AT commands for SIM Unlock for NETGEAR MR6400

Topics for Netgear Nighthawks MRxxxx Series Hotspots
Post Reply
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

What AT commands are involved in unlocking an MR6400 for which the SIM Lock status is "Locked (PH-SP PIN)"?

So far, I've deduced that "sierrakeygen.py -c xxxx -d SDX55" can be used to respond to the challenge generated by AT!OPENCND?

//Query "PP" Service Provider Personalization Correspond to SPCK code
AT+CLCK="PP",2

Returns:
+CLCK: 1

So, I guess that maybe the solution is to send:

AT+CLCK="PP",0,<passwd>

Is that right?
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by Rich Hathaway »

Most of these devices can enter a network unlock code from the devices UI (admin panel)
I have not had this m6 device yet so I cannot verify it yet but if you cant do it there you can most likely do it or at least manipulate it thru the backend with the devices pre-installed services, I am not for sure of which one handles the network lock on these sierra devices as I have unlocked thru the raw filesystem for m1 and m5 but I think it is prob handled by QCMAP_CLI
You can call it up and query it and it will tell you what it is responsible for handling.
If it is not what handles the network restricting just look around in there you will find it, here is an example for you from another device, not sierra, but will be similar.
m2000 sim lock.PNG
You can see that it is set in qmi so qmi commands only will work
in this case, the "set_sprint_sim_lock" can change the unlock code to whatever you make it, when you query it
you can simply enter "unlock" or a code if it is the current code it will send it if it is not it will change it.
LOL, they did not plan on us finding this haha. ( it changes back upon hard reset to the algo of the mac & imei)
so use it when u change it.
Anyway I would think in sierra devices such as that M6 it would also be in the root, perhaps in /bin but it may be in a propriatary folder also such as mnt\userrw\ntgnv if you look aroound in there you will find it
You do not have the required permissions to view the files attached to this post.
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

Thanks Rich. I'm definitely not finding any file named "nwcli". There are about 160 files containing "qcmap" though.

Where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?

Maybe that's a valid solution for the M6 too. I've now got a telnet root console.
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

Oh, that's what you meant,

/usr/bin/QCMAP_CLI
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

In the M6 QCMAP_CLI is a menu driven text interface. I can't figure out how to exit - except to just close the telnet session. I don't see any options to unlock, or reveal unlock codes. Rich, where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
User avatar
Rich Hathaway
Posts: 542
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 8 times
Been thanked: 186 times

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by Rich Hathaway »

p.elsie wrote: Thu Jul 21, 2022 8:39 am Thanks Rich. I'm definitely not finding any file named "nwcli". There are about 160 files containing "qcmap" though.

Where can I find a breakdown of how you "unlocked thru the raw filesystem for m1 and m5"?
You won't find any "nwcli" in there because it is proprietary and will be named something else beside novatel wireless command line interface since it is not a novatel/inseego device, it is a sierra device so may be more like swcli or something.
You wont find any breakdown of how I unlock them as I have never posted any breakdown of it.
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

Maybe I've got the solution:

1) remove the SIM card, and reboot
2) send these commands:

AT!OPENLOCK?
AT!OPENLOCK="<response-to-challenge>"

AT!OPENMEP?
AT!OPENMEP="<response-to-challenge>"

AT!NVMEPRST

AT!GRESET
p.elsie
Posts: 6
Joined: Sun Feb 13, 2022 10:31 am
Has thanked: 0
Been thanked: 1 time

Re: AT commands for SIM Unlock for NETGEAR MR6400

Post by p.elsie »

Post Reply

Return to “Nighthawks MR1100 - MR5200 (M1...M5...)”