What AT commands are involved in unlocking an MR6400 for which the SIM Lock status is "Locked (PH-SP PIN)"?
So far, I've deduced that "sierrakeygen.py -c xxxx -d SDX55" can be used to respond to the challenge generated by AT!OPENCND?
//Query "PP" Service Provider Personalization Correspond to SPCK code
AT+CLCK="PP",2
Returns:
+CLCK: 1
So, I guess that maybe the solution is to send:
AT+CLCK="PP",0,<passwd>
Is that right?
AT commands for SIM Unlock for NETGEAR MR6400
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: AT commands for SIM Unlock for NETGEAR MR6400
Most of these devices can enter a network unlock code from the devices UI (admin panel)
I have not had this m6 device yet so I cannot verify it yet but if you cant do it there you can most likely do it or at least manipulate it thru the backend with the devices pre-installed services, I am not for sure of which one handles the network lock on these sierra devices as I have unlocked thru the raw filesystem for m1 and m5 but I think it is prob handled by QCMAP_CLI
You can call it up and query it and it will tell you what it is responsible for handling.
If it is not what handles the network restricting just look around in there you will find it, here is an example for you from another device, not sierra, but will be similar.
You can see that it is set in qmi so qmi commands only will work
in this case, the "set_sprint_sim_lock" can change the unlock code to whatever you make it, when you query it
you can simply enter "unlock" or a code if it is the current code it will send it if it is not it will change it.
LOL, they did not plan on us finding this haha. ( it changes back upon hard reset to the algo of the mac & imei)
so use it when u change it.
Anyway I would think in sierra devices such as that M6 it would also be in the root, perhaps in /bin but it may be in a propriatary folder also such as mnt\userrw\ntgnv if you look aroound in there you will find it
I have not had this m6 device yet so I cannot verify it yet but if you cant do it there you can most likely do it or at least manipulate it thru the backend with the devices pre-installed services, I am not for sure of which one handles the network lock on these sierra devices as I have unlocked thru the raw filesystem for m1 and m5 but I think it is prob handled by QCMAP_CLI
You can call it up and query it and it will tell you what it is responsible for handling.
If it is not what handles the network restricting just look around in there you will find it, here is an example for you from another device, not sierra, but will be similar.
You can see that it is set in qmi so qmi commands only will work
in this case, the "set_sprint_sim_lock" can change the unlock code to whatever you make it, when you query it
you can simply enter "unlock" or a code if it is the current code it will send it if it is not it will change it.
LOL, they did not plan on us finding this haha. ( it changes back upon hard reset to the algo of the mac & imei)
so use it when u change it.
Anyway I would think in sierra devices such as that M6 it would also be in the root, perhaps in /bin but it may be in a propriatary folder also such as mnt\userrw\ntgnv if you look aroound in there you will find it
You do not have the required permissions to view the files attached to this post.
Re: AT commands for SIM Unlock for NETGEAR MR6400
Thanks Rich. I'm definitely not finding any file named "nwcli". There are about 160 files containing "qcmap" though.
Where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
Maybe that's a valid solution for the M6 too. I've now got a telnet root console.
Where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
Maybe that's a valid solution for the M6 too. I've now got a telnet root console.
Re: AT commands for SIM Unlock for NETGEAR MR6400
In the M6 QCMAP_CLI is a menu driven text interface. I can't figure out how to exit - except to just close the telnet session. I don't see any options to unlock, or reveal unlock codes. Rich, where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
- Rich Hathaway
- Posts: 622
- Joined: Mon Mar 08, 2021 2:41 pm
- Has thanked: 12 times
- Been thanked: 214 times
Re: AT commands for SIM Unlock for NETGEAR MR6400
You won't find any "nwcli" in there because it is proprietary and will be named something else beside novatel wireless command line interface since it is not a novatel/inseego device, it is a sierra device so may be more like swcli or something.p.elsie wrote: Thu Jul 21, 2022 8:39 am Thanks Rich. I'm definitely not finding any file named "nwcli". There are about 160 files containing "qcmap" though.
Where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
You wont find any breakdown of how I unlock them as I have never posted any breakdown of it.
Re: AT commands for SIM Unlock for NETGEAR MR6400
Maybe I've got the solution:
1) remove the SIM card, and reboot
2) send these commands:
AT!OPENLOCK?
AT!OPENLOCK="<response-to-challenge>"
AT!OPENMEP?
AT!OPENMEP="<response-to-challenge>"
AT!NVMEPRST
AT!GRESET
1) remove the SIM card, and reboot
2) send these commands:
AT!OPENLOCK?
AT!OPENLOCK="<response-to-challenge>"
AT!OPENMEP?
AT!OPENMEP="<response-to-challenge>"
AT!NVMEPRST
AT!GRESET