Here is how to do new versions:

======================================

Alcatel 311 v104 KJ158 unlock:

1. Read full flash
2. Make copy of file
3. Open copy of file in HEX editor
4. Change this addresses:

Adress Original value Change to
--------------------------------------
0C3D94: FF ----> 00
0C3D95: B5 ----> 20
0C3D96: 8D ----> F7
0C3D97: B0 ----> 46
0C4C38: 02 ----> 01
0C4C39: 28 ----> 20

5. Write changed file to phone
======================================

Alcatel 511 v10R KI52H unlock:

1. Read full flash
2. Make copy of file
3. Open copy of file in HEX editor
4. Change this addresses:

Adress Original value Change to
--------------------------------------
091EF4: FF ----> 00
091EF5: B5 ----> 20
091EF6: 8D ----> F7
091EF7: B0 ----> 46
092D98: 02 ----> 01
092D99: 28 ----> 20

5. Write changed file to phone
======================================

Thanks mate, just unlocked one 311 new and work!!
It takes long time, but work ...
Thanks again.

OK, enjoy it ;)

Well guys, bfnewhacker and alcatelc cracker :) whatever hides after these names...

this is the most short way to kill your phone... :)

So ppl, take care, in this way the phone will be killed, and i mean it. If you really want to try the solution make backup first.

If you look at the codes you'll see it isn't simetric. So for most of the new 104 and 10R the checksum must be recalculated.

My friend I have 511 10R but when I try to find this 6 adress with Hex Editor I can not find.Please tell me if this adress is 00091ef4?
Tell me how to find this adress.....
Thanks

nice job my friend


100% working

@alcatel_cracker

You got a warning.
Reason: You spam the board.

Cheers.

Hi,

@[MoOkIe]
Sorry, but to help other members of this forum in your opinion is "SPAM"?
All my messages was in reply to other members who asking about unlocking this 104 and 10R new versions.

Or this forum become more and more comercial, specially serving interests of you (and other) "moderators" and "super-moderators"? Did I break down you (or other friend/moderator) selling/business? I'm feel really sorry if I do that.

@wray
Don't worry, this method is NOT for "killing phones", as you can see from other reply this is REALLY working (and of course you know that too). Why is working? Because all this differences (changes) was extracted from YOUR software ... he, he, ... ;)

And don't worry about your business, soon (in few days) I will post here a FREE software who will unlock ALL versions of BF phones ;)
Also, the information about unlocking the new versions 104 and 10R was just released, so (maybe) others programmers will release their updated free soft for this new versions.

And here is some more technical things about "why is really working":

Changing bytes FF B5 8D B0 to 00 20 F7 46 will result in:

sub_0_C3D94
PUSH {R0-R7,LR}
SUB SP, SP, #0x34
ADD R0, SP, #0x28
LDR R5, [SP,#0x5C]
LDR R6, [SP,#0x58]
ADD R7, R3, #0
BL sub_0_C762C
ADD R0, SP, #0x24
...............................

will change to:


sub_0_C3D94
MOV R0, #0
MOV PC, LR
; End of function sub_0_C3D94

In this way, the subroutine C3D94 will return allways value 00 in R0 and this means no more need to correct the flash checksum (this subroutine check if flash checksum is correct)

For the other addresses (change 02 28 into 01 20) all who is interested just leave me a private message and I will explain what is doing.

Cheers,
Alcatel_cracker team

@alcatel_cracker

The only reason i gave you the warning is because you have posted the same message in several topics... that is called SPAM.

You should be aware of that. One time is enough

Best regards.

THIS SOLUTION NOT WORK FROM ME I HAVE 512 VER K152H860
AND I HAVE DIFIREND VALUES FOR THIS ADRESS SOME BODY HELP ME
KOMIX


091EF4: FF
091EF5: B5
091EF6: 8D
091EF7: B0
092D98: 02 i have 0A
092D99: 28 i have A8
MAYBE HELP ME
KOMIX

HI alcatel_cracker!

Nice job, keep going!
Send me an mail.

Hi,

he,he you extracted this from a previous version of my software and this is why don't work on all versions. If you do this to some phones and not correct the checksum when you'll start the phone it will erase the technical zone. :)

You are have some right with the explaining the routine but not exactly. That is early return from routine not matter what value you load in R0. The other 01 20 is a MOV in R0. This is a trick to skip the condition jump because the condition will be true all the time.

Is well you told me about you have the codes from my software because i'll stop shipping upgrades to my clients. Next release will be tagged and better protected. This way i will identify the twisted client :)

Is good you give for free info, you don't ruin nobody bussiness because we don't sell only for unlock and we give support. The unfair clients will be selected and they will not receive further updates or other softwares made by us. Still will be good if you'll not hide anymore behind "gsmcracker" and you will post with your real name. :)

Hi Komix,

Send me your flash by e-mail to:

bf_cracker@email.ro

I will send back your flash unlocked.


