Repair IMEI number on Nighthawk M1 Mobile Router MR1100

telnet.sh

# Enable "charge + tether" in Settings -> Setup -> Mobile Router Setup -> Tethering
# Use a usb cable to connect (tethering) to the router on port 5510

# Useful links:
# Verify the IMEI number
# https://en.wikipedia.org/wiki/Luhn_algorithm
# Challenge/Response Generator for Sierra Wireless Cards V1.0 
# https://github.com/bkerler/SierraWirelessGen

ATI
  Manufacturer: Netgear, Incorporated
  Model: MR1100
  Revision: NTG9X50C_12. ...
  IMEI: 987654321098765
  IMEI SV: 99
  FSN: BBBBBBBBBBBBB
  +GCAP: +CGSM 
  OK
  
AT!OPENLOCK?
  AT!OPENLOCK?
  AAAAAAAAAAAAAAAA
  OK

# Compute the response with SierraWirelessGen
# ./sierrakeygen.py -l 'AAAAAAAAAAAAAAAA' -d 'MDM9x50_V1'
# AT!OPENLOCK="0480E46C7E30F561"

AT!OPENLOCK="0480E46C7E30F561"
  AT!OPENLOCK="0480E46C7E30F561"
  OK

AT!NVIMEIUNLOCK
  AT!NVIMEIUNLOCK
  OK
 
AT!NVENCRYPTIMEI=12,34,56,78,90,12,34,52
  AT!NVENCRYPTIMEI=12,34,56,78,90,12,34,52
  OK

AT!RESET
  AT!RESET
  OK

I type AT!OPENLOCK? and it returns with a code of 16 characters. I then type AT!OPENLOCK="XXXXXXXXXXXXXXXX" and get an error. every time i do AT!OPENLOCK? it's a different code. What am i doing wrong?

./sierrakeygen.py -l 'AAAAAAAAAAAAAAAA' -d 'MDM9x50_V1'
Sorry, MDM9x50_V1 not supported....

The IMEI that you use at the end does not seem valid - why is it 16 digits long? I found this other guide https://pastebin.com/DEnGscnd that says to replace with the desired IMEI there, but why is it using 16 digits?

So when I use that, the new IMEI is 123456789012345 - so I think that means, just put the IMEI you want in that format, then add any digit at the end as a pad.

Holy Moly, @devfalse thank you for this! You have no idea how helpful this was!