General Informations regarding CID, CDA, COLOR, GDFS etc.
Wednesday, April 11, 2007
SonyEricsson ARM Inside: A3618,R600,T100,T100c,T102,T105,T106,Z200,J200,J200i,J200c, J210,J220,230,Z300 etc. AVR Inside: R520,T200,T202,T226,T226m,T226s,T230,T237,T238,T290,T290a,T290c,T290i, T300,T302,T306,T310,T312,T316,T39,T65,T68,T610,T616,T618,T628,T630,T637,P800,P802, P900,P908,P910,Z600,Z608. New ARM Inside (SEMC):D750,F500,J300,K300,K310,K500,K506c,K508,K510,K600,K608,K610,K700,K750,K790,M600, P990,S700,S710,W300,W550,W600,W700,W800,W810,W900,V600,V630,V800,Z1010,Z300,Z500,Z520,Z530,Z550,Z800. CR 16B Inside:T66,T600,T600c,T602. ODM:J100.
CID = This "number" defines the version of SE's protection present in the phone.New CIDs are deployed from time to time, for the sole reason of preventing them from beeing unlocked/flashed/tampered with by non-SE service tools. Current CIDs in use by SE are 29/36/37/49. SE-based LG/Sharp phones use the same system (but different versions). The OTP (One Time Programmable memory) and EROM of a phone might be protected by different CIDs, usually the case in newer K600s/K608s.
CDA = This "number" defines which variant of a specific firmware a phone is supposed to have.It lets among others SEUS (Sony Ericsson Update Service) know which language-pack/branding/bandlocks a phone is to be flashed with. A generic (unbranded) K750 for use in Scandinavia will be CDA102337/12, whilst a Telenor-branded K750 will be CDA102338/62. Both will be flashed with the same languages/dictionaries, but the latter will be flashed with Telenor-branded firmware.
BLUE/BROWN/RED:This "color" defines what kind of phone we are dealing with.BLUE phones has been assembled at the factory, but never been programmed with software/GDFS/IMEI (remember kids: the IMEI is stored in the OTP (One Time Programmable memory))BROWN phones are "developer phones", for testing. Less restrictions are present, as these are used for "debugging/beta" purposes. As of CID36, a phone has to be converted to BROWN to unlock it.RED phones are your typical retail ones.
GDFS:This is the phones "stash", where all settings and calibration data is stored (this also goes for the firmwares IMEI-resource as well as the SIMlocks). Similar to other brands use of NVRAM (Non-Viotile Random Access Memory).
IMEI = International Mobile Equipment Identity.A 15-digit number which includes information on the origin, model, and serial number of the device. The model and origin comprise the initial 8-digit portion of the IMEI, known as the "Type Allocation Code/TAC". The remainder of the IMEI is manufacturer-defined, with a "Luhn check digit" at the end (which is never transmitted). The "Luhn check digit" is calculated from the rest of the IMEI. It should be noted that in SE-based phones, the IMEI is stored in two places, the OTP (One Time Programmable memory) and GDFS. The GDFS IMEI is normally read from the OTP, but this can be circumvented by SETool function to "change" the IMEI. This patches the firmware into allowing different OTP/GDFS IMEIs. It is the GDFS IMEI that is reported to the network, so changing this will "de-bar" blocked phones. SEUS is not fooled by this, on the other hand, and it should also be noted that doing this is illegal in most countries.
EMMA = Service software/solution by SE themselves. Protected by the EMMA smartcard to prevent non-licensed usage. Current version is EMMA3, though EMMA2 is still alive (but kinda useless on newer phones). The EMMA smartcard contains an algorithm that allows EMMA to communicate directly to/with the phones CID, so performing operations the way they were intended. The smartcard and its algorithm has not been cracked. Current EMMA access levels exists:Service Update - Can't unlock phones.Service Update Pro - Can't unlock phones.Network Operator - Can't unlock phones (but sure as hell can lock them ).Service Center Std - Can't unlock phones.Service Center Rc - Can unlock phones, as they have a special version of the smartcard with a CSCA key.Research & Development - Can unlock phones, as they have a special version of the smartcard with a CSCA key.
