Page 1 of 2

Nighthawk M5 MR5100

Posted: Fri Aug 06, 2021 10:30 am
by speakerhead
Just wanted to give a quick share on my upgrade from the Nighthawk M1 to the Nighthawk M5 MR5100 since I haven't heard many people talking about it.

I live in a rural area and was pulling around 50-60mbs and only about 5-10mbs upload, which was good enough but I was looking for more. 3 weeks ago I stepped up to the M5. I don t have any 5g signal where I am and wasn't expecting a big upgrade but I got a good price so I gave it a shot. Wow am I glad I did. I'm now getting a consistent 130-140 download and 30-45 upload. I still float between bands 2 and 12 like I did before but it's been a huge upgrade that I frankly wasn't expecting.

There's some on ebay for only $270 without the battery and imo it's worth every penny. Just wanted to let people know my experience in case anyone's looking to try something new.

Cheers

Re: Nighthawk M5 MR5100

Posted: Fri Aug 06, 2021 11:10 am
by Dr-BroadBand
1. What carrier ....ie data plan are you using ?
2. What are you using for an antenna setup?

Fyi My wife's iPhone 12, on TM 5G, getting ~300 to 400MBs but she complains that she gets dropped calls.
To I say who talks on a phone. :lol:

TM band n41

I know a phone is a $1,000 modem not fair to compare

Re: Nighthawk M5 MR5100

Posted: Mon Aug 09, 2021 9:15 am
by speakerhead
I'm using AT&T unlimited phone plan. I use tmobile myself for me and my families phones but I live in a very rural area and only get 10-15 with them. The next town over though I'm getting 300 on my phone and it's amazing!

As far as antennas I'm just using the internals. I have a few yagis and other antennas lying around but haven't tried them on this yet but I plan on trying them out and seeing how they do. I'll post results if anyone is interested.

Also yesterday they pushed out a firmware update on it and I'm now getting 150-170 with a slight upload bump. For the price point I certainly think it's a worthy upgrade over the M1, especially if I ever get a 5g singal.

Re: Nighthawk M5 MR5100

Posted: Mon Aug 09, 2021 10:09 am
by Dr-BroadBand
speakerhead wrote: Mon Aug 09, 2021 9:15 am I'm using AT&T unlimited phone plan. I use tmobile myself for me and my families phones but I live in a very rural area and only get 10-15 with them. The next town over though I'm getting 300 on my phone and it's amazing!
Thanks for sharing :)

Yes it's all about Location...Location... Location ;)

Re: Nighthawk M5 MR5100

Posted: Tue Aug 10, 2021 2:11 pm
by ironman_gq
Are you able to change the TTL settings to hide hotspot useage?

Re: Nighthawk M5 MR5100

Posted: Tue Aug 10, 2021 2:27 pm
by Dr-BroadBand
ironman_gq wrote: Tue Aug 10, 2021 2:11 pm Are you able to change the TTL settings to hide hotspot useage?
The TTL trick will not work with AT&T :ugeek:

To answer your questions, no using the GUI for the modem there is no way to change TTL or Band Lock
I have seen it done with the command line but have to do every time you reboot the modem.

Trust but verify what I am saying this is based on a M1

Re: Nighthawk M5 MR5100

Posted: Tue Aug 10, 2021 3:54 pm
by pewone
Dr-BroadBand wrote: Tue Aug 10, 2021 2:27 pm The TTL trick will not work with AT&T :ugeek:

To answer your questions, no using the GUI for the modem there is no way to change TTL or Band Lock
I have seen it done with the command line but have to do every time you reboot the modem.

Trust but verify what I am saying this is based on a M1
You can band lock on the M5 and it persists through reboots. You just can't change the lock directly from the website anymore. It still appears as a drop down menu in the netgear phone app though.

Code: Select all

for example 

with LTE B14 + N2 + N5 + N260 (mmwave)
AT!BAND=04,"LTEB145G",0,2000,0,12,2,0,0,8

with LTE B14 + N2 + N5
AT!BAND=04,"LTEB145G",0,2000,0,12,2
works fine



Re: Nighthawk M5 MR5100

Posted: Tue Aug 10, 2021 4:11 pm
by Dr-BroadBand
pewone wrote: Tue Aug 10, 2021 3:54 pm You can band lock on the M5 and it persists through reboots. You just can't change the lock directly from the website anymore. It still appears as a drop down menu in the netgear phone app though.

You can't seem to include N260 in the bandlock but the rest of it works

Code: Select all

for example if you wanted b14+5g only for whatever reason

AT!BAND=04,"LTEB145G",0,2000,2,812,2,8

gives an error because it includes n260

AT!BAND=04,"LTEB145G",0,2000,2,812,2
works fine


Thanks

Re: Nighthawk M5 MR5100

Posted: Wed Aug 11, 2021 7:23 am
by Rich Hathaway
Dr-BroadBand wrote: Tue Aug 10, 2021 2:27 pm To answer your questions, no using the GUI for the modem there is no way to change TTL or Band Lock
I have seen it done with the command line but have to do every time you reboot the modem.
It is possible to hard code TTL and band lock on M1 and M5 so it sticks not only thru reboot but sticks thru hard reset, same with IMEI repair for both of them so no need to hide either of those behind another router anymore.

