Cell Phone Hacking:- Part One

The James Bond Trick:

If you short-circuit theleft middle and right pins on the bottom of the phone with all connections touching each other, the Nokia software hangs! The profile "Headset" will be activated. Before you do this just activate the "Automatic Answer" in the headset profile and set the ringing volume to "Mute". Now you can use your phone for checking out what people are talking about in a room. Just place it under a table in a room and call it. The phone receives the call without ringing and you can listen to what people are saying.

Network Monitor:

There is a hidden menu inside your Nokia phone. If you want to activate it, you'll have to re-program some chips inside of your phone.

1. Check your software version. You can only continue if you have v4.33, v4.73 or v5.24.
2. Take apart the phone.
3. De-solder the EEPROM (ATMEL AT 24C64).
4. Read out the data with an EEPROM programmer and save it to a file (Backup).
5. If you have v.33 or v4.73, change the address "03B8" from "00" to "FF".
6. If you have v5.24 then change the address "0378" from "00" to "FF".
7. Write the new data to the EEPROM and solder it back to the phone,
8. Power on your phone and you should have "Netmonitor" enabled.

The Network Monitor gives you the following information.

- Carrier number
- MS RX Level in DBM
- Received signal quality
- MS TX power level
- C1 (Path loss criterion, used for cell selection and reselection). The range is -99 to 99.
- RTL (Radio link timeout).
- Timeslot
- Indication of the transmitter status
- Information on the Network parameters.
- TMSI (Temporary Mobile Subscriber Identity).
- Cell identification (Cell ID, Number of cells being used).
- MCC (Mobile country code)
- MCN (Mobile network code)
- LAC (Location area code)
- Ciphering (On/Off)
- Hopping (On/Off)
- DTX (On/Off)
- Discard cell barred information

Check SIM Lock:

Note - If you bought your Nokia on UK Vodafone or UK Cellnet you do not need to check this because they both transmit on GSM900, and they don't lock the phones. However if you bought your phone on UK Orange or UK One2one your phone may be blocked. The reason is that they both transmitt on GSM1800. To make a call on GSM1800 you need what is known as a "Dual band" phone. A dual band phone is able to transmit on both GSM900 and GSM1800, so they lock the phones so you can't use it with any other network simcard. If you find that your phone is locked you can try different software to unlock it. (we havn't found one that works yet), or you can ask your service provider who will gladly exchange the 10 digit code for about £35.

This is how to check the status of the 4 different locks. Aslo don't try entering the wrong number, because after 3 times it will block the phone for good.

There are 4 different locks on your Nokia phone.


The code to read out the sim-lock status of your phone is


MASTERCODE = 1234567890

The master code is a secret code. The code has 10 digits, To read out the sim-lock status you can enter every combination you want!

"Y" Shows the status of the network-lock. Here you can enter a number from "1" to "4". The "4" is for the sim-card lock.

SIM-Lock Checks.



General Codes and Information:

[<] - Left arrow key [>] - Right arrow key

* # 0 6 #
IMEI number (phone serial no.) Must be the same number on the sticker inside your phone, if not your phone may have been cloned
Most phones, not only Ericsson

* # 0 0 0 0 #
Reset language to English (useful when itchy hands changed your phone's language to some other alien form
All Ericsson Phones

> * < < * < * Service Menu - tells you the phone's software version (good for checking your phone's "age" before buying it); press "Yes" repeatedly to see all the software data & press ">" to see all the texts available in your phone (hundreds of them!); some phones save "Flash?" option to reset the phone (I didn't see any difference after doing that)
All Ericsson Phones

< * * <>"

Method 2:
Scroll to "Read"; see
"No Messages";
press & hold "<" Menu Size option You can extend your phone's menu to include a few more options like Customise, Edit Phone Book, etc... Note that Set Alarm does not work. Customise allows you to rearrange the sequence of the menus & to reset your phone. DO NOT RESET your phone here!!! It will mess up your menu & you'll have to rearrange your menus again. When you want back the original menus, go back to Menu Size & reduce it. Only GA628 with earlier software versions, will not work for GF/PF768 & all other models Other: 1.Save a Missed Call into your phone directory Scroll to "MissedCall", press "Yes" to display the required number. Press any number (i.e. 0 to 9), then press "clear" once to clear that number, then press & hold "<" until you see "Store". Press "Yes" & carry on from there... 2.Hide your number when calling (when you don't want the other party to know your number) After dialing the required number & before pressing "Yes", press ">" twice to choose "Hide Id?" &
then press "Yes". Also works for pre-programmed & last dialled numbers, just press "No" & wait for
the number to appear on the screen first then follow same procedure.

