Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Topics for Netgear Nighthawks MRxxxx Series Hotspots
Post Reply
usmc1723
Posts: 3
Joined: Fri Aug 20, 2021 4:10 pm
Has thanked: 0
Been thanked: 0

Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by usmc1723 »

Note: This is a completely hypothetical question that I'm curious about to strictly understand how modems/routers work:

If someone were to change the IMEI number of their Nighthawk MR1100 to an smartphone IMEI and put a cellphone plan SIM card in the nighthawk, would the carrier count the data as hotspot data usage or phone data usage? My understanding is that even if you have a smartphone IMEI, the carrier would still count the data as hotspot usage unless you changed the TTL value (which I've heard you can't do on a Nighthawk)... is this correct?
Dr-BroadBand
Posts: 558
Joined: Wed Sep 23, 2020 8:52 am
Location: Texas
Has thanked: 94 times
Been thanked: 118 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Dr-BroadBand »

It’s my Understanding that most carriers black list the MR1100.

I believe AT&T is The only net work this modem works on.

AT&T does not use the TTL Trick.

To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.

To get up and running would pay $50 for 100Gig of data
usmc1723
Posts: 3
Joined: Fri Aug 20, 2021 4:10 pm
Has thanked: 0
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by usmc1723 »

I need a plan that will work in Mexico, so I may start with the Cricket 100gb plan and then switch to ATT (unless I missed something and ATT prepaid works in Mexico)
Dr-BroadBand
Posts: 558
Joined: Wed Sep 23, 2020 8:52 am
Location: Texas
Has thanked: 94 times
Been thanked: 118 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Dr-BroadBand »

Most have better luck with post pay
Spazz21
Posts: 5
Joined: Sun Oct 03, 2021 9:00 pm
Has thanked: 0
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Spazz21 »

Any luck on the info on how to change the TTL?
User avatar
Didneywhorl
Posts: 3609
Joined: Fri Mar 23, 2018 5:37 pm
Location: USA
Has thanked: 1359 times
Been thanked: 754 times
Contact:

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Didneywhorl »

It depends on how the carrier tracks hotspot usage on their phones. You have to mimic the way they count the data as on device versus hotspot.

Not simple to figure out. Over my pay grade. ;)
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

Spazz21 wrote: Sun Oct 03, 2021 9:20 pm Any luck on the info on how to change the TTL?
To do that on the M1 takes a bit of work, personally I use a kernel patch as it is permanent, that device has
a watchdog file and a factory backup file that will revert ttl rules upon every reboot so what works for other devices will not/does not work for the M1.


Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm It’s my Understanding that most carriers black list the MR1100.
I believe AT&T is The only net work this modem works on.
AT&T does not use the TTL Trick.

To answer your question there are ways to change the TTL on the MR1100 need to use the command line. Will need to do some digging to see I can remember how.
M1 can be used on any carrier.
AT&T does and can see time-to-live all carriers do/can, they just don't have it written into the switch to deny service when data jumps like Verizon and its mvno's do, instead they simply flag the account and wait for a rep to take a look, then they can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
thethirdmurph
Posts: 13
Joined: Sat Sep 25, 2021 9:06 pm
Has thanked: 10 times
Been thanked: 1 time

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by thethirdmurph »

Dr-BroadBand wrote: Thu Aug 26, 2021 9:46 pm It’s my Understanding that most carriers black list the MR1100.

I believe AT&T is The only net work this modem works on.

AT&T does not use the TTL Trick.
I use this modem with t-mobile on a data only tablet plan. I may be flying under the radar, but I assumed they didn't care since I don't have unlimited data.
LoveMeSomeCALTE
Posts: 249
Joined: Sun Jul 05, 2020 2:29 pm
Has thanked: 239 times
Been thanked: 30 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by LoveMeSomeCALTE »

Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm can and will either suspend or terminate your account, this is why everyone's ipad plans all went down, mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
I really respect that approach. Maybe you and I are one of the few left with that nice $35 ipad plan because our approach is identical.

Have you tried out the $20 postpaid plan yet? Link to discussion:

https://wirelessjoint.com/viewtopic.php?f=32&t=2955
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

LoveMeSomeCALTE wrote: Tue Oct 05, 2021 10:48 am I really respect that approach. Maybe you and I are one of the few left with that nice $35 ipad plan because our approach is identical.