Re: Nighthawk M5 MR5100

Posted: Wed Aug 11, 2021 7:26 am
by Dr-BroadBand
Can you share this information ??

Re: Nighthawk M5 MR5100

Posted: Wed Aug 11, 2021 9:48 am
by Rich Hathaway
This not something that can be done at a userland level it requires some knowledge of baseband level modification. These type of edits on difficult devices and os's is how I make my living so forgive me for keeping it close for a while I will post my tool publicly after this device is older, I will do one free for you if you need it, but it is a service I normally sell, I have it automated now and it can now be done remotely, this tool is several thousand lines of code and was alot of work so I wont be giving the work away just yet. I was just correcting this thread in the fact that it can be done, hit me up and ill do one for you, it works pretty well on verizon prepaid's $60 plan or the postpaid add a line plan for $20 I have also put them on the connected car plan for $20 it is a pretty fast device, it also can be locked to work on 5g unlimited, I do need someone in a ultra wideband area to test it for me, in regular 5g area here it gets around 600mbps down or a little less, upload is alot slower I am still working on that

Re: Nighthawk M5 MR5100

Posted: Sun Aug 15, 2021 5:34 am
by jcrm2
I need the coding for band 2 and n260. Verizon loves to default me on band 66.

Re: Nighthawk M5 MR5100

Posted: Sun Aug 15, 2021 9:10 am
by Rich Hathaway
0000000000000008 - NR5G N260
0000000000000002 - LTE B2
you can get them by query the modem for them

Re: Nighthawk M5 MR5100

Posted: Sun Aug 15, 2021 8:26 pm
by jcrm2
if I want to just add band 2 and 5G for Verizon proposes, is it....
AT!BAND=04,"LTEB25G",0,2,2,812,2

OR

AT!BAND=05,"LTEB2NR5G",0,2,2,10

I took what was posted prior on here for band 14+5G (AT!BAND=04,"LTEB145G",0,2000,2,812,2) and replaced it with band 2+5G

I got the OK on putty but now when I go to the app to choose the new band I just made in the drop down list and restart modem, when I go to the web Diagnostics section, it still shows I'm on band 66.

How do I set it to the band I made earlier?

Update:

I made a slot for just band 2 (AT!BAND=06,"LTEB2",0,2) and I was able to choose that in the drop down and it changed but for the 2 above that has 5G added, it still shows band 66.

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 11:03 am
by pewone
jcrm2 wrote: Sun Aug 15, 2021 8:26 pm if I want to just add band 2 and 5G for Verizon proposes, is it....
AT!BAND=04,"LTEB25G",0,2,2,812,2
OR
AT!BAND=05,"LTEB2NR5G",0,2,2,10
I took what was posted prior on here for band 14+5G (AT!BAND=04,"LTEB145G",0,2000,2,812,2) and replaced it with band 2+5G
Sorry I accidentally included B66 in that example (edited the post)

B2 + 5G (including N260 mmwave "5G+") it would be:
AT!BAND=04,"LTEB25G",0,2,0,12,2,0,0,8

B2 + 5G without N260:
AT!BAND=04,"LTEB25G",0,2,0,12,2

Those include 5GN66 change the 2 after the 12 to 0 if you don't want any 66 what so ever

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 12:07 pm
by speakerhead
I agree with the other users, I'm not able to change the ttl of the M5 internally. Instead I use a Asus router running Merlin to do it for me. I've had it going for over a month without issue. Even added an aimesh node and the coverage has been excellent.

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 12:11 pm
by speakerhead
Another peice of info people might find useful is it seems to run pretty hot. I run it straight off usb with no battery and have an old cpu heatsink/fan which keeps it running at around 44° c in the middle of summer under full loads. Before that it was getting extremely hot.

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 3:14 pm
by jcrm2
pewone wrote: Mon Aug 16, 2021 11:03 am Sorry I accidentally included B66 in that example (edited the post)

B2 + 5G (including N260 mmwave "5G+") it would be:
AT!BAND=04,"LTEB25G",0,2,0,12,2,0,0,8

B2 + 5G without N260:
AT!BAND=04,"LTEB25G",0,2,0,12,2

Those include 5GN66 change the 2 after the 12 to 0 if you don't want any 66 what so ever
OK, I added it but now I'm not getting 5G with neither. Just band 2

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 3:30 pm
by pewone
jcrm2 wrote: Mon Aug 16, 2021 3:14 pm OK, I added it but now I'm not getting 5G with neither. Just band 2
Do you get 5G when you don't lock? If not you're not gonna magically acquire it by locking.

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 3:43 pm
by jcrm2
pewone wrote: Mon Aug 16, 2021 3:30 pm Do you get 5G when you don't lock? If not you're not gonna magically acquire it by locking.
Yeah pretty much. Wow this is unfortunate

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 3:48 pm
by pewone
jcrm2 wrote: Mon Aug 16, 2021 3:43 pm Yeah pretty much. Wow this is unfortunate
What does AT!GSTATUS? show while on 5G

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 5:34 pm
by jcrm2
pewone wrote: Mon Aug 16, 2021 3:48 pm What does AT!GSTATUS? show while on 5G
I can't get into AT!GSTATUS?. it shows "unsupported at command" but when I put AT!BAND=? usually when I'm connected to 5G I'm connected to this,

03, LTE and NR5G, 0000000000000000 0000A0003000285F 0000000000000002 00000000 00000010 0000000000000000 0000000000000008

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 6:00 pm
by pewone
jcrm2 wrote: Mon Aug 16, 2021 5:34 pm I can't get into AT!GSTATUS?. it shows "unsupported at command" but when I put AT!BAND=? usually when I'm connected to 5G I'm connected to this,

03, LTE and NR5G, 0000000000000000 0000A0003000285F 0000000000000002 00000000 00000010 0000000000000000 0000000000000008
That just shows what bands its allowing, Your excluding N2 and N66 for some reason. That isn't the default at least not on the latest firmware.

