Root Evo 4G to Boost Mobile Guide/Evo 3D

[new optimus]

You think its a good idea if I do the Gingerbread Edition? There a dummy guide but should I risk of updating it?

I dont know alot about the evo 4g specifically but I can tell you your nv items, the Ha keys AAA keys the phone number all that stuff is on a separate partition then your rom or recovery so it would surprise the Sh!t out of me if you lost your boost connection.

 

[new optimus]

First let me thank you for the information having this available is a god send.

Second to address the prevail specifically, Samsung has the nv locked down at this time there is no known way to get all the information you will need. As mentioned even after unlocking spc with cdma it still gives access denied and QPST service programing will close with "unknown" error it wont even open.
I suggest getting a $40 incognito.

I would like to add about the prevail I have done some reading over at xda and other places there are a couple people that have claimed to have used the prevail as the donor.
Starting on this page after this there are a few others but so far I have not seen any that give enough information to actually use the prevail.
Htc flash to boost mobile guide [noob] - Page 3 - xda-developers

This is not a guide just help towards getting the things you need ex:nv items, spc, your 16# password "wich is samsungs default... all this information was reasearched from xda and android forums took alittle to information that wasnt there talk to people more experienced and tested to see what info worked what didnt... hopefully this info helps someone able to evo to boost with galaxy prevail as donor.... then maybe they can make a more clear full out guide for people to use... there arnt much guides out there that works 100% or that you dont have to pay for and is password protected lol.... maybe the new version of cdma workshop can read the prevail to write all the necessary codes and numbers to program the phone....

first you want to root your prevail... google works great for this aslo check http://androidforums.com
next step you want to download a android terminal... free on android market!
now go to android terminal and type

su
getprop ril.MSL

your 6# spc then should pop up


now to get nv items go back to your android terminal

su
dd if=/dev/stl5 of=/sdcard/cdma.rfs

then plug ur phone to computer with usb, turn storage space and copy the cdma.rds file off sd to desktop and use the magic iso
to extract to destop open the cdma.rf file you extracted and go to NVM folder then open the NUM folder and copy the
465, 465_1, 466, 466_1, 1192, 1194 files there the ones that you need...

ha and aaa pass are stored in the nv items, you need to use a hex editor to veiw the nv item you want

NV 1192 - SPRINT AAA KEY UNIQUE TO EACH PHONE this is the important one
SPRINT and BOOST HA KEY is always 73 65 63 72 65 74 (hex to ascii = secret)
I am not sure which NV item has the Boost AAA Keys, but doing a profile update gets it loaded on the phone


the 16 digit password for the prevail is samsungs default pass...
01f2030f5f678ff9




aslo found once evo is flashed to boost if ur having mms problems... heres the fix
Dial ##3282#, edit and enter your EVO's spc then scroll
down and on change the MMSC URL to

 

[solbadguy89]

this is what i love to see. people giving back. thats the whole purpose i did this forum. also dont forget to stop SOPA and PIPA . or we wont have forums on this stuff. there gonna try to censor the internet witch means android and xda will go down indefinitely. write to you senators THIS MUST BE STOPED CAUSE WE WONT GET MORE FREE $H*T. Damn the MAN FIGHT THE POWER PEOPLE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

[new optimus]

After more research I found how you can use the prevail as the donor, though the nam profile is going to have to be done mostly manually.
the last post I quoted was the key.

NV Item 465 has your hex meid its in this format
A00000543GFE@hcm.sprintpcs.com
made up numbers incase your curious
item 465_1 has yourname@myboostmobile.sprintpcs.com
item 466 has the profile 0 Ha and the AAA listed in this format
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 06 73 65 63 72 65 74 00 00 00 00 00
00000010 00 01 5R E5 AK H3 8G 45 78 CD HH E3 B8 CJ 5C ED
The first line is the normal sprint and boost Ha the second is your AAA key
that is of course a made up number. its 16 pairs so as long as your seeing 32 digits your good.
now item 466_1 is your profile 1 set it will be identical to the last one ^ except you will only have 6 pairs starting at the 2 at the top

item 1192 is the same as 466 in that it gives you profile 0 AAA Key
1194 again gives you the info of 465 which is your meid@hcm.sprintpcs.com
I am not sure if there is any info in the actual hex.
Now I believe though am not sure if you write the AAA keys and other things copy the nvitems into the evo, all according to the guide you can just go to settings/about phone/status and update profile and your MDN and MIN and other information should get populated.

