GSM-Forum - View Single Post - Siemens x65 Unlocking Solution (NOT TESTED!!!)

0xFEDF · 10-28-2004, 01:45

Hi all!
At first, here is Siemens x65 flasher: http://users.iptelecom.net.ua/~dmitr...asher-1027.zip
Here is EEPROM Tool 3.1 by Skylord: http://download.siemens-club.ru/file...EPROM_tool.rar
For unlocking any Siemens mobile, You need access to EEPROM blocks:

0x1391 = 5009 (EEfull) - Freia IMEI Block 00
0x004C = 0076 (EElite) - Freia IMEI Block 01
0x1390 = 5008 (EEfull) - Freia IMEI Block 02
0x13D5 = 5077 (EEfull) - Freia IMEI Block 03

Without fullflash patching You can only access EEPROM block 0076.
Fullflash patching: read fullflash from phone, find HEX string:
01 14 00 00 90 13 00 00 D5 13 00 00 91 13 00 00 02 14 00 00 03 14 00 00
Replace string: 90 13 00 00 D5 13 00 00 91 13 with all zeros (0x00)
Upload patched part of fullflash to phone.
Read with EEPROM Tool 3.1 EEPROM blocks 5009, 0076, 5008, 5077 from phone to be sure patch is working and save in .txt
Now all what we need, is PhoneID. If anybody knows, how to read PhoneID from x65-series, then we can edit any .log file from Freia, like this:

LOG File.
This log file should be sent to /dev/null
[Model: Siemens x65][PhoneID: 12345678][Desired IMEI: 123456-12-123456]

generate MAP-file and upload new EEPROM blocks to phone with EEPROM Tool - You may edit content of EEPROM blocks, saved with EEPROM Tool in .txt, with any txt-editor - according information above.

This solution is TOTALLY NOT TESTED!!!
Because I don't have any x65-series mobile and don't know, how read PhoneID.
P.S. Always make backups BEFORE flashing Your phone!!!

10-28-2004, 01:45	#1 (permalink)
0xFEDF Insane Poster Join Date: Feb 2004 Location: Russia Age: 49 Posts: 87 Member: 55536 Status: Offline Thanks Meter: 0	Siemens x65 Unlocking Solution (NOT TESTED!!!) Hi all! At first, here is Siemens x65 flasher: http://users.iptelecom.net.ua/~dmitr...asher-1027.zip Here is EEPROM Tool 3.1 by Skylord: http://download.siemens-club.ru/file...EPROM_tool.rar For unlocking any Siemens mobile, You need access to EEPROM blocks: 0x1391 = 5009 (EEfull) - Freia IMEI Block 00 0x004C = 0076 (EElite) - Freia IMEI Block 01 0x1390 = 5008 (EEfull) - Freia IMEI Block 02 0x13D5 = 5077 (EEfull) - Freia IMEI Block 03 Without fullflash patching You can only access EEPROM block 0076. Fullflash patching: read fullflash from phone, find HEX string: 01 14 00 00 90 13 00 00 D5 13 00 00 91 13 00 00 02 14 00 00 03 14 00 00 Replace string: 90 13 00 00 D5 13 00 00 91 13 with all zeros (0x00) Upload patched part of fullflash to phone. Read with EEPROM Tool 3.1 EEPROM blocks 5009, 0076, 5008, 5077 from phone to be sure patch is working and save in .txt Now all what we need, is PhoneID. If anybody knows, how to read PhoneID from x65-series, then we can edit any .log file from Freia, like this: LOG File. This log file should be sent to /dev/null [Model: Siemens x65][PhoneID: 12345678][Desired IMEI: 123456-12-123456] generate MAP-file and upload new EEPROM blocks to phone with EEPROM Tool - You may edit content of EEPROM blocks, saved with EEPROM Tool in .txt, with any txt-editor - according information above. This solution is TOTALLY NOT TESTED!!! Because I don't have any x65-series mobile and don't know, how read PhoneID. P.S. Always make backups BEFORE flashing Your phone!!!