Interesting, it's case sensitive now I guess do it in lower case: at!gstatus?

Code: Select all

AT!GSTATUS?
at!GSTATUS?

Unsupported at command
at!gstatus?
at!gstatus?

Current Time: 54731             Mode: Online
System Mode: LTE B66            PS State: 5GSUB6
EMM state: Registered
RRC state: Idle

PCC:
LTE band:               LTE B66
LTE bw:                 10 MHz

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 8:23 pm
by jcrm2
pewone wrote: Mon Aug 16, 2021 6:00 pm That just shows what bands its allowing, Your excluding N2 and N66 for some reason. That isn't the default at least not on the latest firmware.

Interesting, it's case sensitive now I guess do it in lower case: at!gstatus?

Code: Select all

AT!GSTATUS?
at!GSTATUS?

Unsupported at command
at!gstatus?
at!gstatus?

Current Time: 54731             Mode: Online
System Mode: LTE B66            PS State: 5GSUB6
EMM state: Registered
RRC state: Idle

PCC:
LTE band:               LTE B66
LTE bw:                 10 MHz
It shows this,

Current Time: 323 Mode: Online
System Mode: LTE B66 PS State: 5GSUB6
EMM state: Registered
RRC state: Connected

PCC:
LTE band: LTE B66
LTE bw: 20 MHz
LTE Rx chan: 0
RSSI (dBm): -49.5
RSRP (dBm): -86.4
RSRQ (dBm): -10.5
Tx Power (dBm): 0
LTE Cell ID: 16764428
Physical Cell ID: 231
TAC: 16641

SCC1:
LTE band: LTE B2
LTE bw: 20 MHz
LTE Rx chan: 1100
Physical Cell ID: 231

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 9:14 pm
by pewone
if you kept N66 on in your tests then it probably needs B66 as the anchor band
if you turned off N66 in your test then your 5G is likely only N66
other than that beats me

Re: Nighthawk M5 MR5100

Posted: Mon Aug 16, 2021 9:40 pm
by jcrm2
pewone wrote: Mon Aug 16, 2021 9:14 pm if you kept N66 on in your tests then it probably needs B66 as the anchor band
if you turned off N66 in your test then your 5G is likely only N66
other than that beats me
ok what will band2+ band66 +5G (including N260 mmwave "5G+") look like?

Like the one you provided earlier for,
B2 + 5G (including N260 mmwave "5G+") it would be:
AT!BAND=04,"LTEB25G",0,2,0,12,2,0,0,8

Re: Nighthawk M5 MR5100

Posted: Tue Aug 17, 2021 9:17 pm
by Earl_the_Pearl
Rich Hathaway wrote: Wed Aug 11, 2021 7:23 am It is possible to hard code TTL and band lock on M1 and M5 so it sticks not only thru reboot but sticks thru hard reset, same with IMEI repair for both of them so no need to hide either of those behind another router anymore.
After the "repair' does a factory reset still clear all the passwords and other data from the phone and return the settings to out of the box new? There is a hack that locks the TTL and "repair" but it also locks in the information entered through the GUI.

I've been looking a long time for this information. Lower case "at !gstatus?" works. The M5 is not as locked down as many think.

I entered the AT commands to make the bands lockable on my M5 and got OK but no drop down menu on the M5100 web page. I see I must get a cell phone to see this menu. My black rotary phone in the hall can't get anything from the app store. :cry:

Re: Nighthawk M5 MR5100

Posted: Wed Aug 18, 2021 10:46 am
by Rich Hathaway
Earl_the_Pearl wrote: Tue Aug 17, 2021 9:17 pm After the "repair' does a factory reset still clear all the passwords and other data from the phone and return the settings to out of the box new?
I generally hard code everything , meaning everything but the work performed would go back to factory default, the imei can be soft coded so it would return upon reset but the kernel patch cannot be soft coded.
Earl_the_Pearl wrote: Tue Aug 17, 2021 9:17 pm There is a hack that locks the TTL and "repair" but it also locks in the information entered through the GUI.
I do not know what hack you are talking about
Earl_the_Pearl wrote: Tue Aug 17, 2021 9:17 pm The M5 is not as locked down as many think.
It is very locked down, its a secure boot enabled device and is efuzed.
I would say the security level on this device is high.

Re: Nighthawk M5 MR5100

Posted: Wed Aug 18, 2021 5:10 pm
by Earl_the_Pearl
Rich Hathaway wrote: Wed Aug 18, 2021 10:46 am I do not know what hack you are talking about

It is very locked down, its a secure boot enabled device and is efuzed.
I would say the security level on this device is high.
I know of an M5 that was "repaired" remotely, not mine. After the "repair" all the settings that were in the M5, passwords SSDs and such, are now permanent. Lucky for me I didn't have the same thing "repaired" on my M5.