then plug ur phone to computer with usb, turn storage space and copy the cdma.rds file off sd to desktop and use the magic iso
to extract to destop open the cdma.rf file you extracted and go to NVM folder then open the NUM folder and copy the
465, 465_1, 466, 466_1, 1192, 1194 files there the ones that you need...

ha and aaa pass are stored in the nv items, you need to use a hex editor to veiw the nv item you want

NV 1192 - SPRINT AAA KEY UNIQUE TO EACH PHONE this is the important one
SPRINT and BOOST HA KEY is always 73 65 63 72 65 74 (hex to ascii = secret)
I am not sure which NV item has the Boost AAA Keys, but doing a profile update gets it loaded on the phone


the 16 digit password for the prevail is samsungs default pass...
01f2030f5f678ff9

 

[alden92]

I have a few questions... so once I do this my original (boost) phone will basically be a dummy phone right? also, is it easier to do it from a prevail or a motorola (I think its called a rambler)? I currently have service on my prevail but could change it over to the rambler if it would be easier... I will be taking over my moms evo once she gets a new phone, which probly wont be for atleast a couple weeks, but i was trying to read up on it.... also, once flashed i shouldnt have any issues if I flash a different rom to it should i? or should i do that b4 i flash it to boost?

thanks for any/all help.

 

[new optimus]

I have a few questions... so once I do this my original (boost) phone will basically be a dummy phone right? also, is it easier to do it from a prevail or a motorola (I think its called a rambler)? I currently have service on my prevail but could change it over to the rambler if it would be easier... I will be taking over my moms evo once she gets a new phone, which probly wont be for atleast a couple weeks, but i was trying to read up on it.... also, once flashed i shouldnt have any issues if I flash a different rom to it should i? or should i do that b4 i flash it to boost?

thanks for any/all help.

ok first unless you enjoy slower then dial up speeds do not use the rambler
that is a 1x phone meaning its not capable of 3g speeds and if you use that as a donor the evo will be crippled and only get the 1x speed.

If you absolutely do not have another phone the prevail will work. I think it is just a hell of a lot of extra work to get it going. If you are very unfamiliar with the phone it may be impossible.
The evo may need to be downgraded before you can find the correct places as seen in the guide so to answer that once its done and on the boost network install new roms is not a problem, may have to change the mms address as shown in the guide after flashing new roms though.

oh and ya once your done the donor needs to never be turn on again.

 

[steve die]

I'm stuck on the second video. The part where we open up QXDM to read/write the MEID numbers. I am using the Evo 4G. I can read my MEID easy enough after entering the password but when i go to enter "RequestNVItemWrite meid 0x00AXXXXXXXXXXXXXXX (X's being the rest of my Hex code) i get an error saying the target is invalid. I feel as though I'm missing something...I used the video mainly but when i tried to look in the typed portion of the guide I couldn't figure out where I was. I'm guessing I'm at the point where I have to zero out all the meids?

 

[new optimus]

I'm stuck on the second video. The part where we open up QXDM to read/write the MEID numbers. I am using the Evo 4G. I can read my MEID easy enough after entering the password but when i go to enter "RequestNVItemWrite meid 0x00AXXXXXXXXXXXXXXX (X's being the rest of my Hex code) i get an error saying the target is invalid. I feel as though I'm missing something...I used the video mainly but when i tried to look in the typed portion of the guide I couldn't figure out where I was. I'm guessing I'm at the point where I have to zero out all the meids?

Correct. that is also the most difficult part, and the most time consuming.

First you are going to want to know which baseband you are using. The gude talks about 2 of them but there are more.
The supplemental instructions are just spots that have had known esn and meid #'s found. I found that after looking through all of them I still had a few that I had to scan to find.