3.Check you battery level when phone is off

Just press "No" quickly one time & wait for the battery meter to show up!

4.Painless redialing

If you're sick & tired of hearing whether your redial gets through, well, don't! The phone will give a
short ring automatically when the redial gets through, so put the phone to your ear only after you hear
the ring. Note: Only works for redial, not first call!

5.Save a number into your phone memory (not SIM card)

Follow normal procedures to store a phone number. When prompted to set a storage position, press
"#" once (display will show "¤") & key in desired location, or press "#" twice for next available
position. GA628 can store 50 phone numbers in memory. Other phones may be able to store more.

6.Call a phone number from SMS message

Do you know you can do that? You can call from within a SMS message if the phone number is
written in it. Example of such a SMS message : Your wife just called. Call her at 7654321 Just scroll
the message until the phone number appears on the display, then press "Yes" to call.


General Codes / Info:

MOTOROLA 6200, 7500, 8200, 8400, 8700

To activate RBS (Engineering Menus):

[pause] [pause] [pause] 1 1 3 [pause] 1 [pause] [ok]

(pause means the * key held in until box appears)

You now have to press the [MENU] and scroll to the 'Eng Field Options' function with the <> keys, and enable it.

To de-activate RBS (Engineering Menus):

[pause] [pause] [pause] 1 1 3 [pause] 0 [pause] [ok]

(pause means the * key held in until box appears)

Works on 6200's,8200's,1-888's,7500's,8400's and GSM StarTacs with later than version .27 software.

Options under Eng Field Options

Active Cell

RxLev -55 Received powerlevel in dBm
NCC 0 National Colour Code, used for identifying channel
BCC 7 Broadcast Colour Code, also for identifying purposes
MSTxPwr 35 Max allowed transmit power 35dBm about 3.2W
C1 003 Is a calculated figure for the quality control signal which is constantly sent out from the RBS quality the signal
returning from the phone has. If this value is negative for more than 5 sec then the system will make a cell switch.
Time Adv xxx xxx is a number. Multiply this number by 550, and the result is the distance from the RBS (Radio Base Station), in meters.

Adjacent Cells

Adj Cell 1
Channel 0033 Channel Number
RxLev -65 Received powerlevel in dBm
BCCH Decode I think it means it is able to decode the channel information contained in the BCCH
RxLevAM -104 Min allowed reception, compare with RxLev -65 and you get the C1 value which is 39 and reported back to base as
measure of field strength.
MTxPwr 35 Aain max allowed powerlevel
C1 003 ??
NCC 0 National Colour Code
BCC 6 Broadcast Colour Code

System Parameters

Combined Off ??

AcsClas 0000 Allows different priorities - this network doesn't support it.
MCC 505 Mobile Country Code, 505 for Australia, 240 for Swedes etc
MNC 01 Mobile Network Code, 01 for Mobilenet, 02 for Optus, 03 for Vodafone using MCC 505. MCC+MNC is often called Network Code
LAC 08720 Location Area Code, shows which exchange your're in
CellID 00473 Base Station Identity
T3212 005 Time between periodic network updates (either hours between or time remaing until update, not sure)
XZQTY 14.3 ??

Motorola Flip Pinout:

ANT- (O) | | | | | | | | | |
10 9 8 7 6 5 4 3 2 1
Top of phone (screen)

1) Audio Ground
2) Ext b+
3) T Data
4) C Data
5) R Data
6) Logic Ground
7) Audio Out - on/off
8) Audio In
9) Manual Test
10) Battery Feedback

