has any one used dct4 tool by dejan
i want to know that what F10 function is for ???
it can only reset the security code to 12345 or it can perform full reset...
i know that no ringer vibra function can be repaired by just only total reset with phonix..

can it be reset by dejan also..
Regards
gsmbhagawan@yahoo.com

Originally posted by gsnbhagawan
has any one used dct4 tool by dejan
i want to know that what F10 function is for ???
it can only reset the security code to 12345 or it can perform full reset...
i know that no ringer vibra function can be repaired by just only total reset with phonix..

can it be reset by dejan also..
Regards
gsmbhagawan@yahoo.com

--------------------------------------------------------------------------------

after use F10 function phone just to reset securuty code.
after ..
phone don't accept 12345 and then wait 5 or 10 min after try again .
phone will work perfectly..
accept code..
dejan can't reset full factory only phoniex and b-phreaks logger..
at this time..

thanks

for phonix can some one sand me working pkd dongel hex and schmatics

Hi gsnbhagawan,

I don't know how to read Motorola MCU contents. If you can send me softy to read the MCU I will send the hex to you.

Hello
This is Nokia DCT4 flasher section pls do not talk other brands thanks!

Originally posted by gsmsoftwares


--------------------------------------------------------------------------------

after use F10 function phone just to reset securuty code.
after ..
phone don't accept 12345 and then wait 5 or 10 min after try again .
phone will work perfectly..
accept code..
dejan can't reset full factory only phoniex and b-phreaks logger..
at this time..

thanks

and Neelix I and Neelix II

Originally posted by Bert
Hello
This is Nokia DCT4 flasher section pls do not talk other brands thanks!

They are talking about phoenix dongle (for NOKIA DCT4) wich contains a motorola µC ;)

Now, what do you think about this dongle schematics + hex
it is based on a Motorola 68HC05 µC, does it work ? or just for old nokia soft ?

http://GSM54.net/tmp/pkd1-dongle.zip

BR;
Majid

...its just so happened I knew "remle" very much and he talked about Motorola MCU contents of PKD hex... maybe he himself may have some knowledge on this... but no idea on how to read the contents... Its so strange isn't? Motorola Hex on PKD-1??? We stand to be corrected...:cool:

Which is the most powerful Dejan or B-phreaks? Which have the strong back-up.

In the dongle,what is the DES 2ACS DS1?

who know this IC?

is Phonix sw need this PKD-1 dongle really?

Originally posted by majid


They are talking about phoenix dongle (for NOKIA DCT4) wich contains a motorola µC ;)

Now, what do you think about this dongle schematics + hex
it is based on a Motorola 68HC05 µC, does it work ? or just for old nokia soft ?

http://GSM54.net/tmp/pkd1-dongle.zip

BR;
Majid

the files from saras do work yes!

you can use original pkd-1
buy a new motorola chip reprogram use eeprom dump
and use with phoenix

hi,er2000

do you test this schimatic?

but wtat is DES A2CS DS1 at the saras schimatic?

thanx very much!

Hello
Oh yes, I forgot this old project :) inside the pkd1 dongle is use mot 78hc05 but the Saras hex file only can work for the deshey with DES2 chips, for now des only will provide the one with des3 chips so the files can not work for new one anymore!

Originally posted by er2000


the files from saras do work yes!

you can use original pkd-1
buy a new motorola chip reprogram use eeprom dump
and use with phoenix

how to program that motorola chip
there are four files
pkd1_1.bin 2kb, pkd1_2.bin 8kb,mcusoft.s19 ,mcusoft.asm..

chip 65HC05C8,2502,

how can imake dongel and from where can i get that 65HC05c8 moto chip it is not aviable hear locally..

thanks

pkd1_1.bin TO 2502,
pkd1_2.bin TO DES2
mcusoft.s19 TO 68HC05C8,

YOU CAN GET 68HC05c8 ANYWHERE,

BUT YOU CAN'T GET DES 2ACS DS1.

Originally posted by raino
pkd1_2.bin TO DES2


Sorry ????

BR

Originally posted by Bph&co

pkd1_2.bin TO DES2

Sorry ????

