GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Other Gsm/Mobile Related Forums > GSM Programming & Reverse Engineering


GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets.

Closed Thread
 
LinkBack Thread Tools Display Modes
Old 08-26-2010, 14:50   #16 (permalink)
No Life Poster
 
Join Date: Mar 2009
Location: Europe Wienna
Posts: 1,269
Member: 984046
Status: Offline
Thanks Meter: 255

And can someone tell what that ASCII is !!!



Quote:
Originally Posted by geohot View Post
@german_gsm_team Because the iPhone jailbreaks and unlocks go directly to the end users. DCT4 stuff would just go to unlockers.



AND OMG I DONT BELIEVE I MISSED THIS

Code:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 01 42 8A 2F 98 D7 28 AE 22 3D DA
B6 DF FC 72 73 92 F7 1C B6 00 00 00 CB E7 2D A1
69 B4 99 42 E8 BB 59 87 CD FE 73 07 F5 16 26 FF


Cube it. "SHA" placeholder is ASCII.

So even if you can fully decrypt PM120, you'll still won't know the code beacouse it is multiplied with 0-1000 range integer? hmpf....


All of guys involving in this (won't name count them here - bcos don't wan't to accidentally forgot anyone) doing really cool stuff behind our GUI unlock button.


But how (and how) much closer DM3 get...

(by speed reported, it seems that they doesn't use BF at all)

@shadab_a4u - looks that way....




BR


Haltec
 
Old 08-26-2010, 15:55   #17 (permalink)
Freak Poster
 
josedavido's Avatar
 
Join Date: Apr 2005
Location: Inside Vb.Net
Age: 41
Posts: 374
Member: 140822
Status: Offline
Sonork: 100.1594493
Thanks Meter: 1,010
Still a mistery Mr. Shadab.

i guess this work is more simple it seems, but without a little of light from programmers, will be hard for us.
 
Old 08-26-2010, 15:55   #18 (permalink)
No Life Poster
 
..::Angel::..'s Avatar
 
Join Date: Dec 2006
Location: Karachi, Pakistan
Age: 33
Posts: 16,237
Member: 643472
Status: Offline
Sonork: 100.96901
Thanks Meter: 16,589
Quote:
Originally Posted by Haltec View Post
And can someone tell what that ASCII is !!!






So even if you can fully decrypt PM120, you'll still won't know the code beacouse it is multiplied with 0-1000 range integer? hmpf....


All of guys involving in this (won't name count them here - bcos don't wan't to accidentally forgot anyone) doing really cool stuff behind our GUI unlock button.


But how (and how) much closer DM3 get...

(by speed reported, it seems that they doesn't use BF at all)

@shadab_a4u - looks that way....




BR


Haltec
Hi,

Before few days ago i checked UB SL3 unlock average at their web and it was 5 mins only. So, i think DM3 also uses bruteforce or if DM3 does not use bruteforce then i would say UB has somehow connection with DM3 team

BR
 
The Following User Says Thank You to ..::Angel::.. For This Useful Post:
Old 08-26-2010, 16:13   #19 (permalink)
No Life Poster
 
JHUN PANABO's Avatar
 
Join Date: Jun 2008
Location: 3g2 inside
Age: 93
Posts: 565
Member: 785769
Status: Offline
Thanks Meter: 138
Quote:
Originally Posted by ..::Angel::.. View Post
Hi,

Before few days ago i checked UB SL3 unlock average at their web and it was 5 mins only. So, i think DM3 also uses bruteforce or if DM3 does not use bruteforce then i would say UB has somehow connection with DM3 team

BR
maybe they connected, that's why mxkey untill now, they don't had the
solution,co's they can't afford the service...
 
Old 08-26-2010, 16:20   #20 (permalink)
No Life Poster
 
Join Date: Mar 2009
Location: Europe Wienna
Posts: 1,269
Member: 984046
Status: Offline
Thanks Meter: 255
Isn't DM3 is about 5-10 sec per phone ? - about same, as standalone rsa dct4 unlock....

Don't know if they (DM3) unlock 479C...

And I saw pictures of Griffin "Plant" on other forum. Serious job.

Would be great to see some pics from other teams too...

So in production of SL3 codes - nokia multiplied every produced code with 0-1000 and let ASIC to do the math.?




Good trick. Have to admit.


Maybe DM3 have way to force phone to accept their PM120 an then just enter respective code?