Oh and another thing the guide leaves out, You open QXDM and hit F4 to get memory viewer. In memory viewer you copy the number in 0x00fcad5 form it will then take you to the corresponding coordinate and if you see the esn or the meid you will click the first number/letter and hit 0 until the meid is all 00's
They will be back words. so lets say your pesn is 08 99 d5 fc this is made up and probably too short to be real anyway. You will find it like

FC D5 99 80 So you place the mouse on the first one then hit 0 be carefull you dont get over excited and 0 out other things, I did that and was having trouble with things I had to find and fix later.

Then after you verify your all 000's reboot the phone then using QXDM and the nv write from the video will work
I spent(for me ) an extraordinary amount of time just trying to find where to do the things as they did not document that very well.

 

[steve die]

Correct. that is also the most difficult part, and the most time consuming.

First you are going to want to know which baseband you are using. The gude talks about 2 of them but there are more.
The supplemental instructions are just spots that have had known esn and meid #'s found. I found that after looking through all of them I still had a few that I had to scan to find.

Oh and another thing the guide leaves out, You open QXDM and hit F4 to get memory viewer. In memory viewer you copy the number in 0x00fcad5 form it will then take you to the corresponding coordinate and if you see the esn or the meid you will click the first number/letter and hit 0 until the meid is all 00's
They will be back words. so lets say your pesn is 08 99 d5 fc this is made up and probably too short to be real anyway. You will find it like

FC D5 99 80 So you place the mouse on the first one then hit 0 be carefull you dont get over excited and 0 out other things, I did that and was having trouble with things I had to find and fix later.

Then after you verify your all 000's reboot the phone then using QXDM and the nv write from the video will work
I spent(for me ) an extraordinary amount of time just trying to find where to do the things as they did not document that very well.

Thank you Optimus! That is a heck of a lot more info to go on now. I have spent a large amount of time looking for tid-bits of information like that just to get going as well! Cheers for learning though!

I'm using Baseband version2.15.00.0808 by the way. Okay! now It's making more sense since I'm doing it. The text file he attached gives known locations for that baseband version and you copy that into the address box and hit enter, it does a search and fills in the area below with numbers. Once that is done you search that large and confusing array of numbers for your MEID number but it will appear backwards on the corresponding line. So if I find the number and it ends with lets say 9 (it will begin with 9) i select the "9" and hit "0" then presto!

If that is correct I will have to search through every one of these MEID locations and the ESN locations (of course I need to know my MEID/ESN by entering RequestNVItemread MEID/ESN). But since I'm using a different baseband I have to do a memory scan with CDMA workshop, correct? I then use that generated text file to get my memory locations to search.

Once i zero out all the numbers I then proceed to enter "RequestNVItemwrite MEID 0x00A ect" and then it will overwrite all the zeroed out MEIDS/ESN (I'm guessing i do it to both). If it gives me an error still, I must have missed a location or two. If that is all correct then I fully understand, thank you!

One last question. Once I successfully access the Boost network with the EVO 4g will i be able to do a phone number transfer from my current Verizon phone to this phone without having to redo anything? The same also goes for if i wanted to put custom ROMS on this. From what I have read the custom ROMS don't touch this information so it's safe to flash to your hearts content (with backing up of course) but I don't know about the number transfer.

Thank you everyone for the information!

 

[new optimus]

ok your on the right idea, one thing to note, change your base band using the supplied download will make it easier. the base band you have does not have very good documentation as to where the locations are so you would scan the entire thing and do it all manually.

you are also correct about finding the location and 0'ng it however lets say the esn ends in 9 you find the 9 but you also 0 out all the esn following the nine as well.

so for example we will use a 10 digit esn, not likely but for our purpose works.
Also remember the esn in here will be the Hex numbers and the Hex pesn numbers. not the long string of numbers only usually starting with 268 or 270.

so say your hex esn was

A00025B3CB

you would look for

CB B3 25 00 A0
and put the curser on C
hit 0000000000
then move on to the next location

 

[steve die]

ok your on the right idea, one thing to note, change your base band using the supplied download will make it easier. the base band you have does not have very good documentation as to where the locations are so you would scan the entire thing and do it all manually.

you are also correct about finding the location and 0'ng it however lets say the esn ends in 9 you find the 9 but you also 0 out all the esn following the nine as well.

so for example we will use a 10 digit esn, not likely but for our purpose works.
Also remember the esn in here will be the Hex numbers and the Hex pesn numbers. not the long string of numbers only usually starting with 268 or 270.

so say your hex esn was

A00025B3CB

you would look for

CB B3 25 00 A0
and put the curser on C
hit 0000000000
then move on to the next location

Very helpful again! Thank you

I have tried to downgrade the Baseband from 2.15.00.0808 to 2.15.00.11.19. I boot to recovery and select the 2.15.00.11.19 zip file downloaded from another thread, install, and it says installation complete. I select reboot and my display gets messed up and then it just reboots. Same baseband and everything. Been researching this for 90 minutes with no luck. If i can get this done i can finally move on to zeroing out, lol.


