|
+----------------------------------------+ Novatel 8320 Programming, Specifications, Security, and Misc. Information. Collected/Compiled by: Kingpin +----------------------------------------+ ENTERING PROGRAM MODE: Get your phone into FULL LOCK mode (it should say LOCK on the screen) - [FCN] [1] [SND] Then hit "#259" Once you get into the program mode, you use the up and down volume keys on the handset to go from option to option. Use "SND" to switch an option on and off (ie: toggle them), such as in the case of option "IRI SET", which if it is on will show "SET" and if it is off will show "CLR". Use "SND" to switch between the two. When you are done programming, hit END, and END again. You will be able to use your phone with the new options programmed in. SCREEN DISPLAY: CNF 8320 (model number) REV KA02 (software REVision) --- SERIAL (ESN - Electronic Serial Number) xx xxx xxx --- NAM 1 SEL 0-2 END -= 0 =- COMMON CONFIG --- INIT REP (INITialize the REPertory 50 number memory) USE SND --- LOCKCODE (LOCKCODE to unlock a locked phone) 1234 --- OPTION QRC SET (allow QuickReCall) QST SET (allow Quick STore) WUT SET (Wake Up Tone: The noise the phone makes when you first power it up. Press CLR to stop tone) MLH CLR (Mobile to Land Hold. When SET causes the accumulated air time counter to ignore mobile-originated calls if they are less than 30 seconds in origination) LMH CLR (Land to Mobile Hold) CRU CLR (Call Round Up) EE SET (Allows touch tone from the keypad) NLM CLR (No Land to Mobile. When SET causes the air time to ignore land-originated time) HAL CLR (Horn ALert option) ONL CLR (ONLine diagnostics - Tells you the channel numbers being used, output power, etc.) -= 1 =- MAN 1 (System ID 1 - Enabled/Disabled) ENABLED --- MIN 312 (Mobile Identification Number) 555-0990 --- SIDH (Service providers ID # - set to 00000 for roaming) 00010 --- IPCH (Initial Paging CHannel, use: 333-A 334-B) 0334 --- OPTION EX SET (EXtended address) --- IDCCA (controls IPCH scan start A = MUST be 333) 0333 --- IDCCB (controls IPCH scan start B = MUST be 334) 0334 --- ACCOLC (Access OverLoad Class - What priority it is given when 09 all the channels in a tower are busy) --- GROUP ID (Standard to the mobile company and/or phone. For MARK 10 example, Cell One/NY puts all of its Novatel customers on a GIM of 7) --- REG TBL SIZE 1 ( ??? ) --- OPTION LU SET (Lets you only make calls in your service area.) --- INVLD ID (Lets you put in up to 4 SIDs which you DON'T want 1 NONE service in.) 2 NONE 3 NONE 4 NONE --- OPTION FD SET ( ??? ) MFD SET (Extended DTMF - use SET to set length of tone) 32D SET ( ??? ) PS CLR (Default System. Use CLR for B; use SET for A) IRI CLR (System Selection. Use CLR to allow) SSD CLR (Signal Strength indicator. CLR is off; SET is on) TECHNICAL SPECS FOR NOVATEL: Communications standard: EAMPS 800-900MHz + extended spectrum Max RF TX power: 3 watts Modulation: FM CPU: Z80 or Z8001 running at 8MHz software on 27512 EPROM RAM: Dallas semiconductor clock + 16K battery-backed CMOS RAM (emulated 2716 EPROM) CODES (Use when the phone is LOCKed): [#] [2] [5] [9] - CONFIG mode [#] [8] [3] [*] - SERVICE mode [8] [*] [0] [1] - ESN change - Use in CONFIG mode on ESN screen. Enter the current serial number (without the 8E prefix) and [SND], then enter new serial number. Hit [SND] when done. [FCN] [9] - With OMT SET, displays scan information (channel currently used, signal strength, etc.) [FCN] [8] - With OMT SET, displays data coming across data channel TRICKS: Listen in on calls: In SERVICE mode, turn volume to maximum by hitting [7] [SND]. Go to the RX AUDIO selection, and toggle it on by hitting [SND]. You should be able to hear static on the receiver. Find the channel selection menu, and press [H/F] and [RCL] to change channels. Listen in on other people's calls. Call disconnect: Find the RF POWER selection, and set it to maximum. Find the TX AUDIO selection and toggle it on. Choose a channel with someone on it. Find the SAT selection menu, and toggle it on. You have about 5 seconds to talk before the base stations gets disconnected. SECURITY MEASURES: The CPU has 16 bytes of NOVRAM, a counter of how many times the serial number is changed is stored there. Once the serial has been changed three times, a flag is set in the EEPROM, the next time you turn the phone on, the software notes the flag, and mirrors it in the CPU NOVRAM - so even if you change the EEPROM now, it still won't work. It you manage to change the EEPROM before turning the phone on again, then you're okay until you try to change (or even access/display) the serial, at which point the software notes the discrepancy between the internal counter and the EEPROM and erases the serial anyway. At this point, the unit has to be sent back to the factory for a new EEPROM and clearing of the CPU NOVRAM. There would have been an encryption routine for encrypting the ESN, but that would have made testing difficult. -= END =-