|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
05-29-2011, 19:35 | #1 (permalink) |
No Life Poster Join Date: Mar 2007 Location: Guangzhou-China
Posts: 1,289
Member: 468587 Status: Offline Sonork: 100.1612429 Thanks Meter: 681 | SL3 patch unlock (Flash patching) possible or not? lets share here your opinion and answers about this. Best Regards. |
05-29-2011, 20:34 | #5 (permalink) | |
No Life Poster Join Date: Jul 2006 Location: ..::DZ-25::..
Posts: 529
Member: 315181 Status: Offline Sonork: 100.1593455 Thanks Meter: 301 | Quote:
correct me if i'm wrong : in SL1, SL2 when code is valid phone change lock flag and using PATCH u need just to change 1 byte (0 or 1) and the phone do the rest, it change flag and phone will be unlocked for ever. but in SL3 the phone don't make any change because each new SL data need RSA1024 signature, so it need RSA private key !!! phone have only public key to check signtaure ..... ./br | |
The Following 2 Users Say Thank You to angel25dz For This Useful Post: |
05-29-2011, 20:49 | #6 (permalink) | |
No Life Poster Join Date: Oct 2005 Location: Yes
Posts: 521
Member: 192652 Status: Offline Sonork: No Thanks Meter: 121 | Quote:
br g Last edited by g-gabber; 05-29-2011 at 20:59. | |
05-29-2011, 21:20 | #7 (permalink) | |
No Life Poster Join Date: Jul 2006 Location: ..::DZ-25::..
Posts: 529
Member: 315181 Status: Offline Sonork: 100.1593455 Thanks Meter: 301 | Quote:
I see it like this : 1st it check lock flag, 1- if phone unlocked (factory unlocked with provider 244) exit function and phone start unlocked.... 2- if phone is not factory unlocked it check PM120,03 a- if empty : phone start locked b- if there is data in PM120,3, it generate SP and bruteforce RND to compare sha1 hash's b-1 if sha1 is the same stored in PM120,1 : phone start unlocked b-2 if sha1 not found phone start : Contact service the only known way to check validity of NCK is compare SHA1 (SP+RND+IMEI) the reason why phone need to bruteforce salt, if there is another way (permanent way) to check if phone is unlocked or not, why phone need to do bruteforce in every start ??? ./br | |
The Following 4 Users Say Thank You to angel25dz For This Useful Post: |
05-30-2011, 01:20 | #8 (permalink) |
No Life Poster Join Date: Dec 2000 Location: J.A.U - Just Another Unlocker Age: 43
Posts: 3,498
Member: 2878 Status: Offline Thanks Meter: 9,123 | if you can exploit the phone to accept patched firmware then you can do all what you whant you can completly disable simlock check or you can write another rsa key for simlock and write the correct sp code into pm or unlock with calculated code for the rsa sign wich you have written... problem is more.. how to exploit the phone to accept patched firmware and not how it is protected... it dose no matter how its protected... with patching you can change everything... correct me if iam wrong. better discuse how to make phone to accept patched firmware. |
The Following 6 Users Say Thank You to oOXTCOo For This Useful Post: |
05-30-2011, 23:53 | #10 (permalink) | |
No Life Poster Join Date: Jan 2006 Location: could'nt found yet
Posts: 717
Member: 223973 Status: Offline Thanks Meter: 155 | Quote:
Br K@mi | |
05-31-2011, 08:54 | #12 (permalink) | |
Product Manager Join Date: Apr 2002 Location: nckDongle
Posts: 13,325
Member: 11170 Status: Offline Sonork: 1603694 Thanks Meter: 6,944 | Quote:
1.This value, in fact is not random value, it's stored in some space in phone. (cripted,hashed by some algo no matter). 2.To acces secure storage area need modified loader , but..... if use nokia C++ and make small aplication to colect some data from phone? Upload this to phone and execute and save this data to memory card? Is same like acces private filesistem from outside and from inside. Idea is to acces some phone security function from inside not from outside and execute this function. Exist posibility to catch this value used in code verification algo ? | |
The Following User Says Thank You to orbita For This Useful Post: |
05-31-2011, 10:28 | #15 (permalink) | |||
No Life Poster Join Date: Jul 2006 Location: ..::DZ-25::..
Posts: 529
Member: 315181 Status: Offline Sonork: 100.1593455 Thanks Meter: 301 | I'm a beginner too Quote:
Quote:
Quote:
./br | |||
The Following User Says Thank You to angel25dz For This Useful Post: |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unlocking 5190 | Ryu | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 23 | 01-07-2018 17:14 |
Seeking for flash nokia 5110 old version (3 version) can exchange for new | Tomas | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 8 | 10-14-2017 19:29 |
"Deskey Device driver not found" ?? Please help | DivAdonis | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 1 | 06-08-2017 13:21 |
6110 power does not stay on | sc~micro | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 6 | 08-30-2014 08:14 |
|