Create RPL from PM function

[moulnisky]

Been doing some tests about this function in the BB5/security window..
After a few test I realised that this function create an RPL only about the SP data if it can find in the file.pm The fields 0 1 and 2 of the PM120.

so been a bit wondering about.
Classic sample is a nokia 5800
if we create an unlocked PM using any software included free solutions we get only the field 0 of the PM 120 plus the 308 field 1
If we make a PM back-up using cyclone we get the PM 120 full

Here the thinking..

I put, using wordpad, The PM120 field 0 (Unlocked) in the PM back-up made by Cyclone and removed the PM308 part.
Using the function CREATE RPL FROM PM the program generate a file.rpl immediately with the fields:
SIMLOCK_DATA_1
SIMLOCK_DATA_2
SIMLOCK_KEY_DATA_1
SIMLOCK_KEY_DATA_2
SIMLOCK_KEY_DATA_3

For what is in my little knowledge an rpl with this fields wrote in the mobile will unlock IT!! and on top of everything the process write RPL bypass the PM308 write protection.

I've no mobiles in my hands to do a test but anyone tried this way?
If it works is the end of the PM308 write protected problem

BR

Alex

[moulnisky]

Anyway got this idea from Genie Universal reading the thread about their internal RPL server in their forum. :-)

BR

Alex

[alfox]

how about config key 000000000 for 5300?coz i got 1 unit here with problem of auto turning off when playing the mp3 songs.do you think this will repair the problem?

[moulnisky]

Do the self test with cyclone and see where is the problem..
If it goes off when you use the mp3 player is not a problem of PM.. it would if the mobile was going off by itself...
BR

Alex

[moulnisky]

Instead this system ca solve the problems of config/service 00000 in the BB5+ and rapido sl2 just using a couple of PM120 field 0 standard and giving the mobile unlocked and working.

BR

Alex

[BouRRi_GSM]

but Genie don't read the PM 120 of phone,
u can see SIMLOCK_KEY_DATA is generated from RAP ID (ask file) without the need of PM 120.
and right know, it can generate only unlocked RPL for Factory provider (24407), but will be possible to generate for other provider from simlock.bin.

i mean the simlock data field are not really important, but the important think is how to calculate simlock_key_data from ask (cause PM120 also will not help if phone come erased or with PM120 writen from other phone).



br

[Amir-SkillZ]

Quote:

Originally Posted by moulnisky

Instead this system ca solve the problems of config/service 00000 in the BB5+ and rapido sl2 just using a couple of PM120 field 0 standard and giving the mobile unlocked and working.

BR

Alex

The Main Problem why you cannot unlock N96, 6220, 5800 etc is because
it has Protected PM 308. Only PM 308 is Protected and PM 120 is
still writable. Since PM 120 is fully writable, this is the main cause of all
"Contact Retailer" after unlock problems. The Unlock Software will be able
to write to PM 120, but it cannot write to PM 308. This will result to
Mismatching SP Data on 120 and 308. That is why these phones
will suffer "Contact Retailer". To repair these phones, simply write the
original PM 120 back to the phone (all unlock softwares make PM 120
backups). You do not even need SX-4 Auth to write to PM 120.
So at end mean u can Unlock those new phones with protected fields if u can find a way to write protected 308 fileds...then 120 unlocked can be written any way...and u should 100% that ur 308 written correctly unfortunately yet cannot be bypass ....
about ur suggestion in first post i think the cyclone programmer may put it in correct manners .
Br

[BouRRi_GSM]

@Amir-SkillZ
some people in Genie section have repaired some 5800 with config key 0000000000, and phone is well working after and unlocked.

when RPL can't overwrite field 308 of 5800.


maybe if u delete other thing from factory RPL file it will work and overwrite 308,
or maybe the repaired 5800 by Genie have already their original PM field 308,
but in that case, write of Simlock_key_data should FAIL in those phones, i mean repair 120+308 or not repair at all.

someone should try Genie RPL in a full erased 5800. (but need to have CRT backup or buy RPL for CRT repair also).



br

[moulnisky]

Quote:

Originally Posted by BouRRi_GSM

but Genie don't read the PM 120 of phone,
u can see SIMLOCK_KEY_DATA is generated from RAP ID (ask file) without the need of PM 120.
and right know, it can generate only unlocked RPL for Factory provider (24407), but will be possible to generate for other provider from simlock.bin.

i mean the simlock data field are not really important, but the important think is how to calculate simlock_key_data from ask (cause PM120 also will not help if phone come erased or with PM120 writen from other phone).



br

Simlock_key_data-1 to 3 are just the fields 1 and 2 of the actual PM120 in each mobile..

