How SL3 Unlock Codes are Calculated?

[[Shadab_M]]

Hi!

I am just curious to know how SL3 Unlock Code calculation works.

As in some boxes there is option to submit request by imei only.

So the question is:
> What data is needed to calculate unlock code?
> Why unlock code calculation takes too much time?

In short, if somebody can tell us the procedure involved in code calculation.

Br,
Shadab Ahmad

[malikawan]

As my knowledge code calculated by bruteforce so why they need too much time.

[aniskhatri]

i think some special algorithm hide in every rap id and imei...........thts depend on time to be taken

[fr3nsis]

Brute force SHA-1 of Truncated 15 digit-code + RND + IMEI until getting
a match from the decrypted hash entries in PM 120.

original post of x-shadow
http://forum.gsmhosting.com/vbb/f609...0/#post6159636

[Haltec]

Quote:

Originally Posted by fr3nsis

Brute force SHA-1 of Truncated 15 digit-code + RND + IMEI until getting
a match from the decrypted hash entries in PM 120.

original post of x-shadow
http://forum.gsmhosting.com/vbb/f609...0/#post6159636

I forgot that post was in sub-forum where it shoud be.

(Spent last 20 mins looking for it.)



BR


Haltec

[Haltec]

And what truncated mean in this context?

Is it "Delphi" Trunc ?

As discarding evriting behind floating point, or...?

(ah, long time ago was that Turbo Pascal)

Why RND? (not Random..., I presume?)



BR


Haltec

[angel25dz]

can someone explain more this Truncated 15 digit-code +RND ??

truncate you mean this ?

[dualtrace]

And this is what BPH had posted about RND value:

Quote:

The keyspace is so large because Nokia have decided to use a random number
in the calculation. This number is in the range of 0 - 1000 at the current SL3
implementation.

The phone has no clue about this number, when you enter valid code into the
phone, the HW will try to bruteforce this RND value and check if enter code is
valid for any of the possible RND values.

Well off course this is my interpretation of the security, like many times before
i could be wrong in my analysis, so any of the 'great teams' that offer 'first
in the worlds solutions' for Nokia right now can prove me wrong and offer
unlock in seconds.

Br,

dualtrace

[[Shadab_M]]

Quote:

Originally Posted by fr3nsis

Brute force SHA-1 of Truncated 15 digit-code + RND + IMEI until getting
a match from the decrypted hash entries in PM 120.

original post of x-shadow
http://forum.gsmhosting.com/vbb/f609...0/#post6159636

How they can match with hash in PM 120 as they take only IMEI from us?

Br,
Shadab Ahmad

[..::AppleLinks::..]

i think they are manually Generating the Unlock codes from Phone IMEI ,so why it took too much time for Generate an unlock codes for a single phone.

[uqbah]

Quote:

Originally Posted by shadab_a4u

How they can match with hash in PM 120 as they take only IMEI from us?

Br,
Shadab Ahmad

as i know all boxes must have 120 along with imei to calculate unlock code..
for time with ordinary or lower speed or less in numbers u have data processing units it must take long time to finish jobs..
as said above nokia use random numbers so they have to bruteforce the data for greater numbers of times to get exact match..


correct me if am wrong..

[..::Angel::..]

Quote:

Originally Posted by shadab_a4u

How they can match with hash in PM 120 as they take only IMEI from us?

Br,
Shadab Ahmad

Hi,

All tool gets PM120 also with imei. Because SHA-1 sign is in PM120,2(decrypted hash entries i think so..) and as well calculated code are stored in PM120,3

And they also modify loaders "RAPIDOv11" old hack In rapu phones Nokia must have fixed this hack but still some 'great teams' are able to exploit that

BUT there are some new rapido single asic phones with (hash 479C), i am thought Nokia have fixed all bugs in it and it has high security..! There should be other method to unlock this phone instead bruteforce :-) or I could be wrong.

BR

[[Shadab_M]]

Does unlock code depends on MCC+MNC?

OR any other data which it may depend on?

Br,
Shadab Ahmad

[..::Angel::..]

Quote:

Originally Posted by shadab_a4u

Does unlock code depends on MCC+MNC?

OR any other data which it may depend on?

Br,
Shadab Ahmad

Hi,

I think no. It does not depend on MCC, MNC! They generates level7 codes which removes all restriction in phone. So, no matter which level phone is locked to. If any phone does not accept level7 code or phone is not locked to appropriate level then in this case is not possible to unlock phone with generated level7 code. - Telcel Maxico phones

BR

[[Shadab_M]]

Quote:

Originally Posted by fr3nsis

Brute force SHA-1 of Truncated 15 digit-code + RND + IMEI until getting
a match from the decrypted hash entries in PM 120.

original post of x-shadow
http://forum.gsmhosting.com/vbb/f609...0/#post6159636

Bro, can you explain this?

Does this mean:
> Need to make every possible 15 digit code.
> Use Random number from 0-1000.
> After adding both (dont know if it is simple addition), add IMEI.
> Now compare SHA-1 of this value to the value stored in PM120-2

Am I right? or I need more mind power to understand it?

Br,
Shadab Ahmad