|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source | Search | Today's Posts | Mark Forums Read |
| LinkBack | Thread Tools | Display Modes |
07-17-2012, 21:11 | #1 (permalink) |
Junior Member Join Date: Mar 2011
Posts: 18
Member: 1542807 Status: Offline Thanks Meter: 0 | Nokia E52 - corrupted simlock area after writing RPL [Solved] I have Nokia E52 with corrupted IMEI (123456..., startup failed, etc.). So I bought RPL (calculated from ASK file) and wrote it to the phone. Here's the log: Skipping RPL decryption... Parsing decrypted RPL... Processing FBUS Part... Writing Simlock... Handling as SL3 Simlock Data Handling as SIMLOCK2 Format Reading Security Block... Security block OK and saved to "RM-469_12345610654321_2012-07-15_143647.SecurityBlock.PM" 15 Digits NCK Found Simlock ACCEPTED OK ! Writing Superdongle key... Superdongle Key ACCEPTED OK ! Writing CMLA key... CMLA Key NOT ACCEPTED ! Writing WMDRM PD Data... WMDRM PD Data NOT ACCEPTED ! Processing FLASHBUS Part... Booting CMT... CMT_SYSTEM_ASIC_ID: 000000030000022600010007600C192102011104 CMT_EM_ASIC_ID: 00001040 CMT_EM_ASIC_ID: 00001030 CMT_PUBLIC_ID: 14D0010975400E49CE5178EE0A602065A1D9F871 CMT_ASIC_MODE_ID: 00 CMT_ROOT_KEY_HASH: 25B977A055BE9B5DEC0C38A2A279C695 CMT_BOOT_ROM_CRC: 3E273BF6 CMT_SECURE_ROM_CRC: 37BE26FA CMT Ready! Searching for BootCode: DualLine 32Bit RAPUv11_2nd.fg, Type: 2nd Boot Loader, Rev: 768.12.11.0, Algo: BB5 Flashbus Write baud set to 1.0Mbits Flashbus Read baud set to 98Kbits Using NEW BB5 FLASHING PROTOCOL Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit Box TX2 Data Pin set to: Service Pin 3 If software STUCK HERE with box TX LED lit, that means: 1. You have not attached yellow TX2 Adapter (IT IS REQUIRED FOR BB5 PHONES WHEN USING JAF/UFS CABLES!) 2. Your cable is not TX2 Enabled! 3. Transmission error occured, try again In either cases, you need to reconnect your box from USB. FlashChip[0,CMT]: 0x0000000000000000, Unknown, RAM FlashChip[0,CMT]: 0xFFFF000000000000, Unknown, MMC FlashChip[0,CMT]: 0x0020004000000031, ST, NOR FlashChip[1,CMT]: 0x0000000100000000, Unknown, NOR FlashChip[0,CMT]: 0x0020004000000031, ST, ONENAND Requested Algorithm: XSR 1.6 (CMT) Searching for BootCode: DualLine 32Bit FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported RAPUv11_XSR17_alg.fg, Type: Algorithm, Rev: 768.12.11.0, Algo: XSR 1.6 Initializing TurboCache... TurboCache Loaded! Writing CMT PASUBTOC Certificate... Writing CMT ALG Certificate... CMT Algorithm Ready! Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit Box TX2 Data Pin set to: Service Pin 3 Adding FUR Client (CMT, State: Ready)... CMT FUR Ready! Box VPP disabled Internal CMT Phone VPP Enabled PAPUBKEYS Hash for CMT: 85F252E351E225CAFC4DFBC8041EABD2823E3500 APE Subsystem Not Found Flashbus Write baud set to 5.0Mbits CMT NPC Erased CMT NPC Written CMT HWC Erased CMT HWC Written CMT CCC Erased CMT CCC Written Restarting MCU... Write RPL Finished! Analyze security log: Started Phone Security Analysis... MCU Version V ICPR82_11w16.3.5 MCU Date 19-08-11 Product RM-469 (Nokia E52) Manufacturer (c) Nokia IMEI 3593270XXXXXXXX Mastercode 7070XXXXX Reading Security Block... Security block OK and saved to "RM-469_3593270XXXXXXXX_2012-07-15_143806.SecurityBlock.PM" Step 1 : Testing SIMLOCK -- SIMLOCK PROBLEM -- Phone have failed SIMLOCK Test, that means Simlock Area is DAMAGED! To repair simlock area, Select Unlock method : "RPL CALCULATION", And then click DIRECT UNLOCK. SL Area will be re-formatted. -- SIMLOCK PROBLEM -- Step 2 : Testing SECURITY SECURITY SEFLTEST PASSED OK! Step 3 : Analyzing Security Block "14D0010975400E49CE5178EE0A602065A1D9F871.B000089B " Exists, That is good... Checking SUPERDONGLE... SUPERDONGLE FOUND AND CHECKSUM OK! PASSED! Checking SIMLOCK... Failed to decode Security Section, Box Reported: Security Section Not Found (SL3 phone?) Checking MCU&DSP TIMESTAMPS... MCU&DSP TIMESTAMPS FOUND AND CHECKSUM OK! PASSED! Checking