SL3: question

[angel25dz]

hi all, I saw in some box's logs: dumping RSA modulus !! can someone tell us where this modulus is stored ??

[crusher]

Should anyone know I doubt will tell.
However, if you'd specify which "box", maybe someone could have a look after it.
Otherwise, do not wonder if this thread just disappears (like the previous I commented in.. )

[MOURAD™]

Quote:

Originally Posted by crusher

Should anyone know I doubt will tell.
However, if you'd specify which "box", maybe someone could have a look after it.
Otherwise, do not wonder if this thread just disappears (like the previous I commented in.. )

in AdvanceBox Turbo Flasher "ATF".

All this in Permanent memory (120/0,1,2,3), dumping RSA in PM120/4 to extract and Decrypt sha1 hash, like this log:

Code:

..
....
Scanning Simlock Applet Type...
OK

=================================================
PA_SL3 Applet detected
=================================================

Dumping RSA Modulus...
OK

=================================================
RSA Modulus OK
=================================================
FlashInfo.RestartMode : 2

================================================== =
Decrypt SL3 PM 120 HASHES for Brute Force Unlock
================================================== =
Decrypting PM 120...
(This may take upto 30 Seconds on New RAPIDO HASH) 
PM 120 HASHES Extracted Successfully

39C05A2C79C7839FF413DD41C5077A4445F1C9F0
1D8CF08D8A7A793FFFD1166FCA50A9626E544AEF
16C5ED98F9E2BFBA46CF1D186F20C329E7ED842E
1BC23BB82252CF1165CAAD4D6D5F4CDAAEEA52AA
280E70C587D5DBD4A8B42AF59DDE8AC64D4C8F0C
3260876EF714284A553C6C7C58E4657728B7836C
EA169D4AB8280D7767BDB095C5CE4254444CB710
A54510E30F480D6FEF2C18DA38241DC264DB4963
...

Best Regards.

[angel25dz]

Quote:

Originally Posted by crusher

Should anyone know I doubt will tell.
However, if you'd specify which "box", maybe someone could have a look after it.
Otherwise, do not wonder if this thread just disappears (like the previous I commented in.. )

I haven't this box, otherwise i don't ask

[angel25dz]

Quote:

Originally Posted by Mrd07

in AdvanceBox Turbo Flasher "ATF".

All this in Permanent memory (120/0,1,2,3), dumping RSA in PM120/4 to extract and Decrypt sha1 hash, like this log:

Best Regards.

RSA modulus is not in PM

PM120,0 : simlock
PM120,1 : Crypted HASH's (AES)
PM120,2 : RSA Signature
PM120,3 : HWD ID +11 digits + lock level (each level have its place ) when phone is unlocked, for locked phone only "0" (16x7) bytes

./br

[MOURAD™]

Quote:

Originally Posted by angel25dz

RSA modulus is not in PM

PM120,0 : simlock
PM120,1 : Crypted HASH's (AES)
PM120,2 : RSA Signature
PM120,3 : HWD ID +11 digits + lock level (each level have its place ) when phone is unlocked, for locked phone only "0" (16x7) bytes

./br

PM field 120,4 have simlock, sha1, rsa sign - which can be rewritten - no need RPL format

Here: http://forum.gsmhosting.com/vbb/7144358-post12.html
&
here: http://forum.gsmhosting.com/vbb/7148878-post17.html

[angel25dz]

My question is about RSA MODULUS (PxQ) not about PM or about hash or about signature.....etc, just i'm curious about ATF log, they really dump this modulus ??

[UniSoft]

Quote:

Originally Posted by angel25dz

hi all, I saw in some box's logs: dumping RSA modulus !! can someone tell us where this modulus is stored ??

inside "PAPUBKEYS"... (index 0x50410008)

[angel25dz]

Quote:

Originally Posted by UniSoft

inside "PAPUBKEYS"... (index 0x50410008)

thanks, that's what i need

[MOURAD™]

Quote:

Originally Posted by angel25dz

My question is about RSA MODULUS (PxQ) not about PM or about hash or about signature.....etc, just i'm curious about ATF log, they really dump this modulus ??

waiting ..::Angel::.., for more explain if possible.




Best regards.

[..::Angel::..]

Quote:

Originally Posted by Mrd07

waiting ..::Angel::.., for more explain if possible.




Best regards.

Hello.
I dunno, how RSA module dumps. Where it stored? - answered by @UniSoft !

[neilthirumuttam]

may seek answers 4 a foolish doubt here?

without any help from tool makers and supporters
end users or common ppl will learn RSA module dumps. Where it stored?

linux ....
hit ...storm ... android
washing off nude kings.

and enjoying news paper 4 2days hits between chips - makers and programmers

os war in courts
but lowe end users make the resullt
not BRUTUAL FORCE..

[Bph&co]

Quote:

Originally Posted by angel25dz

My question is about RSA MODULUS (PxQ) not about PM or about hash or about signature.....etc, just i'm curious about ATF log, they really dump this modulus ??

Hi,

There is very easy way to get this modulus:

1. Read SW version from the phone screen
2. Open NaviFirm and download MCU for this version
3. Open the file as it is in WinHex
4. Go to the end of the file
4. Search Menu, Find Hex Values, enter: 0300000000004000, direction: UP
5. Press enter and stop on the first found value
6. Select the 128 bytes after found string

This is the simlock signer key for your phone.

Hope this helps

73

[..::Rizwan::..]

Quote:

Originally Posted by Bph&co

Hi,

There is very easy way to get this modulus:

1. Read SW version from the phone screen
2. Open NaviFirm and download MCU for this version
3. Open the file as it is in WinHex
4. Go to the end of the file
4. Search Menu, Find Hex Values, enter: 0300000000004000, direction: UP
5. Press enter and stop on the first found value
6. Select the 128 bytes after found string

This is the simlock signer key for your phone.

Hope this helps

73

I need little more explanation after all this proccess i got simlock signer key. now this md5 hash can help me to Unlock Sl3 With brute force instantly Or not.

Like this example screen shoot












if yes then how can ?

[angel25dz]

First begin to understand how to make difference between bit and byte ......

About ur question, NO it not help