GSM-Forum - Frequently asked questions (faq). Tips and tricks.

GSM-Forum (https://forum.gsmhosting.com/vbb/)

- SETool2 (https://forum.gsmhosting.com/vbb/f473/)

- - Frequently asked questions (faq). Tips and tricks. (https://forum.gsmhosting.com/vbb/f473/frequently-asked-questions-faq-tips-tricks-699462/)

Frequently asked questions (faq). Tips and tricks.

Q: what is db2000,db2010,db2020,pnx5230,db3150,db3210 ?

A: that is chipsets of new SEMC phones.

db2000 (otherwise called marita "full") is inside next phones: z1010/v800/z800/w900/lg3g/sharp3g
db2010 (otherwise called "marita compact") is inside j300/k300/k500/k700/s700/k750 phones.
db2020 (otherwise called "marika") is inside k610/k550/k790/k800/w850/w880/z610/well, almost in all new phones.
pnx5230 is inside z310,w350,w380,z555 phones.
db3150 is A2 generation, phones like k850,w910,w890,z750,etc have it
db3210 is next revision of A2 platform and there is not yet retail phones released with that ASIC.
db3350 is even future platform from SEMC.

Q: how to enable "search mode" and "GSM/3g networks" in "mobile networks" menu item of v800/k600/k608 ?

A: use following script (all in one string,without spaces !!!!)

Code:
gdfswrite:00020CCD00000000000000000000000000000000 00000000000000000100000000000000000000000000000000 0000000000000000000000000000000000
----------------

Q: how to use script ? what is script ?

A: script is text file, which consists of commands.
commands described here
http://www.mobile-files.com/forum/sh...5&postcount=13

usage is simple:
make a text file with commands, then select file in "misc. files" edit, then press "write script" button.

Q: i unlocked my z520 and my phone is dead !!! help ! help !

A:detach phone from cable, remove battery for 20 seconds ,then insert it back and try to turn phone on. must be ok.

still not work ? select in "main firmware file" edit file eroms\k750_w800_z520_new_erom.ssw and flash it.
detach cable, remove battery, wait for 20 seconds, insert it back.
must work.

if still not work - you made something besides simple pressing "unlock" button and phone must be repaired other way.

Q: i flashed my phone and it became dead !!! aaargh !!! help me , help !

A:relax. current semc phones can't be killed completely by software. well, some can, but setool2 will not allow it to do it.. simple http://www.mobile-files.com/forum/im...ilies/wink.gif

general way to do:

scenario:

a friend comes with phone. phone not powers on at all.

way:

1. try to flash phone with corresponding flashfiles. if it flashes - good, flash it.

following step should not be applied to db2020/pnx5230/db2010 cid49/cid50/cid51/cid52 phones.

2. if after complete phone reports "csloader startup error, fs startup error 1,2,23" then you need to restore erom.

all needed EROMs is inside "eroms" folder of setool2 distribution.
for db2000 phones erom is z800_v800_k600_old_erom.ssw
for db2010 phones erom is k750_w800_z520_old_erom.ssw
for w550/w600/s600 phone erom is w550_erom.ssw
when flashing EROM you MUST set cid to OTP cid !!!!!

3. if after succefull flashing (complete ok) phone powers on with white screen/freezes on "please wait" step - you need to UNLOCK phone

4. if it can't be unlocked - most probably gdfs is damaged and you must rewrite gdfs with re-formatting (go to settings tab, check "format gdfs").

all needed gdfs is inside "gdfs_in_bin_format,gdfs_in_ssw_format" folders of setool2 distr.
select corresponding gdfs in "misc files" edit and press "write gdfs"
always make "unlock" after write gdfs.

please note, that you SHOULD NOT mess with gdfs in db2020 phones, pnx5230 phones, cid50/51/52 db2010 phones.
actually, you only can safely rewrite gdfs on db2000/db2010 cid16/29/36/49 phones.

Q: how to remove "strange" "1e0w" or simular from service menu?