Just stumbled upon a thread saying you need Amon Ra to flash Radios.

 

[new optimus]

Very helpful again! Thank you

I have tried to downgrade the Baseband from 2.15.00.0808 to 2.15.00.11.19. I boot to recovery and select the 2.15.00.11.19 zip file downloaded from another thread, install, and it says installation complete. I select reboot and my display gets messed up and then it just reboots. Same baseband and everything. Been researching this for 90 minutes with no luck. If i can get this done i can finally move on to zeroing out, lol.


Just stumbled upon a thread saying you need Amon Ra to flash Radios.

you are using cwm recovery?
I never tried using cwm on the evo. I have used it on other phones I am not sure why it would not work though.

 

[steve die]

you are using cwm recovery?
I never tried using cwm on the evo. I have used it on other phones I am not sure why it would not work though.

Yeah, I am using CWM on the Evo 4G. I am still trying to install Amon Ra. But my Evo doesn't recognize the PC36IMG.zip file located on the root of the SD card. It does it's check and says it doesn't find a image (or what ever it says). Ive even tried renaming "UPDATE" to try and update from the SD card in the recovery program. No luck with that either.

 

[new optimus]

Yeah, I am using CWM on the Evo 4G. I am still trying to install Amon Ra. But my Evo doesn't recognize the PC36IMG.zip file located on the root of the SD card. It does it's check and says it doesn't find a image (or what ever it says). Ive even tried renaming "UPDATE" to try and update from the SD card in the recovery program. No luck with that either.

try this one. it is the 3.11 I found it very good and you can use the soft keys on the phone home is like vol up menu vol down back is back and search is select. as if you hit the power button.

http://localserver.no-ip.biz/Public/PC36IMG-AmonRA-3.11-gnm.zip


just cut it off at the end of the G and boot into hboot

 

[steve die]

try this one. it is the 3.11 I found it very good and you can use the soft keys on the phone home is like vol up menu vol down back is back and search is select. as if you hit the power button.

http://localserver.no-ip.biz/Public/PC36IMG-AmonRA-3.11-gnm.zip


just cut it off at the end of the G and boot into hboot

Didn't work either, lol. Renamed it as i should and put on SD. Booted to Hboot, didn't install. Even tried installing from SD (even though i know it wont work). I really can't figure this out. I am S-off'd and Rooted. It is a factory reset as well, the SD card has nothing on it either.

I may have to research on how to scan the memory and identify where the Meid/esn's are manually instead of having a list of them already. Hurray blahh lol. Did i mention that when i updated the Radio it said it completed successfully but when i rebooted my phone it did that as normal and didn't change when i went to "About Phone"? I did that a few times, it's what led me to the assumption of needing Amon Ra.

Thanks for your help once again. I may disappear for a few days - Life calls lol.

Actually i don't think I am using CWM. I rooted my phone with Revolutionary and since then I've been able to start up Hboot. so I'm using what ever Revoluionary installs.

 

[new optimus]

Didn't work either, lol. Renamed it as i should and put on SD. Booted to Hboot, didn't install. Even tried installing from SD (even though i know it wont work). I really can't figure this out. I am S-off'd and Rooted. It is a factory reset as well, the SD card has nothing on it either.

I may have to research on how to scan the memory and identify where the Meid/esn's are manually instead of having a list of them already. Hurray blahh lol. Did i mention that when i updated the Radio it said it completed successfully but when i rebooted my phone it did that as normal and didn't change when i went to "About Phone"? I did that a few times, it's what led me to the assumption of needing Amon Ra.

Thanks for your help once again. I may disappear for a few days - Life calls lol.

