<< FREE - XTC Clip by Raskal - production details (HEX, Schematic, Gerber ...) >> - Page 2 - GSM-Forum

hakkothebest · 10-09-2011, 21:17

Quote:

Originally Posted by ribbentrop

What for ?

I bought a cloned clip in last Saturday for $30 only ...

People are lazy by this days... Btw 30$ it's sooo much for this crap clip!

ribbentrop · 10-09-2011, 21:21

Quote:

Originally Posted by hakkothebest

People are lazy by this days... Btw 30$ it's sooo much for this crap clip!

O yeah ...

My last DIY unit was Dejan BB5 unlock clip, I made few pcs and sell it

hakkothebest · 10-09-2011, 21:24

Quote:

Originally Posted by ribbentrop

O yeah ...

My last DIY unit was Dejan BB5 unlock clip, I made few pcs and sell it

Hehe nice! I also made one of this too at that time

kaisak · 10-09-2011, 21:29

Quote:

Originally Posted by zulea

There is more, e.g. just look here:

Code:

; =============== S U B	R O U T	I N E =======================================


APP_EE_Increment_5500_5501_LifeCounter		  ; CODE XREF: APP_SCEMU_MainProc+518p
						  ; APP_Goldcard_Make+404p
		PUSH	{R4,LR}
		BL	APP_EE_Read_5500_5501_LifeCounter
		ADDS	R4, R0,	#1
		UXTH	R1, R4
; End of function APP_EE_Increment_5500_5501_LifeCounter

		MOV.W	R0, #0x5500
		BL	APP_EE_WriteVariable	  ; R0 - U16_VirtAdress, R1 - U16_Data
		LSRS	R1, R4,	#0x10
		MOVW	R0, #0x5501
		BL	APP_EE_WriteVariable	  ; R0 - U16_VirtAdress, R1 - U16_Data
		MOV	R0, R4
		POP	{R4,PC}

; =============== S U B	R O U T	I N E =======================================

; OUT:
;   R0 = 0  ->	NOT Activated
;   R0 = 1  ->	Activated

APP_EE_Read_4400_4401_ActivationStatus		  ; CODE XREF: APP_USB_ProcessCommands+488p
						  ; APP_MainProc:loc_8006A56p
						  ; APP_MainProc:loc_8006A8Ep
						  ; APP_EE_Increment_4400_4401_ActivationStatus+2p
						  ; APP_RSA_Activate_and_ResetLifetimeCounter+78p
						  ; APP_USB_ProcessCommand_D1_+66p
						  ; APP_USB_ProcessCommand_CD_+50p

var_8		= -8
var_6		= -6

		PUSH	{LR}
		SUB	SP, SP,	#4
		MOV.W	R0, #0x4400
		ADD.W	R1, SP,	#8+var_6
		BL	APP_EE_ReadVariable
		CBZ	R0, loc_800BAE0

loc_800BADA					  ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+24j
		MOVS	R0, #0

loc_800BADC					  ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+32j
		ADD	SP, SP,	#4
		POP	{PC}
; ---------------------------------------------------------------------------

loc_800BAE0					  ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+10j
		MOVW	R0, #0x4401
		MOV	R1, SP
		BL	APP_EE_ReadVariable
		CMP	R0, #0
		BNE	loc_800BADA
		LDRH.W	R0, [SP,#8+var_8]
		LDRH.W	R3, [SP,#8+var_6]
		ORR.W	R0, R3,	R0,LSL#16
		B	loc_800BADC
; End of function APP_EE_Read_4400_4401_ActivationStatus

Best regards,
Zulea

One question to you, is MxBox mcu same as XTC Clip (STM32), vulnerable for loading and executing own ARM code in RAM (and in example fetching unprotected flash array via usart ?)

oOXTCOo · 10-09-2011, 21:32

Quote:

Originally Posted by zulea

There is more, e.g. just look here:

Code:

; =============== S U B    R O U T    I N E =======================================
 
 
APP_EE_Increment_5500_5501_LifeCounter          ; CODE XREF: APP_SCEMU_MainProc+518p
                          ; APP_Goldcard_Make+404p
        PUSH    {R4,LR}
        BL    APP_EE_Read_5500_5501_LifeCounter
        ADDS    R4, R0,    #1
        UXTH    R1, R4
; End of function APP_EE_Increment_5500_5501_LifeCounter
 
        MOV.W    R0, #0x5500
        BL    APP_EE_WriteVariable      ; R0 - U16_VirtAdress, R1 - U16_Data
        LSRS    R1, R4,    #0x10
        MOVW    R0, #0x5501
        BL    APP_EE_WriteVariable      ; R0 - U16_VirtAdress, R1 - U16_Data
        MOV    R0, R4
        POP    {R4,PC}
 
; =============== S U B    R O U T    I N E =======================================
 
; OUT:
;   R0 = 0  ->    NOT Activated
;   R0 = 1  ->    Activated
 
APP_EE_Read_4400_4401_ActivationStatus          ; CODE XREF: APP_USB_ProcessCommands+488p
                          ; APP_MainProc:loc_8006A56p
                          ; APP_MainProc:loc_8006A8Ep
                          ; APP_EE_Increment_4400_4401_ActivationStatus+2p
                          ; APP_RSA_Activate_and_ResetLifetimeCounter+78p
                          ; APP_USB_ProcessCommand_D1_+66p
                          ; APP_USB_ProcessCommand_CD_+50p
 
var_8        = -8
var_6        = -6
 
        PUSH    {LR}
        SUB    SP, SP,    #4
        MOV.W    R0, #0x4400
        ADD.W    R1, SP,    #8+var_6
        BL    APP_EE_ReadVariable
        CBZ    R0, loc_800BAE0
 
loc_800BADA                      ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+24j
        MOVS    R0, #0
 
loc_800BADC                      ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+32j
        ADD    SP, SP,    #4
        POP    {PC}
; ---------------------------------------------------------------------------
 
loc_800BAE0                      ; CODE XREF: APP_EE_Read_4400_4401_ActivationStatus+10j
        MOVW    R0, #0x4401
        MOV    R1, SP
        BL    APP_EE_ReadVariable
        CMP    R0, #0
        BNE    loc_800BADA
        LDRH.W    R0, [SP,#8+var_8]
        LDRH.W    R3, [SP,#8+var_6]
        ORR.W    R0, R3,    R0,LSL#16
        B    loc_800BADC
; End of function APP_EE_Read_4400_4401_ActivationStatus

