****************************************************
* Updating a NOKIA 6150 with B-Phreaks logger v1.2 *
****************************************************

> hope this will help some guys out there, who are interrested in FAID update...

1) thanks to ICCANG for the LOGS!

2) any other documents like this are _always_ welcome. together we're stronger!

3) sorry for my english /n/images/smiles/icon_smile.gif)

4) for questions: post them to nfree forum.

-------
greets,
-tek-

hi, just want to ask what are the frames? is it the communication between the pc and the phone? how did the faid came about and all of the phone id's? (see below)
is bphreaks v1.2 the same as v1.7? can you attach v1.2 please coz v1.7 produces [ppm_ver]
in=562020352E32330A32302D30332D30300A4E534D2D310A286329204E4D502E

[imei]
in=343439323038333032363139383933

[msid]
in=82740A563EADF707D7CBE1ECF1

[data]
in=2C42

for my 6150 when upgraded to 5.23
thnx.. explain it further please.....
Get DSP Internal
-----------------------------------------------

m) 1F 00 10 40 00 11 00 01 B8 2C 3D 09 CB 14 F4 3B 42 92 70 2C FC 37 DB 07 74
^^ ^^ ^^
phone_id FAID "Checksum"

CMD 40, 0001, B8: Set FAID

Checksum: B8 + phone_id + all numbers of FAID
(in that case: B8 + 2C + 3D + 09 + CB + 14 + F4 + 3B + 42 + 92 + 70 + 2C + FC + 37 = DB)

-----------------------------------------------

n) 1F 10 00 40 00 06 01 01 B9 01 2C E6 0E 35
^^ ^^
| |-> Checksum
|----> phone_id

Answer: kind of Ack
Checksum: B9 + 01 + phone_id

hi man please give us easy explain

and edate?????? please help

hi tek

I'd like to contact you personally, please send an email to me.
I've also seen that you're from the Confederatio Helvetica - I'm speaking german, maybe you too. so please contact me...

best regards,

Leandros

hi!

@mitch:
ok, maybe you misunderstood that document: it's only an explication of the communication between pc and phone.

frames are requests or answers from or to phone...the whole bytestream.../n/images/smiles/icon_smile.gif)

m) 1F 00 10 40 00 11 00 01 B8 2C 3D 09 CB 14 F4 3B 42 92 70 2C FC 37 DB ..

the phone_id is 2C (in that case)
and the FAID (12 bytes long) starts after the phone_id (here: 3D 09 .... 37)

DB is the checksum of the FAID, see below

Checksum: B8 + phone_id + all numbers of FAID
(in that case: B8 + 2C + 3D + 09 + CB + 14 + F4 + 3B + 42 + 92 + 70 + 2C + FC + 37 = DB)

-----------------------------------------------

n) 1F 10 00 40 00 06 01 01 B9 01 2C E6 0E 35

again: 2C is (in that case) the phoneID, see below
and E6 the "checksum", see below

Checksum: B9 + 01 + phone_id


sorry, i made the doc without 80 chars in length, that may be a problem...

concering: b-phreaks v1.7:

[data]
in=2C42

i think, that 0x42 is the PPM Info (A,B, etc.)
and 0x2C the phoneID, that is needed for FAID update.

i'm not sure, have to check it...maybe later.../n/images/smiles/icon_smile.gif)

greets,
-tek-

hi.

again: this is _not_ the way how you update the phone! i don't know, how we can calc faid...i don't have the algorithm (yet) /n/images/smiles/icon_smile.gif)

greets,
-tek

U have the wisdom of how to read (& write) to the Phone and delivered some very interresting numbers!

Can U eXplain how to do this ourselves?

I would very much appreciate that because I know lot about bytes & addresses but nothing about FBUS/ MBUS communicating.

Otherwise there's no way for me to see if 0x2C is also my phoneID.

Minor question in general:
Is it only my phone where the MSID nr is changing after each network conn.?