BR

sir can help us how yto build pkd dongel
regards

all other IC are easy to programming,but pkd1_2.bin TO DES2

don't know how to dump it.

and where can we find this IC?

Hi,

Just buy a normal DK2 Dongle from Deskey, buy a new Motorola
CPU and program the file.

I havent tryed it myself - so far I know that in the newer versions CPU file is compliled for specific DES asic - but if Saras say this work - then it works !

To program the CPU you'll need to buy a special programmer - Maplins does them I think - it won't be more than 300 UK pounds.

For the Xilinx eeprom - it is not a problem. Every decent programmer support these chips.


BR, Alex

nice idea .

:D :D

:p :p :p

Hi,Bph&co

But how to program file to DK2 Dongle from Deskey? or we use

this IC directly from DK2 dongle,need't tochange anything?

Motorola CPU can use ALL07 and lt48 and other programmer to

write it.

they are sale these programmers ,the price about $300-500USD.

but can program more than 5000 kind of ICs.

http://www.gsmdevice.com/products/lt48.htm

Hi,

I havent seen DES2 asic in details, but DES3 uses Microwire I think to comunicate with AVR in FLS4 and with LPT in DK3 dongle.

Should be similar with DES2 - this is a encryption ASIC - I don't think you can write inside. Most probably has a masked ROM inside.

Something is diff in each ASIC - so every MCU image is compiled
for individual ASIC. Please corect me if I wrong.

I have spent more time with DES3 - might ne wrong about DK2.

I have Ice Technology WinLV48 - support all posible flash chips and eeproms but not MCU's.

Thats why I havent tryed it yet. But the idea to get original DK2 is good because you have no way to find the ASIC.

BR

Hi,

I think now if we make a PKD-1 according to the schematic of saras,we must have DES and must have method to program it.
but now we no two things.

Of course if DES is ASIC ,we need't to program it and saras need't to give HEX file for this. if this so we only buy one DES we can make a dongle.but saras's files have two hex files,one is for 25020,other is for ???????

As program MCU,I have programed 68HC05C8,I have ALL 07 and LT48,thay can program almost all IC and MCU and PGA and momory.

BR

is this DES file?

#include <mem.h>
#include "des.h"

int DES::encrypt ( char key[8], char* data, int blocks )
{
if ((!data)||(blocks<1))
return 0;
deskey ( key, ENCRYPT );
des ( data, data, blocks);
return 1;
};

int DES::decrypt ( char key[8], char* data, int blocks )
{
if ((!data)||(blocks<1))
return 0;
deskey ( key, DECRYPT );
des ( data, data, blocks);
return 1;
};

int DES::yencrypt ( char key[8], char* data, int size )
{
if ((!data)||(size<1))
return 0;

// The last char of data is bitwise complemented and filled the rest
// buffer.If size is 16, it will extend to 24,and 17 still 24.
char lastChar = *(data+size-1);
int blocks = size/8+1;
memset (data+size, ~lastChar, blocks*8-size);
deskey ( key, ENCRYPT );
return encrypt ( data, data, blocks);
};

int DES::ydecrypt ( char key[8], char* data, int blocks, int* size )
{
if ( (!data) || (blocks<1) )
return 0;

deskey ( key, DECRYPT );
if ( !decrypt ( data, data, blocks) )
return 0;
if ( size != 0 )
{
int pos = blocks*8-1;
char endChar = data[pos];
while ((pos>0)&&(data[pos]==endChar))
pos--;
if ( data[pos] != ~endChar )
return 0;
*size = pos+1;
}
return 1;
};

// -----------------------------------------------------------------------
// des
// Encrpts/Decrypts(according to the key currently loaded int the
// internal key register) SOME blocks of eight bytes at address 'in'
// into the block at address 'out'. They can be the same.
//
// "in"
// "out"
// "block" Number of blocks.
// -----------------------------------------------------------------------
void DES::des ( unsigned char* in, unsigned char* out, int blocks )
{
for (int i = 0; i < blocks; i++,in+=8,out+=8)
des_block(in,out);
};

