Which Handsets From Reliance Are Meid Based ?

[Mufaddal 678]

as i have come to know that some very low end phones from virgin are mied based , does anyone have anyideas which handsets from reliance are meid based

i know that htc touch diamond been sold on reliance network has meid ( and may be the upcoming bb 9630 will be meid ), but are there any other phones with meid which are low end

anyone ???

[me_saket 73]

what is mied?

[dkaile 1,051]

^

lol -

http://en.wikipedia.org/wiki/MEID

[kshah 452]

Interesting article on MEID on howard forum

ESN vs. pESN/MEID Explained (or, Never The Twain Shall Meet in Their Firmware) The whole issue of ESN vs. pESN/MEID firmware made me curious, especially with the problems VZW Moto owners have had trying to flash one type of phone with firmware designed and compiled for the other type of phone. The result has been 99+% certain to brick the phone, recovery from which is, at best, very difficult.

Recommendation:

The Firmware Tracker should be revised to positively and very clearly track whether a particular firmware revision is for an ESN or MEID phone! The confusion between the two has (from what I've read on this forum) bricked a good number of phones.

I read in a (much too) brief summary that MEID came about to solve the problem of running out of unique ESN to assign to new CDMA and TDMA phones. The MEID was supposed to be implemented with CDMA2000, but ESN is being exhausted sooner than anticipated (or sooner than CDMA2000 can completely replace CDMA with EVDO). GSM phones currently use a decimal IMEI number, but GSM came later, realized the ESN problem, and started with a longer number. Found more details about ESN and MEID today. That summary is the crux of it. There's more though, and it explains clearly why firmware for ESN phones should never be used on pESN/MEID phones, and vice versa. The firmware for them are not interchangeable!

The FCC requires that phones have a unique, embedded, permanently hard-wired ID number in each phone. In other words, a number that cannot be changed by reprogramming or flashing. The industry, phone makers and cellular service carriers support this requirement too. This unique number identifies a specific phone globally, independent of carrier or manufacturer (although part of the number can ID who made the phone).

• For AMPS, CDMA and TDMA phones, this globally unique number is its ESN.
• For pESN/MEID CDMA and TDMA phones, it's the MEID (not the pESN).
• For GSM phones, it's the decimal IMEI

An ESN is 8 hexadecimal digits long and dates back to AMPS. The first part of an ESN is a manufacturer identifier. This simplifies global management of ESN by assigning blocks of numbers to phone makers (e.g. Motorola, Samsung), and the manufacturer controls the assigning rest of the number to a phone within their blocks of numbers. Same concept as the globally unique MAC hard-wired and embedded on all network controllers (aka MAC address).
The problem with the 8-digit (in hexadecimal) ESN came along much sooner than originally anticipated with the explosion of cell phone use globally, and how quickly cell phones are replaced (much to the glee of the companies that make them). Cell phones, especially carriers' cheaper ones, along with most pre-paid are considered throw-aways. Once assigned, an ESN cannot be re-used -- ever -- on any phone made by anyone, anywhere -- even if the ESN is known to have been on a phone that was permanently destroyed.
This means (in decimal) that theoretically ~4.295 Billion AMPS/CDMA/TDMA phones could be made with globally unique ESNs. Several blocks have been reserved, and lack of good record keeping early on has prevented using some other blocks. That reduces the number that can actually be used, and they're projected to run out soon. If that happened without a replacement for the ESN, phone manufacturers would not be able to make any new AMPS, CDMA or TDMA phones. Zero, nada, zip, null, none . . . and that would be a cataclysm of epic proportion for the entire cellular industry (at least the AMPS, CDMA and TDMA portion). GSM came along after AMPS implemented the ESN, and it already has the longer number capability.
This exhaustion of ESN was foreseen some time ago within the TIA which assigns ESN blocks and the GSM ***'n which handles IMEI numbers. The new system will unify ESN with IMEI and allow for "global" phones with both CDMA (or TDMA) and GSM inside them. It uses a 14-digit hexadecimal number allocated as follows for CDMA/TDMA and GSM phones:

• GSM: Decimal numbers that, when translated into their 14-digit hexadecimal equivalent are 0x98FFFFFFFFFFFF or lower
• CDMA/TDMA: 14-digit hexadecimal numbers 0xA0000000000000 or higher
• Global with both CDMA (or TDMA) and GSM: Decimal numbers that, when translated into their 14-digit hexadecimal equivalent, begin with 0x99.