BR


Haltec
 
Old 08-26-2010, 16:22   #21 (permalink)
Crazy Poster
 
Join Date: Apr 2008
Location: in your GALAXY
Posts: 50
Member: 759444
Status: Offline
Thanks Meter: 19
Hi,

[120]
2=6AA06D79590AD984B3A89BF148C4F4C7359E675DD7D8F
835CEA93C8DBDFE489D10B3AECB108BFE14067A9A413865
92865801F796BD355B60EC9DEBAB610CF91955E33B226FD4
B0611FE410253693B308763461031F607FCF7630C8305CAA
ABA031D909A6B1C7E41BFA3DEFEA11F0E93D7D0AE16A15E
10FBCCB11DEAD266470490100


On the above SL3 PM120,2 data sample, anyone who can guide locate the sha1 hash for LEVEL 7 unlock code?


Br,

dualtrace
 
Old 08-26-2010, 17:42   #22 (permalink)
No Life Poster
 
..::Angel::..'s Avatar
 
Join Date: Dec 2006
Location: Karachi, Pakistan
Age: 33
Posts: 16,237
Member: 643472
Status: Offline
Sonork: 100.96901
Thanks Meter: 16,589
Quote:
Originally Posted by Haltec View Post
Isn't DM3 is about 5-10 sec per phone ? - about same, as standalone rsa dct4 unlock....

Don't know if they (DM3) unlock 479C...

And I saw pictures of Griffin "Plant" on other forum. Serious job.

Would be great to see some pics from other teams too...

So in production of SL3 codes - nokia multiplied every produced code with 0-1000 and let ASIC to do the math.?




Good trick. Have to admit.


Maybe DM3 have way to force phone to accept their PM120 an then just enter respective code?




BR


Haltec
Hi,

I believe that DM3 and all other team uses bruteforce to unlock SL3 phones. And they have invested alot of money in this project.

Btw, if DM3 force phone to accept their own PM120 then unlock result would be any other config key not as unlock by codes. They could also offer simlock repairs.

Well, future will tell what's method being used to unlock SL3 phone. At the moment, it seems DM3 also uses BF method..!

BR
 
Old 08-26-2010, 17:58   #23 (permalink)
Freak Poster
 
GSM Parts's Avatar
 
Join Date: Jul 2009
Location: Germany <---> Shenzhen
Posts: 108
Member: 1085402
Status: Offline
Sonork: 100.1584889
Thanks Meter: 182
Quote:
Originally Posted by ..::Angel::.. View Post
Hi,

I believe that DM3 and all other team uses bruteforce to unlock SL3 phones. And they have invested alot of money in this project.

Btw, if DM3 force phone to accept their own PM120 then unlock result would be any other config key not as unlock by codes. They could also offer simlock repairs.

Well, future will tell what's method being used to unlock SL3 phone. At the moment, it seems DM3 also uses BF method..!

BR
In 10 seconds Bruteforce?
Not makeable i am sure !

Regards GSM Parts
 
The Following User Says Thank You to GSM Parts For This Useful Post:
Old 08-26-2010, 22:17   #24 (permalink)
No Life Poster
 
angel25dz's Avatar
 
Join Date: Jul 2006
Location: ..::DZ-25::..
Posts: 529
Member: 315181
Status: Offline
Sonork: 100.1593455
Thanks Meter: 301
Quote:
Originally Posted by dualtrace View Post
Hi,

[120]
2=6AA06D79590AD984B3A89BF148C4F4C7359E675DD7D8F
835CEA93C8DBDFE489D10B3AECB108BFE14067A9A413865
92865801F796BD355B60EC9DEBAB610CF91955E33B226FD4
B0611FE410253693B308763461031F607FCF7630C8305CAA
ABA031D909A6B1C7E41BFA3DEFEA11F0E93D7D0AE16A15E
10FBCCB11DEAD266470490100


On the above SL3 PM120,2 data sample, anyone who can guide locate the sha1 hash for LEVEL 7 unlock code?


Br,

dualtrace
good question that's what we need to try :-)
 
Old 08-27-2010, 04:43   #25 (permalink)
Crazy Poster
 
Join Date: Apr 2008
Location: in your GALAXY
Posts: 50
Member: 759444
Status: Offline
Thanks Meter: 19
Hi,

Quote:
And can someone tell what that ASCII is !!!
This is what he mean by his post.

'6675636B206D61746800DEAD0067656F686F74FF : f*ck math....geohot.'




Br,

dualtrace
 
Old 08-27-2010, 10:10   #26 (permalink)
No Life Poster
 
oOXTCOo's Avatar
 
Join Date: Dec 2000
Location: J.A.U - Just Another Unlocker
Age: 43
Posts: 3,498
Member: 2878
Status: Offline
Thanks Meter: 9,123
Quote:
Originally Posted by dualtrace View Post
Hi,

[120]
2=6AA06D79590AD984B3A89BF148C4F4C7359E675DD7D8F
835CEA93C8DBDFE489D10B3AECB108BFE14067A9A413865
92865801F796BD355B60EC9DEBAB610CF91955E33B226FD4
B0611FE410253693B308763461031F607FCF7630C8305CAA
ABA031D909A6B1C7E41BFA3DEFEA11F0E93D7D0AE16A15E
10FBCCB11DEAD266470490100


On the above SL3 PM120,2 data sample, anyone who can guide locate the sha1 hash for LEVEL 7 unlock code?