Actually i don't think I am using CWM. I rooted my phone with Revolutionary and since then I've been able to start up Hboot. so I'm using what ever Revoluionary installs.

the file I posted is the recovery that should not mess with the radio's if the radio you tried to flash was too old for your phones hardware it wont work either. I tried to go to the older one that has a script that 00's everything out for you problem was the hardware wouldnt take it.

revolution puts cwm on.

where in the country do you live, if your close to me I would help

 

[steve die]

the file I posted is the recovery that should not mess with the radio's if the radio you tried to flash was too old for your phones hardware it wont work either. I tried to go to the older one that has a script that 00's everything out for you problem was the hardware wouldnt take it.

revolution puts cwm on.

where in the country do you live, if your close to me I would help

Darnit, lol. I live in Connecticut, Eastern side. Thanks for the offer.

Since none of this worked it looks like I'll have to go research Zeroing out using CDMA/QXDM from scratch. It seems like I've ran into every single issue you could while i've been doing this. It's amazing I haven't given up (won't happen, to stubborn )

 

[new optimus]

Darnit, lol. I live in Connecticut, Eastern side. Thanks for the offer.

Since none of this worked it looks like I'll have to go research Zeroing out using CDMA/QXDM from scratch. It seems like I've ran into every single issue you could while i've been doing this. It's amazing I haven't given up (won't happen, to stubborn )

research team viewer it would allow me to help you fairly directly. if you think you want to try that I am willing.

 

[KEastSideL]

okay i got connected and all that but when i go to read the NAM file it wont read it. it leaves it blank i looked for a updated version more then 2.7 but i cant seem to find one. so i was wondering if there is another way i can read and save the nam files other then cdma it seems i can write them prob but not read them so thats my only issue

 

[new optimus]

okay i got connected and all that but when i go to read the NAM file it wont read it. it leaves it blank i looked for a updated version more then 2.7 but i cant seem to find one. so i was wondering if there is another way i can read and save the nam files other then cdma it seems i can write them prob but not read them so thats my only issue

I posted this before, if you want to use your prevail its going to be a long drawn out battle but I think it can be done.
did you get your prevail grandfathered in at the lower rate or did you buy it after they started the $5 android markup?

I would like to add about the prevail I have done some reading over at xda and other places there are a couple people that have claimed to have used the prevail as the donor.
Starting on this page after this there are a few others but so far I have not seen any that give enough information to actually use the prevail.
Htc flash to boost mobile guide [noob] - Page 3 - xda-developers

After more research I found how you can use the prevail as the donor, though the nam profile is going to have to be done mostly manually.
the last post I quoted was the key.

NV Item 465 has your hex meid its in this format
A00000543GFE@hcm.sprintpcs.com
made up numbers incase your curious
item 465_1 has yourname@myboostmobile.sprintpcs.com
item 466 has the profile 0 Ha and the AAA listed in this format
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 06 73 65 63 72 65 74 00 00 00 00 00
00000010 00 01 5R E5 AK H3 8G 45 78 CD HH E3 B8 CJ 5C ED
The first line is the normal sprint and boost Ha the second is your AAA key
that is of course a made up number. its 16 pairs so as long as your seeing 32 digits your good.
now item 466_1 is your profile 1 set it will be identical to the last one ^ except you will only have 6 pairs starting at the 2 at the top

item 1192 is the same as 466 in that it gives you profile 0 AAA Key
1194 again gives you the info of 465 which is your meid@hcm.sprintpcs.com
I am not sure if there is any info in the actual hex.
Now I believe though am not sure if you write the AAA keys and other things copy the nvitems into the evo, all according to the guide you can just go to settings/about phone/status and update profile and your MDN and MIN and other information should get populated.

