Originally Posted by german gsm team (Post 6266649)

IMHO codes are still calculated by SX-5 algo (with MCC, MNC and configuration key)

Telcel phones aren't unlockable due to byte 1 is set zo 1 in profile bits .

Therfore: No cable unlock, no keypad unlock - even with correct code.

Since simlock data (including profile bits) is RSA-signed there is no way to unlock without Nokia SX-4T card and online variant change.

Originally Posted by karwos (Post 5816005)

Hi,
this should work on all nokia phones (dct3/4, bb5, wd2, infineon)
and most probably on units which were unlocked by code before (need chk that carefully).

So just enter code this format:

*pw+123451234512345+x#

(where X is lock level, and use * instead of #)

Do anybody knew this before ;) ? Credit goes to cyclone team.

This is more a curious trick than any update.
I will post some more "cool codes" later.

Originally Posted by Haltec (Post 6270670)

Yes, but MCC, MNC, can be replaced with anything (even random number) in Algo - as long as they used same variable/value during locking process...

And how does this interfere IMEI+CODE+RND theory ?




And one more thing - I might maybe, JUST MAYBE, ensure acess to sniff SX card communicaton with code calculation in qty of 100 choiced codes, would anyone be interested?

Will this even gain anything useful?


Of course card is MCC MNC dependant.



BR


Haltec

Originally Posted by Haltec (Post 6271242)

p.s. Altough even that is not possible on new(est) security card generation.

Originally Posted by Bph&co (Post 4995757)

Hi,



I can't be sure 100%, but i did some analysis on unlocked SL3 phones by DM3 and

to me it seems that he either have SX5 card connected to the server or access

to high level Salo account.



My original thought was that he is brute forcing the code, as it is no problem for

him to read the hashes from the phone. I also remembered our old conversation

that he gave me that idea for reading hashes and using powerful clusters to

bruteforce the code (back then was for dct4+).



But then i did simple tests on the data after DM3 unlock, results were:



1. Code entered by DM3 box is not the same as the Network will make, maybe

we can assume the SX5 SN is used as part of the calculation and the obvious

collision in the SL3 algo is not carelessness by Nokia but a feature to detect

who made the codes and probably blacklist SX5 codes in future firmware.

(if you remember dct4 codes, you will know what i am talking about)



2. The code DM3 box is calculating is not the first available one in the large

non-collision free keyspace, so bruteforce is maybe not what is used(Offcourse

he can just use different search algorithm)



Anyway all is assumptions because we don't have large enough data to

analyse.



Feel free to send me the last key of PM120 of unlocked phones by DM3 or

network codes, with large enough subset of data, all will be clear soon.



Regards, Alex

B-phreaks

Originally Posted by usernome (Post 6319314)

If it's calculated by brute-force why can't we (some of us) do something like distributed.net ?

Originally Posted by mustipusti (Post 6319474)

that wil cost too much money and the unlock price will be high for the customers.

Originally Posted by usernome (Post 6320761)

what money to cost ?
We will use our computers for calculation ...

Originally Posted by uqbah (Post 6325644)

no bro its computing is simple not so much complicated.(as much i know).
but it cost hight yes it is highly costed solution..
u need power full systems with data cards and electricity..

part of GT data centre for bruteforce sl3..

http://www.softmobile.net/test/DSC05383.JPG


http://www.softmobile.net/test/DSC05384.jpg