SL3 patch unlock (Flash patching) possible or not?

[MOURAD™]

Since now no one told about SL3 patch unlock (Flash patching) possible or not?

lets share here your opinion and answers about this.




Best Regards.

[Medusa Lancer]

it's not possible for now!!!

[angel25dz]

not possible and even if possible is useless

[g-gabber]

Quote:

Originally Posted by angel25dz

not possible and even if possible is useless

If it would be possible to patch firmware, it would be enough to change one byte to unlock the phone.

br g

[angel25dz]

Quote:

Originally Posted by g-gabber

If it would be possible to patch firmware, it would be enough to change one byte to unlock the phone.

br g

....Maybe ..............but i don't think changing 1 byte will be enough to unlock SL3 phones.

correct me if i'm wrong :
in SL1, SL2 when code is valid phone change lock flag and using PATCH u need just to change 1 byte (0 or 1) and the phone do the rest, it change flag and phone will be unlocked for ever.

but in SL3 the phone don't make any change because each new SL data need RSA1024 signature, so it need RSA private key !!! phone have only public key to check signtaure .....

./br

[g-gabber]

Quote:

Originally Posted by angel25dz

....Maybe ..............but i don't think changing 1 byte will be enough to unlock SL3 phones.

correct me if i'm wrong :
in SL1, SL2 when code is valid phone change lock flag and using PATCH u need just to change 1 byte (0 or 1) and the phone do the rest, it change flag and phone will be unlocked for ever.

but in SL3 the phone don't make any change because each new SL data need RSA1024 signature, so it need RSA private key !!! phone have only public key to check signtaure .....

./br

In case of SL3 you don't need to manipulate the signature. There is function which is called "is_simlock_open", all what need to do is change a condition jump on right place. Consider there is a hybrid firmware like E71 v300 which supports sl2 and sl3.

br g

[angel25dz]

Quote:

Originally Posted by g-gabber

In case of SL3 you don't need to manipulate the signature. There is function which is called "is_simlock_open", all what need to do is change a condition jump on right place. Consider there is a hybrid firmware like E71 v300 which supports sl2 and sl3.

br g

"IS_SIMLOCK_OPEN" in case of SL3, what it do exactly ??

I see it like this :

1st it check lock flag,
1- if phone unlocked (factory unlocked with provider 244) exit function and phone start unlocked....

2- if phone is not factory unlocked it check PM120,03
a- if empty : phone start locked
b- if there is data in PM120,3, it generate SP and bruteforce RND to compare sha1 hash's
b-1 if sha1 is the same stored in PM120,1 : phone start unlocked
b-2 if sha1 not found phone start : Contact service


the only known way to check validity of NCK is compare SHA1 (SP+RND+IMEI) the reason why phone need to bruteforce salt, if there is another way (permanent way) to check if phone is unlocked or not, why phone need to do bruteforce in every start ???

./br

[oOXTCOo]

if you can exploit the phone to accept patched firmware
then you can do all what you whant

you can completly disable simlock check or you can
write another rsa key for simlock and write the correct
sp code into pm or unlock with calculated code for
the rsa sign wich you have written...

problem is more.. how to exploit the phone to accept
patched firmware and not how it is protected...
it dose no matter how its protected... with patching
you can change everything...

correct me if iam wrong.

better discuse how to make phone to accept patched firmware.

[lam_spiderman]

Quote:

Originally Posted by Mrd07

Since now no one told about SL3 patch unlock (Flash patching) possible or not?

lets share here your opinion and answers about this.




Best Regards.

not now, wait come .

[kamiran]

Quote:

Originally Posted by oOXTCOo

if you can exploit the phone to accept patched firmware
then you can do all what you whant

you can completly disable simlock check or you can
write another rsa key for simlock and write the correct
sp code into pm or unlock with calculated code for
the rsa sign wich you have written...

problem is more.. how to exploit the phone to accept
patched firmware and not how it is protected...
it dose no matter how its protected... with patching
you can change everything...

correct me if iam wrong.

better discuse how to make phone to accept patched firmware.

i like the idea of finding an exploit ... like devs do in ios or android based phones to install custom (patched) firmwares.

Br

K@mi

[.:SUBRATA:.]

Quote:

Originally Posted by kamiran

i like the idea of finding an exploit ... like devs do in ios or android based phones to install custom (patched) firmwares.

Br

K@mi

Android has different firmware structure. open source kernel. nokia is really different.

B/R
Sub4t4

[orbita]

Quote:

Originally Posted by angel25dz

"IS_SIMLOCK_OPEN" in case of SL3, what it do exactly ??
the only known way to check validity of NCK is compare SHA1 (SP+RND+IMEI) the reason why phone need to bruteforce salt, if there is another way (permanent way) to check if phone is unlocked or not, why phone need to do bruteforce in every start ???

./br

I'am really beginer in Nokia, so correct me if wrong.
1.This value, in fact is not random value, it's stored in some space in phone.
(cripted,hashed by some algo no matter).

2.To acces secure storage area need modified loader , but..... if use nokia C++ and make small aplication to colect some data from phone?
Upload this to phone and execute and save this data to memory card?
Is same like acces private filesistem from outside and from inside.

Idea is to acces some phone security function from inside not from outside
and execute this function.
Exist posibility to catch this value used in code verification algo ?

[datalife2000]

"...CORRECT ME IF I AM WRONG..." i like the idea...

[orbita]

Quote:

Originally Posted by datalife2000

"...CORRECT ME IF I AM WRONG..." i like the idea...

You post this only to post some?
If have some usefull to write, write.
If not, not need post nonsense.

Is so "hot" in Africa now ?

[angel25dz]

Quote:

Originally Posted by orbita

I'am really beginer in Nokia, so correct me if wrong.

I'm a beginner too

Quote:

1.This value, in fact is not random value, it's stored in some space in phone.
(cripted,hashed by some algo no matter).

?

Salt is totally random, this is why phone must bruteforce it to check NCK validity....

Quote:

if use nokia C++ and make small aplication to colect some data from phone?

why ?? all needed data u can get it using custom loader.... even u make this kind of app, i don't think it can be able to access to secure storage...it need to find and exploit a system hole like bufferoverflow or other kind of holes....

Quote:

Is so "hot" in Africa now ?

yes......

./br