A:
for z1010 use script:

Quote:
gdfswrite:00040CBF00
for all other db2000/db2010 phones use script:

Quote:
gdfswrite:00020CB800
for db2020 use next script

Quote:
gdfswrite:00020DE400000000000000000000
Q: i really like to make some pre-defined email/gprs account !

A:all pre-defined gprs and so on account stored in customize.xml file.
you can readout that file from phone with such accounts,using script command

Quote:
readfile:/tpa/preset/custom/customize.xml
(file will be in PC directory ph_out\tpa\preset\custom\customize.xml)
then you can modify it as you need and write back into phone with script command

Quote:
wrfile:test.xml,/tpa/preset/custom/customize.xml

Acronym explanations.

Some general information:
CID = Certificate ID. You can say that this "number" defines the version of SE's protection present in the phone. Each CID require their own loaders.
New CIDs are deployed from time to time, for the sole reason of preventing them from beeing unlocked/flashed/tampered with by non-SE service tools. Current CIDs in use by SE are 29/36/37/49/50/51/52. SE-based LG/Sharp phones use the same system (but different versions), hence they are supported by SETool. The OTP (One Time Programmable memory) and EROM of a phone might be protected by different CIDs, usually the case in newer K600s/K608s. If SETool reports OTP CID36 and Flash CID49, doing a "Recovery" in the software and replacing the EROM with a CID36 one will render the phone a normal and fully non-TP supported CID36 one.

CDA = This "number" defines which variant of a specific firmware a phone is supposed to have.
It lets among others SEUS (Sony Ericsson Update Service) know which language-pack/branding/bandlocks a phone is to be flashed with. A generic (unbranded) K750 for use in Scandinavia will be CDA102337/12, whilst a Telenor-branded K750 will be CDA102338/62. Both will be flashed with the same languages/dictionaries, but the latter will be flashed with Telenor-branded firmware (branded firmwares are considered by most as utter crap).

BLUE/BROWN/RED:
This "color" defines what kind of phone we are dealing with.
BLUE phones has been assembled at the factory, but never been programmed with software/GDFS/IMEI (remember kids: the IMEI is stored in the OTP (One Time Programmable memory))
BROWN phones are usually "developer phones", for testing. Less restrictions are present, as these are used for "debugging/beta" purposes. In the case of CID36, a phone has to be converted to BROWN for unlocking. If you ever encounter an OTP CID49 BROWN phone, it must be converted to RED for servicing. (Click here for a guide.)
RED phones are your typical retail ones.

GDFS:
This is the phones "stash", where all settings and calibration data is stored (this also goes for the firmwares IMEI-resource as well as the SIMlocks). Similar to other brands use of NVRAM (Non-Viotile Random Access Memory).

IMEI = International Mobile Equipment Identity.
A 15-digit number which includes information on the origin, model, and serial number of the device. The model and origin comprise the initial 8-digit portion of the IMEI, known as the "Type Allocation Code/TAC". The remainder of the IMEI is manufacturer-defined, with a "Luhn check digit" at the end (which is never transmitted). The "Luhn check digit" is calculated from the rest of the IMEI.

It should be noted that in SE-based phones, the IMEI is stored in two places, the OTP (One Time Programmable memory) and GDFS. The GDFS IMEI is normally read from the OTP, but this can be circumvented by SETool function to "change" the IMEI. This patches the firmware into allowing different OTP/GDFS IMEIs. It is the GDFS IMEI that is reported to the network, so changing this will "de-bar" blocked phones. SEUS is not fooled by this, on the other hand, and it should also be noted that doing this is illegal in most countries.

