|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
12-29-2005, 05:28 | #1 (permalink) |
Freak Poster Join Date: Jul 2004 Age: 52
Posts: 126
Member: 75583 Status: Offline Thanks Meter: 6 | DCT4Crypter by nok5rev & g3gg0 DCT4Crypter ---------------------------------- by nok5rev & g3gg0 __________________________________________________ _____ Yes, this package contains the necessary routines and even some apps to decrypt DCT4 FlashFiles and also to encrypt again after you applied some changes. We must admit, this stuff is not "hot" anymore - it was coded in about 2 months between 01/2004 and 03/2004. That's now nearly 2 years. But it still should be a somewhat interesting X-Mas present for all the GSM-Modders out there... __________________________________________________ _____ Why this was done? ----------------------- Why? I think it was just fun But i dont remember anymore who of us had the idea to start analyzing the encryption algorithm. I just remember, we both suddenly sat in front of many bits (really MANY!) and stared at them to find out how the data was encrypted. How this was done? ----------------------- Heh, just open your notepad.exe, paste some 100 lines of 11001001 10101010 11100100 11100001... and you know what we've done in these 2 months We didnt have any access to neither the flash device, MCU or RAM, nor we used any (Java-)Exploit floating around. We didnt even have any of these DCT4-devices at this point. This was simply done with looking at about 20 different flash files. Who did this? ----------------------- This was all done by nok5rev and g3gg0. We both spent about the same amount of time for this stuff and both helped each other in finding out the neccessary bits for decoding. But we also got little help from kodo (thanks for the auto basevalue finder) What can i do with it? ------------------------ Generally you should now be able to en/decrypt the DCT4 FlashFiles used in "standard" dct4 devices. Standard DCT4 devices means any 6310, 8310, ...., 6610, 7250 and so on. TIKU-devices like the 6230, 6230i or even symbian devices are _NOT_ supported. The first DCT4 devices still had enrcypted PPM's, but nokia switched to non-encrypted ones for obvious security reasons. So don't wonder, when some people already have modded 3510i handsets which just have some graphics changed. It's the standard PPM structure that was also used in DCT3 phones. Unfortunately theres a little difference that causes the most tools to crash or do mistakes. However, the MCU files still are crypted The FlashFiles all have the same encryption method, it just differs in a (we call it) basevalue, which is just a simple XOR parameter. When decrypting, the programs spit out the basevalue which you normally don't need. The tools remember the value and ask you for the file that should be encrypted again (or they use a predefined filename). Will modding work? ----------------------- After you re-encrypted a modified FlashFile you can flash it, but your phone won't power-on. why? We didn't track that down very deep, but when removing the "Claudia" sequence in the flash header it will work at least with the wrong "FAID" - that means it resets after some time But please make sure, you have a working, original file flashed before you write a modded file with disabled Claudia. Claudia is the tag in flash header starting with D3 40 and the 0x40 bytes coming after that. Just FF the 0x40 bytes behind the tag. -> D3 40 [0x40 bytes Claudia] replace with -> D3 40 [0x40 times FF] Okay that's it We've flashed our phones (we got after reversing the encryption) several times - even with faulty Claudia and FAID - without any bigger problem. So, if you turn your phone into a brick, dont blame us... ... it's your fault! Thanks to: ------------------------ Kodo B. U. Oh, and if you plan to integrate this code into your commercial products... ...unfortunately we can't do anything against it But if you do so, _please_ be so kind and reward our work with sending an license/sample of your program/device to either nok5rev or g3gg0 - thanks! enjoy this stuff as much as we enjoyed coding it Best Regards, g3gg0/nok5rev http://www.gsmfreeboard.com/forum/sh...d.php?t=119075 http://rapidshare.de/files/9991118/Merry_Xmas.zip.html |
12-29-2005, 08:38 | #2 (permalink) |
No Life Poster Join Date: Mar 2001 Location: Porto, Portugal Age: 46
Posts: 1,569
Member: 3783 Status: Offline Thanks Meter: 128 | Nice work friend.... i´m glad to see some ppl realy know how to have fun Don´t have time now for playing around with that... but for sure some ppl will find it interesting... Keep on rocking .... happy new year to you all.... |
01-03-2006, 11:58 | #10 (permalink) |
No Life Poster Join Date: Nov 2001 Location: England Age: 41
Posts: 2,821
Member: 7653 Status: Offline Thanks Meter: 823 | it was only one man, your friend TEK who had brains to crack dct3 FAId from others work, if you guys have not done that by now why you think anyone unknown to you will do that? i think it easiest to reverse twister/griffin/jaf sw to find out dct4 faid calculation but who will step up? |
01-04-2006, 10:41 | #12 (permalink) |
No Life Poster Join Date: Nov 2001 Location: England Age: 41
Posts: 2,821
Member: 7653 Status: Offline Thanks Meter: 823 | i am sorry, but i have saw on here free schemes./hex for prodigy and also twister. even b-phreaks said that there is enough information in twister freeeeeeeeeee!!!!! thread to creat your own flasher box.. i cannot be bothered to look at this myself. i think Dejan is in same mood these days |
01-13-2006, 14:33 | #15 (permalink) |
Insane Poster Join Date: Apr 2004 Location: no
Posts: 73
Member: 61288 Status: Offline Thanks Meter: 45 | CrypterX had a little bug that prevented correct encryption: http://nokiafree.org/forums/showthre...d=1#post379481 http://www.gsmfreeboard.com/forum/sh...d.php?p=756994 |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Furious GOld VODAFONE_BETA_v1.0.0.3725 New maintenance & zte mtk by imei & new qcom | Fast Unlocker | Service Products News & Updates | 0 | 12-29-2009 09:47 |
whatsthe difference of jaf by odeon & jaf by jaf support??? | tysson | J.A.F. By Jafsupport.com | 2 | 12-26-2008 19:04 |
UK Vodafone by IMEI, Motorola by IMEI, & more | remoteunlocker. | Main Sales Section | 0 | 05-12-2005 00:21 |
How can i use NFree by ViperBJK & Brobble ? | Inky | Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) | 14 | 04-06-2002 17:56 |
Samsung code reader v3.3 by Pago & Samsung by DUSKnenixs | evilspell | Samsung Flashers, Software, Firmware. | 0 | 11-18-2001 22:09 |
|