I have read somewhere that the MBUS command to set the FAID is 0xb8.
The command looks as follows:
0x00, 0x01, 0xb8, [13 bytes FAID] , [Mbus checksum]

I have captured data when updating FAID

Captured - Set FAID
--------
Eeprom Tools V3 (3210)
1F 00 10 40 00 11 00 01 B8 45 A1 83 58 ED F7 8C 6F 34 91 FF D5

Eeprom Tools V4 (5130)
1F 00 10 40 00 11 00 01 B8 2D 92 F4 17 1B 2E 5B BF AD 35 30 52

As you can see after the B8 is 12 bytes. The FF and 30 are not Sequence numbers because MBUS uses 00 - 09 and the D5 and 52 are not the Checksums. The length is both examples is specified as 11 (17), but only 15 bytes are used after the length :confused:

When I have decoded the MSID and calculated the FAID I end up with 12 bytes. So what I need to know is do I only need to put my 12 bytes at the end of "1F 00 10 40 00 11 00 01 B8 " with no Sequence number and Checksum :confused:

Is the correct length if the FAID 12 or 13 bytes because I am well :confused:

Hmm I have this in my infobase somewhere, let's see

subsystem 0x01 (LOCAL) / packet type 0x40 (service and debugging) / subtype 0xB8 (Set FAID)

Indeed, you are right with 0xB8..

1F Frame type MBUS
00 Destination host (phone)
10 Source host (PC)
40 Packet type
00 Length bit 15-8
11 Length bit 7-0
00 Dest subsys (huh? this should be 0x01)
01 Source subsys
--
B8 Subtype
-- payload:
45 A1 83 58
ED F7 8C 6F
34 91 FF D5

You might have to enable service and debug commands before you're actually able to set it though.

As to why the length, checksum and seq# are not correct, I don't know.

I think you have not captured the right stream... please verify again, with known FAID and looking for hex-string.

I'll try again to update the FAID and see what result I get in the log.

I'm using Portmon to capture the data, unfortunately it doesn't like it when I use Nokia Tools By Rolis 1.9 b2, but it will let me use any of the Eeprom Tools by B-Phreaks.

I'll post the results as soon as.

I'm using serialwatcher, much better (to me) than Portmon

capotixplus

I've tried using SerialWatcher and I just cant get it to work, when the port is open is wont allow other program to use that comport.

When I updated the FAID I did not recieve any errors.

I've included the capture using Eeprom Tools v4 to update the FAID on a 5130.

At line 237 is the FAID command.

EPTV4 - FAID Nokia 5130
1F 00 10 40 00 11 00 01 B8 2D 6A 37 68 48 20 13 59 A9 48 2C DF

The checksum at the end (DF) still does not calculate with the rest.

Still a bit confused :confused:

Maybe this helps.

unit Calcul;
// Input Data is 13 bytes of MsId number in MsId[0..12] and 7 bytes of IMEI number in Imei[0..6]
//
// for i := 0 to 11 do Cobba[i] := 0; // Clear Cobba S/N Buffer
// Algo_8x := MsId[0];
// for i := 0 to 11 do BufVar[i] := MsId[i+1]; // Get MsId from Buffer
// BufTab := SelAlg(Algo_8x,0,Cobba);
// // BufVar have source, BufTab have Decode or Encode table, depend on 8X MsId
//
// CoDecN(BufVar,BufTab,DecodTabl); // Do Decode
// // Msid is decoded now in BufVar (Flash CRC, COBBA s/n, Hash)
// for i := 0 to 3 do Cobba[i] := BufVar[i+4]; // Get Decoded COBBA s/n
//
// // Now begin encoding
//
// BufTab := SelAlg(Algo_8x,1,Cobba); // Choose Algo Table for FlId and Set COBBA s/n
// PpmCrc(BufVar); // Prepare Decoded FLASH CRC for encoding
// CoDecN(BufVar,BufTab,EncodTabl); // Do Encode
// // BufVar now have FLASH ID registry EE Data
//
// BufTab := SelAlg(Algo_8x,2,Cobba);
// BufVar := Lock1_Def; // Set Default SimLock Part1(MCC, MNC, MSIN)
// CoDecN(BufVar,BufTab,EncodTabl);
// // BufVar have now SimLock p.1 EE Data
//
// BufVar := Lock2_Def; // Set Default Sim Lock Part2(GID1, GID2)
// CoDecN(BufVar,BufTab,EncodTabl);
// // BufVar have now SimLock p.2 EE Data
// BufTab := SelAlg(Algo_8x,3,Cobba);
// BufVar := Imei_Def; // Set Default IMEI 000000-00-000000
// for i := 0 to 6 do BufVar[i+2] := Imei[i]; // Set required IMEI
// CoDecN(BufVar,BufTab,EncodTabl);
// // BufVar have now IMEI EE Data
//
interface

