Frequently asked questions (faq). Tips and tricks.

[Mohsin-*]

q:
when i attaching phone using dcu60 i see following messages:

Code:

 
erom_readvar: error reading unit 1/725
error while reading security units
SECURITY UNITS CAN'T BE READ !
DAMAGED FIRMWARE/GDFS OR EMPTY PHONE

or

erom_readvar: error reading unit 1/851
error while reading security units
SECURITY UNITS CAN'T BE READ !
DAMAGED FIRMWARE/GDFS OR EMPTY PHONE

and process stops,but phone works normally on com/ufs.
what is root cause and what is solution ?

A:
that phone is tampered by d_reambox software.

during their famous method of "testpoint bypass", they writing patched erom with own custom loader embedded, patching simlock signature check and ... erasing simlock signature without any reason, which prevents setool2 from making backup.

i had write a post on their forum, but they too arrogant even to read it.

fix is extremly simple:

using com/ufs write next script in SIGNED MODE (check ONLY "USE SIGNED MODE" on settings)

for db2020:

Code:

 
gdfswrite:0001085144554D4D5944415441

for db2012:

Code:

 
gdfswrite:0001072544554D4D5944415441

alas, they custom loader also breaks alternative bypass support using dcu60 cable,
so you only can use SIGNED MODE with dcu60 after their "testpoint".

maybe i will write program (embed option in setool2) to restore tampered by d_reambox erom to correctly patched.

[Mohsin-*]

q:
when i flashing/completing/etc phone i got error like

Code:

loader startup: executed
Loader refused to start GDFS services,error is:29
loader GDFS startup failed, that is fatal
Elapsed: 734 secs.

what to do ?

a:
that error can be caused by different problems. lets see all of them

1. user has run "executor" application, which was not deleted after "new altbypass unlock".

solution -
select correct model
on settings check only "use preloader security bypass".
execute any operation, say : "read flash"

2. main software somehow has been damaged (cause of free tools, etc)
solution -
select correct model
on settings check only "use signed mode".
add to firmware area only main part of firmware
press flash (use com/ufs or dcu60 with "2+5" keys if phone not connecting with "C" )
after that, phone should show identify normally.

.... and if not....

3. gdfs area has been damaged (bad flash ic, firmware error,etc)
solution -

a) install empty flash chip and do emptyboard fill procedure
b) try to repair gdfs area with VERY complex testpoints

Code:

v0.914037

- added testpoint for db2020 phones.
  db2020 testpoint idea made by dre_ambox team. 
  as i respected that, i not included db2020 testpoint in setool2 
  for a long time. but anything ends sometime.
  now, setool2 users can enjoy gdfs db2020 gdfs repair.

  usage: 
  1. it is only and only for professionals. 
     users,advanced users, please "go away".
  2. testpoint is +3.3 voltage, connected to specific pin. 
     we suggesting to use +3.3v battery 
     (battery ground MUST be connected with phone's GROUND)
  3. go to emptyboard fill & repair.
  4. select any db2020 model.
  5. press "TP STAGE #1". read instructions and execute them.
  6. press "TP STAGE #2". read instructions and execute them.
  7. phone is BROWN now. 
  8. staying on "emptyboard fill and repair" write correct gdfs_in_ssw format.
  9. if flashing went fine, flash db2020 erom with needed CID.
  10. phone now retail and repaired. fullflash phone as usual.
  testpoint pictures (courtesy of drea_mbox team) included.
  after SETOOL2 db2020 testpoint procedure phone FULLY 
  working in "alternative security bypass" mode without ANY restrictions.

- greatly decreased locosto-based SEMC ODM phones security bypass time.
  (instead ~50 seconds, now we have ~18 seconds)
- minor bugfixes.

RAPIDSHARE LINK

Code:

 
db2020 testpoint can't be possible without GREAT help from SPH 
and inspirations from vasilius

c) change both mcu+flash chip from other phone

[Mohsin-*]

q: i have A2 (db3150) phone, which was unlocked by kukuruzer tool and it is "factory" now, i want to make it "retail", what to do

a:
you need setool2 version >=v0.95 for that.