Oh and I was just about to point you to this guide in the other thread about activating the evo on boost lol

ok looks like that quote did not get added here it is

then plug ur phone to computer with usb, turn storage space and copy the cdma.rds file off sd to desktop and use the magic iso
to extract to destop open the cdma.rf file you extracted and go to NVM folder then open the NUM folder and copy the
465, 465_1, 466, 466_1, 1192, 1194 files there the ones that you need...

ha and aaa pass are stored in the nv items, you need to use a hex editor to veiw the nv item you want

NV 1192 - SPRINT AAA KEY UNIQUE TO EACH PHONE this is the important one
SPRINT and BOOST HA KEY is always 73 65 63 72 65 74 (hex to ascii = secret)
I am not sure which NV item has the Boost AAA Keys, but doing a profile update gets it loaded on the phone


the 16 digit password for the prevail is samsungs default pass...
01f2030f5f678ff9

 

[KEastSideL]

well i got it like 2 weeks after it first came out brand new i reg it with samsung and everything the first phone i got that was ever that new. anyways im sick of it its glitchy wont read all the songs and its laggy hella laggy anyways so i figred creating the nam file 1 and 2 is holding me back right now i used cdma 3.something and i got this info

min 401-274-0570
imsi mcc 310
imsi mnc 00
sid 00000
nid 65535
primary ch a 333 primary ch b 777

secondary ch b 283 secondary ch b 475
sci 2

now theres more stuff i have to fill in im not sure what to put here is the list

dr_number (assuming its the area code and cell number)
name (assuming its the name of the file so when i make the first i call it nam1 and the 2nd ill call it nam2)

the SID and NID go on a few strings of 5 digits so do i repeat the same 5 or just fill in the first one?

the SCM says it on 2.7 cdma it is 0x2a so ill put that im assuming

access overload class i dont even know what that is

and current nam ill put 1 for the first and 2 for the 2nd correct?

imsi is my HEX a00 number on the back of my phone correct?

what do i put for the banner?

now there is 3 drop down box

PRL: assuming i enable that? lol

system: not sure what to pick? a? b? home? standart?

otapa? i dont even know what that is....

i dont know what 2.7 isint reading it but if i can manually just put the numbers and then save the files itll work the same way and then its onto the hex program for me

anyone that can help me out thank you i really need to get this done asap

 

[new optimus]

well i got it like 2 weeks after it first came out brand new i reg it with samsung and everything the first phone i got that was ever that new. anyways im sick of it its glitchy wont read all the songs and its laggy hella laggy anyways so i figred creating the nam file 1 and 2 is holding me back right now i used cdma 3.something and i got this info

min 401-274-0570
imsi mcc 310
imsi mnc 00
sid 00000
nid 65535
primary ch a 333 primary ch b 777

secondary ch b 283 secondary ch b 475
sci 2

now theres more stuff i have to fill in im not sure what to put here is the list

dr_number (assuming its the area code and cell number)
name (assuming its the name of the file so when i make the first i call it nam1 and the 2nd ill call it nam2)

the SID and NID go on a few strings of 5 digits so do i repeat the same 5 or just fill in the first one?

the SCM says it on 2.7 cdma it is 0x2a so ill put that im assuming

access overload class i dont even know what that is

and current nam ill put 1 for the first and 2 for the 2nd correct?

imsi is my HEX a00 number on the back of my phone correct?

what do i put for the banner?

now there is 3 drop down box

PRL: assuming i enable that? lol

system: not sure what to pick? a? b? home? standart?

otapa? i dont even know what that is....

i dont know what 2.7 isint reading it but if i can manually just put the numbers and then save the files itll work the same way and then its onto the hex program for me

anyone that can help me out thank you i really need to get this done asap

ok to take this one at a time. most of what you are asking about wont be needed. the imisi is NOT your meid

you have google talk? I can try to help you through this I have a prevail but I decided NOT to use it because I was able to get a $40 incognito. which was way way easier. though I was able to pull all the information off my prevail.
I suspect I could have it working.

 

[KEastSideL]

uhm no never used google talk. i used the skype thing once i basically just use the facebook IM i used to use aim but thats just dead sadly i suppose i could get a google talk account. i have a built in mic on the laptop with no camera

 

[KEastSideL]

im on here now i got everything i need i got like an hour tho till 11 or like 10 mins before that i gotta walk down the st for a bit

 

[steve die]

research team viewer it would allow me to help you fairly directly. if you think you want to try that I am willing.

I just got home from work, checked out Team Viewer. If your willing to do that, I have no issue with that. Extremely thankful for the help! I can't do it tonight. i don't think I'll have time on the weekend because of work. After 8pm is the only time i would have, if that works for you i'll see what i can do (as in, ask my girlfriend). Thanks again!