|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
04-06-2011, 07:00 | #1 (permalink) |
Major Poster Join Date: Apr 2002 Location: Transylvania/Romania/Tg-Mures Age: 48
Posts: 45
Member: 11351 Status: Offline Thanks Meter: 4 | SL3 + ighashgpu + input data: /uh /salt /h |
The Following User Says Thank You to dragon7 For This Useful Post: |
04-06-2011, 10:44 | #2 (permalink) |
No Life Poster Join Date: Apr 2003 Location: Torun, Poland Age: 40
Posts: 1,195
Member: 25996 Status: Offline Thanks Meter: 253 | ighashgpu -t:sha1 -salt:00_IMEI_15_digits_0 -h:HASH -uh:00010203040506070809 -min:15 -max:15 That's it, example: ighashgpu -t:sha1 -salt:003582560396627500 -h:5F0D0ABEB59E67A779D15B8EA431FF45D648F985 -uh:00010203040506070809 -min:15 -max:15 |
04-06-2011, 13:58 | #4 (permalink) | |
No Life Poster Join Date: Jul 2006 Location: ..::DZ-25::..
Posts: 529
Member: 315181 Status: Offline Sonork: 100.1593455 Thanks Meter: 301 | Quote:
br | |
The Following User Says Thank You to angel25dz For This Useful Post: |
04-06-2011, 16:36 | #5 (permalink) |
No Life Poster Join Date: Mar 2007 Location: Guangzhou-China
Posts: 1,289
Member: 468587 Status: Offline Sonork: 100.1612429 Thanks Meter: 681 | Code: ighashgpu -t:sha1 -salt:00[imei]00 -h:[hash] -uh:00010203040506070809 -min:15 -max:15 [imei] = 14 digits. [hash] = hash readed with mxkey. put this line in notepad file and change extension *.txt to *.cmd Put this *.cmd file to IGHASHGPU folder and double click to start bruteforce. Hope its clear now. Last edited by MOURAD™; 04-06-2011 at 16:46. |
04-06-2011, 20:19 | #6 (permalink) |
Major Poster Join Date: Apr 2002 Location: Transylvania/Romania/Tg-Mures Age: 48
Posts: 45
Member: 11351 Status: Offline Thanks Meter: 4 | One more question remain for me... This read out hash is equal with CMT_ROOT_KEY_HASH + CMT_SECURE_ROM_CRC or it is some other data form PM120? For example in the file below (after a LBF done with the code in the end) where is the hash??? 359370036240079 9B485686BFD39D4B35D358C4E82C05AC876C5ED5FA20EF0080 204F31E618767A947C6C9A9B8CF9322EBA04115487ED122B32 219F64B5C5B514023344D0A55D16507D6A7CD11534A3773C7D 606135D47344C07827C3711451B7941A3D74770735181D8FD5 C55A5155B20D556B7CA4D8499361318B88F41FA977A89F6842 B54017B612A246FB565263F18299DA512387159D707CACC244 0EA57E90D5DF3EBD9133 972798506488412 This phone has a CMT_ROOT_KEY_HASH: 9DDBFCFE6E73CED7D8C6268C8EB85723 and CMT_SECURE_ROM_CRC: DFAAF68F if I read info from phone. Thanks for all who answered the topic! |
04-07-2011, 07:59 | #8 (permalink) |
Major Poster Join Date: Apr 2002 Location: Transylvania/Romania/Tg-Mures Age: 48
Posts: 45
Member: 11351 Status: Offline Thanks Meter: 4 | things brighten up! Thanks! And where is this hash stored? In PM120? When I read PM120 wich bytes are the right ones for this? Has PM120 to be modifyed to see these datas? Thanks and sorry for insistence! |
04-07-2011, 10:03 | #9 (permalink) | |
No Life Poster Join Date: Jul 2006 Location: ..::DZ-25::..
