search

bkerler / SierraWirelessGen

Sierra Wireless OpenMEP Generator
77 stars 29 forks source link

What exact MC7455 firmware version can be unlocked #2

Closed amore-amore closed 4 years ago

amore-amore commented 6 years ago

using the calc?

amore-amore commented 6 years ago

I've tested all the available firmware for MC7455 to unlock but with no luck.

swi9x30c_02.08.02.00.cwe swi9x30c_02.08.02.00_generic_002.007_000.nvu swi9x30c_02.14.03.00.cwe swi9x30c_02.14.03.00_generic_002.012_000.nvu swi9x30c_02.18.02.00.cwe swi9x30c_02.18.02.00_generic_002.015_000.nvu swi9x30c_02.20.03.00.cwe swi9x30c_02.20.03.00_generic_002.017_000.nvu swi9x30c_02.23.00.00.cwe swi9x30c_02.23.00.00_generic_002.018_000.nvu

Could you write an exact FW version where it works?

bkerler commented 6 years ago

The reverse engineered firmware was SWI9X30C_02.24.05.06.cwe

panachoi commented 6 years ago

The reverse engineered firmware was SWI9X30C_02.24.05.06.cwe

Does this work for EM series (M.2) ? I have a lenovo-branded EM7455 running this exact firmware, and cannot get it to unlock.

schoerg commented 6 years ago

Try it. Shouldn't matter if it's m.2 or PCIe. The device is USB anyway.

panachoi commented 6 years ago

Tried just about every combination available, and could not get it to unlock with any of the algos.

bkerler commented 6 years ago

The main issue is that most of these devices have encrypted firmware that cannot be decrypted without known AES keys. Thus reversing is only possible if the firmware is unencrypted.

gsmantenna commented 5 years ago

I downgrade the firmware to SWI9X30C_02.24.05.06, and try from V2-V5 openlock code, none work, what am I missing?

bkerler commented 5 years ago

I had a look at the newer firmwares and they use a different scheme. Can you please send me an example output of "AT!OPENLOCK?" and "AT!OPENMEP?" ?

bkerler commented 5 years ago

Also please state which modem vendor and maybe provider (if you live in the US) you use (like dell, provider at&t)

schoerg commented 5 years ago 
AT!OPENLOCK?
1B7A923CCC5AE55E

AT!OPENLOCK?
0621C5308B38F615

AT!OPENMEP?
E04D3018BF64AB5A

AT!OPENMEP?
805355F8C308F35F

Device:

Manufacturer: Sierra Wireless, Incorporated
Model: EM7455
Revision: SWI9X30C_02.20.03.00 r6691 CARMD-EV-FRMWR2 2016/06/30 10:54:05
bkerler commented 5 years ago

Thx a lot.

gsmantenna commented 5 years ago

Model: EM7455B Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09 MEID: 354480080xxxxx IMEI: 3544800800xxxxx IMEI SV: 12 FSN: LF637643460210 +GCAP: +CGSM

OK AT!OPENLOCK? 4E3DDE95D157D4DB

OK AT!OPENLOCK? 8A30B8401EA00320

OK AT!OPENMEP? F480C6769B7A00F3

OK

AT!OPENMEP? BE9F0A5AF544CF50 dell em7455 un-branded.

bkerler commented 4 years ago

Solved by commit 6cade1d