Hi folks

Ok when BT CELLNET changed to O2 in the UK
What they did was send a sim update sms message which simply displayed on the screen "New Logo" and changed the logo

Just curious but how does it do this
Does this mean we can engineer an sms to unlock a dct3 handset and maybe one to update faid, Mmmm just a thought, would be fun ;)

Cheers
Mike

That message was a data mesasage stored in sim card to update the information for network logo.
Regards

so all sims have that data message implanted inside them as standard?

But still the flash WAS changed yes?
So the sim card can send data to the fone for it to change flash memory?

Thanks for replyin visar
Mike

No I think (what what I read in another thread) was that there is a "file" on the sim card that holds the logo and the phone reads that part before using its own names that are listed.

Didn't you know that it was possible to send and recieve operator logos?

or did i misunderstand the thread?

Originally posted by GeeZuZz
Didn't you know that it was possible to send and recieve operator logos?

or did i misunderstand the thread?

Erm you misunderstood! :D

Its how the sim update updates the flash on the fone
Mike

I don't think they change the flash on the phone. I think it's like with sim toolkit; it's possible to make a simcard overrule phonesettings. Example... on a siemens x35 series you can normally program the left menubutton, unless your provider programmed a sim toolkit menu... in that case the sim overrules the phone.

Also some operators "update" some pre programmed numbers on the sim... here in Holland KPN does it sometimes... you get msg "sim updated" on your mobile screen.

I have no operator here that does the logo thing so I can't check my theory but it sounds very unlikely to me that they change the flash contents of the phone.

-=K=-

my btgenie sim card used to change the operator logo from BTCELLNET to BTGenie after a few secconds, this was stored on the sim card, as the phone had no knnowledge of bt genie any where in the flash. :o

My 0.02p

Mark

When we recieve an operator logo, it's stored on the phone and not on the SIM. Because when you use other sim from same operator, the logo is still there. How do they store information on the phone via SMS? I believe it's possible too on the flash.

logos r stored in the eeprom

(i dont know what difference that makes tho...)

data is stored in sim-card.
like i had dna sim-card, dna operated in "FI-2G" network (older nokias it was "FI 12"), the operator name was in sim-card.

it was first showing "FI-2G" or "FI 12" in screen depending how old phone was, then after few seconds changed to "dna".

i think it's not possible update flash via sms or sim-card.

Hey, guys, are you crazy ? How can you sustain the ideea of keeping a logo into SIM card's memory or in the EEPROM ?
How about ringtones ( on 3310 , for example) . Are the ringtones written on SIM ???? NO !! There is a way ... to programm flash memory with a SMS data , and I want to find out how can this be done.
I am a student and I am living in a university campus. I am running a little "gsm-service" business over there. Do you immagine , if I make a little "SMS virus" and send it to all ME in the area ... all of them will come to me , to repair their flash . Muhahahaaaaa. Ok. Does anibody have an ideea of how can this be done ?

making money from other peoples losses is the lowest of the low

you are sad :rolleyes:

Mike

Originally posted by Adi Lepadatu
if I make a little "SMS virus" and send it to all ME in the area ... all of them will come to me , to repair their flash . Muhahahaaaaa.

this is EVIL! you should be in hell!

I know, I don't want to be the bad guy any more , but ... here , in my country , if you are a good guy , people say that you are stupid. I was a nice guy until last year, but I am sick of that. So , anyone ( evil ) who knows about accesing Flash via SMS >?

Ok im only evil at weekends you see.... ;)

I heard about a year back about a so called virus via sms, i think it was with very old software version after recieveing a certain encoded sms it would FREEZE the fone, i dont know if it was serious - maybe just a reboot sorted it ok i dunno, as for accessing flash via sms im not too certain, because programs like rolis etc can flash firmware info and some can read easy enough via cable, to read fone can be on and no harm done - obvious i know but - therefore for an sms to OVERWRITE the flash memory of a nokia handset while the fone was on would be impossible i recken because it is in a read only state

Oh well thats my idea of how it all works
Mike

Originally posted by Adi Lepadatu
Hey, guys, are you crazy ? How can you sustain the ideea of keeping a logo into SIM card's memory or in the EEPROM ?
How about ringtones ( on 3310 , for example) . Are the ringtones written on SIM ???? NO !! There is a way ... to programm flash memory with a SMS data , and I want to find out how can this be done.
I am a student and I am living in a university campus. I am running a little "gsm-service" business over there. Do you immagine , if I make a little "SMS virus" and send it to all ME in the area ... all of them will come to me , to repair their flash . Muhahahaaaaa. Ok. Does anibody have an ideea of how can this be done ?