EMMA = Service software/solution by SE themselves. Protected by the EMMA smartcard to prevent non-licensed usage. Current version is EMMA3, though EMMA2 is still alive (but kinda useless on newer phones). The EMMA smartcard contains an algorithm that allows EMMA to communicate directly to/with the phones CID, so performing operations the way they were intended. The smartcard and its algorithm has not been cracked. Current EMMA access levels exists:
Service Update - Can't unlock phones.
Service Update Pro - Can't unlock phones.
Network Operator - Can't unlock phones (but sure as hell can lock them http://www.mobile-files.com/forum/im...ilies/wink.gif).
Service Center Std - Can't unlock phones.
Service Center Rc - Can unlock phones, as they have a special version of the smartcard with a CSCA key.
Research & Development - Can unlock phones, as they have a special version of the smartcard with a CSCA key.

about bluetooth problems (hang/dead/etc)
by semc themself http://www.mobile-files.com/forum/im...ilies/wink.gif

sometimes you neeed to overwrite gdfs on several phones, but after it - they can't connect to each other using bluetooth. problem is - btid of each phone became same.

here is a topic, which fully describe problem and how to fix it.

New discovery: GDFS and Bluetooth ID problem. With solution!

OK, let say you have 2 K600, K600-A and K600-B for example.

K600-A is GDFS damaged, so you read GDFS from K600-B and write it to K600-A.

Now, two phones shall be using the same GDFS.

But, when you try to pair these 2 K600s with Bluetooth, the phone will hang and reboot. I am not sure about other models, but in my case, the K600 will hang and reboot!

Because these 2 phones are using the same BT ID stored in the GDFS (See attached photo).

With help from Mr. the_laser, we can solve this problem by changing the Bluetooth ID stored in your phone. Use the script below to read the BT ID:

-----cut----
gdfsread:0000002B
-----cut----

You will get a file named "gdfs_var_00_002B_your_imei.txt"

In this file, you will see your BT ID as: gdfswrite:0000002B221EA9070E00

Where "221EA9070E00" is your BT ID. Just change whatever you like and use the Write Script function to write this file back to your phone and you will have a new BT ID.

Of course, the hang & reboot problem will be fixed http://mobile-files.com/forum/images/smilies/wink.gif

PS: All credit goes to Mr. the_laser

q: How to use script to backup GPRS/MMS/Browser settings then write back??

a:
script

readpkg:/system/wap/profile/

will create pkg_imei.pkg

then,to write it back use

writepkg:/pkg_imei.pkg

Q: i want to unloch sh703/903 phone, i flashed patched firmware from support, but phone not turns on ! help,help,etc

A: after flashing, select your model in dropdown list and press unlock.
probably, in next versions i will embed direct patching of newer 703/903 fw so you only need to press unlock (old sharp fw already supported, just try to unlock before flash patched fw)

note: in latest version direct patching supported...

SEMC posted some documents about problems with Z520.

Introduction
There is a problem with some Z520 phones where the phone has no network. When you look at the PCB, you may see that R1242 or R1245 are missing, damaged, or askew. (See attached word doc with photos)

Comments
The problem area on the PCB may appear as mechanical damage. You may even see scrape marks. This is not customer abuse. This damage is being caused in the factory. These phones should be repaired under warranty. Both of the parts (R1242 & R1245) are in the parts list and are shown on the component placing drawing. If you find the part missing, and if the damage does not affect other parts, and if the pads are still intact, replace the missing parts. If the part is slightly askew, and there is not solder damage, then leave it. (The example in the photo is acceptable as is.) If it is severely askew, (less than 50% contact coverage) de-solder and re-solder it.

http://www.savefile.com/files/2040182

notes on DB2000/DB2010 RED CID49 support.

it must work only on non-touched (new) phones.
if phone was "tuned" with other software - no any warranty, but, generally, it should work.

during ANY operations with red49 phone it became unusable (dead) until you flash so-called "restoration" file or flash "main" part of phone software.

i prepared restoration files for most versions of red49 firmwares,they reside in "rest" folder of setool2 distribution.

usage of restoration file is simple. just determine your firmware version and select corresponding restoration file in "restoration file" edit.

in current versions auto REST files search and restore implemented.

