Quote:
Originally posted by micklong:
when i get my hands on a old 5110 .. i will remove the eeprom (or piggy back)
and get a FULL dump ..
as i have a elvis(multiprogrammer)
u can have a look then ..?/
also .. on one (or two) site i have seen nokia imei changes ..
would this just be for very old nokias ..
#as in pree 5110 ..???
well regards Mick ..
|
That would be a great help, sending me the full eeprom dump.
Anyway, I'm working on the Windows version of Dejan's Nokia Flasher. I call it FlashBox.
I'm trying to determine how Dejan could successfully upgrade/flash the phone's MCU and PPM without lossing the signal. And how could he have done reading/writing to all areas of the eeprom via cable.
So I suspect that not lossing the signal has to do with the Flash Authority ID (FAID). Although the original IMEISV may hold the software version. Take a look at the IMEISV format:
The International Mobile station Equipment Identity and Software Version Number (IMEISV), is a 16 digit decimal number composed of four distinct elements:
- a 6 digit Type Approval Code (TAC);
- a 2 digit Final Assembly Code (FAC);
- a 6 digit Serial Number (SNR); and
- a 2 digit Software Version Number (SVN).
The IMEISV is formed by concatenating these four elements as illustrated below:
TAC FAC SNR SVN
The original IMEI is the 14 digit decimal number composed of 4 distinct elements (without the SVN):
- a 6 digit Type Approval Code (TAC);
- a 2 digit Final Assembly Code (FAC);
- a 6 digit Serial Number (SNR); and
- 2 1 digit Luhn Check Digit (CD).
The IMEI is formed by concatenating these four elements as illustrated below:
TAC FAC SNR CD
That's we see when we enter *#0000# on our phone.
So, if my observation is correct, upgrading the MCU/PPM flash of the phone doesn't touch the IMEI.
If what Zulea is saying about the FAID is true:
"The inputs for this algorithm (Flash
Authority ID) are:
- 13 bytes Phone MSID
- Checksum of flash parts"
Then we only touch the FAID and the first checksum found in offset 003Eh - 003Fh.
The next problem is how to read/write the first 64 bytes of the eeprom without opening the phone.
I can't promise but if I do finish the full Windows-based (not a shell) Flashbox (maybe April), I'll send those who helped with this research the beta version of the Flashbox.
With the understanding of course that using it could kill your phone. But be assured, I'll be posting on what phone it was actually tested on.
When you do send help (like the full eeprom dump) please put in the subject what it is about (like "eeprom 5110-5.24" or "protocol command to read whole eeprom").
Notes:
1. I already know the commands to read/write the eeprom. If you have other commands aside from:
1F 00 10 40 00 09 00 01 D4 02 00 A0 00 so 10 sn cs
and
1F 10 00 40 00 19 01 01 D5 02 00 A0 00 so 10 b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf sn cs
for reading/writing to the eeprom, you can send me that.
2. On sending full eeprom dump (complete from offset 0000 to 7FFFh), please use NokiaTool 033 by PRO that reads the MSID of the phone then specify that on your email and attach the eeprom dump in "mmmm-vvv.bin"
where mmmm is the phone model (like 5110) and vvv is the SW version (524 for 5.24)
You can send them to: icedraagon-at-yahoo.com
(replace -at- with @)
Best regards to all and cheers....