LMAO!
Ok man, your telling me you seriously run a service center?

The flash can only be written to by cable - simple as that. If you check the schematics of the phone (don't you have them at your service center?) you'll see that the programming inputs to the flash IC are connected to the flash/boot circuit which is in turn connected to the system connector (the pins to which your cable is connecteD)
The reason for this is, that in the event of a total failure resulting in the phone refusing to start you can still reflash it as the flash/boot circuit is indepenant. That's why after a bad flash you can still reflash the phone!

The EEPROM is NOT on an independant circuit - thats why you can't write FAID, IMEI, etc to the EEPROM until the phone is functionioning enough to accept service commands.

So, since the flash can only be written to by cable the only other place the data (such as logos) can be stored on the phone is in the EEPROM.

The SIM is completely different. As with all smartcards it contains a rudementary OS (the old orange.co.uk site had very specific details about this OS published!). All sim processing is internal, so the phone fires a command and the sim fires back output. The phone doesn't see how this output is reached! (Thats why you can't "crack" a PIN code as it's internally processed by the sim).
Data stored on the sim is also stored on an EEPROM contained within the sim module itself.
SIM updates are processed by the SIM, no phone. So when the phone recieves a sim update sms, its still in phone ram. When you open it, it's transfered to the sim where it is automatically processed.
Since sim's are so specifically designed, each operator could have a totally different method for processing and different commands (heh, they could even have different variable types and lengths for all the user knows!)
The only level of standards for sim's are:
If an operator buys sim technology from an outside source (i.e. orange bought the technology from Gemplus tho eventually developed their own)
ETSI - the etsi standards (freely available online) give both the specs for input and ouput of sims, and physical specs (useful for cutting a smartcard into a simcard size!)

VERY FEW systems which incorporate flash chips can rewrite their own flash ic as this would require 2 circuits - one where commands/data is stored (like the flash circuit in your phone) and another which takes the reprogramming data and then flashes the main flash IC. This would be very volatile as interuptions in the process could render the device inoperable and in need of manual reflashing.

When a phone boots up, it initally uses the data stored in its own flash IC for things such as network names. The simcard is then checked and if it contains it's own (NEWER) definitions they are used instead.
This is why my old but updated BTCellnet sim would show as "BTCellnet" in my old ericsson, where an un-updated sim showed as "CELLNET-UK". The sim now shows as "O2 - UK" in my T68i as the phone has newer data than the sim (o2 are too lazy to update the sims now.. :D)

erm.. I KNOW there's more i could comment on but nothing comes to mind jus now. I'm sure it will later and i'll let you all know!

Lol, and if i sounded like an asshole - i wasn't tryin to be one!

People like slikmik present their questions as just that, questions - or even suggestions! Which is what we need..

What we dont need is Adi Lepadatu who dont have a clue, presenting their ideas as fact..

Now I know many of us are smart enough to draw our own conclusions but for new users this is VERY misleading and is the major cause of false rumours and missinformation - something I believe this forum is firmly against!

Rgdz,
Dave ;D

Wow your a pretty knowledgeable guy Davie B :)

Cheers for clearing that all up, and more, i certainly understand now anyway :p

Thanks again

Mike

Originally posted by DavieB


Now I know many of us are smart enough to draw our own conclusions but for new users this is VERY misleading and is the major cause of false rumours and missinformation - something I believe this forum is firmly against!


TOTALLY AGREE!

Hurray to NokiaFree - where would i be without it ;)

Mike

lol, no problem man!

it's just a topic I had a chance to put a little study into a while ago and i'm sure (from seeing some of your postings before) you know how valuable the free flow of information is in this scene..

