This is copied from the BLOG made by missing|No
BlackBerry 8130: ESN Repair, the hard and free way
ESN Changing Made... somewhat easy
A guide made with love and experience by missing|No
There's a reason I made this guide: CDMA Workshop isn't something I can afford - and nobody even bothers to crack newer editions stating "oh, it's only $100 and it pays for itself!!!1" or they make fake loaders and throw viruses in them then tell you that all cracks have viruses no matter what. If I had a paid copy, sure, I wouldn't have to resort to this complex guide and a lot of my work would be easier, but nope.
(And to those of you saying "it's only $100", do you buy, say, your other software? I bet a few of you people out there have pirated software elsewhere.)
I'd highly recommend the following software for this:
* CDMA Workshop 3.4, demonstration version
* UniCDMA (I use the 2005 varient)
* MFI Multiloader (MML)
* Blackberry Device Manager
* The earliest available BB OS revision for your device (ie, 4.3)
* The latest BB OS revision (4.5 for the Pearl 8130)
* Pen and paper
* Windows Calculator, in scientific mode
Making your Blackberry squeaky clean
1. You'll need to wipe your OS to begin. Open JL_Cmder and select option 4 (Wipe).
2. Once this is done and your Blackberry reports a 507 Error, you'll need to downgrade your OS. Open the early OS revision you have downloaded (in my case, OS 4.3) and install it to your device. Yes, this takes a while.
3. And then wipe it again in JL_Cmdr. Do not re-load the OS until the end of this tutorial. This re-opens memory regions not normally available in OS 4.5.
Preparation of liquid delight
1. Ensure Blackberry Desktop Manager is running. This creates, and keeps open, two RIM Virtual COM ports. Make a note of what these ports are via Device Manager on your workstation. Mine were COM4 and COM3, however these vary from machine-to-machine.
2. Open up the demonstration edition of CDMA Workshop. As much as it's a demo, we only need one luckily open feature. Go to the Memory tab and scan for all readable areas - with a step of 1024. Not doing this will skip over a delicate boundary that you will likely miss in the 0x10000000 region of the memory.
3. During the scan, you will note two locations in the 0x10000000 area that are open. Mine were 0x10000000 to 0x101165F8 and 0x1011C000 to 0x10D30000. Please note! These numbers will be different depending on your OS!
Time to calculate.
1. You'll need the Windows Calculator open for this. Set the calculator into Hex mode and enter in your hex numbers - for me, enter 101165F8, and subtract 10000000. This gives you 1165F8, in hexidecimal.
2. Select the Decimal mode again and it will indicate a result. Write this down. You'll need this number.
3. Do this for your next values - for me, it was 10D30000-1011C000, then write that down as well.
1. Open up UniCDMA now, and connect to your COM port that the Blackberry is detected on.
2. Select the Memory operations, and begin dumping from your start address.
3. For my example, I will enter 0x10000000 as my start address, and for the length in bytes, I use the numbers obtained above. So, I will tell UniCDMA to dump the first ~1140216 bytes.
4. Save this dump file and continue to the next dump. For this next dump, I needed to dump 12664832 bytes.
What the hex?
1. Open XVI32 and your first dump file.
2. Begin a search for your ESN, in reverse (DE AD BE EF becomes EF BE AD DE).
3. Note every location in Hex mode of where your ESN is found. For me, this was 6 locations in my second dump: 5AD980, 5F01D*, 85DE94, 862FE5, 93DD0C, and A224EF.
4. Got those 6-8 locations? Good. Time for MORE calculations!
1. Take your first location and the dump file it was located in. Because I name my files after their starting location in memory, this makes it easy: knowing 5AD980 was in the file 0x1011C000.bin that I dumped, I can use Windows Calculator again and just add 5AD980 to 1011C000, getting my first ESN location. Do this for each location and jot it down somewhere.
Run to the hills
1. Open QxDM and connect to your device.
2. Open the Memory Viewer.
3. Tell the memory viewer to show the first location your ESN is located at. It should look just as it did in the hex dump.
4. Overwrite it with 00 00 00 00. Do this for every location. I hit Write, then re-zero it, then Write again - three times total - to make sure it's written.
5. Afterwards, open the NV Browser and open Item 0 (esn).
6. Hit "Read". If it reports 0x00000000, the ESN is now zeroed out.
7. From there, simply input your new ESN in Input (say, 0xDEADBEEF), and hit Write. It should happily reply back NV Item Written.
8. You're done. Issue a "mode reset" in the command interpreter and the phone should commit changes and have its' new ESN in memory.
All that's really needed now is to install the latest Blackberry OS to your phone - so while it's still at Error 507, you can simply install a new OS via any means you'd like.