I'm digging deep into how to modify my M5 even though I really don't like code; I don't have the attention span for it. I found the M5's AT commands that have been slightly modified from the M1s. I added band locking and got as far as the modem challenge entering AT !OPENLOCK?. Now I'm RTFM on how to use Python to run sierrakeygen.py that jkinred so kindly shared with the community.

I may have a hard time fishing but in the long run it is better than begging for fish. The saving grace, for me, is I'm doing all of this on a Windows PC,

Re: Nighthawk M5 MR5100

Posted: Wed Aug 18, 2021 6:11 pm
by Rich Hathaway
I think maybe you misunderstand what the device is doing if you clear the config then perform a hard reset the device will re-populate that config file with the raw values in the filesystems backup, it will be different from the sticker, you can repair it back to the sticker values if you happen to make a backup in the admin page before that was done in this case simply restore that backup.config

if you need to post your challenge here and I will calc it for you and post it back so you can unlock the AT advanced commands.
I am not sure who jkinred is but that algo was reverse engineered and made public by my friend his name is B. Kerler

Re: Nighthawk M5 MR5100

Posted: Wed Aug 18, 2021 7:59 pm
by jcrm2
does anyone know the coding to lock band2+ band66 +5G (including N260 mmwave "5G+")?

Re: Nighthawk M5 MR5100

Posted: Thu Aug 19, 2021 9:41 am
by Rich Hathaway
Rich Hathaway wrote: Sun Aug 15, 2021 9:10 am you can get them by query the modem for them
jcrm2 wrote: Wed Aug 18, 2021 7:59 pm does anyone know the coding to lock band2+ band66 +5G (including N260 mmwave "5G+")?
Just make a new slot for your config and use the mobile app to set your M5 to that slot and it will be locked to the bands you have in that slot.

m5 below
AT!BAND=?
Index, Name, GW_Mask LTE_1-64 LTE_65-128 NR5G_1-64 NR5G_65-128 NR5G_257-320
00, All, 0002000004C00000 0000A0003000285F 0000000000000002 0000000000000010 0000000000000000 0000000000000008
01, WCDMA All, 0002000004C00000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
02, LTE All, 0000000000000000 0000A0003000285F 0000000000000002 0000000000000000 0000000000000000 0000000000000000
03, LTE and NR5G, 0000000000000000 0000A0003000285F 0000000000000002 0000000000000010 0000000000000000 0000000000000008

0002000000000000 - WCDMA 900
0000000004000000 - WCDMA 850
0000000000800000 - WCDMA 1900
0000000000400000 - WCDMA 2100
0000800000000000 - LTE B48
0000200000000000 - LTE B46
0000000020000000 - LTE B30
0000000010000000 - LTE B29
0000000000002000 - LTE B14
0000000000000800 - LTE B12
0000000000000040 - LTE B7
0000000000000010 - LTE B5
0000000000000008 - LTE B4
0000000000000004 - LTE B3
0000000000000002 - LTE B2
0000000000000001 - LTE B1
0000000000000002 - LTE B66
0000000000000800 - NR5G N12
0000000000000010 - NR5G N5
0000000000000002 - NR5G N2
0000000000000002 - NR5G N66
0000000000000008 - NR5G N260

Re: Nighthawk M5 MR5100

Posted: Thu Aug 19, 2021 1:49 pm
by Earl_the_Pearl
Rich Hathaway wrote: Wed Aug 18, 2021 6:11 pm
if you need to post your challenge here and I will calc it for you and post it back so you can unlock the AT advanced commands.
I am not sure who jkinred is but that algo was reverse engineered and made public by my friend his name is B. Kerler
Edit: jkinred did a gist of the code.

bkerler on Github that's who wrote the code, jkinred was the name on the page I copied jkinred / sierrakeygen.py. My head is going to explode, I haven't messed with command line since DOS.

I got Python installed and working on WIn 10 but when I run sierrakeygen.py I get no serial module found. I RTFM and found that module lets Python talk to the modem. Installing that module in not as easy as clicking a Windows program; I fell asleep RTFM on how to install it.

Thanks for the offer of calculating the response but I get a different challenge every time I "AT! OPENLOCK?"

Re: Nighthawk M5 MR5100

Posted: Thu Aug 19, 2021 3:13 pm
by Earl_the_Pearl
I found a download on GitHub, "Use Re LiveDVD (everything ready to go, based on Ubuntu):", It is over 3 gigs. Is this a Linux distribution with Python and all the drivers and modules installed? That would make it so much easier than looking for all the parts on the Wide World of the Web; except for the part where I would have to learn Ubuntu. I read that is the most difficult Linux.

I would ask on GitHub but those guys talk in code all the time.

Re: Nighthawk M5 MR5100

Posted: Thu Aug 19, 2021 3:44 pm
by Rich Hathaway
Ubuntu is a user friendly gui for linux, its not a command line interface.
Earl_the_Pearl wrote: Thu Aug 19, 2021 1:49 pm Thanks for the offer of calculating the response but I get a different challenge every time I "AT! OPENLOCK?"
you can do your challenge and as long as you do not unplug your device from its current session or re-enter the challenge the response will be the ok even if it is the next day it would work and be ok.

