Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Note: This is a completely hypothetical question that I'm curious about to strictly understand how modems/routers work:
If someone were to change the IMEI number of their Nighthawk MR1100 to an smartphone IMEI and put a cellphone plan SIM card in the nighthawk, would the carrier count the data as hotspot data usage or phone data usage? My understanding is that even if you have a smartphone IMEI, the carrier would still count the data as hotspot usage unless you changed the TTL value (which I've heard you can't do on a Nighthawk)... is this correct?
If someone were to change the IMEI number of their Nighthawk MR1100 to an smartphone IMEI and put a cellphone plan SIM card in the nighthawk, would the carrier count the data as hotspot data usage or phone data usage? My understanding is that even if you have a smartphone IMEI, the carrier would still count the data as hotspot usage unless you changed the TTL value (which I've heard you can't do on a Nighthawk)... is this correct?
-
- Posts: 558
- Joined: Wed Sep 23, 2020 8:52 am
- Location: Texas
- Has thanked: 94 times
- Been thanked: 118 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
To get up and running would pay $50 for 100Gig of data
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
To get up and running would pay $50 for 100Gig of data
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
I need a plan that will work in Mexico, so I may start with the Cricket 100gb plan and then switch to ATT (unless I missed something and ATT prepaid works in Mexico)
-
- Posts: 558
- Joined: Wed Sep 23, 2020 8:52 am
- Location: Texas
- Has thanked: 94 times
- Been thanked: 118 times
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
It depends on how the carrier tracks hotspot usage on their phones. You have to mimic the way they count the data as on device versus hotspot.
Not simple to figure out. Over my pay grade.
Not simple to figure out. Over my pay grade.
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
To do that on the M1 takes a bit of work, personally I use a kernel patch as it is permanent, that device has
a watchdog file and a factory backup file that will revert ttl rules upon every reboot so what works for other devices will not/does not work for the M1.
M1 can be used on any carrier.Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
AT&T does and can see time-to-live all carriers do/can, they just don't have it written into the switch to deny service when data jumps like Verizon and its mvno's do, instead they simply flag the account and wait for a rep to take a look, then they can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
-
- Posts: 13
- Joined: Sat Sep 25, 2021 9:06 pm
- Has thanked: 10 times
- Been thanked: 1 time
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
I use this modem with t-mobile on a data only tablet plan. I may be flying under the radar, but I assumed they didn't care since I don't have unlimited data.Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
-
- Posts: 249
- Joined: Sun Jul 05, 2020 2:29 pm
- Has thanked: 239 times
- Been thanked: 30 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
I really respect that approach. Maybe you and I are one of the few left with that nice $35 ipad plan because our approach is identical.Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
Have you tried out the $20 postpaid plan yet? Link to discussion:
https://wirelessjoint.com/viewtopic.php?f=32&t=2955
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
I put a-lot of those on Verizon's 20$ add a line plan for postpaid they work well and some on the connected car plans, you can use terrbytes of data with no issues but only a few on ATT 20$ for clients, I personally do not have any sims with that plan.LoveMeSomeCALTE wrote: Tue Oct 05, 2021 10:48 am I really respect that approach. Maybe you and I are one of the few left with that nice $35 ipad plan because our approach is identical.
Have you tried out the $20 postpaid plan yet? Link to discussion:
https://wirelessjoint.com/viewtopic.php?f=32&t=2955
But I have alot of devices leased out on the 35 ipad plan still.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Will you provide some direction on how to set fid and ttl on the MR1100 please? I have searched a lot and have not come across anything other than this thread with mentions that it is apparently possible.Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
Thank you
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
FID is factory ID it is an nv item in qualcomm devices,it resides here 60001 (0xEA61) also at 60111 (0xEACF)
Vendor ID is different from it
Vendor ID is different from it
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Thanks for the quick response! Hypothetically, what should Factory ID be for AT&T? I have heard of setting IMEI and TTL but not FID. I have been able to "repair" the IMEI via AT Commands though that does not last through a factory reset, but I am fine with that.Rich Hathaway wrote: Thu Oct 07, 2021 9:54 am FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
This post makes getting root on a MR1100 look doable, even for me.
I would like to get TLL set correctly though and perhaps FID if that also helps?
How much do you charge to create a kernel patch? Is it specific to each individual MR1100 or is it generic or at least generic per different MR1100 model?
Thanks again.
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
You can see what the factory ID looks like in the screenshot below in my 7730 tool
Yours will be similar but unique to your device.
You can also see the vendor ID which is just a 4 digit number stating the vendor and the devices mode.
@ omtbus
FID should be zero'd this is how the factory leaves them until the last part of production, after all test's have been passed the factory loads the compact electronic filesystem containing the IMEI, MEID,ESN, FID, start factory counters, etc. So seeing one that is still zero'd will look like one of the thousands of test devices they send out to testers before release that have no factory ID assigned.
No selling of services here in the open forum
https://wirelessjoint.com/viewtopic.php?f=38&t=2696
Yours will be similar but unique to your device.
You can also see the vendor ID which is just a 4 digit number stating the vendor and the devices mode.
@ omtbus
FID should be zero'd this is how the factory leaves them until the last part of production, after all test's have been passed the factory loads the compact electronic filesystem containing the IMEI, MEID,ESN, FID, start factory counters, etc. So seeing one that is still zero'd will look like one of the thousands of test devices they send out to testers before release that have no factory ID assigned.
No selling of services here in the open forum
https://wirelessjoint.com/viewtopic.php?f=38&t=2696
You do not have the required permissions to view the files attached to this post.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
@Rich Hathaway
Thank you for the screenshot and information.
Something I am still not understanding is that if AT&T is expecting the device to be an iPad, not some other device, does having a FID zero'd like a factory MR1100 actually help or am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
Thank you for the screenshot and information.
Something I am still not understanding is that if AT&T is expecting the device to be an iPad, not some other device, does having a FID zero'd like a factory MR1100 actually help or am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Yes I think you are, there are all models on the network with FID zeroed out, yes even ipads.omtbus wrote: Fri Oct 08, 2021 10:02 am @Rich Hathaway
am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
Yes of course they are visible, most of those are sent with every data packet request to the carrier
-
- Posts: 249
- Joined: Sun Jul 05, 2020 2:29 pm
- Has thanked: 239 times
- Been thanked: 30 times