Should be no surprise that the MEID found in newer VZW phones (instead of an ESN) are 14-digit hex numbers, and they all begin with 0xA0.

If the new system for CDMA/TDMA phones replaces the ESN with a longer MEID, what's the pESN for?

pESN is short for pseudo-ESN. It's an 8-digit hexadecimal number that can be calculated using the MEID. The reason for the pESN is portions of CDMA and TDMA networks, especially VZW still need a number of ESN length in their "back end" systems that handle things like SMS. Those portions of the network haven't been converted yet. In the interim they must use a pESN instead as they cannot handle the larger MEID. There's a looming problem with the pESN though. It's only a stop-gap until everything in VZW's system can handle the longer MEID, and remain compatible with legacy handsets using the shorter ESN.

While the manner in which a pESN is calculated was designed to reduce the probability of two different MEID having the same pESN occurring, it doesn't guarantee it won't happen. The first two hex digits of a pESN are 0x80 which uniquely identifies it immediately as a pESN, not an ESN. The trailing six hex digits are calculated by performing an SHA-1 hash of the entire MEID (in hexadecimal). The leading 0x80 is appended with the trailing six hex digits of the MEID SHA-1 hash. VZW doesn't need the pESN from a phone, only the MEID, and from that the pESN can be calculated (computers can do it extremely quickly).

Because multiple different MEID can generate the same pESN, if enough MEID handsets are activated before network use of the pESN is dropped completely, duplicate pESN will start showing up. Duplicate ESN (or pESN) on a network is called an ESN collision. It wreaks huge havoc on how data is routed to that ESN, and with service provision to the devices with the duplicate ESN.

Currently, the probability is very near zero as only a very few MEID phones on VZW, but the probability rises rapidly as more pESN/MEID phones are activated on their network. Some studies have been performed about the risks to predict the threshold at which they become unacceptable, but the study methods are still being debated. The threshold number of MEID phones is much lower than most think before the risk of duplicate pESN rises quite dramatically. Pick 23 people at random and there's a 50% (or greater) probability at least two of them have the same birthday. Add another 34 people at random to the initial 23 (total of 57) and the probability of duplicate birthdays rises to over 99%. Statisticians and mathematicians call this the "Birthday Paradox" and the problem of duplicate pESN appearing has strong statistical similarities. This is also why an MEID phone cannot be used on an ESN-only network by registering its pESN in lieu of a true ESN -- and it's no doubt Sprint, Alltel, etc. have their system set up to block registration of any ESN beginning with 0x80.

The firmware inside an MEID phone:

• Can handle the longer MEID
• Can generate the phone's pESN "on the fly" from its MEID

ESN phone firmware cannot do this. Little wonder to me that cross-flashing ESN firmware into an MEID phone and cross-flashing MEID firmware into an ESN phone bricks them. The length of an ESN is not the same as an MEID. Undoubtedly the firmware barfs when that's encountered as the phone attempts to boot.

The problem of exhausting the ESN is both manufacturer and network. They both must begin using MEID. It appears that VZW has either hit the wall first, or has decided to get out in front of the problem. The other TDMA and CDMA networks must begin using MEID very soon or they won't be able to offer new handsets to anyone. Be patient. The MEID wasn't something VZW decided to do apart from the rest of the CDMA networks. All CDMA and TDMA network providers will convert to MEID, and it won't much longer before they do -- or die. VZW is apparently the first one to begin the MEID conversion. MEID firmware will eventually show up for Sprint, Alltel, USCC, etc. (even VIVO must convert to MEID).