CMLA KEYS... CMLA KEYS FOUND AND CHECKSUM OK! PASSED! Checking ECC KEYS... ECC KEYS FOUND AND CHECKSUM OK! PASSED! Checking DIV KEYS... DIV KEYS FOUND AND CHECKSUM OK! PASSED! Analyze finished! Read info log: MCU Version V ICPR82_11w16.3.5 MCU Date 19-08-11 Product RM-469 (Nokia E52) Manufacturer (c) Nokia IMEI 3593270XXXXXXXX Mastercode 70705XXXXX IMEI Spare 3A952307XXXXXXXX IMEI SV 3395230723XXXXXXXX000000 PSN 0 Product Code 0593914 PSD 0000000000000000 LPSN 0 WLAN MAC A87B39283E1F APE SW 081.003 APE Variant 081.003081.003.06.01081.003.283.02 APE Test v0.a091 APE HW 256 APE ADSP 256 RETU 40 TAHVO 00 AHNE 11 RFIC |Vapaus_5.1 | Aura_?.? DSP ICPR82_11w16 Failed to read info -> Failed to read SP info As you can see, simlock is accepted, but simlock test is failed (before writing RPL, simlock was ok and test passed). As a result, IMEI is recovered, but simlock area damaged. Any solution plz? |
07-18-2012, 07:29 | #2 (permalink) | |
Freak Poster Join Date: Mar 2012 Location: Big Ben Age: 30
Posts: 309
Member: 1728389 Status: Offline Sonork: 100.1617627 Thanks Meter: 57 | Quote:
| |
07-18-2012, 15:02 | #6 (permalink) |
Junior Member Join Date: Mar 2011
Posts: 18
Member: 1542807 Status: Offline Thanks Meter: 0 | Just have done full erase chip, but the phone is no longer detected via fbus. Booting CMT... CMT_SYSTEM_ASIC_ID: 000000030000022600010007600C192102011104 CMT_EM_ASIC_ID: 00001040 CMT_EM_ASIC_ID: 00001030 CMT_PUBLIC_ID: 14D0010975400E49CE5178EE0A602065A1D9F871 CMT_ASIC_MODE_ID: 00 CMT_ROOT_KEY_HASH: 25B977A055BE9B5DEC0C38A2A279C695 CMT_SECURE_ROM_CRC: 37BE26FA CMT Ready! Searching for BootCode: DualLine 32Bit RAPUv11_2nd.fg, Type: 2nd Boot Loader, Rev: 768.12.11.0, Algo: BB5 Flashbus Write baud set to 1.0Mbits Flashbus Read baud set to 98Kbits Using NEW BB5 FLASHING PROTOCOL Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit Box TX2 Data Pin set to: Service Pin 3 If software STUCK HERE with box TX LED lit, that means: USING JAF/UFS CABLES!) 2. Your cable is not TX2 Enabled! 3. Transmission error occured, try again In either cases, you need to reconnect your box from USB. FlashChip[0,CMT]: 0x0000000000000000, Unknown, RAM FlashChip[0,CMT]: 0xFFFF000000000000, Unknown, MMC FlashChip[0,CMT]: 0x0020004000000031, ST, NOR FlashChip[1,CMT]: 0x0000000100000000, Unknown, NOR FlashChip[0,CMT]: 0x0020004000000031, ST, ONENAND Requested Algorithm: XSR 1.6 (CMT) Searching for BootCode: DualLine 32Bit FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported RAPUv11_XSR17_alg.fg, Type: Algorithm, Rev: 768.12.11.0, Algo: XSR 1.6 Initializing TurboCache... TurboCache Loaded! Writing CMT PASUBTOC Certificate... Writing CMT ALG Certificate... CMT Algorithm Ready! Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit Box TX2 Data Pin set to: Service Pin 3 Adding FUR Client (CMT, State: Ready)... CMT FUR Ready! Box VPP disabled Internal CMT Phone VPP Enabled PAPUBKEYS Hash for CMT: 85F252E351E225CAFC4DFBC8041EABD2823E3500 APE Subsystem Not Found Flashbus Write baud set to 5.0Mbits Erasing flash chip... Started group flash erase EraseArea[0,CMT]: 0x00000000-0x0FFFFFFF, ONENAND Waiting 640s for erasure finish... Erase taken 1.124s Restarting MCU... BB5 Full Erase Finished! Started Phone Security Analysis... Analyze Security Error -> Phone not detected (FBUS) Failed to read info -> Phone not detected OK, it's detected via USB |
07-18-2012, 15:18 | #7 (permalink) | |
No Life Poster Join Date: Jan 2009 Location: England Age: 58
Posts: 17,681
Member: 947561 Status: Offline Thanks Meter: 14,051 | Quote:
When the mobile is fully erased can be seen only on the flashbus so you can see it doing "check flashing bus" Full flash the mobile as indicated and afterward the mobile will get again the local mode BR Alex | |
07-18-2012, 16:55 | #8 (permalink) |
Junior Member Join Date: Mar 2011
Posts: 18
