huawei imei/unlock algorithm
This isn’t really about Tz, but more for my personal reference….
(your_imei)=123456789012347
MD5 (“your_imei5e8dd316726b0335”) = 8f 43 ae 1a 33 19 c6 49 cc 57 40 8b 6a 39 2d 6b
8f xor 33 xor cc xor 6a =1a
43 xor 19 xor 57 xor 39 =34
ae xor c6 xor 40 xor 2d =05
1a xor 49 xor 8b xor 6b =b3
1a3405b3 and 1ffffff or 2000000 = 23405B3
hex2dec (23405B3) = 36963763 -> unlock code
same steps for flash code , only:
MD5 (“your_imei97b7bc6be525ab44”) instead of the other MD5
or in python code that may or may not work,
import hashlib
def getCode(imei, salt):
digest = hashlib.md5((imei+salt).lower()).digest()
code = 0
for i in range(0,4):
code += (ord(digest[i])^ord(digest[4+i])^ord(digest[8+i])^ord(digest[12+i])) << (3-i)*8
code &= 0x1ffffff
code |= 0x2000000
return code
imei = "123456789012347"
print getCode(imei, "5e8dd316726b0335")
print getCode(imei, "97b7bc6be525ab44")
computers make life easier…
interessting, but where do you know that is the right algo?
I did some reverse engineering on software provided by Zain (my service provider) using OllyDbg.
ok, and what do you usint instead of salt or iz it always the same?
The salts are hard coded constants; they change depending on if you want to get the reflash code or the unlock code. Respectively, it would be either 97b7bc6be525ab44 or 5e8dd316726b0335
8f 43 ae 1a 33 19 c6 49 cc 57 40 8b 6a 39 2d 6b is got from executing MD5 hash of IMEI and 5e8dd316726b0335 (is this a constant??)?
yes I believe so.
huawei mobile or modem?¿??
Modem. but only the older models
it doesn`t work with Huawei U8160/Vodafone 858 Smart
I guess the newer versions have different firmware?