Posts: 529
Member: 315181 Status: Offline Sonork: 100.1593455 Thanks Meter: 301 | Quote:
/br | |
04-07-2011, 10:04 | #10 (permalink) |
No Life Poster Join Date: Mar 2007 Location: Guangzhou-China
Posts: 1,289
Member: 468587 Status: Offline Sonork: 100.1612429 Thanks Meter: 681 | Re-read this again: http://forum.gsmhosting.com/vbb/f83/...2/#post7167220 You need only mastersp. Best regards. Last edited by MOURAD™; 04-07-2011 at 10:10. |
04-07-2011, 19:01 | #11 (permalink) |
Freak Poster Join Date: Mar 2011 Location: 1st Direct Source
Posts: 379
Member: 1537172 Status: Offline Thanks Meter: 65 | Hi I need to know if i can extract the hash with an usb conection...Mt Box Sl3 Usb Reader gives me this information... MODEL: NOKIA 2730 CLASSIC (CLASSIC PHONE) SW: V 10.45 05-07-10 RM-578 (C) NOKIA IMEI: 354343044xxxxxx Product Code: 0584996 Life timer: 50490000 <> 000005:12 -------------------------------------------------------------------------- ST_SIM_LOCK_TEST: PASSED ST_SECURITY_TEST: PASSED ST_SUPERDONGLE_TEST: PASSED -------------------------------------------------------------------------- PROVIDER KEY: 0000000000000000 CONFIG KEY: 2440700000000000 PROVIDER: AT&T;U.S.A. (3650) KEY CODE COUNT: 0 , FBUS CODE COUNT: 0 -------------------------------------------------------------------------- APE: none -------------------------------------------------------------------------- CMT: 89820089 CMT PUBLIC ID: 0F300009BCB501568FE23BF8AB00D618BE3B33DF CMT ROOT KEY HASH: 9DDBFCFE6E73CED7D8C6268C8EB85723 CMT PAPUBKEYS HASH: 8669C77551AE1280331BBAE6FD0C7CB3D3F44CC1 -------------------------------------------------------------------------- My question is: this software gives me the hash that i need?? |
04-08-2011, 14:28 | #12 (permalink) | |
No Life Poster Join Date: Mar 2007 Location: Guangzhou-China
Posts: 1,289
Member: 468587 Status: Offline Sonork: 100.1612429 Thanks Meter: 681 | Quote:
You can find it in PM120,4 Contain: - simlock - sha1 - rsa signature. When you extract an decrypt sha1 hash. example: imei: 356918031143509 sha1 Hash: 8D1C71F10A3F36FAFCFEB60B8B3D10E341E4B78D Brutforce: sha1 hash = 8D1C71F10A3F36FAFCFEB60B8B3D10E341E4B78D = SHA1(mastersp+salt+00+35691803114350+00) mastersp: [000000000000000~999999999999999] Salt : [0~9999] | |
The Following 2 Users Say Thank You to MOURAD™ For This Useful Post: |
04-09-2011, 16:06 | #13 (permalink) |
No Life Poster Join Date: Mar 2007 Location: Guangzhou-China
Posts: 1,289
Member: 468587 Status: Offline Sonork: 100.1612429 Thanks Meter: 681 | Here small example about Bruteforce calcul: Hash find OK: SHA1 TEST [35691803114350] = 8D1C71F10A3F36FAFCFEB60B8B3D10E341E4B78D SHA1 Hash [35691803114350] = 8D1C71F10A3F36FAFCFEB60B8B3D10E341E4B78D Mastersp = 065222098608403 Best Regards Mourad Last edited by MOURAD™; 04-09-2011 at 16:15. |
The Following 6 Users Say Thank You to MOURAD™ For This Useful Post: |
04-09-2011, 17:43 | #14 (permalink) | |
Major Poster Join Date: Nov 2008 Age: 34
Posts: 48
Member: 907738 Status: Offline Thanks Meter: 26 | Quote:
nice info sir .. but why mx-key not support to brute force with ati hd 6990 ?? | |
04-09-2011, 17:57 | #15 (permalink) | |
Major Poster Join Date: Apr 2002 Location: Transylvania/Romania/Tg-Mures Age: 48
Posts: 45
Member: 11351 Status: Offline Thanks Meter: 4 | Quote:
More about ATI 6XXX - Ivan Golubev's blog and Đ¡Đ¿Đ¸$дили - Ivan Golubev's blog Last remark: You can use maybe Fenix key with HD6xxx. Chec them out. Best regards! | |
The Following User Says Thank You to dragon7 For This Useful Post: |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
3310 problem display disappears after input pin | simonb | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 8 | 01-09-2009 10:37 |
how to input unlock code??? | skedone | Infineon C16X M51 & ARM7 M52 BASED | 1 | 08-07-2002 11:45 |
How to input nck by keyboard? | ren777 | Mitsubishi | 2 | 02-16-2002 15:47 |
restore T9 text-input siemens S35 | baronx | x1x to x45/x50 | 0 | 01-03-2002 23:16 |
Nck input problems, on mc9224.1m | dollyb | Infineon C16X M51 & ARM7 M52 BASED | 0 | 04-05-2001 21:27 |
|