1. go to a2 tab
2. select correct model, that is important.
3. go to settings tab.
4. mark "use signed mode" , "use alternative security bypass"
5. go back to a2 tab
6. set "retail" domain
7. press unlock
8. follow program instructions
9. your phone is converted to "retail" state.

you do not need credits for that procedure.

q: how to unlock/repair a2 phone (db3000,db3150,db3210) using altbypass option?
what problems can i encounter and how to avoid them ? how many credits i need ?

a:
you need setool2 version >=v0.95 for that.

first, you can repair ANY software problems for currently released A2 phones.
for that, you need to do several simple steps:

1. go to a2 tab
2. select correct model, that is important.
3. go to settings tab.
4. mark "use signed mode" , "use alternative security bypass", "unlock after flash"
5. go back to a2 tab
6. set desired domain ("retail" is best choice)
7. if you want to flash phone, add neccessary firmwares to firmware area and select correct custpack
8. if you selected firmwares, press flash, otherwise press unlock.
9. follow program instructions
10. your phone is repaired and unlocked (and flashed)

you do not need credits for that procedure.

if phone is totally damaged (foreign trim area), you required to write gdfs package from normal phone and make unlock again.

q: What is filemanager ? how to run it? why i can't read files ?

a:
you need setool2 version >=v0.914042 for that.

filemanager is visual tool to play with files.
create script (text files) with one string

Code:

 
fsManager:

and select it in misc edit, then press "write script" button.

note ! you can check only "signed mode", it will run filemanager fast, but you will not be able to read files, only write.
in order to read files, you need:

for db2000,db2010 phones <= cid49 - uncheck ALL settings
for db2010,db2020,pnx5230 phones <= cid53 - check "use signed mode","use alternative security bypass", "use preloader security bypass"
for a2 phones (db3150,db3210) <=cid52 - "use signed mode", "use alternative security bypass" and set domain to "r&d" or "factory"

to rename file/directory press F2 or select "rename" from popup menu
to delete file/directory press DEL or select "delete" from popup menu
note, that directory should be empty in order to delete it.
to write file/directory, drag-and-drop it from windows explorer to desired directory on phone.
to read file/directory press F5 or select "read" from popup menu.
note, that files/directory will be save to %setool2%\ph_out directory,existing files overwriting without notice.

q: i want to service j132 phone, but it not have fastport connector, only minuUSB. what to do ?

a:
you need setool2 version >=v0.914042 for that.

you should create connector yourself: select either ufs or com modification
(pinout discovered by rockerdongle team)
please note, that if you will create cable with 3 pins only, you should manually press power on button on phone when program displays "powering..."



q: for curiosity i have flashed ROM image in my lg ku580/kf75x/kt52x.
phone goes dead. i unlocked it and it came back to life, but i have no network. what to do ?

a:
you need setool2 version >=v0.95 for that.

you need write gdfs package from working phone.
just select correct model, add to misc. edit gdfs package and press "write gdfs".

q: i can not connect lg ku580/lg75x/kt52x/sagem my805c to setool2 with supplied USB cable. phone simple turns on and setool2 don't recognize it.

a:
you need setool2 version >=v0.95 for that.

you should use special service usb cable. pinout and conversion of supplied cable to "service" is attached
conversion for ku580/kf75x/kt52x usb cables:

conversion for sagem my850c cable


or you can buy ready cable from GPG industries http://forum.gsmhosting.com/vbb/showthread.php?t=613936

for KF757 phone you need standart micro-usb cable and simple trick - in order to enable boot mode,
connect points DCIO and VPP together (see photo). after you finish working with phone - DISCONNECT points, otherwise battery will be drained in 2-3 hours.

pinout for kf757:
http://pics.data.bg/categories/1/%d0...e7ff61e/kf757/

[Mohsin-*]

q: i tried to unlock lg kf75x/kt52x with IMEI "01xxx..." and got weird error,
phone goes dead. what to do ?

a:
you need setool2 version >=v0.915020 for that.

just unlock phone again - it will be fixed and properly handled.
but - you must manually enter generated unlock code.
unlock code can be entered by typing 2945#*750#
in some cases, it will not work until you flash generic (open) firmware from support area.

edit:
from setool2 version >=v0.915025 direct unlock of such units reintroduced, you do not need enter codes manually.

q: there is too many bypass options. i'm stuck.

a:

here is short cheatlist of different phones and scenarios.