Re: Nighthawk M5 MR5100

Posted: Thu Aug 19, 2021 7:31 pm
by Earl_the_Pearl
Rich Hathaway wrote: Thu Aug 19, 2021 3:44 pm Ubuntu is a user friendly gui for linux, its not a command line interfac
you can do your challenge and as long as you do not unplug your device from its current session or re-enter the challenge the response will be the ok even if it is the next day it would work and be ok.
I knew sooner or later I would have to become a Linux weenie. Where do I get a penguin stuffed toy?

Thank you for the offer. I only have the M5100 now, even used it cost too much to brick. I have a $65 M1100 coming, it is really used but working. I'm going to do my testing on that first; there is a lot more information out on the M1 than the M5.

GitHub says their program will work on both the M1 and M5. I downloaded the DVD they made to "repair" these modems. I'm going to install it on my test computer and see what I get. I'm learning more about coding than I need. Since DOS this is only the second time I have needed to have anything to do with code.

Re: Nighthawk M5 MR5100

Posted: Fri Aug 20, 2021 6:55 am
by Rich Hathaway
Yes M1 and M5 are similar the diff being M1 is not a secure boot enabled device and not fuzed the prob you will run into with it is the ADB port is blocked on M1, it can be enabled but takes some work to enable it

Re: Nighthawk M5 MR5100

Posted: Fri Aug 20, 2021 12:01 pm
by Earl_the_Pearl
Rich Hathaway wrote: Fri Aug 20, 2021 6:55 am Yes M1 and M5 are similar the diff being M1 is not a secure boot enabled device and not fuzed the prob you will run into with it is the ADB port is blocked on M1, it can be enabled but takes some work to enable it
I was reading about the efuses. What will they think of next? Everybody wants to keep control after the sale. After the sale it is mine. I'm learning some interesting things on this magical mystery tour.

I registered an account on GitHub. They asked what I want to collaborate on. I'm going to have to RTFM a bit more before I reverse engineer quantum computers.

Re: Nighthawk M5 MR5100

Posted: Sun Sep 12, 2021 3:02 am
by Earl_the_Pearl
It took some study of the working of Linux and Python but I did manage to unlock the engineering section of the Snapdragon X55 the M5 uses. I was able to "repair" things that are not available on the open section of the modem.

Everything one needs is packaged and just needs to be run. The package link is https://github.com/bkerler/edl.

The M5 is worth getting to work on AT&T's 4G unlimited iPad plan.
Image

Re: Nighthawk M5 MR5100

Posted: Tue Sep 28, 2021 5:01 pm
by go_navy
Hello all,
I am a newbie to MR5100, I bought the unlocked unit back in April and wanted to harvest the 500M speed of the T-Mo 5G UC but I can't make it work as a modem. The current setup is an LB1120 behind a Linksys WRT 3200AMC with DD-WRT and TTL modified. I tried IP pass thru in the MR5100 setting but the router just keeps blinking orange. Any successful case with step by step guide is highly appreciated.

Also, I can achieve 500/50M speed on my iPhone (5G UC) but MR5100 can only get ~120/40M max with the same sim card. Same for the LB1120, I can only get 15/5M vs 120/40M on the iPhone (4G LTE)

Re: Nighthawk M5 MR5100

Posted: Sun Oct 03, 2021 8:49 am
by synamrao
Earl_the_Pearl wrote: Sun Sep 12, 2021 3:02 am It took some study of the working of Linux and Python but I did manage to unlock the engineering section of the Snapdragon X55 the M5 uses. I was able to "repair" things that are not available on the open section of the modem.

Everything one needs is packaged and just needs to be run. The package link is https://github.com/bkerler/edl.

The M5 is worth getting to work on AT&T's 4G unlimited iPad plan.
Image
Wow! Is this 5G on the iPad plan?? Or are you really getting that kind of speed with 4G?

Re: Nighthawk M5 MR5100

Posted: Mon Oct 04, 2021 1:06 am
by Lyric
Earl_the_Pearl wrote: Sun Sep 12, 2021 3:02 am It took some study of the working of Linux and Python but I did manage to unlock the engineering section of the Snapdragon X55 the M5 uses. I was able to "repair" things that are not available on the open section of the modem.

Everything one needs is packaged and just needs to be run. The package link is https://github.com/bkerler/edl.

The M5 is worth getting to work on AT&T's 4G unlimited iPad plan.
Image
So how does this work? If I purchase the M5 and then go into AT&T and get a unlimited ipad plan? What if I don't have an iPad? will they still give me the $20/mo with a SIM without bringing it in, and then I can use it in the M5? I'm a bit confused.

Re: Nighthawk M5 MR5100

Posted: Tue Oct 05, 2021 6:12 pm
by Earl_the_Pearl
synamrao wrote: Sun Oct 03, 2021 8:49 am Wow! Is this 5G on the iPad plan?? Or are you really getting that kind of speed with 4G?
AT&T's 5G is no better than their 4G. I switched to a 5G tablet IMEI and had to call to get 5 G activated. It is the same as 4G except for the 5G icon in the corner of the screen. Even if I band-lock to a 5G band it connects to a LTE band. It is the Cat 22, Snapdragon X55 modem that gives me that speed. Remember it is all about location, many do not get this speed.

