Page 1 of 1
Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Aug 26, 2021 7:21 pm
by usmc1723
Note: This is a completely hypothetical question that I'm curious about to strictly understand how modems/routers work:
If someone were to change the IMEI number of their Nighthawk MR1100 to an smartphone IMEI and put a cellphone plan SIM card in the nighthawk, would the carrier count the data as hotspot data usage or phone data usage? My understanding is that even if you have a smartphone IMEI, the carrier would still count the data as hotspot usage unless you changed the TTL value (which I've heard you can't do on a Nighthawk)... is this correct?
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Aug 26, 2021 9:46 pm
by Dr-BroadBand
It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
To get up and running would pay $50 for 100Gig of data
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Fri Aug 27, 2021 12:05 am
by usmc1723
I need a plan that will work in Mexico, so I may start with the Cricket 100gb plan and then switch to ATT (unless I missed something and ATT prepaid works in Mexico)
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Fri Aug 27, 2021 11:02 am
by Dr-BroadBand
Most have better luck with post pay
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Sun Oct 03, 2021 9:20 pm
by Spazz21
Any luck on the info on how to change the TTL?
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Mon Oct 04, 2021 9:28 am
by Didneywhorl
It depends on how the carrier tracks hotspot usage on their phones. You have to mimic the way they count the data as on device versus hotspot.
Not simple to figure out. Over my pay grade.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Mon Oct 04, 2021 3:42 pm
by Rich Hathaway
Spazz21 wrote: Sun Oct 03, 2021 9:20 pm
Any luck on the info on how to change the TTL?
To do that on the M1 takes a bit of work, personally I use a kernel patch as it is permanent, that device has
a watchdog file and a factory backup file that will revert ttl rules upon every reboot so what works for other devices will not/does not work for the M1.
Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm
It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
M1 can be used on any carrier.
AT&T does and can see time-to-live all carriers do/can, they just don't have it written into the switch to deny service when data jumps like Verizon and its mvno's do, instead they simply flag the account and wait for a rep to take a look, then they can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Mon Oct 04, 2021 7:02 pm
by thethirdmurph
Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm
It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.
I use this modem with t-mobile on a data only tablet plan. I may be flying under the radar, but I assumed they didn't care since I don't have unlimited data.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Tue Oct 05, 2021 10:48 am
by LoveMeSomeCALTE
Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm
can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
I really respect that approach. Maybe you and I are one of the few left with that nice $35 ipad plan because our approach is identical.
Have you tried out the $20 postpaid plan yet? Link to discussion:
https://wirelessjoint.com/viewtopic.php?f=32&t=2955
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Wed Oct 06, 2021 8:37 am
by Rich Hathaway
I put a-lot of those on Verizon's 20$ add a line plan for postpaid they work well and some on the connected car plans, you can use terrbytes of data with no issues but only a few on ATT 20$ for clients, I personally do not have any sims with that plan.
But I have alot of devices leased out on the 35 ipad plan still.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Wed Oct 06, 2021 8:32 pm
by omtbus
Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm
mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
Will you provide some direction on how to set fid and ttl on the MR1100 please? I have searched a lot and have not come across anything other than this thread with mentions that it is apparently possible.
Thank you
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Oct 07, 2021 9:54 am
by Rich Hathaway
FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Oct 07, 2021 5:50 pm
by Didneywhorl
Is the FID the same as a modems VID?
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Oct 07, 2021 7:33 pm
by Rich Hathaway
FID is factory ID it is an nv item in qualcomm devices,it resides here 60001 (0xEA61) also at 60111 (0xEACF)
Vendor ID is different from it
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Thu Oct 07, 2021 7:36 pm
by omtbus
Rich Hathaway wrote: Thu Oct 07, 2021 9:54 am
FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
Thanks for the quick response! Hypothetically, what should Factory ID be for AT&T? I have heard of setting IMEI and TTL but not FID. I have been able to
"repair" the IMEI via AT Commands though that does not last through a factory reset, but I am fine with that.
This post makes getting root on a MR1100 look doable, even for me.
I would like to get TLL set correctly though and perhaps FID if that also helps?
How much do you charge to create a kernel patch? Is it specific to each individual MR1100 or is it generic or at least generic per different MR1100 model?
Thanks again.
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Fri Oct 08, 2021 7:28 am
by Rich Hathaway
You can see what the factory ID looks like in the screenshot below in my 7730 tool
Yours will be similar but unique to your device.
You can also see the vendor ID which is just a 4 digit number stating the vendor and the devices mode.
7730 tool.PNG
@ omtbus
FID should be zero'd this is how the factory leaves them until the last part of production, after all test's have been passed the factory loads the compact electronic filesystem containing the IMEI, MEID,ESN, FID, start factory counters, etc. So seeing one that is still zero'd will look like one of the thousands of test devices they send out to testers before release that have no factory ID assigned.
No selling of services here in the open forum
https://wirelessjoint.com/viewtopic.php?f=38&t=2696
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Fri Oct 08, 2021 10:02 am
by omtbus
@Rich Hathaway
Thank you for the screenshot and information.
Something I am still not understanding is that if AT&T is expecting the device to be an iPad, not some other device, does having a FID zero'd like a factory MR1100 actually help or am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Fri Oct 08, 2021 1:01 pm
by Rich Hathaway
omtbus wrote: Fri Oct 08, 2021 10:02 am
@Rich Hathaway
am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
Yes I think you are, there are all models on the network with FID zeroed out, yes even ipads.
Yes of course they are visible, most of those are sent with every data packet request to the carrier
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Tue Oct 12, 2021 3:01 pm
by Spazz21
Ended up getting the ATT plan
Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)
Posted: Tue Oct 12, 2021 9:57 pm
by LoveMeSomeCALTE
the $20 postpaid plan?