Just a thought about update via LogFile... - GSM-Forum

Bph&co · 09-15-2001, 02:55

Hi guys,

Tonight I had a talk with Y2K and figurate something that never came before in my mind. Just want to share it with you might save you some troubles in future.

It's about Language and SW update via Log files. As you know if you have such a box you have to flash your phone with the new PPM or SW image and after that read the MsID and create log file which goes to your dealer. In a while when you got your other file back - just upload the re-calculated FAID to the phone and great, your phone will work <img src="smile.gif" border="0">

But as all good things this will work like this only on the NSE compatible models. Why ? Simple all they have physical eeprom and everytime you read the phone's MsID is one in the same.

Ok, what about the new models, which emulate the eeprom and have a Data Integrator, that manage Flash and RAM memory ??! Simple experiment - connectinga 6210 to WinTesla and reading shows the MsID, but switch the phone off and on again and read - you'll mention that MsID is different. Small change in the Firmware, but how these language boxes work( no one keeps the phone connected to the computer 24h, right?).And if you have one MsID now and different in 15 minutes - what kind of FAID you'll get back? Is it the right one?

Reading the JIC manual helps a lot - your phone will be restored to FULL FACTORY DEFAULTS. And this will update for the default MsID. It sounds good because this will reset wrong security code as well.

But when Y2K just refuse to do this on his 8210 I figurate( or just recall) that the phone actually is not only Flash and eeprom ! And still the 80 % of the phone is the RF unit. And what about the all tunning values in the eeprom which are immportant for the proper operation of the tranceiver and the syntezisers? Everyone knows that these values will be replaced by values from the Flash !

So that's the score new language, but your phone will be like brand new without any tunning and I don't think that anyone exept Nokia Service Centers re-tune the phone after flash !

Hope someone will take a stand, and convince me that I'm wrong or show me that Nokia make such a good RF design and tunning is total waste of time.

Best Regards, Alex

Danchik · 09-15-2001, 07:57

I afraid that The flash Authority Id is calculated not only from MsId !! It is calculated from Flash checksum Too !

Bph&co · 09-15-2001, 14:54

Hi,

Yes you are right, in Dejan box v 1.02, Flash checksums are needed for the calculation in the way that Dejan 'reverse' the CobbaID from MsID, because he needs this value for his log files (for changing of IMEI).

But JIC and SuperTrio logs use only MsID and signature byte of it. They use TDF-4 box for calculating the FAID.

Best Regards

Danchik · 09-17-2001, 11:26

But ! Is there any way to calculate FAID value !? Any algotithm ?

Bph&co · 09-18-2001, 01:18

Hi,

Actually you can't break 96bit HASH only with brute force on the box.

I few people I know bought the box and tryed to just crack it to take the code out! They must be really fed up now.

Maybe some guy with good knowledge of cryptoanalisys can break it, but such a guys are teaching in well known Uni's or just sell what they can break <img src="frown.gif" border="0"> , so I don't know...

Will live, will see...

BR

Danchik · 09-18-2001, 08:48

I have this algorithm ! But it is in the IDA format ! I know assembler too badly to understand something ! I tried to decode it in too c++ code but with no use ! The code is about 1100 lines <img src="tongue.gif" border="0"> ! And i don't know is this code true or Fake ! <img src="frown.gif" border="0">

