Greetings to all!
Later my phone was locked to a Japan carrier NTT Docomo, but it was officially unlocked in the Docomo shop at Japan. As I saw in the Internet, this could be done by an sim unlocking code. In the phone I've found special application which is intended to show sim lock status and to unlock it with a code.
Name of this application is SimlockUnlockApp.apk. I've decompile this app and start to find a way how this unlocking code is calculated from IMEI.
In SIMLockUtils.java there are three interesting functions:
This functions call other function from com.qualcomm.qcrilhook.QcRilHook class:
Numbers 589834, 589829, 589830 referencing to this declarations:
sendQcRilHookMsg have a two variants:
and now we go to sendRilOemHookMsg:
And then I can not understand how sendOemRilRequestRaw work.
I could provide a full decompiled sources of SimlockUnlockApp.apk, qcrilhook.jar, qcsemcserviceif.jar, semcrilextension.jar, telephony-common.jar, framework2.jar
I'am not a Java programmer and don't know Android internals in deep, so any help would be very appreciated!
Question is Sony specific, so place it in this section.
Later my phone was locked to a Japan carrier NTT Docomo, but it was officially unlocked in the Docomo shop at Japan. As I saw in the Internet, this could be done by an sim unlocking code. In the phone I've found special application which is intended to show sim lock status and to unlock it with a code.
Name of this application is SimlockUnlockApp.apk. I've decompile this app and start to find a way how this unlocking code is calculated from IMEI.
In SIMLockUtils.java there are three interesting functions:
Code:
public static byte[] disableSimLock(QcRilHook paramQcRilHook, byte[] paramArrayOfByte)
public static void updateLockStatus(int[] paramArrayOfInt, int paramInt, QcRilHook paramQcRilHook)
public static void updateRemainingAttempts(int[] paramArrayOfInt, int paramInt, QcRilHook paramQcRilHook)Code:
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589834, paramArrayOfByte);
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589829, 0);
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589830, 0);Code:
public static final int QCRIL_EVT_SEMC_DISABLE_SIMLOCK = 589834;
public static final int QCRIL_EVT_SEMC_PERSO_INDICATOR = 589829;
public static final int QCRIL_EVT_SEMC_DCK_NUM_RETRIES = 589830;Code:
public abstract AsyncResult sendQcRilHookMsg(int paramInt1, int paramInt2);
public AsyncResult sendQcRilHookMsg(int paramInt1, int paramInt2)
{
byte[] arrayOfByte = new byte[this.mHeaderSize + 4];
ByteBuffer localByteBuffer = createBufferWithNativeByteOrder(arrayOfByte);
addQcRilHookHeader(localByteBuffer, paramInt1, 4);
localByteBuffer.putInt(paramInt2);
return sendRilOemHookMsg(paramInt1, arrayOfByte);
}
public abstract AsyncResult sendQcRilHookMsg(int paramInt, byte[] paramArrayOfByte);
public AsyncResult sendQcRilHookMsg(int paramInt, byte[] paramArrayOfByte)
{
byte[] arrayOfByte = new byte[this.mHeaderSize + paramArrayOfByte.length];
ByteBuffer localByteBuffer = createBufferWithNativeByteOrder(arrayOfByte);
addQcRilHookHeader(localByteBuffer, paramInt, paramArrayOfByte.length);
localByteBuffer.put(paramArrayOfByte);
return sendRilOemHookMsg(paramInt, arrayOfByte);
}Code:
private AsyncResult sendRilOemHookMsg(int paramInt, byte[] paramArrayOfByte)
{
return sendRilOemHookMsg(paramInt, paramArrayOfByte, 0);
}
private AsyncResult sendRilOemHookMsg(int paramInt1, byte[] paramArrayOfByte, int paramInt2)
{
byte[] arrayOfByte = new byte['а*Ђ'];
Log.v("QC_RIL_OEM_HOOK", "sendRilOemHookMsg: Outgoing Data is " + IccUtils.bytesToHexString(paramArrayOfByte));
if (mSemcPhoneInterfaceManager == null)
{
Log.e("QC_RIL_OEM_HOOK", "SemcPhoneInterfaceManager object is not instantiated!");
Log.e("QC_RIL_OEM_HOOK", "Use QcRilHook(Context, IQcSemcServiceConnected)");
}
for (paramInt1 = -1; paramInt1 >= 0; paramInt1 = mSemcPhoneInterfaceManager.sendOemRilRequestRaw(paramArrayOfByte, arrayOfByte))
{
paramArrayOfByte = null;
if (paramInt1 > 0)
{
paramArrayOfByte = new byte[paramInt1];
System.arraycopy(arrayOfByte, 0, paramArrayOfByte, 0, paramInt1);
}
return new AsyncResult(Integer.valueOf(paramInt1), paramArrayOfByte, null);
}
return new AsyncResult(paramArrayOfByte, null, CommandException.fromRilErrno(paramInt1 * -1));
}I could provide a full decompiled sources of SimlockUnlockApp.apk, qcrilhook.jar, qcsemcserviceif.jar, semcrilextension.jar, telephony-common.jar, framework2.jar
I'am not a Java programmer and don't know Android internals in deep, so any help would be very appreciated!
Question is Sony specific, so place it in this section.
No comments:
Post a Comment