|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
HTC & PDA WM( With Touchscreen) HTC, I-mate, Qtek, HP, Hitachi, and many other Pocket PC windows CE base devices |
| LinkBack | Thread Tools | Display Modes |
08-14-2009, 23:15 | #1 (permalink) |
No Life Poster Join Date: Jan 2004 Location: Madrid, ES. Age: 41
Posts: 2,266
Member: 51153 Status: Offline Sonork: 100.113241 Thanks Meter: 3,682 | What is it ? QMAT - QC Mobile Analysis Tool What is it ? It is a development and debugging tool for Qualcomm mobiles Who may need it ? Mobile engineers / reverse engineers / cryptoanalysts and forensic labs Crypto Functions : - Calculate CRC-30, CRC-32, SHA1, SHA2 (SHA224 + SHA256), MD4 and MD5 of any file - Calculate AES, DES, TEA, RSA in several ways (ECD,CBC,CFB,OFB etc..) - Bruteforce bytes to fit CRC-30 needed when qcsblhd_cfgdata.mbn was edited - Extract Gzipped data - Decrypt and Encrypt any RSA-Message, including ASN-1 / SHA Signatures. (you can add publickeys to publickeys.xml) - Generate RSA Private Key and create .pvk files - Check firmware signature given Modulus and Exponent (for HTC and BQS mobiles) - Extract information from .pvk files - Search for algorithms in binary files (find cryptomethods + signatures) CRC8, CRC16, CRC32, MD4, MD5, SHARK, HAVAL, GZIP, ZIP, SHA1, ... and much more (you can add cryptosignatures to crypto.xml) JTAG Interface : (soon via Segger J-Link) Functions for all mobiles with AT modes : 1. Send APDUs to SIM card 2. Read out all SMS with all headers 3. Send any AT command Functions for QC mobiles : 1. Load binary files for : Extraction of certificates Extraction of BMPs,GIFs,PNGs, JPGs 2. Load Partition File to get overview about NAND/NOR structure 3. Send any String to a COM/USB Port and backup all your SMS ! 4. Make usage of QCs Diag USB/COM Port Interface (Useful for any QC mobile in the world) Standard Features : - Send standard diag commands or any hexadecimal command you want (database included) - Read out all NVItems (range given) (all that exist, more than QPST normally extracts) - Backup and Restore all NVItems - Read out and Dump Firmware in Memory (SRam) - Read out complete EFS - Switch to FTM Mode (or anything else you want) - Get infos about phone ..... etc ..... a lot more functions - Generate SimSecure Command to write to SimSecure using given file (may brick your phone when used without knowledge) - Full Feature EFS Browser Bootloader / DownloadMode Features : - Load any file to mobile at any address and execute (bootloader f.e.) - Read out complete NAND Memory using bootloader (range given) with included MSM6250/A bootloader or any given bootloader Usage : Take out battery, put in battery, press ON # to enter emergency mode, Execute Loader or (with SL91,SF71 f.e.) enable FTM mode, Execute Loader - Use any Download Mode or Bootloader Command to experiment - Read application memory of newer Diag Ver 6 in Download Mode - Show complete infos about used NAND after loading of Bootloader Flasher Features : Flash any QC mobile (OBL Multiboot) with given bootloader - Flash PBL (dangerous), QCSBL, QCSBL Header and Config Bits, Partition, OEMSBL, OEMSBL Header, AMSS, AMSS Header and EFS Functions for BQS only : 1. Load AMSS to extract files or useful infos (EF81, E81C, EF91, SXG75, EF82, SF71, SL91 or similiar ones) Features : Extract Infos from AMSS : USBID, Product.Nr., SVN, SwBuild, Mobiletype Extract internal filesystem (mif,bar,sig etc. files) Extract AMSS signature bytes (if production key) Show all file references used by mobile 2. Check Firmware validity (signature) Functions for HTC only : 1. Check validity of HTC firmware (signature check) 2. Cut out signatures from .nbh file 3. Split radio.nb into qualcomm files for analysis 4. Find HTC Public keys using Cryptosearch 5. Generate Security passwords (SPL + radio) for newer HTC 6. Generate NBH Files (you can add any device into devlist.xml) 7. Dump Files from NBH (you can add any type into nbhtype.xml) 8. Fix radio.nb checksum 9. Generic Bootloader / AT Command interface with logging functions Functions for Network Engineers Network Calculators : TDMA (GSM/UMTS) : -------------------- IMEI GSM A5-1 GSM A5-2 GSM A5-3 3G ECSD GEA3 - GPRS 3G SNOW 3G UEA2 3G UIA2 GSM A3/A8 COMP128 V1 GSM A3/A8 COMP128 V2 GSM A3/A8 COMP128 V3 3G Milenage 3G Milenage Resync CDMA : ------- CAVE CAVE Authentication CAVE CMEA CAVE EMEA CAVE EMEA_NF CAVE Wireless Residential Extension CAVE Datakey / Look Up Table / Mask CAVE DTC / DCCH CAVE KSG CAVE Long Block CAVE Short Block CAVE Enhanced Message CAVE Enhanced Voice Privacy CAVE Enhanced Data Mask and much more .... Planned in future : 1. Bugfixes 2. EFS Restore to Zip File 3. QC Jtag interface using Segger J-Link ARM 4. LNBS HTC support to replace MTTY 5. CDMA Write Functions 6. Tooltips showing real addresses in graphical window 7. Read out / Write back Addressbook 8. Restore backupped SMS to phone 9. much much more NO UNLOCKING, IMEI or ESN CHANGING ! PLEASE DO NOT REQUEST. THIS PROJECT IS FOR EDUCATIONAL/DEVELOPMENT PURPOSES ONLY, AND NOT TO HARM COMPANIES FOR THEIR EFFORTS. What we need : - Any contribution to the project is welcome. - Donations for new hardware and software for further development of this tool. For prices of software or source, please consult the "Buy QMAT" page. The software QMAT is in no way connected with the company Qualcomm or any other company. Thanks for using this software. br... F@RUK S. GsmKosova.com |
The Following 2 Users Say Thank You to F@RUK S For This Useful Post: |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
RCD Tools - what is it? product description | Holden | MARTECH CARS Category | 0 | 02-27-2010 15:36 |
QC Mobile Analyzer Tool | bkerler | GSM Programming & Reverse Engineering | 1 | 10-27-2009 19:29 |
x5i mobile phone what is it? | anees02 | Chinese Models & Cloned Phones | 1 | 02-11-2009 18:22 |
Crown Mobile Phone What is it ? | Amir-SkillZ | Infinity-Box | 2 | 01-07-2008 12:47 |