Member: 1542807 Status: Offline Thanks Meter: 0 | 1. Fully erased (FBUS) 2. Fully flashed (USB), result: IMEI broken, Simlock test passed, security test passed 3. Wrote back RPL (FBUS), result: IMEI ok, Simlock test failed, security test failed 4. SX4 auth + write PM 1, 309, result: IMEI ok, simlock test failed, security test passed As I said, I don't have full PM backup. Power on the phone - white screen for 1 sec then power off. |
07-19-2012, 14:30 | #9 (permalink) |
Junior Member Join Date: Mar 2011
Posts: 18
Member: 1542807 Status: Offline Thanks Meter: 0 | I have done one more thing. Fully erased the phone again and fully flashed with Phoenix service software (dead phone usb/refubrish mode). After that the phone...boots up in normal mode!? Do you believe that? With no RPL, no PM? How come? Typed *#06# and it shows damaged IMEI (123456....). Then I wrote RPL and the phone is dead (IMEI ok, simlock failed). So then erased IMEI (NPC cert) and the phone is alive again (IMEI damaged, simlock ok). Can you explain that? What's going on with this phone? Regards, jatza |
07-19-2012, 20:52 | #10 (permalink) |
Junior Member Join Date: Mar 2011
Posts: 18
Member: 1542807 Status: Offline Thanks Meter: 0 | Founded solution!!! Problem was with PM 120. Writed RPL to phone, readed PM 120 and edited with notepad. Sector 2 of PM 120 [120,2] should have 130 bytes, but has 134 bytes, so it was 4 bytes too long. Just deleted eight zeros from the end of the sector and wrote PM 120 back to phone and....voila . E52 is alive and fully working!! Establishing Connection with Box in Main Mode... Handling device: [Cyclone Team], [Cyclone Box], [Platform: Classic] Initializing box... Box Firmware: Cyclone Main Application v02.04, (Jun 10 2012 18:37:57, gcc v4.3.3, RTOS V6.0.1), Type: Signed Production Application, (C) KarwosSoft 2012 Hardware Platform: Cyclone Reloaded Flasher Interface (c) 2012 KarwosLabs Box Serial Number: B000089B HW Revision: D, Suitable for: Production, Case: Reloaded Box Casing, MCU Manufacture Time: 2012, wk01 / 2011, wk27 Box is activated Started box selftests procedure USB Voltage 5,03v PASSED MCU Voltage 3,28v PASSED Core Voltage 1,79v PASSED VBAT Voltage 1,35v PASSED VBAT Voltage 4,93v PASSED Box VPP disabled VPP Voltage 0,02v PASSED Internal Box VPP Enabled VPP Voltage 5,01v PASSED Box VPP disabled VPP Voltage 0,04v PASSED All box selftests passed! Super DCT4 Activation: TRUE XGold/Blackberry Service Running, Counter: 99 Avaiable Physical Memory: 1.925GB Avaiable Virtual Memory: 1.786GB Avaiable Pagefile: 3.1023GB Initializing FBUS... All initialized - Ready to work Phone is in Local Mode Normal mode set MCU Version V ICPR82_11w16.3.11 MCU Date 29-03-12 Product RM-469 (Nokia E52) Manufacturer (c) Nokia IMEI 3593270XXXXXXXX Mastercode 70705XXXXX IMEI Spare 3A95230XXXXXXXXX IMEI SV 33952307XXXXXXXXXX000000 PPM 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091Ą rm469_091.004_U006.000_prd PSN MCI656271 Product Code 0591678 Module Code 0203994 Basic Product Code 0565921 PSD 0000000000000000 LPSN 0 WLAN MAC A87B39283E1F APE SW 091.004 APE Variant 091.004091.004.02.01091.004.C00.01 APE Test v0.a091 APE HW 256 APE ADSP 256 APE BT HCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652. RETU 40 TAHVO 00 AHNE 11 HW 8000o256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091Ą rm469_091.004_U006.000_prd PCI o256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01kv0.a091 UEM 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01kv0.a091 UPP 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091 RFIC |Vapaus_5.1 | Aura_?.? DSP 11w52o256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091 LCD 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01kv0.a091Ą rm469_091.004_U006.000_prd BT 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091Ą rm469_091.004_U006.000_prd ADSP Sw 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091Ą rm469_091.004_U006.000_prd ADSP DevID 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01kv0.a091 ADSP RevID 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01kv0.a091 