Re: Nighthawk M5 MR5100

Posted: Tue Oct 05, 2021 6:15 pm
by Earl_the_Pearl
Lyric wrote: Mon Oct 04, 2021 1:06 am So how does this work? If I purchase the M5 and then go into AT&T and get a unlimited ipad plan? What if I don't have an iPad? will they still give me the $20/mo with a SIM without bringing it in, and then I can use it in the M5? I'm a bit confused.
How it works is something that cannot be talked about on this forum. That is not the rule on all IMEI hacking forums. ;)

Re: Nighthawk M5 MR5100

Posted: Tue Oct 05, 2021 6:24 pm
by Earl_the_Pearl
go_navy wrote: Tue Sep 28, 2021 5:01 pm Hello all,
I am a newbie to MR5100, I bought the unlocked unit back in April and wanted to harvest the 500M speed of the T-Mo 5G UC
The MR5100 is an AT&T branded hog-spot and doesn't have all the T-Mobile bands. n41 is T-Mobile's fastest s 5G, n71 second fastest. The M5 has nether.

5G MiFi M5100 Cat 22
Sub-6GHz 5G: n2, n5, n66
mmWave 5G: n260
4G/LTE: 1, 2, 3, 4, 5, 7, 12, 14, 17, 29, 30, 46, 66
3G: UMTS 850/900/1900/2100 MHz

Re: Nighthawk M5 MR5100

Posted: Wed Oct 06, 2021 8:51 am
by Rich Hathaway
Earl_the_Pearl wrote: Tue Oct 05, 2021 6:24 pm The MR5100 is an AT&T branded hog-spot and doesn't have all the T-Mobile bands. n41 is T-Mobile's fastest s 5G, n71 second fastest. The M5 has nether.

5G MiFi M5100 Cat 22
Sub-6GHz 5G: n2, n5, n66
mmWave 5G: n260
4G/LTE: 1, 2, 3, 4, 5, 7, 12, 14, 17, 29, 30, 46, 66
3G: UMTS 850/900/1900/2100 MHz

You need to use MR5200 for tmobile
mr5200 datasheet.PNG

Re: Nighthawk M5 MR5100

Posted: Wed Nov 03, 2021 3:57 pm
by go_navy
Rich Hathaway wrote: Wed Oct 06, 2021 8:51 am You need to use MR5200 for tmobile

mr5200 datasheet.PNG
I have the MR5100 with t-mobile, connected via 5gsub6. Speed gets up to 100M while my iPhone gets up to 500M. I just can't make it work as a modem to feed the internet to my Linksys/w dd-wrt.

Re: Nighthawk M5 MR5100

Posted: Wed Nov 03, 2021 5:38 pm
by Rich Hathaway
If your getting data its working like a modem, how are you connecting to your router? if it is by the ethernet cable/port and your router cannot use it, then it is an issue with the router, not all device combinations are compatible.
you can check in the admin panel to make sure tethering is on, I cant remember for sure but I think there is a boolean in there for it, that device can send internet thru its ethernet port and its type C usb port via RNDIS

Re: Nighthawk M5 MR5100

Posted: Sat Nov 06, 2021 4:22 pm
by kelteknw
If you can provide challenge answer for me, I would be forever grateful. I have been trying the GitHub command line for last few days and im at a loss.

my challenge : 814D3F8D107BEC2B

this is for a MC7455
Rich Hathaway wrote: Wed Aug 18, 2021 6:11 pm I think maybe you misunderstand what the device is doing if you clear the config then perform a hard reset the device will re-populate that config file with the raw values in the filesystems backup, it will be different from the sticker, you can repair it back to the sticker values if you happen to make a backup in the admin page before that was done in this case simply restore that backup.config

if you need to post your challenge here and I will calc it for you and post it back so you can unlock the AT advanced commands.
I am not sure who jkinred is but that algo was reverse engineered and made public by my friend his name is B. Kerler

Re: Nighthawk M5 MR5100

Posted: Sat Nov 06, 2021 4:23 pm
by kelteknw
Can anyone assist calculating my challenge?

challenge : 814D3F8D107BEC2B
for: MC7455

Re: Nighthawk M5 MR5100

Posted: Sat Nov 06, 2021 6:29 pm
by Didneywhorl
It might be something like 2119353A0B567CEB

Re: Nighthawk M5 MR5100

Posted: Mon Nov 08, 2021 1:49 pm
by kelteknw
Didneywhorl wrote: Sat Nov 06, 2021 6:29 pm It might be something like 2119353A0B567CEB
I was finally able to use the livedvd to access sierrakeygen myself, however when ever I send the:
AT!OPENLOCK=[response from generator]

I get "error"

step 1.
atterm
ATENTERCND="A710"                                                                                                      


step 2.
AT!OPENLOCK?
it spits back the challenge code

step 3.
I enter the challenge code into sierrakeygen
it spits back generated response

step 4.
I send command back to modem:
AT!OPENLOCK=[response from generator]
"error "

error every time.