Br,

dualtrace


to decrypt this block, some more data is needed then just the pm block
 
Old 08-27-2010, 10:18   #27 (permalink)
No Life Poster
 
angel25dz's Avatar
 
Join Date: Jul 2006
Location: ..::DZ-25::..
Posts: 529
Member: 315181
Status: Offline
Sonork: 100.1593455
Thanks Meter: 301
Quote:
Originally Posted by oOXTCOo View Post
to decrypt this block, some more data is needed then just the pm block
it's crypted with AES encryption ???
 
Old 08-29-2010, 00:08   #28 (permalink)
No Life Poster
 
angel25dz's Avatar
 
Join Date: Jul 2006
Location: ..::DZ-25::..
Posts: 529
Member: 315181
Status: Offline
Sonork: 100.1593455
Thanks Meter: 301
Quote:
Originally Posted by angel25dz View Post
it's crypted with AES encryption ???
It was stupid from me

there is no SHA1 Hash in PM120,2

[120]
2=6AA06D79590AD984B3A89BF148C4F4C7359E675DD7D8F
835CEA93C8DBDFE489D10B3AECB108BFE14067A9A413865
92865801F796BD355B60EC9DEBAB610CF91955E33B226FD4
B0611FE410253693B308763461031F607FCF7630C8305CAA
ABA031D909A6B1C7E41BFA3DEFEA11F0E93D7D0AE16A15E
10FBCCB11DEAD26647049
0100

RSA-1024 bit signature = 128 bytes
fixed 02 bytes


That's what I think, if i'm wrong correct me

Last edited by angel25dz; 08-29-2010 at 00:14.
 
Old 08-29-2010, 02:27   #29 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: Somewhere in the World
Age: 54
Posts: 1,425
Member: 9848
Status: Offline
Thanks Meter: 144
Quote:
Originally Posted by ..::Angel::.. View Post
Hi,

I think no. It does not depend on MCC, MNC! They generates level7 codes which removes all restriction in phone. So, no matter which level phone is locked to. If any phone does not accept level7 code or phone is not locked to appropriate level then in this case is not possible to unlock phone with generated level7 code. - Telcel Maxico phones

BR
IMHO codes are still calculated by SX-5 algo (with MCC, MNC and configuration key)

Telcel phones aren't unlockable due to byte 1 is set zo 1 in profile bits .

Therfore: No cable unlock, no keypad unlock - even with correct code.

Since simlock data (including profile bits) is RSA-signed there is no way to unlock without Nokia SX-4T card and online variant change.
 
The Following User Says Thank You to german gsm team For This Useful Post:
Old 08-29-2010, 03:03   #30 (permalink)
Crazy Poster
 
Join Date: Apr 2008
Location: in your GALAXY
Posts: 50
Member: 759444
Status: Offline
Thanks Meter: 19
Quote:
there is no SHA1 Hash in PM120,2

[120]
2=6AA06D79590AD984B3A89BF148C4F4C7359E675DD7D8F
835CEA93C8DBDFE489D10B3AECB108BFE14067A9A413865
92865801F796BD355B60EC9DEBAB610CF91955E33B226FD4
B0611FE410253693B308763461031F607FCF7630C8305CAA
ABA031D909A6B1C7E41BFA3DEFEA11F0E93D7D0AE16A15E
10FBCCB11DEAD266470490100

RSA-1024 bit signature = 128 bytes
fixed 02 bytes


That's what I think, if i'm wrong correct me

So it is in PM120,1 which is 0xA0 bytes, maybe it is similar with
DCT4+ which is encrypted, but I dont think BB5 will use SAFER-64 .
 
Closed Thread

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help: Forgot my 6110 user lock code!! GByte9 Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 4 02-26-2016 14:52
How can I do a Welcome note for my 6110 a dosn't have any one ? Viper Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 8 06-27-2015 11:57
How to add a language in 51xx/61xx tati Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 8 05-21-2013 19:20
How to upload a new firmware... Brand Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 8 06-08-2012 18:29
how the **** do i make wintesla 6.03 work Ravetrancer Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L ) 0 06-16-1999 08:41

 



All times are GMT +1. The time now is 09:39.



Powered by Searchlight © 2024 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2023 -
Page generated in 0.33926 seconds with 9 queries

SEO by vBSEO