// -----------------------------------------------------------------------
// des_block
// Encrpts/Decrypts(according to the key currently loaded int the
// internal key register) one block of eight bytes at address 'in'
// into the block at address 'out'. They can be the same.
//
// "in"
// "out"
// -----------------------------------------------------------------------
void DES::des_block(unsigned char *in, unsigned char *out)
{
unsigned long work[2];

scrunch(in, work);
desfunc(work, KnL);
unscrun(work, out);
}

// ----------------------------------------------------------------------
// deskey
// Sets the internal key register (KnR) according to the hexadecimal
// key contained in the 8 bytes of hexkey, according to the DES,
// for encryption or decrytion according to MODE
//
// "key" is the 64 bits key.
// "md" means encryption or decryption.
// ----------------------------------------------------------------------
void DES::deskey(unsigned char key[8], Mode md) /* Thanks to James Gillogly & Phil Karn! */
{
register int i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
unsigned long kn[32];

for (j = 0; j < 56; j++) {
l = pc1[j];
m = l & 07;
pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1:0;
}
for (i = 0; i < 16; i++) {
if (md == DECRYPT) m = (15 - i) << 1;
else m = i << 1;
n = m + 1;
kn[m] = kn[n] = 0L;
for (j = 0; j < 28; j++) {
l = j + totrot[i];
if (l < 28) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for (j = 28; j < 56; j++) {
l = j + totrot[i];
if (l < 56) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for (j = 0; j < 24; j++) {
if (pcr[ pc2[j] ]) kn[m] |= bigbyte[j];
if (pcr[ pc2[j+24] ]) kn[n] |= bigbyte[j];
}
}
cookey(kn);
return;
}

// ----------------------------------------------------------------------
// cookey
// Only called by deskey.
// -----------------------------------------------------------------------
void DES::cookey(register unsigned long *raw1)
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
register int i;

cook = dough;
for (i = 0; i < 16; i++, raw1++) {
raw0 = raw1++;
*cook = (*raw0 & 0x00fc0000L) << 6;
*cook |= (*raw0 & 0x00000fc0L) << 10;
*cook |= (*raw1 & 0x00fc0000L) >> 10;
*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
*cook = (*raw0 & 0x0003f000L) << 12;
*cook |= (*raw0 & 0x0000003fL) << 16;
*cook |= (*raw1 & 0x0003f000L) >> 4;
*cook++ |= (*raw1 & 0x0000003fL);
}
usekey(dough);
return;
}

// ----------------------------------------------------------------------
// usekey
// Only called by cookey.
// Loads the interal key register with the data in cookedkey.
// -----------------------------------------------------------------------
void DES::usekey(register unsigned long *from)
{
register unsigned long *to, *endp;

to = KnL, endp = &KnL[32];
while (to < endp) *to++ = *from++;
return;
}

void DES::scrunch(register unsigned char *outof, register unsigned long *into )
{
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into++ |= (*outof++ & 0xffL);
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into |= (*outof & 0xffL);
return;
}

void DES::unscrun(register unsigned long *outof, register unsigned char *into)
{
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into++ = *outof++ & 0xffL;
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into = *outof & 0xffL;
return;
}

void DES::desfunc(register unsigned long *block,register unsigned long *keys)
{
register unsigned long fval, work, right, leftt;
register int round;

leftt = block[0];
right = block[1];
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
work = ((leftt >> 16) ^ right) & 0x0000ffffL;
right ^= work;
leftt ^= (work << 16);
work = ((right >> 2) ^ leftt) & 0x33333333L;
leftt ^= work;
right ^= (work << 2);
work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
leftt ^= work;
right ^= (work << 8);
right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL;
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;

for (round = 0; round < 8; round++) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
leftt ^= fval;
work = (leftt << 28) | (leftt >> 4);
work ^= *keys++;
fval = SP7[work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = leftt ^ *keys++;
fval |= SP8[work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
}
right = (right << 31) | (right >> 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = (leftt << 31) | ( leftt >> 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
*block++ = right;
*block = leftt;
return;
}

// -----------------------------------------------------------------------
// Initial of static data members. These data will be used by all the
// instances of class,and can not be changed.
// -----------------------------------------------------------------------
unsigned char DES::Df_Key[24] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67 };

unsigned short DES::bytebit[8] = {
0200, 0100, 040, 020, 010, 04, 02, 01 };

unsigned long DES::bigbyte[24] = {
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L };