how to make your LOG Calculator

[kingbode]

the Dejan box...all it does is :<br />- uploading new MCU or new PPM or both MCU + PPM<br />for the certain version required..<br />- then Calculate FAID.<br />(Note : Dejan box itself doesnot update the phone<br />but the itself does that...how ?? )

- the PIC return FAID to the software then..<br />- the software send this Faid with preceeding<br />Command to the phone..on MBUS protocol using flash cable too...<br />- then the phone Micro Controller detect this FAID is accepted for all its security demand..then<br />the phone is updated BY its DSP controller...

what's now..and how to ge FAID:<br />- for those who have the Dejan box...<br />one of them can monitor the Software and get the FAID bytes..<br />and do that for all version of Nokia phones and all versions of PPM language packages..<br />they have CONSTANT FAID for each respectivly...

and then with all these FAIDs collected..you now can update any phone by sending just the FAID with its Command on MBUS cable...without getting in maths to reverse the equation to get HOW TO CALCULATE FAID?!! <br />..do you know that KOCI and B-Phreaks do the same..all their logger do that.. <br />just read infos about the new state of the phone ( new MCU or new PPM..or both ) and then pick up the NUMBER of FAID to send..and send us calculated LOG file and sure it's ENCRYPTED.. <br />and you VsH-GsM ,thoughts that it contains free image of calculated FAID and asks many of memberes to help you send ing calculated FAID..without thinking for a second that Koci and B-Phreaks are not ediots to throw it without any encryption...and the decryption function and the FAID sending COMMANd are in their Loggers...

that's the way I think that all of this matter is going...the one and the only one that knows..how is FAID calculated is Dejan ( at leat outside Nokia ) however its Dejan box is cloned,<br />and I see that talking about selling Hex is available and I'm sure that all that will be vanished as Chineese MCU+PPM flash cables appeared

..please Correct me if I'm saying SSHHIITT..thanks for listening..

[Invisible]

hi,

yes, I think the same, turn the dejan box in a calculator.<br />I remember to have the way it was done, software get the cobbaid and flash checksum and send to dongle, then dongle returns new faid.<br />All flash process and mbus update is done by program, so I think it´s not hard to write a program to manage dongle for calculations.<br />I will look for process and post it here this evening,

best regards,<br />Invisible

<FONT COLOR="#ffff00" SIZE="1">[ 11 January 2002 12:43: Message edited by: Invisible ]</font>

[kingbode]

I hope that this procedure is working..<br />and in this way we can easily make a samll software that can update phones..just using MBUS cable!!

[VsH-GsM]

Hi!<br />Do you need CALCULATED LOG FILES?<br />I have about 200 KOCI files =&gt; ".NLG" & ".NLE"<br />And i have about 10 bphCO files =&gt; ".LOG" & "out.LOG"

IF YOU NEED,TELL ME!!! <img src="smile.gif" border="0"> <img src="wink.gif" border="0"> <img src="smile.gif" border="0">

[VsH-GsM]

May these can help u:

Calculate FAID from CHECK & COBBA :<br />CobbaID= 00001438<br />PPM Chk= 00000000<br />AuthorityID = E7E4E122AA95EE779637782F

Calculate CHECK & COBBA from MSID :<br />MSID : 82 E8E447F5BF59BAA06CD08E04<br />PPMCH: B3679FA3<br />COBBA: 002213DB<br />COBCH: 1D

[outerc0re]

Hi<br />VsH-GsM, what variables are relative to FAID calculation - is it just PPM chk and Cobba ID or are there more? Also, do you know how to get Chk + Cobba from MSID?

[VsH-GsM]

I don't know how to extract msid & get cobba & check!<br />read :<br />MSID:=Function(COBBA ID,PPM CHK(4 bytes))<br />IMEI Check(12 bytes) :=Function(IMEI,COBBA ID)<br />FAID:=Function(COBBA ID,PPM CHK)

<br />PPM CHK are at flash+ppm end (last 4 bytes) <br />example : nokia 3310v423 PPM D <br />flash $1CFFFF :FFFFFFFFFFFFFFFFFFFF60CF92070C65<br />PPM CHK= 92 07 0C 65<br />It's used just MSId making.<br />MSid=Function(COBBA ID,92070C65);

Cobba_ID are readed by MAD2 from cobba chip.<br />For all calculations you need algorythm.<br />(to decode MSId and get COBBA_ID,PPM CHK).<br />If you mean MCU checksum -it's simple calculation and may be easaly patched,butit are unusefull at all.

First need to decode MSId(one algo) and then<br />make FAID (seccond algo)

[Bph&co]

Hi King,

You are right for the encryption - but this is only in Koci Logger !

We never used any protection, encryption or sell <br />our software ! It was always for free !

Log files are in pure format - exactly like in Win<br />Tesla. We don't have nothing to hide.

And to be precise if all people were not lazy enough and read the archives of our Forum these things are explained by me X-Shadow and other people year ago <img src="smile.gif" border="0">

Also Dejan was kind enough few months ago to publish the source codes for his Flasher v1.04.<br />Where have you been ? Out in space ?

Also Tibor dissasemble these few days after Dejan publish his offer and was for free download on knok group ! And this was long time ago too!

So what's your problem exactly ? Dont have 100USD for Dejan Pic and time to code and debug ???

I'll give you a tip - before you start to monitor anything go to Yahoo and use these for search:

- One Way Hash<br />- Digital Signatures<br />- CryptoAnalysis

Read bit more and continue with your project.

Or lets hope some idiot will release the HEX and<br />all lazy people will be so happy at the end !

BR, Alex

[VsH-GsM]

Hey!<br />BPH&CO:<br />CALCULATE THIS:<br />PPM:00000000<br />COB:00000000<br />FAID:??

[VsH-GsM]

@ Bph&Co!<br />If u really want to made people HAPPY, JUST TELL US ALGORITHM!!!! <img src="mad.gif" border="0"> <img src="mad.gif" border="0"> <img src="mad.gif" border="0">

[VsH-GsM]

HEYYYYYY BPH&CO !!!!<br />WHY YOU DON'T ANSWER ME???!!! <img src="mad.gif" border="0"> <img src="mad.gif" border="0"> <img src="mad.gif" border="0"> <img src="mad.gif" border="0"> <img src="mad.gif" border="0">

[outerc0re]

@Bph&Co

Ok, cryptoanalysis no prob, one way hashing confusing. But where abouts am I supposed to be looking - Mcu, ppm, pmm, eeprom??? and exactly what am I looking for. If I had an idea of what memory address's point to which checksums (and which ones are relevant) this would help. Even though dejan source is available, I'm no good at assembler. give me somin in C,C++,perl,java etc... and bobs ya unkle. but nothings around that I can grab enough info from... help

[outerc0re]

also, who will sell dejan pic for $100 in england?

[outerc0re]

@VsHGsM<br />Can you send me some of those logs ".log" and "out.log" please.<br />Cheers

outerc0re

[G-Man]

@ VsH-GsM:<br />Bph&Co not give algorithm and not answer you because what people do is just not answer when they don't want to cost them selves $$$$ by releasing their work for free. Just think if authority id calculation gets released for free and free program is made then 'school kids' who just unlock phone for £2 profit so they can buy new cd or some sweets will be doing it and then nokia unlocking will be ****ed! The only phones I get sent to me to unlock are 3330 4.30 etc... with GID 1 or GID 2 closed once people can do this them selves for free I will have to find another business <img src="frown.gif" border="0">