captaintrip · 09-19-2001, 17:03

please post the code so everybody who`s interessted can check out

regards ***captain-trip

09-15-2001, 02:55	#1 (permalink)
Bph&co No Life Poster Join Date: Feb 2000 Location: UK Posts: 3,186 Member: 1024 Status: Offline Thanks Meter: 5,510	Just a thought about update via LogFile... Hi guys, Tonight I had a talk with Y2K and figurate something that never came before in my mind.<br />Just want to share it with you might save you<br />some troubles in future. It's about Language and SW update via Log files. <br />As you know if you have such a box you have to <br />flash your phone with the new PPM or SW image and after that read the MsID and create log file which goes to your dealer. In a while when you got your other file back - just upload the re-calculated FAID to the phone and great, your phone will work <img src="smile.gif" border="0"> But as all good things this will work like this only on the NSE compatible models. Why ?<br />Simple all they have physical eeprom and everytime you read the phone's MsID is one in the same. Ok, what about the new models, which emulate the eeprom and have a Data Integrator, that manage Flash and RAM memory ??! Simple experiment - connectinga 6210 to WinTesla and reading shows the MsID, but switch the phone off and on again and read - you'll mention that MsID is different.<br />Small change in the Firmware, but how these language boxes work( no one keeps the phone connected to the computer 24h, right?).And if you have one MsID now and different in 15 minutes - what kind of FAID you'll get back? Is it the right one? Reading the JIC manual helps a lot - your phone will be restored to FULL FACTORY DEFAULTS. And this will update for the default MsID. It sounds good because this will reset wrong security code as well. But when Y2K just refuse to do this on his 8210 I figurate( or just recall) that the phone actually is not only Flash and eeprom ! And still the 80 % of the phone is the RF unit. And what about the all tunning values in the eeprom which are immportant for the proper operation of the tranceiver and the syntezisers? Everyone knows that these values will be replaced by values from the Flash ! So that's the score new language, but your phone will be like brand new without any tunning and I don't think that anyone exept Nokia Service Centers re-tune the phone after flash ! Hope someone will take a stand, and convince me that I'm wrong or show me that Nokia make such a good RF design and tunning is total waste of time. Best Regards, Alex

09-19-2001, 17:03	#7 (permalink)
captaintrip Junior Member Join Date: Aug 2001 Location: Austria Posts: 29 Member: 5678 Status: Offline Thanks Meter: 0	please post the code so everybody who`s interessted can check out regards<br />***captain-trip

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Just A Thought...	drgmobile	Nokia Base Band 5 ( BB-5 )	0	11-11-2008 20:15
Just a thought...	xfarenheitx	Nokia Digital Core Technology 4 ( DCT-4 )	2	07-31-2002 02:37
just a thought on dejan box 1.04	Dark Lemming	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	16	07-30-2001 20:46
A2618 and T20 unlock via logfiles available.	MyKe	Old Ericsson Phones & Sony Phones	0	02-19-2001 12:35

09-15-2001, 07:57	#2 (permalink)
Danchik No Life Poster Join Date: Jun 2001 Location: Moscow Age: 40 Posts: 730 Member: 5014 Status: Offline Thanks Meter: 0	I afraid that The flash Authority Id is calculated not only from MsId !! It is calculated from Flash checksum Too !

09-15-2001, 14:54	#3 (permalink)
Bph&co No Life Poster Join Date: Feb 2000 Location: UK Posts: 3,186 Member: 1024 Status: Offline Thanks Meter: 5,510	Hi, Yes you are right, in Dejan box v 1.02, Flash checksums are needed for the calculation in the way that Dejan 'reverse' the CobbaID from MsID, because he needs this value for his log files (for changing of IMEI). But JIC and SuperTrio logs use only MsID and signature byte of it. They use TDF-4 box for calculating the FAID. Best Regards

09-17-2001, 11:26	#4 (permalink)
Danchik No Life Poster Join Date: Jun 2001 Location: Moscow Age: 40 Posts: 730 Member: 5014 Status: Offline Thanks Meter: 0	But ! Is there any way to calculate FAID value !? Any algotithm ?

09-18-2001, 01:18	#5 (permalink)
Bph&co No Life Poster Join Date: Feb 2000 Location: UK Posts: 3,186 Member: 1024 Status: Offline Thanks Meter: 5,510	Hi, Actually you can't break 96bit HASH only with brute force on the box. I few people I know bought the box and tryed to just crack it to take the code out! They must be really fed up now. Maybe some guy with good knowledge of cryptoanalisys can break it, but such a guys are teaching in well known Uni's or just sell what they can break <img src="frown.gif" border="0"> , so I don't know... Will live, will see... BR

09-18-2001, 08:48	#6 (permalink)
Danchik No Life Poster Join Date: Jun 2001 Location: Moscow Age: 40 Posts: 730 Member: 5014 Status: Offline Thanks Meter: 0	I have this algorithm ! But it is in the IDA format ! I know assembler too badly to understand something ! I tried to decode it in too c++ code but with no use ! The code is about 1100 lines <img src="tongue.gif" border="0"> ! And i don't know is this code true or Fake ! <img src="frown.gif" border="0">