GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Other Gsm/Mobile Related Forums > GSM Programming & Reverse Engineering

GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets.

Reply
 
LinkBack Thread Tools Display Modes
Old 12-29-2005, 05:28   #1 (permalink)
Freak Poster
 
Join Date: Jul 2004
Age: 49
Posts: 126
Member: 75583
Status: Offline
Thanks Meter: 6
DCT4Crypter by nok5rev & g3gg0


----------------------------------
DCT4Crypter
----------------------------------
by nok5rev & g3gg0
__________________________________________________ _____
Yes, this package contains the necessary routines and
even some apps to decrypt DCT4 FlashFiles and also to
encrypt again after you applied some changes. We must
admit, this stuff is not "hot" anymore - it was coded
in about 2 months between 01/2004 and 03/2004. That's
now nearly 2 years. But it still should be a somewhat
interesting X-Mas present for all the GSM-Modders out
there...
__________________________________________________ _____

Why this was done?
-----------------------
Why? I think it was just fun
But i dont remember anymore who of us had the idea
to start analyzing the encryption algorithm.
I just remember, we both suddenly sat in front of
many bits (really MANY!) and stared at them to
find out how the data was encrypted.

How this was done?
-----------------------
Heh, just open your notepad.exe, paste some 100
lines of 11001001 10101010 11100100 11100001...
and you know what we've done in these 2 months
We didnt have any access to neither the flash device,
MCU or RAM, nor we used any (Java-)Exploit floating
around. We didnt even have any of these DCT4-devices
at this point. This was simply done with looking at
about 20 different flash files.

Who did this?
-----------------------
This was all done by nok5rev and g3gg0. We both spent
about the same amount of time for this stuff and
both helped each other in finding out the neccessary
bits for decoding. But we also got little help from
kodo (thanks for the auto basevalue finder)

What can i do with it?
------------------------
Generally you should now be able to en/decrypt the DCT4
FlashFiles used in "standard" dct4 devices. Standard
DCT4 devices means any 6310, 8310, ...., 6610, 7250
and so on. TIKU-devices like the 6230, 6230i or even
symbian devices are _NOT_ supported.
The first DCT4 devices still had enrcypted PPM's, but
nokia switched to non-encrypted ones for obvious
security reasons.
So don't wonder, when some people already have modded
3510i handsets which just have some graphics changed.
It's the standard PPM structure that was also used in
DCT3 phones. Unfortunately theres a little difference
that causes the most tools to crash or do mistakes.
However, the MCU files still are crypted
The FlashFiles all have the same encryption method,
it just differs in a (we call it) basevalue, which is
just a simple XOR parameter. When decrypting, the
programs spit out the basevalue which you normally don't
need. The tools remember the value and ask you for the file
that should be encrypted again (or they use a predefined
filename).

Will modding work?
-----------------------
After you re-encrypted a modified FlashFile you can
flash it, but your phone won't power-on. why?
We didn't track that down very deep, but when removing
the "Claudia" sequence in the flash header it will work
at least with the wrong "FAID" - that means it resets
after some time
But please make sure, you have a working, original file
flashed before you write a modded file with disabled Claudia.
Claudia is the tag in flash header starting with
D3 40 and the 0x40 bytes coming after that. Just FF the
0x40 bytes behind the tag.
-> D3 40 [0x40 bytes Claudia]
replace with
-> D3 40 [0x40 times FF]

Okay that's it
We've flashed our phones (we got after reversing the encryption)
several times - even with faulty Claudia and FAID - without any
bigger problem.
So, if you turn your phone into a brick, dont blame us...
... it's your fault!


Thanks to:
------------------------
Kodo
B.
U.

Oh, and if you plan to integrate this code into your commercial
products... ...unfortunately we can't do anything against it
But if you do so, _please_ be so kind and reward our work with
sending an license/sample of your program/device to either
nok5rev or g3gg0 - thanks!

enjoy this stuff as much as we enjoyed coding it

Best Regards,
g3gg0/nok5rev


http://www.gsmfreeboard.com/forum/sh...d.php?t=119075
http://rapidshare.de/files/9991118/Merry_Xmas.zip.html
  Reply With Quote
Old 12-29-2005, 08:38   #2 (permalink)
No Life Poster
 
strangerboy's Avatar
 
Join Date: Mar 2001
Location: Porto, Portugal
Age: 43
Posts: 1,560
Member: 3783
Status: Offline
Thanks Meter: 128
Nice work friend.... i´m glad to see some ppl realy know how to have fun

Don´t have time now for playing around with that... but for sure some ppl will find it interesting...

Keep on rocking .... happy new year to you all....
  Reply With Quote
Old 12-29-2005, 08:59   #3 (permalink)
Freak Poster
 
Join Date: Mar 2001
Location: Australia
Age: 38
Posts: 497
Member: 3671
Status: Offline
Thanks Meter: 28
I appreciate your work!
  Reply With Quote
Old 12-29-2005, 09:19   #4 (permalink)
Freak Poster
 
golumbu's Avatar
 
Join Date: Sep 2003
Location: Romania - Hungary
Age: 45
Posts: 330
Member: 39503
Status: Offline
Thanks Meter: 44
Thanks for your hard work ,I really appreciate it !