Thats the main reason I choose to post here more than other places - it hasn't been corrupt with "send-me" people - and most users are familiar with each other! Unlike some of the other forums which have pretty much become a commercial trading ground, this forum remains a hub of information and a place for developers to share views (i'm not a developer myself really but you can learn a LOT here ;D)

Rgdz,
Dave

Originally posted by DavieB


LMAO!
Ok man, your telling me you seriously run a service center?

The flash can only be written to by cable - simple as that. If you check the schematics of the phone (don't you have them at your service center?) you'll see that the programming inputs to the flash IC are connected to the flash/boot circuit which is in turn connected to the system connector (the pins to which your cable is connecteD)
The reason for this is, that in the event of a total failure resulting in the phone refusing to start you can still reflash it as the flash/boot circuit is indepenant. That's why after a bad flash you can still reflash the phone!

The EEPROM is NOT on an independant circuit - thats why you can't write FAID, IMEI, etc to the EEPROM until the phone is functionioning enough to accept service commands.

So, since the flash can only be written to by cable the only other place the data (such as logos) can be stored on the phone is in the EEPROM.

The SIM is completely different. As with all smartcards it contains a rudementary OS (the old orange.co.uk site had very specific details about this OS published!). All sim processing is internal, so the phone fires a command and the sim fires back output. The phone doesn't see how this output is reached! (Thats why you can't "crack" a PIN code as it's internally processed by the sim).
Data stored on the sim is also stored on an EEPROM contained within the sim module itself.
SIM updates are processed by the SIM, no phone. So when the phone recieves a sim update sms, its still in phone ram. When you open it, it's transfered to the sim where it is automatically processed.
Since sim's are so specifically designed, each operator could have a totally different method for processing and different commands (heh, they could even have different variable types and lengths for all the user knows!)
The only level of standards for sim's are:
If an operator buys sim technology from an outside source (i.e. orange bought the technology from Gemplus tho eventually developed their own)
ETSI - the etsi standards (freely available online) give both the specs for input and ouput of sims, and physical specs (useful for cutting a smartcard into a simcard size!)

VERY FEW systems which incorporate flash chips can rewrite their own flash ic as this would require 2 circuits - one where commands/data is stored (like the flash circuit in your phone) and another which takes the reprogramming data and then flashes the main flash IC. This would be very volatile as interuptions in the process could render the device inoperable and in need of manual reflashing.

When a phone boots up, it initally uses the data stored in its own flash IC for things such as network names. The simcard is then checked and if it contains it's own (NEWER) definitions they are used instead.
This is why my old but updated BTCellnet sim would show as "BTCellnet" in my old ericsson, where an un-updated sim showed as "CELLNET-UK". The sim now shows as "O2 - UK" in my T68i as the phone has newer data than the sim (o2 are too lazy to update the sims now.. :D)

erm.. I KNOW there's more i could comment on but nothing comes to mind jus now. I'm sure it will later and i'll let you all know!

I have a sim which was "PUKed". Is it possible that I can still get or retrieve the PUK number? (just asking...);)

Nope, sorry..

The PUK is a static random number held only in the sim and on the operators database. As the sim only takes in commands and outputs the result (much like a mini computer) it's processing cant be examined and there is no command for reading the PUK (well, there's an ADM command i believe but that requires the ADM password, again static random!)

Call your operator.. if you get no luck, ditch the sim - it's as good as dead!

Rgdz,
Dave

davieb. hope still can consult with you re hardware man. thanks again...

Originally posted by slikmik
Hi folks

Ok when BT CELLNET changed to O2 in the UK
What they did was send a sim update sms message which simply displayed on the screen "New Logo" and changed the logo

Mike

So when this logo was received from BT you had no choice to save or discard, it just saved straight away, unlike when you send one from Logomanager you can view, save and discard as you please, how was that done, can anyone do it?:)

Stop calling the SMS bug as virus because it is very far from being a virus.

It's plainly a flaw in the FW of the phone and the phone isn't just ready or it is not expexting such data that's why it hangs or reset.

but it's still damn cool :D

by the way everyone...u might want to read this
http://www.manilatimes.net/national/2002/jul/12/business/20020712bus9.html
slightly relavent to the topic