[Mufaddal 678]

^^^

i already know this thats the reason i m asking for any meid based phone of low price

the main reason y we cant do anything abt meid handsets is coz of firmware been meid based

bb storm , palm pre and all recent models cant be cracked coz of this problem only

the reason we have solution for diamond and pro is coz of esn based radio otherwise even that wudnt have been posible

the only handset is htc diamond available from reliance which has meid , though it uses pesn for reliance network but its meid and thats whats imp

the ramifications of this can be uber cool for handsets like pre and storm

[Genius 817]

^^^

i already know this thats the reason i m asking for any meid based phone of low price

Vkewl http://www.virginmobile.in/phone_Vkewl.php is MEID phone

[Mufaddal 678]

^^^

thanks but i know abt this virgin handset thats y i said in my first post

i want a meid based phone in reliance which i doubt reliance has

anyways no problem , i figured out another way to this problem !!!

ab bas palm pre lena hai

[Sadikk 301]

Motorola models and some RUIM are MEID based.. though Indian operators are not compatible with MEID so they use pESN...

Its not the radio... I have cracked BB 8330m without the radio patch...

all u got to understand is how to confuse the phone so radio can be alive even after MEID disable or zeroed in.. and good to go..

hope this helps...

[Mufaddal 678]

^^^

u might have been lucky with 8330m

but at present there is no way u can fool palm pre or may be storm on been esn based

in palm pre i have seen a lot of pros idisbaling meid and going to esn but modem going offline ...all had to revert back to original meid .( not a signle person has succeded and all of them are professionals and not noobs )

even the chinese guy who made the solution for disabling meid cant get his own phone to online mode

in some cases the pre was damaged beyond restoration

there is no 100% esn soln for newer meid phones from palm or bb

there are very high chances of bricking and its not worth the endeavour

all u cud do safely is just solve meid /pesn and not ESN

i figured out something and i shall implement that .

Edited August 8, 2009 by mufaddal_km

[Sadikk 301]

I even made storm to latch on reliance network with ESN .. but once MIN updated it goes radio off mode.. i was almost there with storm..

not getting enough time now a days ya... might work more better if we work as a team

let me know..

[Mufaddal 678]

thats y i m saying there still no sure shot way ...

might work more better if we work as a team

we are a team , arent we

[kshah 452]

How about working on pESN to MEID convertor? And generate MEID equal to ESN ?

[Mufaddal 678]

@ kshah

there is no alogrithm for converting pesn to meid

what u thought , i also thought the same thing

but at present there isnt any way to calculate meid from pesn

the alogrithm made by qualcomm is only for phones to generate pesn out of meid and that is what we use

qualcomm didnt make alogrithm for pesn to meid , simply coz it was never needed

pesn was needed for esn networks

thats y i was asking abtsome low budget meid based handset .

hope u got my point

[amtrag 20]

Recently bought the newly launched Samsung Guru Muzic (SCH-B919.

It shows a MEID number in Phone details.

[Mufaddal 678]

@amtrag

bro can u try putting a meid ruim in samsung muzic and see if it shows meid from ruim

or can u put ur ruim which came with samsung muzic in ur nokia handset and see the pesn ( and lemme know)

that way we can check if samsung muzic actually is showing ur meid

( if meid on handset matches pesn u read from ruim )

i guess i will have a look at samsung muzic

thanks for heads up anurag

if it can give me meid then my quest is over

soon will have pre and storm for reliance

Edited August 9, 2009 by mufaddal_km

[Sadikk 301]

pESN to MEID is not possible... MEID generates pESNs randomly.. as far as y research goes there is no reverse algo as of yet..

instead we can try fetching MEID from RUIMs of reliance... which had pESNs and easily readable.... pESN and MEID is written on TATA RUIMs already though...