Best regards,
Zulea

may if i would be raskal, i would be happy about your steps

he already selled ALOT of this clips... now most part of work is support...
but now its a good reason to stop support and start new project and sell again some protection hardware or even new project..

btw. do you have something like that for hti interface?

ribbentrop · 10-09-2011, 21:38

Quote:

Originally Posted by oOXTCOo

may if i would be raskal, i would be happy about your steps

he already selled ALOT of this clips... now most part of work is support...
but now its a good reason to stop support and start new project and sell again some protection hardware or even new project..

btw. do you have something like that for hti interface?

Cheapest boxes not needed to be cloned, no sense for that

hakkothebest · 10-09-2011, 21:39

Now also "people" will be able to repair their "original clips" that goes dead hahaha!

kaisak · 10-09-2011, 21:39

Quote:

Originally Posted by ribbentrop

Cheapest boxes not needed to be cloned, no sense for that

Cloned - maybe not.
But, put for free, why not ?

hakkothebest · 10-09-2011, 21:40

Quote:

Originally Posted by kaisak

Cloned - maybe not.
But, put for free, why not ?

Yesss! Junk are free isn't?

djmixer · 10-09-2011, 21:45

Quote:

Originally Posted by oOXTCOo

may if i would be raskal, i would be happy about your steps

he already selled ALOT of this clips... now most part of work is support...
but now its a good reason to stop support and start new project and sell again some protection hardware or even new project..

btw. do you have something like that for hti interface?

IT seems, that Rascal and Manole planned their business together

oOXTCOo · 10-09-2011, 21:46

Quote:

Originally Posted by zulea

some small things about their "server":

Aes key used to encrypt data sent from xtc clip by raskal to their server:

Hex: 0x4d, 0x52, 0x46, 0x43, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x5b, 0x5d, 0x5f, 0x3f, 0x2a, 0x23, 0x2e

ascii: "mrfc2010-[]_?*#."

just stay tuned, more to come.

Best regards,
zulea

58 54 43 52 55 4c 45 5a 00 00 00 00 4d 52 46 43 32 30 31 30 2d 5b 5d 5f 3f 2a 23 2e

xtcrulez....mrfc2010-[]_?*#

Dimidrolus · 10-09-2011, 21:54

Zulea, yor are fuсking suсker... Why are you destroying hard Raskal work???

buds1 · 10-09-2011, 21:54

very nice. Now we can repair damaged clips.

caraiman · 10-09-2011, 22:01

To all product supporters:
Are you tired of support? Your product sales are going down? Send your documentation and a little sum of money to Zulea and he will publish this here and set you free of all your obligation before your clients!

dejanp · 10-09-2011, 23:46

Quote:

Originally Posted by caraiman

To all product supporters:
Are you tired of support? Your product sales are going down? Send your documentation and a little sum of money to Zulea and he will publish this here and set you free of all your obligation before your clients!

probably work together and cheat customers

people should never buy from Raskal, Manole ,Zulea

the biggest crooks in the GSM world

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Phone Stuff for FREE & KEy-GEn For Logo Editor !	BoNtEk - ThA WtC MeMbA	Nokia Multimedia	8	10-31-2012 20:17
FREE UNLOCK SIM CARD FOR 20 PHILIPS DIGA PHONES ON CELLNET	SP UNLOCKER 2000	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	1	01-17-2011 18:10
need software for 5161 by cable	mln2000	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	6	08-29-2010 20:17
2 FREE NOKIA SP SIM CARDS TO RELEASE FOR INFORMATION WE NEED	SP UNLOCKER 2000	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	3	09-25-1999 03:34

10-09-2011, 21:39	#22 (permalink)
hakkothebest Freak Poster Join Date: May 2005 Posts: 308 Member: 145289 Status: Offline Thanks Meter: 35	Now also "people" will be able to repair their "original clips" that goes dead hahaha!

10-09-2011, 21:54	#27 (permalink)
Dimidrolus Freak Poster Join Date: Sep 2010 Location: Ukraine, Ivano-Frankivsk Age: 31 Posts: 241 Member: 1397329 Status: Offline Thanks Meter: 73	Zulea, yor are fuсking suсker... Why are you destroying hard Raskal work???

10-09-2011, 21:54	#28 (permalink)
buds1 Freak Poster Join Date: Apr 2009 Location: Austria / Vienna Posts: 415 Member: 1002500 Status: Offline Thanks Meter: 263	very nice. Now we can repair damaged clips.

10-09-2011, 22:01	#29 (permalink)
caraiman Freak Poster Join Date: Jul 2007 Posts: 132 Member: 557841 Status: Offline Thanks Meter: 22	To all product supporters: Are you tired of support? Your product sales are going down? Send your documentation and a little sum of money to Zulea and he will publish this here and set you free of all your obligation before your clients!