WBR
golumbu
  Reply With Quote
Old 12-29-2005, 11:32   #5 (permalink)
No Life Poster
 
Zaihtam's Avatar
 
Join Date: Dec 2004
Location: 0x001FD00
Age: 43
Posts: 1,284
Member: 98572
Status: Offline
Thanks Meter: 37
Niceeee................... this is cool. Happy new year.....!
  Reply With Quote
Old 12-29-2005, 14:28   #6 (permalink)
No Life Poster
 
GSM Solutions Ireland's Avatar
 
Join Date: Oct 2002
Location: Dublin
Posts: 973
Member: 16771
Status: Offline
Thanks Meter: 153
Thanx for sharing!

Regards
Gsm solutions Ltd
  Reply With Quote
Old 12-30-2005, 13:56   #7 (permalink)
Junior Member
 
Join Date: Jun 2002
Location: Lithuania
Posts: 5
Member: 12752
Status: Offline
Thanks Meter: 0
Very nice work, thanx for sharing!
Wish you more fun in New Year!!!
  Reply With Quote
Old 12-30-2005, 14:33   #8 (permalink)
No Life Poster
 
Dave.W's Avatar
 
Join Date: Nov 2001
Location: England
Age: 38
Posts: 2,822
Member: 7653
Status: Offline
Thanks Meter: 818
without faid it is useless...
  Reply With Quote
Old 01-03-2006, 02:20   #9 (permalink)
Insane Poster
 
Join Date: Apr 2004
Age: 40
Posts: 73
Member: 61288
Status: Offline
Thanks Meter: 45
DCT3 also once was without any FAID solution, wasnt it?
why did people then analyze the firmware?
  Reply With Quote
Old 01-03-2006, 11:58   #10 (permalink)
No Life Poster
 
Dave.W's Avatar
 
Join Date: Nov 2001
Location: England
Age: 38
Posts: 2,822
Member: 7653
Status: Offline
Thanks Meter: 818
it was only one man, your friend TEK who had brains to crack dct3 FAId from others work, if you guys have not done that by now why you think anyone unknown to you will do that?

i think it easiest to reverse twister/griffin/jaf sw to find out dct4 faid calculation but who will step up?
  Reply With Quote
Old 01-04-2006, 07:21   #11 (permalink)
No Life Poster
 
Zaihtam's Avatar
 
Join Date: Dec 2004
Location: 0x001FD00
Age: 43
Posts: 1,284
Member: 98572
Status: Offline
Thanks Meter: 37
They all are well protected.
ask papa dejan, maybe he will give it for free.
  Reply With Quote
Old 01-04-2006, 10:41   #12 (permalink)
No Life Poster
 
Dave.W's Avatar
 
Join Date: Nov 2001
Location: England
Age: 38
Posts: 2,822
Member: 7653
Status: Offline
Thanks Meter: 818
i am sorry, but i have saw on here free schemes./hex for prodigy and also twister. even b-phreaks said that there is enough information in twister freeeeeeeeeee!!!!! thread to creat your own flasher box..

i cannot be bothered to look at this myself. i think Dejan is in same mood these days
  Reply With Quote
Old 01-13-2006, 13:03   #13 (permalink)
No Life Poster
 
Zaihtam's Avatar
 
Join Date: Dec 2004
Location: 0x001FD00
Age: 43
Posts: 1,284
Member: 98572
Status: Offline
Thanks Meter: 37
Anybody compiled it? i got VC++ 6 only here. it use the VC++ 7.
  Reply With Quote
Old 01-13-2006, 14:29   #14 (permalink)
Crazy Poster
 
Join Date: Jun 2005
Posts: 54
Member: 152989
Status: Offline
Thanks Meter: 11
should not be any issues with either compiler. I compiled it with lcc.
  Reply With Quote
Old 01-13-2006, 14:33   #15 (permalink)
Insane Poster
 
Join Date: Apr 2004
Age: 40
Posts: 73
Member: 61288
Status: Offline
Thanks Meter: 45
CrypterX had a little bug that prevented correct encryption:

http://nokiafree.org/forums/showthre...d=1#post379481
http://www.gsmfreeboard.com/forum/sh...d.php?p=756994
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
thread Thread Starter Forum Replies Last Post
Furious GOld VODAFONE_BETA_v1.0.0.3725 New maintenance & zte mtk by imei & new qcom Fast Unlocker Service Products News & Updates 0 12-29-2009 09:47
whatsthe difference of jaf by odeon & jaf by jaf support??? tysson J.A.F. By Jafsupport.com 2 12-26-2008 19:04
UK Vodafone by IMEI, Motorola by IMEI, & more remoteunlocker. Main Sales Section 0 05-12-2005 00:21
How can i use NFree by ViperBJK & Brobble ? Inky Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 14 04-06-2002 17:56
Samsung code reader v3.3 by Pago & Samsung by DUSKnenixs evilspell Samsung Flashers, Software, Firmware. 0 11-18-2001 22:09

 



All times are GMT +1. The time now is 10:32.



Powered by Searchlight © 2021 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2017 -
Page generated in 0.20401 seconds with 9 queries

SEO by vBSEO