type By12Ar = array[0..11] of byte;

function RevByt(b: byte):byte;
procedure Do_CRC(Dat: Longword;var Res: Longword);
procedure RevBuf(var Buf: By12Ar);
procedure CRR32k(var Buf: By12Ar;P: byte;k: integer);
procedure XorOrB(var Buf: By12Ar);
procedure ScrStt(var Buf: By12Ar;Tab1,Tab: By12Ar;TabP: byte);
procedure Permut(var Buf: By12Ar);
procedure PpmCrc(var Buf: By12Ar);
procedure CoDecN(var Buf: By12Ar;Tab,Key: By12Ar);
function SelAlg(A,M: byte;var Cb: By12Ar): By12Ar;

const

Imei_Def : By12Ar = ($79,$29,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);
// IMEI: 000000-00-000000
Lock1_Def : By12Ar = ($00,$10,$10,$00,$00,$00,$00,$10,$00,$79,$54,$C2);
// MccMnc: 001-01 Msin: 0000000001
Lock2_Def : By12Ar = ($00,$00,$00,$00,$29,$00,$00,$00,$00,$00,$54,$C2);


EncodTabl : By12Ar = ($B1,$73,$E6,$5A,$AB,$47,$8E,$0D,$1A,$34,$68,$0B);

DecodTabl : By12Ar = ($D0,$16,$2C,$58,$B0,$71,$E2,$D5,$5A,$67,$CE,$8D);


Msid_Dec_81 : By12Ar = ($83,$CB,$74,$24,$DF,$F1,$E9,$97,$68,$71,$DB,$44);

Msid_Dec_82 : By12Ar = ($9F,$7A,$AD,$34,$E7,$79,$27,$73,$4E,$41,$0D,$26);

Msid_Dec_83 : By12Ar = ($50,$F3,$65,$25,$D2,$B1,$C1,$B6,$09,$AE,$FF,$4C);


Flid_Enc_81 : By12Ar = ($2C,$03,$6F,$34,$5D,$23,$C6,$58,$03,$09,$52,$C4);

Flid_Enc_82 : By12Ar = ($4F,$B9,$6C,$27,$02,$DD,$77,$DD,$06,$E3,$E2,$DF);

Flid_Enc_83 : By12Ar = ($B8,$33,$80,$04,$B8,$48,$85,$1A,$2D,$CE,$A1,$28);


Lock_Enc_81 : By12Ar = ($7B,$B4,$D0,$EF,$9E,$B2,$0A,$BE,$73,$DA,$D3,$35);
// bad table for MsId 81x, do not use
Lock_Enc_82 : By12Ar = ($D1,$A2,$5F,$EB,$4F,$F0,$2D,$7B,$0F,$4C,$E1,$C3);

Lock_Enc_83 : By12Ar = ($7B,$B4,$D0,$EF,$9E,$B2,$0A,$BE,$73,$DA,$D3,$35);


Imei_Enc_81 : By12Ar = ($CA,$63,$5A,$E7,$19,$FA,$A6,$4C,$0D,$78,$FC,$16);
// bad table for MsId 81x, do not use
Imei_Enc_82 : By12Ar = ($0B,$AE,$FC,$8C,$C7,$FC,$79,$2A,$C1,$94,$C2,$37);

