PDA

View Full Version : Dct4 Editing



nok5rev
25-12-2005, 10:18 AM
----------------------------------
DCT4Crypter
----------------------------------
by nok5rev & g3gg0

_______________________________________________________

Yes, this package contains the necessary routines and
even some apps to decrypt DCT4 FlashFiles and also to
encrypt again after you applied some changes. We must
admit, this stuff is not "hot" anymore - it was coded
in about 2 months between 01/2004 and 03/2004. That's
now nearly 2 years. But it still should be a somewhat
interesting X-Mas present for all the GSM-Modders out
there...
_______________________________________________________


Why this was done?
-----------------------

Why? I think it was just fun :)
But i dont remember anymore who of us had the idea
to start analyzing the encryption algorithm.
I just remember, we both suddenly sat in front of
many bits (really MANY!) and stared at them to
find out how the data was encrypted.


How this was done?
-----------------------

Heh, just open your notepad.exe, paste some 100
lines of 11001001 10101010 11100100 11100001...
and you know what we've done in these 2 months ;)
We didnt have any access to neither the flash device,
MCU or RAM, nor we used any (Java-)Exploit floating
around. We didnt even have any of these DCT4-devices
at this point. This was simply done with looking at
about 20 different flash files.


Who did this?
-----------------------

This was all done by nok5rev and g3gg0. We both spent
about the same amount of time for this stuff and
both helped each other in finding out the neccessary
bits for decoding. But we also got little help from
kodo (thanks for the auto basevalue finder)


What can i do with it?
------------------------

Generally you should now be able to en/decrypt the DCT4
FlashFiles used in "standard" dct4 devices. Standard
DCT4 devices means any 6310, 8310, ...., 6610, 7250
and so on. TIKU-devices like the 6230, 6230i or even
symbian devices are _NOT_ supported.

The first DCT4 devices still had enrcypted PPM's, but
nokia switched to non-encrypted ones for obvious
security reasons.
So don't wonder, when some people already have modded
3510i handsets which just have some graphics changed.
It's the standard PPM structure that was also used in
DCT3 phones. Unfortunately theres a little difference
that causes the most tools to crash or do mistakes.

However, the MCU files still are crypted ;)

The FlashFiles all have the same encryption method,
it just differs in a (we call it) basevalue, which is
just a simple XOR parameter. When decrypting, the
programs spit out the basevalue which you normally don't
need. The tools remember the value and ask you for the file
that should be encrypted again (or they use a predefined
filename).


Will modding work?
-----------------------

After you re-encrypted a modified FlashFile you can
flash it, but your phone won't power-on. why?
We didn't track that down very deep, but when removing
the "Claudia" sequence in the flash header it will work
at least with the wrong "FAID" - that means it resets
after some time :)
But please make sure, you have a working, original file
flashed before you write a modded file with disabled Claudia.

Claudia is the tag in flash header starting with
D3 40 and the 0x40 bytes coming after that. Just FF the
0x40 bytes behind the tag.

-> D3 40 [0x40 bytes Claudia]
replace with
-> D3 40 [0x40 times FF]


Okay that's it :)

We've flashed our phones (we got after reversing the encryption)
several times - even with faulty Claudia and FAID - without any
bigger problem.

So, if you turn your phone into a brick, dont blame us...
... it's your fault! ;)




Thanks to:
------------------------

Kodo
B.
U.


Oh, and if you plan to integrate this code into your commercial
products... ...unfortunately we can't do anything against it :(
But if you do so, _please_ be so kind and reward our work with
sending an license/sample of your program/device to either
nok5rev or g3gg0 - thanks!



enjoy this stuff as much as we enjoyed coding it :)


Best Regards,
nok5rev/g3gg0

NokDoc
25-12-2005, 10:31 AM
Hohoho,

WOW!!!

Thanks my friends. ;)

NokDoc

spaceimpact33
25-12-2005, 03:08 PM
i don't know what to say other than 'Thank you so so much!' :D A day to remember at nfree! :D

indear
25-12-2005, 03:36 PM
Many thanks! :eek:

and Happy Christmas :-)

areslee
26-12-2005, 06:55 AM
Merry merry chrismas to you!!!!

EdgeCrusher
26-12-2005, 07:59 AM
Heck, can't believe it, what a nice gift!

Thank you very much indeed!

Cheers
Edge

hakima
03-01-2006, 10:59 PM
Good job,man ;-)
Thanks for your hard working and Happy new year!!!


B/r

g3gg0
13-01-2006, 02:32 PM
CrypterX had a little bug that prevented correct encryption:

i updated the file. nok5rev will update his post also soon.

kezsol
24-03-2006, 05:55 PM
Hi!
Can somebody make a compiled version of this?
I've tried to compile it, but many header and lib files was missing, and I'm not too experienced in programming.

Riger
05-04-2006, 02:25 PM
Here You are ;)

kezsol
07-04-2006, 02:20 PM
Here You are ;)
Thank you!

wntl
14-09-2006, 09:46 PM
Not work with 6310i for me !!!!
Please check it !!