digital Millennium Copyright Act.

    And, if a USAer, vote next election time.

Posting Permissions