AEM 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091 Flip MCUSW 256qPIHCI Version 12 (rev. 8192). LMP Version 12 (rev. 0). Manufacturer 12652.n256i091.004j(#091.004091.004.02.01091.004.C 00.01u$Tkv0.a091 Simlock Server SIMLOCK SERVER Simlock Key 2440700000000000 Simlock Profile 0000000000000000 Simlock Key Cnt 0 Simlock FBUS Cnt 0 Simlock [1,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [1,2] State: OPENED Type: GID Data: FFFF Simlock [1,3] State: OPENED Type: GID Data: FFFF Simlock [1,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [1,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [2,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [2,2] State: OPENED Type: GID Data: FFFF Simlock [2,3] State: OPENED Type: GID Data: FFFF Simlock [2,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [2,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [3,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [3,2] State: OPENED Type: GID Data: FFFF Simlock [3,3] State: OPENED Type: GID Data: FFFF Simlock [3,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [3,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [4,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [4,2] State: OPENED Type: GID Data: FFFF Simlock [4,3] State: OPENED Type: GID Data: FFFF Simlock [4,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [4,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [5,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [5,2] State: OPENED Type: GID Data: FFFF Simlock [5,3] State: OPENED Type: GID Data: FFFF Simlock [5,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [5,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [6,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [6,2] State: OPENED Type: GID Data: FFFF Simlock [6,3] State: OPENED Type: GID Data: FFFF Simlock [6,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [6,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [7,1] State: OPENED Type: MCC-MNC Data: FFFFFF Simlock [7,2] State: OPENED Type: GID Data: FFFF Simlock [7,3] State: OPENED Type: GID Data: FFFF Simlock [7,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Simlock [7,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF Auto Selecting Flash Files on User Request... Product Code: 0591678 This is Valid BB5 Product No variant found with given Product Code, selecting first one Started Phone Security Analysis... MCU Version V ICPR82_11w16.3.11 MCU Date 29-03-12 Product RM-469 (Nokia E52) Manufacturer (c) Nokia IMEI 3593270XXXXXXXX Mastercode 70705XXXXX Reading Security Block... Security block OK and saved to "RM-469_3593270XXXXXXXX_2012-07-19_214436.SecurityBlock.PM" Step 1 : Testing SIMLOCK SIMLOCK SEFLTEST PASSED OK! Step 2 : Testing SECURITY SECURITY SEFLTEST PASSED OK! Step 3 : Analyzing Security Block "14D0010975400E49CE5178EE0A602065A1D9F871.B000089B " Exists, That is good... Checking SUPERDONGLE... SUPERDONGLE FOUND AND CHECKSUM OK! PASSED! Checking SIMLOCK... Failed to decode Security Section, Box Reported: Security Section Not Found (SL3 phone?) Checking MCU&DSP TIMESTAMPS... MCU&DSP TIMESTAMPS FOUND AND CHECKSUM OK! PASSED! Checking CMLA KEYS... CMLA KEYS FOUND AND CHECKSUM OK! PASSED! Checking ECC KEYS... ECC KEYS FOUND AND CHECKSUM OK! PASSED! Checking DIV KEYS... DIV KEYS FOUND AND CHECKSUM OK! PASSED! Analyze finished! PS: Full PM backup is not needed. Problem solved. Best regards, jatza |
Bookmarks |
Thread Tools | |
Display Modes | |
| |
Similar Threads | ||||
thread | Thread Starter | Forum | Replies | Last Post |
Seeking for flash nokia 5110 old version (3 version) can exchange for new | Tomas | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 8 | 10-14-2017 19:29 |
New Nokia Software!!!!!!! | Jefferson | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 52 | 12-30-2016 08:17 |
Need software upgrade for Nokia 5110 | ptkrf | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 30 | 02-24-2016 10:21 |
|