Not sure what is going on. I have a cradlepoint cba850lp6
CRADLEPOINT 850 WITH LP6.jpg

Re: Nighthawk M5 MR5100

Posted: Mon Nov 08, 2021 3:18 pm
by Didneywhorl
You might need dbl quotes around the response number :shrug:

Re: Nighthawk M5 MR5100

Posted: Mon Nov 08, 2021 5:41 pm
by kelteknw
Didneywhorl wrote: Mon Nov 08, 2021 3:18 pm You might need dbl quotes around the response number :shrug:
I tried the following:
AT!OPENLOCK=response number
AT!OPENLOCK="response number"
AT!OPENLOCK=[response number]
AT!OPENLOCK=(response number)
AT!OPENLOCK={response number}

error every time, I am at a loss...

Re: Nighthawk M5 MR5100

Posted: Mon Nov 08, 2021 6:06 pm
by Didneywhorl
The keygen python app gives you the exact command. Can you copy and paste it?

Re: Nighthawk M5 MR5100

Posted: Mon Nov 08, 2021 6:46 pm
by kelteknw
Didneywhorl wrote: Mon Nov 08, 2021 6:06 pm The keygen python app gives you the exact command. Can you copy and paste it?
I did the copy paste method:

AT!OPENLOCK=response number

Thats why I tried the other additions of " { [

Nothing made a difference, every time I get: error

I am ready to throw this cradlepoint out the windows and purchase the:
ZBT WG3526-P Router with Quectel EM12-G CAT 12 Modem from https://thewirelesshaven.com/
:lol:

Re: Nighthawk M5 MR5100

Posted: Tue Nov 09, 2021 7:47 am
by Rich Hathaway
You cannot touch the device in-between the time you query the challenge and the time you input the response or it will fail every time, so after you send the openlock query do not send another at cmd or do not unplug the device or repower it or touch the cli screen you are using or query will change, it is a dynamic query not a static one so it changes unless left untouched, I just ran the challenge you posted and Didneywhorl's response was correct

the screenshot below is how it should be entered, with your response

m1 diag unlocker.PNG

Re: Nighthawk M5 MR5100

Posted: Tue Nov 09, 2021 10:33 am
by Didneywhorl
Also make sure your not accidentally using windows “ versus standard text ones "
dbl-quotes.png

Always use the standard text ones.

Re: Nighthawk M5 MR5100

Posted: Thu Nov 11, 2021 12:15 am
by Reeny
Quick question everyone. So I've downloaded the livedvd and ran EDL but I'm not sure what to do from there. I'm only looking to run the enhanced commands. What do I need to enter for EDL to start talking to the modem?

Thanks

Re: Nighthawk M5 MR5100

Posted: Fri Nov 12, 2021 9:05 am
by Rich Hathaway
You can test it by entering "AT" and it should return "OK" if it doesn't then it is not connected, if you cant get it to connect then you should check your python lib that you have it and all needed dependencies installed, also you should reboot after you install python and/or its dependencies.

Re: Nighthawk M5 MR5100

Posted: Fri Nov 12, 2021 2:17 pm
by Reeny
Thank you for the reply. So when I open EDL via doubleclicking EDL in the Live Linux DVD it opens up a command line interface. This is where I would be typing AT? Currently when I type AT and enter it says "command not found"

I've used AT commands before. Just only with r00ter.

I'm also trying to connect to the MR5100 if that makes a difference. Only plugging in the USB C cable to my PC and powering the unit on.

Re: Nighthawk M5 MR5100

Posted: Sat Nov 13, 2021 9:06 am
by Rich Hathaway
Just reading over this thread again I told you wrong, I did not realize you were using a live cd and not working with a full python library installed. So what you should do is run the help command and see if it returns the help info so you can know that you are calling it up correctly and it is responding to your query , I have never used or seen the live cd but I am sure it has a help page. edl typically has support for many models, I am not sure you set it for the specific model you are using but you should make sure you are calling it for the correct chipset you are using.
edl typically works thru either the modem port, the rndis port or the at port if your devices has one so make sure the correct drivers are loaded for your device

Re: Nighthawk M5 MR5100

Posted: Mon Nov 15, 2021 3:28 pm
by Reeny
Thanks Rich I appreciate it. I got that part figured out so I can now mess with band locking. Is it possible to change TTL on the MR5100 itself? I know I can plug a openwrt router into it but I'd prefer just connecting it to the hotspot directly.

Re: Nighthawk M5 MR5100

Posted: Mon Nov 15, 2021 5:41 pm
by Rich Hathaway
Reeny wrote: Mon Nov 15, 2021 3:28 pm Is it possible to change TTL on the MR5100 itself?
Yes it is possible, I do them most everyday by kernel patch, I am sure there there is more than one way to get it done on this device, maybe you can find another way that is not so complicated. I do my devices like that because it is hard coded at that point and will stay thru a factory reset and stay thru all the small firmware updates they send to it over the air.

Re: Nighthawk M5 MR5100

Posted: Mon Nov 15, 2021 7:48 pm
by Reeny
What is the best way to Contact you Rich?

