Nok BB-5 Unlock idea !

[dorian2004]

Hi by All users of this forum.


This methode is not original and i think this methode we posible used as templaty unlock solution .

When you ask me about why i say the - i am repeat about i am not a first have this idea . This idea have realiced from software engineer from our country . In fact i not publish hes name and i know this way from he opened BB5 unlock solution.


************************************************** ********

How to want to make uunlock ? - from next 4x thread i write .

This unlock work to be fine via Flash patch and no more .

I need 20 locked phones and 20 unlock codes .
I need UP 1024 device and 2-4 monts of job .


How to work ! >

In first i want desoldered flash and put to UP 1024 programmer .
New i have extract flash file from chip.

Next we soldering flash chip to phone and unlock via code.


After we new make extract flash chip and disasemple sourse code .


When we seen algo - we make patch addon .

************************************************** ********

What you think about this idea ?

my ICQ 333-414-824

Sonork 100.69222

[email protected]


BR. Dr.Mobile

[SicilianBoy]

man learn how to write in english before making a plan

[PhonePlus]

it can be done try !

[mobileland]

It is allready done.
Nokia 6280 from 3 UK with version 3.36 appeared here in my country.And guess what?
Those phones are not unlocked by Dejan Team, but by someone else.
And off course,after you flash such phone(each phone have software faults) you get total 100% working BUT LOCKED phone.

Best Regards!

[Gsm-W]

Quote:

Originally Posted by mobileland

It is allready done.
Nokia 6280 from 3 UK with version 3.36 appeared here in my country.And guess what?
Those phones are not unlocked by Dejan Team, but by someone else.
And off course,after you flash such phone(each phone have software faults) you get total 100% working BUT LOCKED phone.

Best Regards!

But the weird part are the phone can be downgrade after upgrade!! 5.92 -->3.36
Some phone still can be use even the imei is corrupted without 2 minute restart!!



Does that mean this version have very weak security measurement compare to other version??


BR

[DOCTOR8]

Hi friend
ur idea is not bad but
can done if you make same operation in RAP3G r/w
this cpu Good luck.

[GFI]

Hopefully we can see the solution been done and released

Regards
GFI-Team

[Zaihtam]

The unlocked phone doesn't change the firmware i think, it just have the right key at at the right place. so far i knew it is stored in the PM area. if i not wrong.


Good Luck...

[OCTOPUS d.o.o.]

give me your adress I send you 20 phones for test.But after you give me source code for free,....

[adihack]

@mobileland: have you HW to read out flash from one's of these phones ?

Yes, I think that BB5 phone flash can be easy patched to unlock phone. But you must known that this patched flash can't be written via cable ! Flash files are signed by certificates. Only way to write patched flash is to use external programmer. This is the easiest way to unlock BB5 - but it's difficult in use and risky(desolderning BGA chips) and can't be protected.

[shaaker]

This solution maybe working with the GA628 and lower Ericson

[adihack]

@shaaker: Before you comment somethink better think twice if you are right. I know what I am writing, I have seen a lot of disassembled Nokia BB5 firmware, I know how is working this Symbian platform. So if you don't have any ideas to post plase don't post useless posts ..

[crusher]

please always remember that our friend sent to him some hundred bucks once and did not receive nothing valuable

so please send your stuff to him and wait and leave honest people like shaaker alone...

[dorian2004]

Quote:

Originally Posted by adihack

@mobileland: have you HW to read out flash from one's of these phones ?

Yes, I think that BB5 phone flash can be easy patched to unlock phone. But you must known that this patched flash can't be written via cable ! Flash files are signed by certificates. Only way to write patched flash is to use external programmer. This is the easiest way to unlock BB5 - but it's difficult in use and risky(desolderning BGA chips) and can't be protected.

Ofcourse the easy method of patched to unlock , i tool you about this methode is not original and this methode we possible used as template unlock in some time .

So about Flash files are signed by certificates - i know about some sertificates have bug, for example mathematik function * to 0 , if you have dct4/bb5 flash sourse - maybe you know about the better.


This methode is cheap with buyed external programmer from Dedjan or buyed RAP 3g MCU.


*OCTOPUS d.o.o.
In fact if some peoples send me nokias and hardware - i give he all result as free for partner .


BR.

[Zaihtam]

@adihack
are you sure about the possiblility of writing a patched code right into the flash IC is applicable? (using a hardware flash programmer). I haven't tried it but the UP1024 can do it i think.

Do you think the unlock can be done in the NAND flash IC? how about the RAP 3G Nor Flash where the certificates stuff?

Good Luck...