NokDoc

@NokDoc:

0x2C is surely not your phoneID...you can check this by logs [data]in=xx.

the MSID should be static...if not hmm...the whole thing with those logs wouldn't work...

greetings,
-tek-

hey nokdoc...

send me your knowledge about " bytes & addresses " ...

greets,
-tek-

Your 0x2Ch is definately the Phone ID nr in [Data]in, mine is 4Fh (=79) in Wintesla Phone Identity, correct, good thinking!
This value is officially called "Product ID" there.
I bet the same [edat]out can be used in wintesla there if owning the proper devices.

Changing MSID: Not of importance at all, the logger reboots too and still it works though?

Now only the calculation to be done.

I found this on the net, very interresting, gNokii: "the Wisdom!"
I bet now it'll be possible to obtain all required info.
This is just fragment from gNokii project:
r Get "Made" Date { 0x01c8, 0x05, 0x00, date(4 bytes), 0x00 }
s Get DSP Internal SW { 0x01c8, 0x09 }
r Get DSP Internal SW { 0x01c8, 0x09, 0x00, version (1 bytes), 0x00 }
s Get PCI version { 0x01c8, 0x0a }
r Get PCI version { 0x01c8, 0x0a, 0x00, version, 0x00 }
s Get system ASIC { 0x01c8, 0x0c }
r Get system ASIC { 0x01c8, 0x0c, 0x00, string, 0x00 }
s Get COBBA { 0x01c8, 0x0d }
r Get COBBA { 0x01c8, 0x0d, 0x00, string, 0x00 }
s Get PLUSSA { 0x01c8, 0x0e }
r Get PLUSSA { 0x01c8, 0x0e, available, 0x00 }
where available: 0x01: not available
s Get CCONT { 0x01c8, 0x0f }
r Get CCONT { 0x01c8, 0x0f, available, 0x00 }
where available: 0x01: not available
s Get PPM version { 0x01c8, 0x10 }
r Get PPM version { 0x01c8, 0x10, 0x00, "V ", "firmware", 0x0a, "firmware date", 0x0a, "model", 0x0a, "(c) NMP.", 0x00 }
s Get PPM info { 0x01c8, 0x12 }
r Get PPM info { 0x01c8, 0x12, 0x00, PPM version ("B", "C", etc.), 0x00 }
s Set HW version { 0x01c9, 0x05, version, 0x00 }
s Get Product Code { 0x01ca, 0x01 }
r Get Product Code { 0x01ca, 0x01, 0x00, number, 0x00 }

Good Luck


Mr. Tek:
What specific you want to know about adresses in the flash then?
I'd studied flashes for months and know more as the nFree prg now!
Look at the PPM_Addressing text some while ago.
I have it for MCU/ Eeprom too, but still figuring out some particular areas.
I'm not familiar with the corresponding tech. terms, I only use compare methods and analyse differences between versions/ updates etc.

Remeber: Just 'clear thinking' will solve most of the problems!

NokDoc

hi all
you say msid stays the same - it does not, changes every sw reboot. but the msid is just a crypted version of cobba id, ppm chksum, random number and maybe some other stuff. but those values are static for the phone you are working with.
could you also send me these files please. I need to work out info regarding IMEI and FAID. Now the hex is here, I'm gonna reverse it to get FAID calc. and write software to update phones without need for dejan box......but also want to incorporate custom ppms and IMEI changing, full unlock etc... please help, I know you are the guys that have the wisdom
thanks
outerc0re

@outercore: have you tried the hex file that has been posted? is it really working? /n/images/smiles/icon_smile.gif thnx...

hello!

@outcore: if you want to know more about FAID calc, email me.

-tek-

in a few days i'll release my FAID calculator...

1.) the whole flash is needed (mcu+ppm), without EEPROM
2.) MSID

that's all...so if you wanna calc FAID you always need the file you flashed...

bye,
-tek-