Imei_Enc_83 : By12Ar = ($CA,$63,$5A,$E7,$19,$FA,$A6,$4C,$0D,$78,$FC,$16);


implementation
{*************************************************
*****************************}
function SelAlg(A,M: byte;var Cb: By12Ar): By12Ar;
var
i : integer;
begin
for i := 0 to 11 do
case M of
0: case A of
$81: SelAlg := Msid_Dec_81;
$82: SelAlg := Msid_Dec_82;
$83: SelAlg := Msid_Dec_83;
end;
1: case A of
$81: SelAlg[i] := Flid_Enc_81[i] xor Cb[i];
$82: SelAlg[i] := Flid_Enc_82[i] xor Cb[i];
$83: SelAlg[i] := Flid_Enc_83[i] xor Cb[i];
end;
2: case A of
$81: SelAlg[i] := Lock_Enc_81[i] xor Cb[i];
$82: SelAlg[i] := Lock_Enc_82[i] xor Cb[i];
$83: SelAlg[i] := Lock_Enc_83[i] xor Cb[i];
end;
3: case A of
$81: SelAlg[i] := Imei_Enc_81[i] xor Cb[i];
$82: SelAlg[i] := Imei_Enc_82[i] xor Cb[i];
$83: SelAlg[i] := Imei_Enc_83[i] xor Cb[i];
end;
end;
end;
{*************************************************
*****************************}
procedure CoDecN(var Buf: By12Ar;Tab,Key: By12Ar);
var
i : integer;
begin
for i := 0 to 10 do
begin
ScrStt(Buf,Tab,Key,i);
Permut(Buf);
CRR32k(Buf,0,10);
CRR32k(Buf,8,31);
XorOrB(Buf);
CRR32k(Buf,8,10);
CRR32k(Buf,0,31);
end;
ScrStt(Buf,Tab,Key,11);
Permut(Buf);
RevBuf(Buf);
end;
{*************************************************
*****************************}
procedure PpmCrc(var Buf: By12Ar);
begin
Buf[0] := Buf[0] xor $17; // Restore PPM (last 4x bytes) record to CRC result
Buf[1] := Buf[1] xor $CA;
Buf[2] := Buf[2] xor $60;
Buf[3] := Buf[3] xor $89;
Buf[4] := Buf[0] xor $FF; // Complement of CRC
Buf[5] := Buf[1] xor $FF;
Buf[6] := Buf[2] xor $FF;
Buf[7] := Buf[3] xor $FF;
Buf[8] := 0; // Zerros
Buf[9] := 0;
Buf[10] := 0;
Buf[11] := 0;
end;
{*************************************************
*****************************}
procedure Permut(var Buf: By12Ar);
var
i : integer;
w,x : byte;
Wbuf : array[0..11] of byte;
begin
w := Buf[0];x := w;
Wbuf[01]:= w;
Wbuf[04]:= w;
Wbuf[08]:= w;
Wbuf[09]:= w;
Wbuf[11]:= w;
//
w := Buf[1];x := x xor w;
Wbuf[05]:= w;
Wbuf[06]:= w;
Wbuf[10]:= w;
Wbuf[08]:= w xor Wbuf[08];
Wbuf[09]:= w xor Wbuf[09];
//
w := Buf[2];x := x xor w;
Wbuf[03]:= w;
Wbuf[01]:= w xor Wbuf[01];
Wbuf[06]:= w xor Wbuf[06];
Wbuf[10]:= w xor Wbuf[10];
Wbuf[11]:= w xor Wbuf[11];
//
w := Buf[3];x := x xor w;
Wbuf[00]:= w;
Wbuf[07]:= w;
Wbuf[08]:= w xor Wbuf[08];
Wbuf[10]:= w xor Wbuf[10];
Wbuf[11]:= w xor Wbuf[11];
//
w := Buf[4];x := x xor w;
Wbuf[00]:= w xor Wbuf[00];
Wbuf[01]:= w xor Wbuf[01];
Wbuf[03]:= w xor Wbuf[03];
Wbuf[05]:= w xor Wbuf[05];
Wbuf[08]:= w xor Wbuf[08];
//
w := Buf[5];x := x xor w;
Wbuf[02]:= w;
Wbuf[00]:= w xor Wbuf[00];
Wbuf[01]:= w xor Wbuf[01];
Wbuf[09]:= w xor Wbuf[09];
Wbuf[10]:= w xor Wbuf[10];
//