Originally posted by komix
THIS SOLUTION NOT WORK FROM ME I HAVE 512 VER K152H860
AND I HAVE DIFIREND VALUES FOR THIS ADRESS SOME BODY HELP ME
KOMIX


091EF4: FF
091EF5: B5
091EF6: 8D
091EF7: B0
092D98: 02 i have 0A
092D99: 28 i have A8
MAYBE HELP ME
KOMIX

hi,

ok, after see dissamble code I mailed alcatel_cracker asking about, this is response I got:

*******************************************
From: A B <alcatel_****er@email.ro>
To: Invisible <Invisible@msl.es>
Subject: Re: bf questions
Date: Mon, 30 Sep 2002 23:26:49 +0300

Hi,

Yes, I know but this information is not for free.
Let's say is for sale at 1500$ price.
Info how to patch all flash versions to skip the checksum.
With this patched flash you can also repair all BF phones, even with the TEH
zone damaged.

Regards,
alcatel_cracker team
*******************************************
So no more than a sales ´hide´ intention here,

best regards
Invisible

Hi Komix,

I just received your Flash file and check inside, and surprise ...

At address 092D98 you have value 02
At address 092D99 you have value 28

So, all fine, work with my info.
Maybe you used wrong HEX editor,
or maybe you go to wrong address.
Try again ... ;)


Originally posted by komix
THIS SOLUTION NOT WORK FROM ME I HAVE 512 VER K152H860
AND I HAVE DIFIREND VALUES FOR THIS ADRESS SOME BODY HELP ME
KOMIX


091EF4: FF
091EF5: B5
091EF6: 8D
091EF7: B0
092D98: 02 i have 0A
092D99: 28 i have A8
MAYBE HELP ME
KOMIX

Hi Invisible,

Yes, of course this information is NOT for free,
because,
NOBODY in this world have it, and ....
I spent more day and nights to dissasemble the Full flash to find at what adresses to make changes, so 1500$ for this I think is a small price.

Also, anybody who is interested in this just drop me a private message.

Cheers,
alcatel_cracker

Originally posted by Invisible
hi,

ok, after see dissamble code I mailed alcatel_cracker asking about, this is response I got:

*******************************************
From: A B <alcatel_****er@email.ro>
To: Invisible <Invisible@msl.es>
Subject: Re: bf questions
Date: Mon, 30 Sep 2002 23:26:49 +0300

Hi,

Yes, I know but this information is not for free.
Let's say is for sale at 1500$ price.
Info how to patch all flash versions to skip the checksum.
With this patched flash you can also repair all BF phones, even with the TEH
zone damaged.

Regards,
alcatel_cracker team
*******************************************
So no more than a sales ´hide´ intention here,

best regards
Invisible

hi,

********************
Yes, of course this information is NOT for free,
because,
NOBODY in this world have it, and ....
I spent more day and nights to dissasemble the Full flash to find at what adresses to make changes, so 1500$ for this I think is a small price.
*****************************
that´s right, is your work and is not my problem how much and what you do with it but next time say it or place post on sales,

best regards,
Invisible

im looking for all alcatel language flax files ..including its software

ok, this works in version 10R. Could you please post the adresses to change in version 10E? it´s about the only versions left to know.

Best regards

i dont have any version thts why im looking for one .. please help if u have n e flash files for 311 ,511 or any

i'm need help be511-10E version
Originally posted by fontelense
ok, this works in version 10R. Could you please post the adresses to change in version 10E? it´s about the only versions left to know.

Best regards

[QUOTE]Originally posted by alcatel_cracker
[B]Hi,

@[MoOkIe]
Sorry, but to help other members of this forum in your opinion is "SPAM"?
All my messages was in reply to other members who asking about unlocking this 104 and 10R new versions.

Or this forum become more and more comercial, specially serving interests of you (and other) "moderators" and "super-moderators"? Did I break down you (or other friend/moderator) selling/business? I'm feel really sorry if I do that.

@wray
Don't worry, this method is NOT for "killing phones", as you can see from other reply this is REALLY working (and of course you know that too). Why is working? Because all this differences (changes) was extracted from YOUR software ... he, he, ... ;)

And don't worry about your business, soon (in few days) I will post here a FREE software who will unlock ALL versions of BF phones ;)

And THEN YOU ASK 1500$ FOR THE SOLUTION YOU ARE *****HIT:mad:

This modification not work with 511 I got only dead phone. With backup phone work.

Regards

yeh i got all those stuff i just need neelix flash files for 3310 v5.6
or the flash file which support dejan .....

512-10R KI52H860 solution don't work!
:mad: :mad: :mad:

why are i so angry - the man posted solution only for 311 v 1-4 and 511 ver 10r, not 512, not other version...
so be cool:D:D

is there any software i can find for alcatel any version ?????