[Mufaddal 678]

^^^

meid doesnt generate pesn randomly

the first two digits of all pesn is same 80

for next 6 digits ( 3 bytes ) well organised alogrithm exists which has complex series of base so as to avoid having same pesn for more than one meid for atleast as much as possible , though they will run out of that as well in few yrs , but most netwroks in usa now are meid based ,so that problem wudnt arise for them in usa

[Sadikk 301]

well if MEIDs are unique everytime how can 3 bytes will run out???

and if MEIDs calculates pESNs why cant best hackers didnt got its algorithm yet??

the answers is pESNs are temporary till all CDMA upgrades to MEIDs based base stations.. once done ESN and pESNs will be history and will never be used..

MEID is same solution as IMEI of GSM... in future if u change PRL to operator B and latch MEID belongs to operator A can be deducted as fraud/lost handsets same as IMEI...

so on this basis they are taking OMH(Open Market Handsets) in cdma..

hope it clears a lil doubts..

[Sadikk 301]

How about working on pESN to MEID convertor? And generate MEID equal to ESN ?

it will be heaven for me.. if possible... i was shocked seeing screen provided by u...

being so much involved i never even thought of this possibility...

Please see what can be done...

[Mufaddal 678]

^^^

bro u didnt read my post proeprly

a

nd if MEIDs calculates pESNs why cant best hackers didnt got its algorithm yet??

yes meid calculates pesn and thats the reason y hackers have understood the alogrithm and u have meid to pesn converter

from where u think they got meid to pesn converter ??

the phone has alogrithms to automatically calculate pesn based on ur meid , thats y when u write meid the phone writes pesn to its correspoding location , not to mention that the radio also checks on the meid and pesn and any conflict switches it off to offline mode

qualcomm never made any alogrithm for pesn to meid coz it was never needed , as any meid based phones need to generate pesn for esn based network

thats y even reknown hackers havent understood and cant make an alogrith for pesn to meid

well if MEIDs are unique everytime how can 3 bytes will run out???

well u misuenderstood

meid isnt 3bytes meid is 7 bytes ( 14 nibbles)

pesn /esn are 4bytes ( 8 nibbles)

but pesn first byte is always 80 and remaining 3 bytes are different

yes meid is unique , each meid is 7bytes

it has nothing to do with total number of possible meids

[Mufaddal 678]

How about working on pESN to MEID convertor? And generate MEID equal to ESN ?

it will be heaven for me.. if possible... i was shocked seeing screen provided by u...

being so much involved i never even thought of this possibility...

Please see what can be done

@

kshah , sadik and others

the ESN and meid /pesn system are different

u cannot have an alogrithm to calculate meid from an ESN

MEID is paired with PESN

all pesn start with 80

that means u need to have meid autenticated connection ,u cant use ur existing esns and get meid out of it

dont forget that meid phones calculates its pesn on its own ,so even if u have a calculator how will u make the phone calculate pesn as ur own esn ( its never posible)

the only way around this problem is to have a meid authenticated connection ie u know the meid of the ruim or of the phone in use

( which is the reason y i opened this thread)

Edited August 9, 2009 by mufaddal_km

[Sadikk 301]

well doc lots of confusions here..

lets meet sometime and discuss it..

I have reasons to believe Kshahs theory can work.. as i did similar thing to storm and its radio was alive but hard resets give it its original meid and pesn back... and hard work vanished..

what we miss mainly is checksum.. checksums stored in memory are real culprits in restoring original parameter back to it..

have some leads on it... thats how i manage to make MEID based phones to ESN based without touching its radios...

will details discuss with u sometime..

doc u shocked me with touch pro stuff... Thanks anyway for it though..

i think its time to move it to TE??

let me know..

[Mufaddal 678]

@ sadik

no confusions bro ....i m well versed with it , did a lot of research and trials on it

let it be in open

i dont think we shud move it to TE as we arent discussing any methods of meid /pesn change

its a discussion on how to read meid

and i guess many non TE members can help

my understanding of checksums says something else

anyways will figure it out

btw i fixed the touch pro , its working fine now !!!

Edited August 9, 2009 by mufaddal_km

[me_saket 73]

my tata photon usb modem huwai 1260 is also meid based