for that, you need to download rest file archive from support area and unpack it into %setool%\rest directory.
"REST file" edit must be clear for start of auto restore process.

if your unlucky and there is no restoration file for yours version of firmware, then you must fullflash phone
(WITHOUT TOUCH TO GDFS AREA), just main+fsimage+complete.
from setool2 version 031 you can create restoration files automatically

to auto create restoration file, press "identify" - you will know firmware version.
now,download that firmware from support, put it in firmware area and press "identify" again.
restoration file will be created and placed automatically in rest\ folder.

during flashing w900 phones on some (i think most) com cables, CHECK option "disable USB" - phone somehow assumes it is on usb, but it is on com.

some example:

q: i have red49 w550, i don't know what firmware version inside, i want it unlocked and with russian language.

a:
go to semc tab.
press clear names.
select needed w550 flashfiles (main,fsimage). russian inside emea1
go to settings tab. CHECK complete. CHECK "unlock after flash". UNCHECK "revert to red.
go to semc tab, press flash
when prompted, remove and insert battery, press button "READY"
phone must be unlocked and flashed.

q: i have k600, i want to unlock it, i know that inside r2ae001 version.

a:
select in "restoration file" edit correct restoration file.
current version will auto determine restoration file

press unlock.
when prompted, remove and insert battery, press button "READY"
phone must be unlocked and restored, means - working.

NOTES ON PROFILES

button "S" saves all files and settings for current model in current window.
button "L" restores saved files and settings from current model in current window.

profiles works on all tabs.

Q: What is "W550/W600 OLD" and "W550/W600 NEW" ? i have a w550 red49, what model i must select ?

A:

first try "W550/W600 OLD" model, if it will say you to use "W550/W600 NEW" - select it and repeat procedure.

q:
I have tried to flash Z1010 with unbranded file. This is the result.

GUI v0.91380009/UNI
Card serial:00000004
Loaded 49 flash descriptors
Open COM port OK
ChipID:7100,EMP protocol:0301
PHONE IS RED RETAIL PRODUCT
FLASH CID detected:29
Speed:921600
DB2000 only supports 460800,fallback.
OTP status:0 locked:1 CID:29 PAF:1 IMEI:35345600144480 CERT:RED
Loader:041214 0759 MATCXC1325712_PRODUCTION R2Z
Flash ID check:8964
Flash props sent ok
Switching to USB...
Phone stays at current interface.
writing C:\Documents and Settings\c1am1k\My Documents\UNLOCK\SONY ERICSON\z1010\z1010_r1h_fs.hk.cry
CURRENT FLASH FILE CID:16
........
SSW loading returns:0
CSloader version:
041109 1252 GOHCXC125904_SEMC_VIOLA_FILE_SYSTEM_LOADER_R1E
loader startup: executed
loader filesystem startup: executed
csloader refused to start gdfs services,error is:29
loader gdfs startup failed, that is fatal
Elapsed:517 secs.
RECOVERY MODE STARTED
Open COM port OK
DB2000 only supports 460800,fallback.
Recovery:041213 1451 MATCXC1325413_CERTLOADER R3S
Fetching phone data from OTP
OTP status:0 locked:1 CID:29 PAF:1 IMEI:35345600144480 CERT:RED
Recovery succefull. Reflash phone now
Elapsed:17 secs.

a:
your phone OTP CID is 29, while flashfiles CID is 16. CIDs can be greater, but not lower.

you need to do now

1. recovery (you done it)
2. select cid change= redcid16
3. flash main+fs+complete

.:imei change tutorial for sonyericsson:.