BR

Alex

[moulnisky]

PM120

[120]
0=800000000000000000101000000000000018010000000000 0020000001FFFFFF000000007FFF6F07FFFFFFFFF800003403 00050300101FFF
1=BFD40CB1E072BBF403BF77BB5BD50374461E725A0ACAB74315 ACB0EE116D7015883EF239C8C06DC40E4F95D145B267B3411D1C8DD154FDE7683328135F908012B3 4FD914ADC2986318F06A036CB21D03
2=B1AA4DA5023E3E2A8EE4F102467321416E8ED560

RPL

[CERT_PROG_DATA_OUT_CMT]
SIMLOCK_DATA_1=8D15652AF81FAD349B84440CEAAD97D8DD1 7601F0000000000000000244070000000000000180700
SIMLOCK_DATA_2=000000000050000005FFFFFF00B4000005F FFFFF0118000005FFFFFF017C000005FFFFFF01E00000
SIMLOCK_DATA_3=05FFFFFF0244000005FFFFFF02A8000005F FFFFF000000007FFF6F07FFFFFFFFF800030C03000503
SIMLOCK_DATA_4=000000007FFF6F3EFFFFFFFFC000030F020 00103000000007FFF6F3FFFFFFFFFC000031102000103
SIMLOCK_DATA_5=000000007FFF6F07FFFFFFFF07FE0313080 00503000000007FFF6F07FFFFFFFF07FE031B08000503
SIMLOCK_DATA_6=000000007FFF6F07FFFFFFFFF8000323030 00503000000007FFF6F3EFFFFFFFFC000032602000103
SIMLOCK_DATA_7=000000007FFF6F3FFFFFFFFFC0000328020 00103000000007FFF6F07FFFFFFFF07FE032A08000503
SIMLOCK_DATA_8=000000007FFF6F07FFFFFFFF07FE0332080 00503000000007FFF6F07FFFFFFFFF800033A03000503
SIMLOCK_DATA_9=000000007FFF6F3EFFFFFFFFC000033D020 00103000000007FFF6F3FFFFFFFFFC000033F02000103
SIMLOCK_DATA_10=000000007FFF6F07FFFFFFFF07FE034108 000503000000007FFF6F07FFFFFFFF07FE034908000503
SIMLOCK_DATA_11=000000007FFF6F07FFFFFFFFF800035103 000503000000007FFF6F3EFFFFFFFFC000035402000103
SIMLOCK_DATA_12=000000007FFF6F3FFFFFFFFFC000035602 000103000000007FFF6F07FFFFFFFF07FE035808000503
SIMLOCK_DATA_13=000000007FFF6F07FFFFFFFF07FE036008 000503000000003F007F206F07FFFFF800036803000503
SIMLOCK_DATA_14=000000003F007F206F3EFFFFC000036B02 000103000000003F007F206F3FFFFFC000036D02000103
SIMLOCK_DATA_15=000000003F007F206F07FFFF07FE036F08 000503000000003F007F206F07FFFF07FE037708000503
SIMLOCK_DATA_16=000000003F007F206F07FFFFF800037F03 000503000000003F007F206F3EFFFFC000038202000103
SIMLOCK_DATA_17=000000003F007F206F3FFFFFC000038402 000103000000003F007F206F07FFFF07FE038608000503
SIMLOCK_DATA_18=000000003F007F206F07FFFF07FE038E08 000503000000003F007F206F07FFFFF800039603000503
SIMLOCK_DATA_19=000000003F007F206F3EFFFFC000039902 000103000000003F007F206F3FFFFFC000039B02000103
SIMLOCK_DATA_20=000000003F007F206F07FFFF07FE039D08 000503000000003F007F206F07FFFF07FE03A508000503
SIMLOCK_DATA_21=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
SIMLOCK_DATA_22=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
SIMLOCK_DATA_23=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
SIMLOCK_DATA_24=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
SIMLOCK_DATA_25=FFFFFFFF


SIMLOCK_KEY_DATA_1=BFD40CB1E072BBF403BF77BB5BD50374461E725A0ACAB74315 ACB0EE116D7015883EF239C8C06DC4
SIMLOCK_KEY_DATA_2=0E4F95D145B267B3411D1C8DD154FDE7683328135F908012B3 4FD914ADC2986318F06A036CB21D03
SIMLOCK_KEY_DATA_3=B1AA4DA5023E3E2A8EE4F102467321416E8ED560



The Simlock_data_1 to 25 is a standard.. is just a PM120 unlocked (in this sample unlocked 24407 provider key)

BR

Alex