db2000 cid 16,29,36,37,49

normal bypass settings state - all unchecked, there is no any special bypass options for that phones.
if "use signed mode" checked - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks/repair seczone no settings should be checked.
if phone has cid 37,49 and EROM is damaged - you need use hardware things to repair.
to unlock network locks using server "use signed mode" should be checked.
usercode can be seen in identify output.

db2001 cid 53

such asic can only be encountered in pda phones.
"use signed mode" should be checked
to unlock network locks "perform full unlock instead of usercode reset" should be checked
usercode can be seen in identify output
setool2 can not repair seczone in such phones at all.

db2010 cid 16,29,36,49

normal bypass settings state - all unchecked, there is no any special bypass options for that phones.
if "use signed mode" checked - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks/repair seczone no settings should be checked.
if phone has cid 49 and EROM is damaged - you need use hardware things to repair.
to unlock network locks using server "use signed mode" should be checked.
usercode can be seen in identify output.

db2010 cid 50,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones without hardware things.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
usercode can be seen in identify output.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid50,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db2020 cid 49,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones without hardware things.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid49,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db2020 cid 80,81

not officially released by semc, but kukuruzer tool,using unique hardware device, can be used to create such phones.
such phones can not be serviced with anything, until CID will be lowered again via kukuruzer tool.

pnx5230 cid 49,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones at all.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid49,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db3150,db3210 cid 49,51,52

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is one type of alternative bypass (bypass enables full unlock, full fs operations):

using local bypass: should check "use signed mode", "enable alternative security bypass"

semc ODM phones

"enable alternative security bypass", "enable preloader security bypass" has no effect and must be disabled.

if "use signed mode" checked - you can use usb interface for some models, can use only signed flashes, can reset usercode and total time.
if "do full unlock instead user code reset" checked WITH "use signed mode" - you can do network unlock, server account required.

if "use signed mode" NOT checked - you can make network unlock by patch using security hole, but that security hole is closed in all latest locosto chipset revisions.

lg3g,sharp cid 17,24,41,42,54 phones

"use signed mode", "enable alternative security bypass", "enable preloader security bypass" has no effect and must be disabled.

lg,sagem A2-based cid 54,60,185,186

"use signed mode" should be enabled (it has no effect for most functions,though)

[Mohsin-*]

a little note about semc ODM files structure:

1. neptune-based (w302,s302,f305)

firmware contain 3 required parts:

- main (ex: R1BA017_1207_9123_GENERIC_HS_YG_RED.software)
- fs (ex: R1BA017_1207_9132_FS_ADRIATIC_HS_YG_RED.software)
- customization (ex: R6A_F305_CDF_1215_9665__FS__Entel_PCS_CL.software)

you need flash all 3 files to get phone working with desired langugaes.

2. locosto arima (t250,t280,k330,t303,r300)

contains 2 required parts

- main + language R5CA005_OLGA_ARIMA_AMERICA_2_CXC1251008_RED.softwa re
- customization R7A_CDA102866_307__FS__Movistar_Guatemala.software

3. locosto foxconn (z250,z320,r306,j132)


- main R1BA008_1212_9858_MC_JIALI_RED.software
- icons R1BA011_1211_6339_ICN_JIALI_RED.software
(that files reside in archives like MODELa_FWVER_common)
- fs+language R1BA008_1211_6093_MALAYSIA_JIALI_RED.software
- custpack R9A_R306_CDA_1212_6282__FS__Customized_SG.software

[Mohsin-*]

: my db2020 phone had totally damaged gdfs and i do not want to replace flash chip. what to do ?

a:
you need use complex testpoint procedure:

1. it is only and only for professionals. users,advanced users, please "go away".
2. testpoint is +3.3 voltage, connected to specific pin.
we suggesting to use +3.3v battery
(battery ground MUST be connected with phone's GROUND)
3. go to emptyboard fill & repair.
4. select any db2020 model.
5. press "TP STAGE #1". read instructions and execute them.
6. press "TP STAGE #2". read instructions and execute them.
7. phone is BROWN now.
8. staying on "emptyboard fill and repair" write correct gdfs_in_ssw format.
9. if flashing went fine, flash db2020 erom with needed CID.
10. phone now retail and repaired. fullflash phone as usual.
testpoint pictures (courtesy of drea_mbox team) included.