1.
Choose correct model
(only DB2000/DB2010 phones supported,
from 093 version CID49/51 DB2012/DB2020 phones supported via patch,
from v0.914029 DB2010/DB2020/PNX5230 CID49/CID50/CID51/CID52/CID53 supported via patch)

2. Choose "SETTINGS" tab.
Check

"PATCH OTP<>GDFS CHECK IN FIRMWARE"
"ALLOW TO CHANGE IMEI WHEN UNLOCKING"
for DB2012/DB2020 only
"USE SERVER FOR UNLOCK/FLASH"
"USE ALTERNATIVE SECURITY BYPASS"

3. go back to SEMC tab, press UNLOCK

4. when prompted, enter needed IMEI,

NOTE:
for pnx5230/db2012/db2020 phones REAL IMEI NOT changed, flashpatch "forges" IMEI via some trick.
no worry though, network (and customer) will see NEW IMEI.
but, once phone will be updated on SEUS it will return to original IMEI.
same applies to flashing main part of firmware.

you need 1 credit to change IMEI for db2010/db2020/pnx5230 phones cid49/cid50/cid51 phones,
you not need anything for cid52/cid53 db2010/db2020/pnx5230 phones (setool2 version should be >=v0.914029)
you NOT need anything for cid49 db2000/db2010 phones.

BE AWARE THAT CHANGING IMEI IS ILLEGAL AND PROHIBITED BY LAW. USE IT FOR EDUCATIONAL PURPOSE OR WHEN YOU HAVE CHANGED FLASH CHIP WITH ALREADY FILLED OTP!!!

starting from w810 and z530, semc changed langpack names (as i see - only emea)
i only write here changed names.

c_asia UK TR RU AR
cent_europe SK PL HU CS
m_east_africa FR FA AR
mediterr SQ RO EL BG
baltic RU LV LT ET
s_asia_levan RU HE FR FA AR

about gdfs file formats.

there is 2 gdfs format,which setool2 can support.

first format is "common" format, "small" file , where only units and their values stored.
that file must be written using "misc. files" edit and "write gdfs" button.
such file can be produced with "read gdfs button"
if gdfs area is damaged, or loader can't find be written and thats why we came to ...
second format. it is pure flash image of gdfs area.
can be written only as "firmware files". can be written regardless of damaged or not gdfs area.

i suggesting to use "gdfs-in-ssw-format" in situations of "complete dead" phone (for example, after we tried to write s700 firmware into k300

q: how to enable amr on xxx ?

a:
for db2010 phones, execute following script

execute following script.

---cut AllCodecsON.txt--------
gdfswrite:000000a60001020405
-------end cut----------------

q: i want to readout gdfs in ssw format. i not know ranges and length.

a:
z1010
20800000,100000

v800,z800
21F00000,100000

w900
21F00000,100000

k600
21F00000,100000

s700
45e00000,100000

k750,w700,w800,z520
45f00000,100000

k700,k500,k300
44f00000,100000

z500
45300000,100000

w550,w600
45f00000,100000

lg8130/8330/8138/8550/8380/8360
23F80000,80000

lg8110
20780000,80000

sharp902,903,703
22100000,80000

sharp801
23F00000,80000

w810,w300,k310,k510,z550,z530
47e00000,100000

q: what is "EROM upgrade" for db2020 phones (k610/v630/k790/k800/w850) and how to use it?

a:
semc gone crazy with security in db2020 phones, so if anything secure damaged (as they thinks) - EROM not starts phone and phone is completely dead.

in early EROM releases (R3A011 versions) SEMCsec developer done some error,because of that EROM sometimes can't setup GDFS good.

we will see it as RED BLINK during phone power on. and as "gdfs startup error:29" when we trying to flash it.

SEMCsec released then EROM updater, which is upgrade known EROM to new version. that new version solves red blink error (of course, if security units intact). i decided that it is not fair to keep that loader only for emma, so it is embedded in setool2 from now on.

usage is very simple.
select correct db2020 model.
check "use server" in settings (credits will NOT be deducted)
connect phone to COM/UFS cable or dcu60 cable (you MUST press 2+5 instead of 'C')
press RECOVERY

EROM will be upgraded and your problems CAN be solved.

sadly, SEMCsec not released anything to correct problem, when security units or gdfs totally damaged. they fear of illegal usage