Warning: using any of this will probably invalidate your warranty and might break your phone. Use at your own risk.

June 2013 update: Everything is still here, but I moved the Motorola Droid 1/2/X NV item generator down the page. I made the warning stronger because I saw that it was in a guide for a non-motorola phone a while back, but I didn't save the url. I also made the acceptance of using it on Motorola Droid 2 and X stronger since I know that my "Motorola Droid 1 only or else the world ends" warning irritated some people. If you disagree with anything on this page, please leave a comment on the contact page. Checksums for all of the files on this page are in checksums.txt.

MetroPCS on any Android (or non-Android) phone: The MetroPCS internet settings have changed and some guides have not been updated. Read this thread for more information, or just follow a guide and in the QPST PPP Config tab UM and AN sections, use the MSL generated in the form below instead of "metropcs" as your password. Thanks to drunkenmojo for the form.

WAP/HTTP proxies on any Android device with u2nl: If your cell carrier requires you to use an http or wap proxy, you can use u2nl and iptables to transparently forward all tcp connections through the proxy. The original discussion of u2nl use on the Motorola Droid along with many more modifications can be found in this Howardforums thread. Here is a precompiled arm binary (with autostart scripts) for the Droid and other arm based Android devices. The source code and x86 (not android) binary are at the author's site. Another source of the u2nl binary and autostart.sh is token419's thread on xda. The files found there are meant to be flashed as an update. Read the thread for details.

Warning! Danger! Bricked phones! This is not a standard disclaimer for you to ignore. That was at the top of the page. This warning is more serious. This warning doesn't apply to anything above this. The MetroPCS MSL generator is safe, and so is u2nl. Use those two things on the wrong phones all you want. They won't hurt anything. Flash the wrong nvram items to your phone, and you will get pregnant and die. Just don't do it, OK, promise? OK, now everybody take some phone chargers. If you disagree with what I am saying here, please leave a comment on the contact page. Below is information for unlocking the radio of the Motorola Droid 1/2/X. These are three phones from one manufacturer. That's it. No other phones can make use of these nvram items. Do not use this on any other device, even if it is from Motorola. Do not even consider using this on a phone that isn't from Motorola. Flashing this to the wrong phone can easily brick it! Please read that link before continuing. If a guide author tells you to flash these nvram items on the wrong device, please contact them, and post a link to the guide on the contact page.

Programming the Motorola Droid 1/2/X: The Motorola Droid 1/2/X are not spc locked, but if you change the MIP settings to anything other than MDN@vzw3g.com, they get rewritten right after you program it. The best way around this is to unlock the radio using the method found by kbman. First read the post by kbman where he describes what he did, and then write out the nvram items from one of the files in droid_radio_unlock.zip with CDMA Workshop. Remember the warning above about writing this to the wrong phone.

The older and less useful method of unlocking the Motorola Droid 1/2/X radio will unlock everything after the @, but it will still be locked to your MDN before the @. This is enough for most carriers though, so people still use it. I think the method above this is better, but do it however you want. Valid characters in the form below are a-z, 0-9, ., -, and one @. Anything else will be stripped out. You can use 0000000000 (10 0's) as your phone number. Remember the warning above about writing this to the wrong phone.

Warning! Danger! Bricked phones! The dangerous-on-the-wrong-phones section of this web page ends here. You are now safe again. The rest of this page is extremely boring though.

Permissions: Some guides say to use "chmod 0777" on autostart.sh and u2nl or directories like /system/bin or /data/opt. It will work, but it's a big security risk since any app can gain root access without your permission by modifying programs and waiting for you to reboot, launching the modified version. You should follow the instructions of the guide for your phone, but use "chmod 0755" on u2nl and autostart.sh instead of 0777. Everything will work the same, but without the security risk. You should never need to change permissions on a directory like /system/bin or /data/opt, but use 0755 if you insist.

The original thread is long and has more failed experiments than successful ones. Here are a few easier to follow threads. For the Motorola Droid, here is a guide that helps you use Cricket, and another for Metro PCS. For the HTC Eris/Hero, here are some guides that help you use Cricket (old guide - u2nl isn't mentioned until half way through), Metro PCS, and another for Metro PCS, and finally a guide for Revol.

