EEPROM READER
 

are there any program(s) that reads the content of the eeprom (N5110) without pulling the chip out? that is via mbus cable.

I heard that there's an simple eeprom reader that one can use without desoldering the 24Cxx eeprom from the phone.

I already have a Ponyprog software. Can somebody send me a schematic that reads the eeprom without desoldering it?

Thanks and best regards!

mail me at: icedraagon-at-yahoo.com (replace -at- with @)

Check this. Works 100% with MBUS. http://nuggie.republika.pl/NokiaSP.zip

That only reads/writes eeprom contents from 40h and up. It doesn't read/write the first 64 bytes (0000 to 003Fh) of the eeprom.

I'm after those bytes coz they contain the following:
0000 - 000B FLASH AUTHORITY ID COMMAND
000C - 0012 ORIGINAL IMEI
0020 - 0037 SP-LOCK BLOCK
0038 - 003A SECURITY CODE
003B - 003D ??? CONTAINS FF0000
003E - 003F CHECKSUM OF 0000 - 003D

Changing the IMEI wont do you good, some people say, coz it is checked with other location like in COBBA where another copy of IMEI is verified. Changing the original IMEI will give you "Contact Service" error.

I'm after the Flash Authority ID and the SP Lock Block, how they are computed.

I believe they hold the key to successfully upgrading the phone's MCU and PPM versions without lossing the signal.

By the way, using NokiaSP on 5110-5.28 and up will give you a messed up eeprom content. With 5110-5.24, it gives you the actual contents of the eeprom except the first 64 bytes.

Have anybody tried using it on lower version phones that gives the full eeprom content?

Cheers...

when i get my hands on a old 5110 .. i will remove the eeprom (or piggy back)
and get a FULL dump ..
as i have a elvis(multiprogrammer)

u can have a look then ..?/
also .. on one (or two) site i have seen nokia imei changes ..
would this just be for very old nokias ..
#as in pree 5110 ..???

well regards Mick ..

That would be a great help, sending me the full eeprom dump.

Anyway, I'm working on the Windows version of Dejan's Nokia Flasher. I call it FlashBox.

I'm trying to determine how Dejan could successfully upgrade/flash the phone's MCU and PPM without lossing the signal. And how could he have done reading/writing to all areas of the eeprom via cable.

So I suspect that not lossing the signal has to do with the Flash Authority ID (FAID). Although the original IMEISV may hold the software version. Take a look at the IMEISV format:

The International Mobile station Equipment Identity and Software Version Number (IMEISV), is a 16 digit decimal number composed of four distinct elements:
- a 6 digit Type Approval Code (TAC);
- a 2 digit Final Assembly Code (FAC);
- a 6 digit Serial Number (SNR); and
- a 2 digit Software Version Number (SVN).

The IMEISV is formed by concatenating these four elements as illustrated below:
TAC FAC SNR SVN

The original IMEI is the 14 digit decimal number composed of 4 distinct elements (without the SVN):
- a 6 digit Type Approval Code (TAC);
- a 2 digit Final Assembly Code (FAC);
- a 6 digit Serial Number (SNR); and
- 2 1 digit Luhn Check Digit (CD).

The IMEI is formed by concatenating these four elements as illustrated below:
TAC FAC SNR CD

That's we see when we enter *#0000# on our phone.

So, if my observation is correct, upgrading the MCU/PPM flash of the phone doesn't touch the IMEI.

If what Zulea is saying about the FAID is true:
"The inputs for this algorithm (Flash
Authority ID) are:
- 13 bytes Phone MSID
- Checksum of flash parts"

Then we only touch the FAID and the first checksum found in offset 003Eh - 003Fh.

The next problem is how to read/write the first 64 bytes of the eeprom without opening the phone.

I can't promise but if I do finish the full Windows-based (not a shell) Flashbox (maybe April), I'll send those who helped with this research the beta version of the Flashbox.

With the understanding of course that using it could kill your phone. But be assured, I'll be posting on what phone it was actually tested on.

When you do send help (like the full eeprom dump) please put in the subject what it is about (like "eeprom 5110-5.24" or "protocol command to read whole eeprom").

Notes:
1. I already know the commands to read/write the eeprom. If you have other commands aside from:
1F 00 10 40 00 09 00 01 D4 02 00 A0 00 so 10 sn cs
and
1F 10 00 40 00 19 01 01 D5 02 00 A0 00 so 10 b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf sn cs
for reading/writing to the eeprom, you can send me that.

2. On sending full eeprom dump (complete from offset 0000 to 7FFFh), please use NokiaTool 033 by PRO that reads the MSID of the phone then specify that on your email and attach the eeprom dump in "mmmm-vvv.bin"
where mmmm is the phone model (like 5110) and vvv is the SW version (524 for 5.24)

You can send them to: icedraagon-at-yahoo.com
(replace -at- with @)

Best regards to all and cheers....

[To IceDragon]

Kumusta!

What particular models are you working on? I have some 5110(China) and 3210(Germany, Finland) eeproms i've saved. BTW, have you checked out USPU, i think they included an eeprom reader schematic.

Hi!

Currently, I'm working on a 5110. Coz when something goes wrong, at least it's cheaper to replace http://www.thoic.net/gsm/ubb/smile.gif

But I'd welcome eeprom dump from various models so I could compare how they are organized.

Cheers!

tanks fr sharing ur idea .. kep it up.. heeeeeeeeee

hello please i need to unlock nokia 5110.
attached dump 24c16 thank you

info:
NSE-1NX 5110
FINLAND
490546/10/901208/7
CODE 0503582

hello please i need to unlock nokia 5110.
attached dump 24c16 thank you

info:
NSE-1NX 5110
FINLAND
490546/10/901208/7
CODE 0503582

by mbus via com port free software is done