w := Buf[6];x := x xor w;
Wbuf[02]:= w xor Wbuf[02];
Wbuf[03]:= w xor Wbuf[03];
Wbuf[05]:= w xor Wbuf[05];
Wbuf[07]:= w xor Wbuf[07];
Wbuf[10]:= w xor Wbuf[10];
//
w := Buf[7];x := x xor w;
Wbuf[00]:= w xor Wbuf[00];
Wbuf[02]:= w xor Wbuf[02];
Wbuf[03]:= w xor Wbuf[03];
Wbuf[04]:= w xor Wbuf[04];
Wbuf[11]:= w xor Wbuf[11];
//
w := Buf[8];x := x xor w;
Wbuf[00]:= w xor Wbuf[00];
Wbuf[04]:= w xor Wbuf[04];
Wbuf[05]:= w xor Wbuf[05];
Wbuf[07]:= w xor Wbuf[07];
Wbuf[09]:= w xor Wbuf[09];
//
w := Buf[9];x := x xor w;
Wbuf[01]:= w xor Wbuf[01];
Wbuf[02]:= w xor Wbuf[02];
Wbuf[04]:= w xor Wbuf[04];
Wbuf[05]:= w xor Wbuf[05];
Wbuf[06]:= w xor Wbuf[06];
//
w := Buf[10];x := x xor w;
Wbuf[02]:= w xor Wbuf[02];
Wbuf[06]:= w xor Wbuf[06];
Wbuf[07]:= w xor Wbuf[07];
Wbuf[09]:= w xor Wbuf[09];
Wbuf[11]:= w xor Wbuf[11];
//
w := Buf[11];x := x xor w;
Wbuf[03]:= w xor Wbuf[03];
Wbuf[04]:= w xor Wbuf[04];
Wbuf[06]:= w xor Wbuf[06];
Wbuf[07]:= w xor Wbuf[07];
Wbuf[08]:= w xor Wbuf[08];
//
for i := 0 to 11 do Buf[i] := Wbuf[i] xor x;
end;
{*************************************************
*****************************}
procedure ScrStt(var Buf: By12Ar;Tab1,Tab: By12Ar;TabP: byte);
begin
Buf[00] := Buf[00] xor Tab1[00];
Buf[01] := Buf[01] xor Tab1[01];
//
Buf[02] := Buf[02] xor Tab1[02] xor Tab[TabP];
Buf[03] := Buf[03] xor Tab1[03] xor Tab[TabP];
//
Buf[04] := Buf[04] xor Tab1[04];
Buf[05] := Buf[05] xor Tab1[05];
//
Buf[06] := Buf[06] xor Tab1[06];
Buf[07] := Buf[07] xor Tab1[07];
//
Buf[08] := Buf[08] xor Tab1[08] xor Tab[TabP];
Buf[09] := Buf[09] xor Tab1[09] xor Tab[TabP];
//
Buf[10] := Buf[10] xor Tab1[10];
Buf[11] := Buf[11] xor Tab1[11];
end;
{*************************************************
*****************************}
procedure XorOrB(var Buf: By12Ar);
var
i,j,k : integer;
Cbuf : array[0..11] of byte;
begin
for i := 0 to 11 do Cbuf[i] := Buf[i]; // Copy original
j := 4; k := 8;
for i := 0 to 11 do // Xn := Xn xor (Xn+4 or not Xn+8)
begin
Buf[i] := Cbuf[i] xor (Cbuf[j] or not Cbuf[k]);
inc(j);inc(k);
if j = 12 then j := 0;
if k = 12 then k := 0;
end;
end;
{*************************************************
*****************************}
procedure CRR32k(var Buf: By12Ar;P: byte;k: integer);
var
i : integer;
x,y : Longword;
begin
x := Buf[P];x := x shl 8;
x := x or Buf[P + 1];x := x shl 8;
x := x or Buf[P + 2];x := x shl 8;
x := x or Buf[P + 3];
for i := 1 to k do
begin
// Cyclical Rotate 32 bits word right k times
y := x and 1; // Extract Carry
y := y shl 31; // Move Carry to Msb
x := x shr 1; // Do Shift
x := x or y; // Add Carry
end;
Buf[P + 3] := x;
x := x shr 8;Buf[P + 2] := x;
x := x shr 8;Buf[P + 1] := x;
x := x shr 8;Buf[P] := x;
end;

