├── .gitignore ├── README.md ├── algorithms.md ├── huawei-calc.cpp └── huawei-calc.py /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *~ 3 | 4 | huawei-calc 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #Huawei unlock codes calculators 2 | 3 | ##Supported devices 4 | - E1550 5 | - E171 6 | 7 | ##Possibly supported (not tested) 8 | - other E-based Huawei modems 9 | 10 | ##How to check IMEI 11 | 12 | minicom -D /dev/ttyUSB0 13 | ATZ 14 | ATI 15 | 16 | ##How to check cardlock status 17 | 18 | minicom -D /dev/ttyUSB0 19 | ATZ 20 | AT^CARDLOCK? 21 | 22 | ####Return codes: 23 | 24 | #####Locked: 25 | 26 | ^CARDLOCK: 1,10,0 27 | 28 | #####Unlocked: 29 | 30 | ^CARDLOCK: 2,10,0 31 | 32 | ##How to unlock modem 33 | 34 | minicom -D /dev/ttyUSB0 35 | ATZ 36 | AT^CARDLOCK="UNLOCK_CODE" 37 | 38 | ##Links 39 | 40 | [Huawei E1550 3G modem (arch wiki)](https://wiki.archlinux.org/index.php/Huawei_E1550_3G_modem) 41 | 42 | [Huawei modem unlock code calculator (cpp) (rus)](https://github.com/forth32/huaweicalc) 43 | 44 | [Huawei modem unlock calculator (python)](https://c0debreaker.com/tag/command-line/) 45 | 46 | [Unlocking a Huawei 3G Modem, use it on multiple networks (python code)](https://zenu.wordpress.com/2011/05/19/unlocking-3g-modems-and-using-them-on-other-networks/) 47 | 48 | [Разлочка Huawei модемов (rus)](http://blog.angel2s2.ru/2010/07/huawei.html) 49 | 50 | [Online huawei modem unlock code calculator](http://a-zgsm.com/freecode/huawei/submit/) 51 | 52 | [Linux + Huawei E1550 (AT commands) (rus)](http://galaober.org.ua/node/73) 53 | 54 | [Send SMS from a Raspberry Pi](http://mattiasnorell.com/send-sms-from-a-raspberry-pi/) 55 | 56 | [Receive SMS on a Raspberry Pi](http://mattiasnorell.com/receive-sms-on-a-raspberry-pi/) 57 | -------------------------------------------------------------------------------- /algorithms.md: -------------------------------------------------------------------------------- 1 | ##1 2 | 3 | #!/usr/bin/env python 4 | 5 | import hashlib 6 | import humod 7 | UNLOCK_SALT = "5e8dd316726b0335" 8 | 9 | def show_code(imei, salt): 10 | digest = hashlib.md5((imei+salt).lower()).digest() 11 | code = 0 12 | for i in range(0,4): 13 | code += (ord(digest[i])^ord(digest[4+i])^ord(digest[8+i])^ord(digest[12+i])) << (3-i)*8 14 | code &= 0x1ffffff 15 | code |= 0x2000000 16 | return code 17 | 18 | mod = humod.Modem() 19 | imei = mod.show_imei() 20 | status = humod.at_commands.Command(mod,'AT^CARDLOCK="'+str(show_code(imei,UNLOCK_SALT))+'"\r') 21 | 22 | ##2 23 | 24 | #!/usr/bin/env python 25 | 26 | import hashlib 27 | UNLOCK_SALT = "5e8dd316726b0335" 28 | 29 | def show_codes(imei, salt): 30 | digest = hashlib.md5((imei+salt).lower()).digest() 31 | code = 0 32 | for i in range(0,4): 33 | code += (ord(digest[i])^ord(digest[4+i])^ord(digest[8+i])^ord(digest[12+i])) << (3-i)*8 34 | code &= 0x1ffffff 35 | code |= 0x2000000 36 | return code 37 | 38 | # PLEASE TYPE YOUR IMEI BELOW 39 | imei = ' ' 40 | if(imei == ' '): 41 | print 'Please open this script from your editor and enter your IMEI' 42 | else: 43 | print "Your Modem unlock code: %s" % show_codes(imei,UNLOCK_SALT); 44 | 45 | ##3 46 | 47 | cat /dev/ttyUSB0 & 48 | echo -e “ATI\r” > /dev/ttyUSB0 49 | echo -e 'AT^CARDLOCK="XXXXXXXX"\r' > /dev/ttyUSB0 50 | -------------------------------------------------------------------------------- /huawei-calc.cpp: -------------------------------------------------------------------------------- 1 | // Huawei unlock codes calculator 2 | // based on https://github.com/forth32/huaweicalc 3 | // compile: g++ huawei-calc.cpp -L/usr/lib -lssl -lcrypto -o huawei-calc 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | void encrypt_v1(char* imei, char* resbuf, char* hstr) { 11 | unsigned char xbytes[17]; 12 | char ybytes[100]; 13 | char hash[100]; 14 | unsigned int rh[30]; 15 | unsigned char res[4]; 16 | int i; 17 | 18 | memset(xbytes,0,17); 19 | MD5((unsigned char*)hstr, strlen(hstr), xbytes); 20 | 21 | for(i = 0; i < 16; i++) 22 | sprintf(ybytes + (i * 2), "%02x", xbytes[i] & 0xff); 23 | 24 | strcpy(hash, imei); 25 | strncat(hash, ybytes + 8, 16); 26 | hash[31] = 0; 27 | MD5((unsigned char*)hash, 31, xbytes); 28 | 29 | for (i = 0; i < 16; i++) 30 | rh[i] = xbytes[i] & 0xff; 31 | 32 | for(i = 0; i < 4; i++) 33 | res[3-i] = rh[i] ^ rh[i+4] ^ rh[i+8] ^ rh[i+12]; 34 | 35 | i=*((unsigned