Have you tried out the $20 postpaid plan yet? Link to discussion:

https://wirelessjoint.com/viewtopic.php?f=32&t=2955
I put a-lot of those on Verizon's 20$ add a line plan for postpaid they work well and some on the connected car plans, you can use terrbytes of data with no issues but only a few on ATT 20$ for clients, I personally do not have any sims with that plan.
But I have alot of devices leased out on the 35 ipad plan still. :)
omtbus
Posts: 3
Joined: Wed Oct 06, 2021 8:26 pm
Has thanked: 1 time
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by omtbus »

Rich Hathaway wrote: Mon Oct 04, 2021 3:42 pm mine are still up because I protected them by
making sure the imei, fid and ttl are correct on every device on my ipad plans while I watched all my friends ipad plans go down one after the other mine all remained.
I told everyone publicly to protect those plans but most peeps did not listen.
Will you provide some direction on how to set fid and ttl on the MR1100 please? I have searched a lot and have not come across anything other than this thread with mentions that it is apparently possible.

Thank you
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
User avatar
Didneywhorl
Posts: 3609
Joined: Fri Mar 23, 2018 5:37 pm
Location: USA
Has thanked: 1359 times
Been thanked: 754 times
Contact:

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Didneywhorl »

Is the FID the same as a modems VID?
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

FID is factory ID it is an nv item in qualcomm devices,it resides here 60001 (0xEA61) also at 60111 (0xEACF)
Vendor ID is different from it
omtbus
Posts: 3
Joined: Wed Oct 06, 2021 8:26 pm
Has thanked: 1 time
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by omtbus »

Rich Hathaway wrote: Thu Oct 07, 2021 9:54 am FID = Factory ID, it can be changed thru the raw filesystem.
You will also need to change the IMEI.
The rest is not any userland level process.
TTL for this model requires you to get read/write at the baseband level, then make and apply a kernel patch, before you ask, I cannot just tell you how to make or apply a kernel patch it is an involved process and would take pages of info here, its difficulty level I would say is medium to high, if you are not familiar with any of this type of work I would suggest to have some one do it for you and not attempt to do it yourself as it is easy to bork your device making baseband level edits, and this particular (sierra) device likes to freeze and not allow you to reload back with the netgear spk's in this case it can only be recovered with a patched loader and a byte by byte load from its QDL (9008) port.
I know this because I borked my device about a hundred times when I was building my firm and kernel for this model, and you wont find any "real" firmware on the net to load back to it, only the factory SPK's are out there and they cannot be loaded to a borked device thru the 9008 port.
Thanks for the quick response! Hypothetically, what should Factory ID be for AT&T? I have heard of setting IMEI and TTL but not FID. I have been able to "repair" the IMEI via AT Commands though that does not last through a factory reset, but I am fine with that.

This post makes getting root on a MR1100 look doable, even for me.

I would like to get TLL set correctly though and perhaps FID if that also helps?
How much do you charge to create a kernel patch? Is it specific to each individual MR1100 or is it generic or at least generic per different MR1100 model?

Thanks again.
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

You can see what the factory ID looks like in the screenshot below in my 7730 tool
Yours will be similar but unique to your device.
You can also see the vendor ID which is just a 4 digit number stating the vendor and the devices mode.
7730 tool.PNG

@ omtbus
FID should be zero'd this is how the factory leaves them until the last part of production, after all test's have been passed the factory loads the compact electronic filesystem containing the IMEI, MEID,ESN, FID, start factory counters, etc. So seeing one that is still zero'd will look like one of the thousands of test devices they send out to testers before release that have no factory ID assigned.

No selling of services here in the open forum

https://wirelessjoint.com/viewtopic.php?f=38&t=2696
You do not have the required permissions to view the files attached to this post.
omtbus
Posts: 3
Joined: Wed Oct 06, 2021 8:26 pm
Has thanked: 1 time
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by omtbus »

@Rich Hathaway
Thank you for the screenshot and information.
Something I am still not understanding is that if AT&T is expecting the device to be an iPad, not some other device, does having a FID zero'd like a factory MR1100 actually help or am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Rich Hathaway »

omtbus wrote: Fri Oct 08, 2021 10:02 am @Rich Hathaway
am I missing the point entirely?
Are FID, VID, MEID, and ESN visible to service providers?
Yes I think you are, there are all models on the network with FID zeroed out, yes even ipads.

Yes of course they are visible, most of those are sent with every data packet request to the carrier
Spazz21
Posts: 5
Joined: Sun Oct 03, 2021 9:00 pm
Has thanked: 0
Been thanked: 0

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by Spazz21 »

Ended up getting the ATT plan
LoveMeSomeCALTE
Posts: 249
Joined: Sun Jul 05, 2020 2:29 pm
Has thanked: 239 times
Been thanked: 30 times

Re: Nighhawk MR1100 IMEI/TTL (Hypothetical question)

Post by LoveMeSomeCALTE »

the $20 postpaid plan?
Post Reply

Return to “Nighthawks MR1100 - MR5200 (M1...M5...)”