Credits for the first NVRAM hack and use of u2nl are a bit murky since a lot of this goes on in members only forums that I don't use, but clearly insanecaine and To0 deserve to be listed, along with balazer for fixing a bug in u2nl that was merged into the mainline source. I know it has been said that the u2nl distributed both here and by token419 was "stolen", even though that doesn't make sense for a GPL app. I compiled it from the source code (and balazer's patch) using the Android SDK and agcc: a perl script wrapper for gcc, and the easiest way to compile apps against the bionic c library.

Rooted stock Froyo on Droid 1: 2013 update: do not use stock. Switch to cyanogenmod. 20130301 nightly or newer.

You can keep stock Android on a Motorola Droid 1 and use minimally modified OTA updates if you have the 2.0.1 bootloader. I have done it this way from the beginning. If you are already completely stock and rooted, you can downgrade to the 2.0.1 bootloader using recovery.img and flash_image. This method is for advanced users, so no more instructions are going to be listed. For everyone else, downgrading will be much easier.

If you have a non-stock rom, you can downgrade using the 2.0.1 sbf. You are now using ESD56, or stock 2.0.1 without root. Now you can update to the current Android version using official OTA updates with a superuser hack tacked on to each update. It will both root your phone, and keep the 2.0.1 bootloader that allows this hack to work.

Now you need to create an update.zip that brings you from unrooted 2.0.1 (ESD56) to rooted 2.1 (ESE81). Download signed-voles-ESE81-from-ESD56.fa406da6 and ESE81-root. At a DOS prompt, type "copy /b signed-voles-FRG22D-from-FRG01B.688e3520.zip+FRG22D-root.zip update.zip", and put update.zip in the root of your sdcard. Power down, and then power up holding down the X button. Hold in the volume up button and tap the camera button. You can now use the d-pad to tell it to install update.zip, and then reboot. Once you have rebooted, check to see if su works. Then continue the upgrade process to 2.2.2. The files needed are listed below.

signed-voles-FRG01B-from-ESE81.e48e48ff and FRG01B-root (2.2)
signed-voles-FRG22D-from-FRG01B.688e3520 and FRG22D-root (2.2 with a bugfix)
bede60e851bb.signed-voles-FRG83D-from-FRG22D.bede60e8 and FRG83D-root (2.2.1)
5932ba328825.signed-voles-FRG83G-from-FRG83D.5932ba32 and FRG83G-root (2.2.2)

A mostly unused thread about this can be found here Thanks to Ted for hosting the bigger files. Hacked update files were generated with voles from zenthought.

A few extra notes: I only own a Motorola Droid 1 (with no plans to upgrade) that I use on Verizon, and an old T-Mobile G1. I'm sorry, but I don't know anything about hacking newer phones, or how to get your droid 1 on to another carrier, unless it has already been explained here. You are better off asking in forums than sending me a private message. I get a lot of them, and I always tell people the same thing - that I don't know. I don't do anything with cell phones professionally, just for fun with my own phones. If you need to contact me about my web site, leave a comment on the contact page.

I don't know if anyone has accomplished anything with the unlocked radio, so I have moved it down here at the bottom. Here is the link. update: kbman's find makes it easy to completely unlock your radio without a huge rom

Privacy: When you submit the first form to get the CDMA Workshop NVRAM file, the string goes to my web server so that a cgi program can generate a custom file for you. I don't do anything with it other than look them over hundreds at a time to try to spot mistakes people make in order to handle errors gracefully, but I haven't even done that in a while. I don't have any ads or connections to advertisers, or any interest in sharing this information with others. It isn't really useful to anyone as far as I know. With most carriers, you can just use 0's instead of a real phone number anyway, since your phone will reset this data. If you use MetroPCS or Cricket, you can skip the form completely and just download u2nl.zip, which has both types of files for both carriers already in the 0000000000@ format. For other carriers you will need to generate the file yourself, but a fake phone number should work just as good as a real one.

The MetroPCS MSL form does not submit any data to me. Since it is a javascript program that runs in your browser, you should be able to unplug your computer from the internet, fill out the form, click submit, and get a result. I will never see your ESN or MEID. Some people say it doesn't matter if others have this information, some think you should be carfeful about it. There are forms on the internet that do the same thing (generate your MSL/SPC), but they send your data to their server and may be collecting your information. I'm not going to preach one way or another. All I will say is that I will never see your ESN or MEID if you use this form.