Thanks

Re: Nighthawk M5 MR5100

Posted: Tue Nov 16, 2021 1:47 pm
by Rich Hathaway
mifis.us or look in my profile for email

Re: Nighthawk M5 MR5100

Posted: Wed Dec 01, 2021 5:07 am
by SuttonX
Rich Hathaway wrote: Wed Aug 11, 2021 9:48 am This not something that can be done at a userland level it requires some knowledge of baseband level modification. These type of edits on difficult devices and os's is how I make my living so forgive me for keeping it close for a while I will post my tool publicly after this device is older, I will do one free for you if you need it, but it is a service I normally sell, I have it automated now and it can now be done remotely, this tool is several thousand lines of code and was alot of work so I wont be giving the work away just yet. I was just correcting this thread in the fact that it can be done, hit me up and ill do one for you, it works pretty well on verizon prepaid's $60 plan or the postpaid add a line plan for $20 I have also put them on the connected car plan for $20 it is a pretty fast device, it also can be locked to work on 5g unlimited, I do need someone in a ultra wideband area to test it for me, in regular 5g area here it gets around 600mbps down or a little less, upload is alot slower I am still working on that
I am interested in this service for an MR5100 but I am unable to message you on here. Please email me cjxsutton@gmail.com.

If you also sell the device that would be even better cause I haven't acquired one yet

Re: Nighthawk M5 MR5100

Posted: Fri Dec 03, 2021 2:02 am
by SuttonX
Rich Hathaway wrote: Tue Nov 16, 2021 1:47 pm mifis.us or look in my profile for email
EDIT: disregard, by the time this comment got approved he had already replied

Re: Nighthawk M5 MR5100

Posted: Sun Dec 05, 2021 5:23 pm
by Rich Hathaway
I already responded to you

Re: Nighthawk M5 MR5100

Posted: Tue Dec 07, 2021 8:02 am
by SuttonX
So I got my MR5100 IMEI changed to what I want it to be, using python and putty. It's working and connecting fine but the APN in the Nighthawk is "broadband". Since I'm using a 5g phone SIM and plan I think it should be something else so it doesn't look like I'm hotspotting my "phone" to AT&T. I tried to name it "enhancedphone" like the phone I took the SIM out of, but it says that APN isn't allowed on this device.

Anyone know how to force it via commands? Or remove the restrictions on what's allowed in that field?

I just want to make sure that on AT&T's end it just looks like I'm browsing directly on my "phone" all day and not hotspotting it

Re: Nighthawk M5 MR5100

Posted: Tue Dec 07, 2021 1:47 pm
by Rich Hathaway
SuttonX wrote: Tue Dec 07, 2021 8:02 am I just want to make sure that on AT&T's end it just looks like I'm browsing directly on my "phone" all day and not hotspotting it
That has nothing to do with the apn, to keep them from seeing you are sharing data with other devices you need to adjust the time to live value not the apn, and then set the other values they see with every data packet request which is the meid/esn and fid.
Every time your device request's data from the switch it sends these in its request so all they have to do is look to see what device you are using.
you can adjust the apn if you wish, it is adjustable via userland controls in the ui.
If you can't set it, you may be on the new update just pushed a few days ago it now blocks ports and hides the modem (no telnet) I just saw one with it yesterday that someone mailed in, had to get around it to do anything with the M5 now, my devices here have not taken that update yet, so good advice for anyone who's device has not had that update is to disable ota so it won't update to it. I don't remember the version I am not by that pc at the moment but if your ports are still working then you have not gotten it yet.

Re: Nighthawk M5 MR5100

Posted: Wed Feb 16, 2022 3:58 pm
by sugafree
Rich Hathaway wrote: Wed Aug 11, 2021 9:48 am This not something that can be done at a userland level it requires some knowledge of baseband level modification. These type of edits on difficult devices and os's is how I make my living so forgive me for keeping it close for a while I will post my tool publicly after this device is older, I will do one free for you if you need it, but it is a service I normally sell, I have it automated now and it can now be done remotely, this tool is several thousand lines of code and was alot of work so I wont be giving the work away just yet. I was just correcting this thread in the fact that it can be done, hit me up and ill do one for you, it works pretty well on verizon prepaid's $60 plan or the postpaid add a line plan for $20 I have also put them on the connected car plan for $20 it is a pretty fast device, it also can be locked to work on 5g unlimited, I do need someone in a ultra wideband area to test it for me, in regular 5g area here it gets around 600mbps down or a little less, upload is alot slower I am still working on that
I could use your assistance please.

Re: Nighthawk M5 MR5100

Posted: Wed Feb 16, 2022 6:26 pm
by Rich Hathaway
I responded to your msg, but support needs to be done from the forum where others can benefit from it not via PM.

Re: Nighthawk M5 MR5100

Posted: Wed Feb 16, 2022 7:03 pm
by sugafree
Rich Hathaway wrote: Wed Oct 06, 2021 8:51 am
Earl_the_Pearl wrote: Tue Oct 05, 2021 6:24 pm The MR5100 is an AT&T branded hog-spot and doesn't have all the T-Mobile bands. n41 is T-Mobile's fastest s 5G, n71 second fastest. The M5 has nether.

5G MiFi M5100 Cat 22
Sub-6GHz 5G: n2, n5, n66
mmWave 5G: n260
4G/LTE: 1, 2, 3, 4, 5, 7, 12, 14, 17, 29, 30, 46, 66
3G: UMTS 850/900/1900/2100 MHz

You need to use MR5200 for tmobile

mr5200 datasheet.PNG
How can I get my M5 to work with T-Mobile sim? All it does is search for carrier.

Re: Nighthawk M5 MR5100

Posted: Fri Apr 29, 2022 7:03 am
by dfkinca
Can anyone assist me in please calculating my challenge answer?

Device: MR5200
Challenge: 7753E2C42827C4EF

Thanks in advance.