after SETOOL2 db2020 testpoint procedure phone FULLY
working in "alternative security bypass" mode without ANY restrictions.

note.
if you wrote bad erom (erom cid < otp cid) - you should start testpoint procedure from STAGE #2.

q: my db201x phone had totally damaged seczone, but gdfs is valid. i do not want to replace flash chip. what to do ?

a:
you need use complex testpoint procedure:

1. it is only and only for professionals. users,advanced users, please "go away".
2. testpoint is +3.3 voltage, connected to specific pin.
we suggesting to use +3.3v battery
(battery ground MUST be connected with phone's GROUND)
3. go to emptyboard fill & repair.
4. select any db201x model.
5. press "TP STAGE #1". read instructions and execute them.
6. phone is BROWN now.
7. staying on "emptyboard fill and repair" write correct gdfs_in_ssw format.
8. if flashing went fine, flash db201x erom with needed CID.
10. phone now retail and repaired. fullflash phone as usual.
testpoint pictures (courtesy of drea_mbox team) included.
W200 testpoint is VALID for ALL DB201x phones.

after SETOOL2 db201x testpoint procedure phone FULLY
working in "alternative security bypass" mode without ANY restrictions.

note.
if you wrote bad erom (erom cid < otp cid) - you should start testpoint procedure from STAGE #2.

q: my db201x phone have totally damaged gdfs and i do not want to replace flash chip. what to do ?

a:
sorry, setool2 can not help you in that case without emptyboard fill procedure.

[Mohsin-*]

Q: what is C902AS firmwares on support ? how to determine if i need them ?

A:

C902 New Hardware implementation

A new C902 hardware was phased in from week 09W16 in production, this new hardware requires new application software and it must be version R3EA038 or later to work.

Old C902 Hardware has used the following TAC:
35379702
35714902
35879002
35892102

New hardware will start with TAC:
35362603 but there will be more TAC later.

new hardware - firmwares with _AS
old hardware - firmwares w/o _AS

[Mohsin-*]

q: How i can update/repair PDA ACPU EROM ?

a:

Code:

1. select correct PDA model  
   2. find corresponding EROM in dist\eroms\, add it to firmware area
   3. select correct com/ufs port
   4. press recovery
   5. connect turned off phone
   6. reflash phone via USB with normal firmware

[Mohsin-*]

SI-C905 PBA Key Flex Flip Complete problem Update3

Applicable for: C905 produced before 08W45 and 09W19.

Background:
C905 units produced before 08W45 may unfortunately have a batch problem with the PBA Key Flex Flip Complete. This can result in No Audio problem, Display problem or more unlikely GPS problem.

[Mohsin-*]

q: what is that fuzz about s1 patch unlock ? what is difference from full unlock?

a:
s1 patch unlock feature require release >= v0.915043.
1. patch unlock is NOT permanent, it will be removed if you flash phone and you need to repeat it again
2. s1 patch unlock will NOT fix damaged security zone and REQUIRE valid security zone.
3. to use s1 patch unlock you need credits
4. procedure as follows

- select PROPER model (that is extremly important)
- on settings check BOTH "signed mode (using server)" AND "use alternative security bypass"
- select desired interface (usb preferred for neptune phones)
- press unlock

q:
i had flashed s1 phone and credits were spend from my account ??? why????
i had readed flash part from s1 phone and credits were spend from my account ??? why????

a:

you had checked "use alternative security bypass" option, that require credits.
that feature is only and only for very special cases, like restoring completely damaged trim area and other very specific requirements.

[Mohsin-*]

q:
please help me, how to setup u1i (idou, satio, kokoro) in flashmode?

a:
by holding the "green" send key


q:
i need to enter the service menu, what shall i do ?

a:
power on the phone and press the following keys in order : red green red red green red


red = end key
green = send key

[Mohsin-*]

Q. How can I change the password of my setool2 account?
A. Please check the attachment.


NOTE!
Server automatically generates a password based on random characters, thus, it is not possible to set a custom password.

[Mohsin-*]

1- Copy SETOOL.ini file from old SETOOL Folder to new
2- Open SETOOL.ini File and Edit it with your username & password Detail



3- After That Open Activatior From SETOOL 1.02 Folder
4- Then Press Activate Button As Shown In Pic



After That Will See Activation Done