int*)&res); 36 | i |= 0x2000000; 37 | i &= 0x3FFFFFF; 38 | 39 | sprintf(resbuf, "%i", i); 40 | } 41 | 42 | int main(int argc, char* argv[]) { 43 | char codebuf[40]; 44 | char imeibuf[16]; 45 | 46 | if (argc != 2) { 47 | printf("usage: %s \n", basename(argv[0])); 48 | return EXIT_FAILURE; 49 | } 50 | 51 | if (strlen(argv[1]) != 15) { 52 | printf("error: IMEI should contain 15 digits\n"); 53 | return EXIT_FAILURE; 54 | } 55 | 56 | strncpy(imeibuf, argv[1], 15); 57 | 58 | printf(" IMEI = %s\n", imeibuf); 59 | 60 | encrypt_v1(imeibuf, codebuf, "hwe620datacard"); 61 | printf(" Unlock code = %s\n", codebuf); 62 | 63 | encrypt_v1(imeibuf, codebuf, "e630upgrade"); 64 | printf(" Flash code = %s\n", codebuf); 65 | 66 | return EXIT_SUCCESS; 67 | } 68 | -------------------------------------------------------------------------------- /huawei-calc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2.1 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 16 | # 59 Temple Place, Suite 330, 17 | # Boston, MA 02111-1307 USA 18 | # 19 | # Copyright 2010 Gunslinger_ 20 | # http://bit.ly/c0debreaker 21 | 22 | import hashlib, string 23 | 24 | __author__ = "Gunslinger_ " 25 | __date__ = "Tue, 14 Jun 2011 23:22:42 +0700" 26 | __version__ = "1.0" 27 | __copyright__ = "Copyright (c) 2010 Gunslinger_" 28 | 29 | class huawei_modem_unlocker(object): 30 | """ 31 | Instance variables: 32 | 33 | Imei 34 | Imei of the modem will be calculated 35 | Default : '0' 36 | 37 | Verbose 38 | Display how algorithm working 39 | Default : False 40 | 41 | """ 42 | def __init__(self, imei='0', verbose=False): 43 | ''' Huawei modem unlocker class constructor ''' 44 | self._imei = imei 45 | self._verbose = verbose 46 | self._md5u = hashlib.md5(str(imei)+str('5e8dd316726b0335')).hexdigest() 47 | self._md5f = hashlib.md5(str(imei)+str('97b7bc6be525ab44')).hexdigest() 48 | self._unlock_code = '' 49 | self._flash_code = '' 50 | # verbose formating 51 | self._width = 21 52 | self._w = 10 53 | self._header_format = '%-*s%*s' 54 | self._format = ' %d | %-*s | %*s ' 55 | 56 | def xor_digits(self, source, counter): 57 | ''' Get a value and xoring it during looping iteration ''' 58 | digits = int('0x0'+source[0+counter:2+counter],16) ^ \ 59 | int('0x0'+source[8+counter:8+2+counter],16) ^ \ 60 | int('0x0'+source[16+counter:16+2+counter],16) ^ \ 61 | int('0x0'+source[24+counter:24+2+counter],16) 62 | return digits 63 | 64 | def calc(self): 65 | ''' Process calculate with the algorithm (read source code) ''' 66 | cnt = 0 67 | cnt2 = 1 68 | if self._verbose: 69 | print "="*(self._width+13) 70 | print " Iter."+"|"+ " Unlock byte "+"|"+" Flash byte " 71 | print "-"*(self._width+13) 72 | while cnt < 8: 73 | digits_unlock = self.xor_digits(self._md5u, cnt) 74 | digits_flash = self.xor_digits(self._md5f, cnt) 75 | unlock_byte = string.zfill(hex(digits_unlock)[2:],2) 76 | flash_byte = string.zfill(hex(digits_flash)[2:],2) 77 | self._unlock_code = str(self._unlock_code)+str(unlock_byte) 78 | self._flash_code = str(self._flash_code)+str(flash_byte) 79 | if self._verbose: print self._format % (int(cnt2), self._width - self._w, self._unlock_code , self._w, self._flash_code) 80 | cnt +=2 81 | cnt2 +=1 82 | if self._verbose: 83 | print "="*(self._width+13) 84 | print "\nUNLOCK CODE = %d & %d | %d = %d" % (int('0x0'+self._unlock_code,16), 33554431, 33554432, eval("int('0x0'+self._unlock_code,16) & 33554431 | 33554432")) 85 | print "FLASH CODE = %d & %d | %d = %d\n" % (int('0x0'+self._flash_code,16), 33554431, 33554432, eval("int('0x0'+self._flash_code,16) & 33554431 | 33554432")) 86 | self._unlock_code = int('0x0'+self._unlock_code,16) & 33554431 | 33554432 87 | self._flash_code = int('0x0'+self._flash_code,16) & 33554431 | 33554432 88 | return (self._unlock_code, self._flash_code) 89 | 90 | def run(self): 91 | ''' Fire it up ! ''' 92 | self.calc() 93 | return (self._unlock_code, self._flash_code) 94 | 95 | if __name__ == '__main__': 96 | print "\nHuawei modem unlock code calculator v.%s by %s \n" % (__version__, __author__) 97 | inpimei = raw_input("Please input modem IMEI : ") 98 | cracker = huawei_modem_unlocker(inpimei) 99 | a, b = cracker.run() 100 | print "\n-> IMEI = %s" % (inpimei) 101 | print "-> UNLOCK CODE = %s" % (a) 102 | print "-> FLASH CODE = %s" % (b) 103 | --------------------------------------------------------------------------------