DB2000, DB2010, DB2020 = SEMC (Sony Ericsson Mobile Communications) hardware platforms. It's something similar to chipset in PC.DB2000 (another name is Marita) is a GSM+3G(UMTS) capable platform, SE K600/K608/V600/Z800/W900, Sharp 802sh, 902sh, 903sh and LG 3G phones are based on it.DB2010/2012 (Marita compact) is GSM-only, non-3G, platform. Most not very old and modern SE phones like K300,K500,K700,K750,S700,W300,W550,W800,Z520,Z530 are based on this chipset.DB2020 is the newest product of SEMC. K800, K790, K610, Z710 etc, Sharp 904sh feature this most secure (from SE's point of view) platform.
manual for downgrade 1112, 2310 and 2610 to nokia 1600 with MT box
Saturday, March 17, 2007
Nokia 1112
Start MTB NK software Select erase_1112.flf as PPM file (dont select MCU and CP file) press Flash button Now full flash the phone After flash go to Extras and EEPROM (PMM) Read/Write load PM file and press Write all Set phone to factory default Now unlock the phone
Nokia 2310
How to repair Contact service or repair downgraded 2310 to 1600 and add Radio feature again to it. Start MTB NK software Check Extras and select Custom erase in field Our goes to security EEPROM area enter address 013F0000 013FFFFF Press Erase selected this operation will take 5-7 seconds Now full flash the phone After flash go to Extras and EEPROM (PMM) Read/Write load PM file and press Write all Set phone to factory default Now unlock the phone
Nokia 2610
Start MTB NK software Select 2610rh86_87__03.71.mcuswERZ as MCU file (dont select PPM and CP file) press Flash button Now full flash the phone After flash go to Extras and EEPROM (PMM) Read/Write load PM file and press Write all Set phone to factory default Now unlock the phone How to check it is phone sim lock data ok or no: Click on Sim lock status button and if there is some strange details use repair way before unlock it. Before you make unlock use Sim lock status button to check. This is the data from not touched phone before unlock: Operator: 0000000000000000 Profile bits: 800000000001000B Closed on Mcc Mnc: 20416F This is the data from “phone toy” Operator: 2041600000000000 Profile bits: 8000000000010002 Closed on Mcc Mnc: 20416F Closed on Mcc Mnc: F10F Closed on Mcc Mnc: F19F Closed on Mcc Mnc: F1 Closed on Mcc Mnc: F40F Closed on Mcc Mnc: F49F Closed on Mcc Mnc: F1 Closed on Mcc Mnc: F40F Closed on Mcc Mnc: F50F Closed on Mcc Mnc: F2 Closed on Mcc Mnc: F75F Closed on Mcc Mnc: F84F Closed on Mcc Mnc: F1 Closed on Mcc Mnc: F56F Closed on Mcc Mnc: F89F Closed on Mcc Mnc: F2 Closed on Mcc Mnc: F3 Closed on Mcc Mnc: F51F Closed on Mcc Mnc: F54F Closed on Mcc Mnc: F2 Closed on Mcc Mnc: F4 Closed on Mcc Mnc: F15F Closed on Mcc Mnc: F19F Closed on Mcc Mnc: F3 Closed on Mcc Mnc: F30F Closed on Mcc Mnc: F39F Closed on Mcc Mnc: F3 Closed on Mcc Mnc: F56F Closed on Mcc Mnc: F64F Closed on Mcc Mnc: F4 Closed on Mcc Mnc: F80F Closed on Mcc Mnc: F84F Closed on Mcc Mnc: F4 Closed on Mcc Mnc: F10F Closed on Mcc Mnc: F14F Closed on Mcc Mnc: F4 90% phones these days are “toys” , because no solution long time and everybody try downgrade way to 1600
Unlock Nokia Asic 11 With MT box Nokia under GT Server
Asic 11 and DCT4 plus realised for MT box Nokia under GT Server
Supported models: - Nokia 1112 - Nokia 2310 - Nokia 2610 To use it you need to have Griffin server account. Start MT box software and follow isntruction from above picture to enter login details. Connect phone using FBUS cable and press unlock Internet connection required Please allows connection if any firewall This is real time unlock and operation take only fiwe seconds The phone will be unlocked like from factory This operation wil take only 1 credit from your Griffin server account
RSS