{*************************************************
*****************************}
procedure RevBuf(var Buf: By12Ar);
var
i : integer;
Cbuf : array[0..11] of byte;
begin
for i := 0 to 11 do Cbuf[i] := Buf[i];
for i := 0 to 11 do Buf[i] := RevByt(Cbuf[11 - i]);
end;
{*************************************************
*****************************}
procedure Do_CRC(Dat: Longword;var Res: Longword);
var
i : integer;
u,w : Int64;
begin
u := not Dat;
w := Res;
for i := 1 to 32 do
begin
u := u shl 1;w := w shl 1; // Do shift
if (u and $100000000) = $100000000 then w := w or 1; // Add carry
if (w and $100000000) = $100000000 then w := w xor $20497E95; // Feedbacks
end;
Res := w;
end;
{*************************************************
*****************************}
function RevByt(b: byte): byte;
var
c : byte;
begin
c := 0;
c := ((b shr 7) and $01)or c;
c := ((b shr 5) and $02)or c;
c := ((b shr 3) and $04)or c;
c := ((b shr 1) and $08)or c;
c := ((b shl 1) and $10)or c;
c := ((b shl 3) and $20)or c;
c := ((b shl 5) and $40)or c;
c := ((b shl 7) and $80)or c;
RevByt := c;
end;
{*************************************************
*****************************}

end.

Latter I will post my FAID changing log...

I did my homework, here is:

5190 with Noktools

Stream 1
-----------
1F 0010 40 0011
0001B83D F165869EF9479619ECCBBFB084 12 D9
Stream 2
-----------
1F 1000 40 0006 0101B9013DF7 13 28

Stream 1 details:
----------------------
SELECT = 1F = M2BUS or MBUS (v2) selected
TX/RX = 00 10 = PC soft (host) to mobile
TYPE = 40 = command type (security, debug )
LENGHT = 00 11 = command length (L & H bytes) = 17 bytes
COMMAND = 00 01 B8 3D (must be the FAID update)

FAID = F1 65 86 9E F9 47 96 19 EC CB BF B0 84 (13 bytes)

SQ = 12 (there's no rule for this, only that must be
used both for command and ack, then
incremented)

CS = D9 (checksum XOR from byte_0 (1F) to SQ


Stream 2 details:
---------------------
SELECT = 1F = M2BUS or MBUS (v2) selected
TX/RX = 10 00 = Mobile to PC soft
TYPE = 40 = command type (security, debug)
LENGHT = 00 06 = command length (L & H bytes) = 6 bytes
COMMAND = 01 01 B9 01 3D F7 (must be FAID answer)

SQ = 13 ()
CS = 28 (checksum XOR from byte_0 (1F) to SQ

Note that mobile response with SQ++, and note that I removed the ACK streams for both mobile after Stream 1, and after Stream 2, from PC.

--------------------------------------------------------------------------------

With Noksoc 22

1F 0010 40 0011 0001B83D F165869EF9479619ECCBBFB084 06 CD
1F 1000 40 0006 0101B9013DF7 07 3C
Same FAID, but other software, note that SQ is incremented when mobile responds.



Hope this help, you must be logging something wrong. By the way SerialWatche MUST be used with two serial ports, or with two computers.

Thanks myke2002 that the exact code I'm using to calculate my FAID.

Thanks capotixplus, it makes much more sense now, I'm gonna try again with Serial Watcher to see what results I get

Thanks again guys.