How To use IDA To disasm NOKIA DCT4 flash by kontact - GSM-Forum

watusi2 · 02-11-2006, 05:12

http://www.cracklab.ru/download/list.php?l=1

yes, learning how to disasm will help us make or learn or find info on gsm programming.

some tips on disassembling mcode.app /SIS. don't use ida 4.8. since i try and saw that the import func names are not being imported. use ida 4.6.

regards

2.--------------------------------------------------------------------------------

Hello

Requirements:

1.You must have decr.exe the CrypterX by Nok5rev and G3gg0. to decrypt DCT4 flash file and to Encrypt.
2. IDA Disasm software. (any ver will do )
3. Time and efforts.

run ida. load the file on ida.
then u will see the first image1 and image2. just follow it and all will be disassemble.

hope everyone will have fun. more to come...

regards

3.Hi,

Dct3/4 flash files MCU part is ARM/THUMB.

now after loading the dct4 decrypted flash files on ida. goto offset 0100.0100 that is the entry point of the ARM_main. All starts from there. u can press C while the cursor is focus on the said address and u will see something like this'

ROM:01000100 loc_1000100 ; DATA XREF: ROM:01000078o
ROM:01000100 ; sub_109ADD8ff_109AEECo
ROM:01000100 B loc_1091A00 // a jmup to the arm_main routine

then follow that B loc_1091A00 and so on. Pressing C if you only see hexes. to convert it to ARM opcodes.

here are the arm/thumb quick ref chart.

regards

visit here....http://www.blutacgsm.net/forums/showthread.php?t=62

Zaihtam · 02-11-2006, 09:34

Conclusion:

1. Use "ARMB" processor type
2. ram size 0x80000
3. rom address start 0x1000000, load it at 0x1000000
4. Entry Point 0x1000100

02-11-2006, 05:12	#1 (permalink)
watusi2 Freak Poster Join Date: Jul 2004 Age: 52 Posts: 126 Member: 75583 Status: Offline Thanks Meter: 6	How To use IDA To disasm NOKIA DCT4 flash by kontact http://www.cracklab.ru/download/list.php?l=1 yes, learning how to disasm will help us make or learn or find info on gsm programming. some tips on disassembling mcode.app /SIS. don't use ida 4.8. since i try and saw that the import func names are not being imported. use ida 4.6. regards 2.-------------------------------------------------------------------------------- Hello Requirements: 1.You must have decr.exe the CrypterX by Nok5rev and G3gg0. to decrypt DCT4 flash file and to Encrypt. 2. IDA Disasm software. (any ver will do ) 3. Time and efforts. run ida. load the file on ida. then u will see the first image1 and image2. just follow it and all will be disassemble. hope everyone will have fun. more to come... regards 3.Hi, Dct3/4 flash files MCU part is ARM/THUMB. now after loading the dct4 decrypted flash files on ida. goto offset 0100.0100 that is the entry point of the ARM_main. All starts from there. u can press C while the cursor is focus on the said address and u will see something like this' ROM:01000100 loc_1000100 ; DATA XREF: ROM:01000078o ROM:01000100 ; sub_109ADD8ff_109AEECo ROM:01000100 B loc_1091A00 // a jmup to the arm_main routine then follow that B loc_1091A00 and so on. Pressing C if you only see hexes. to convert it to ARM opcodes. here are the arm/thumb quick ref chart. regards visit here....http://www.blutacgsm.net/forums/showthread.php?t=62

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How can i damage Imei of Nokia DCT4+ phones to 123456789123456	powerplay83	Nokia Digital Core Technology 4 ( DCT-4 )	1	11-22-2009 19:20
How to use wap gprs from nokia 9300 to PC internet??	sallu	Nokia Multimedia	2	07-08-2007 08:43
how to find security code in nokia dct4 models using ufs	grapher	UFS2 + UFS3-Tornadoflasher	3	08-03-2005 12:05
How to use IDA Pro?	Z-man	GSM Programming & Reverse Engineering	1	02-26-2003 09:04
anyone can help me with test point on T180 and how to use it to flash dead phone?	crossings	Motorola Old Legacy (EMMI)	1	02-12-2003 19:19

02-11-2006, 09:34	#2 (permalink)
Zaihtam No Life Poster Join Date: Dec 2004 Location: 0x001FD00 Posts: 1,285 Member: 98572 Status: Offline Thanks Meter: 36	Conclusion: 1. Use "ARMB" processor type 2. ram size 0x80000 3. rom address start 0x1000000, load it at 0x1000000 4. Entry Point 0x1000100