Results 1 to 5 of 5

Thread: dct3 clip script - help needed

  1. #1

    dct3 clip script - help needed

    hello,
    im trying to make a dct3 clip to make use of my old phones...
    i am stuck on this problem...
    if you want to change the imei to 35101234567891
    the mbus frame for that is 1F 00 10 40 00 19 00 01 b6 2C d2 1a b1 1e 94 db d3 06 f4 91 e2 24 35 01 01 23 45 67 89 FF FE
    given the MSID is: 82 BC 5C 9D 8A BC 0B 0E 1E FD 89 65 E5

    my problem is how do you generate the d2 1a b1 1e 94 db d3 06 f4 91 e2 24

    thanks,
    eleoson

  2. #2
    Join Date
    Mar 2002
    Location
    Russia
    Posts
    1,059
    Encoded MSID: 82 BC 5C 9D 8A BC 0B 0E 1E FD 89 65 E5
    Decoded MSID: 82 00 00 00 00 00 08 A4 5C A8 A9 AA 1D
    Encoded FAID: 69 02 AD C6 3A DA 69 80 A0 CE BF 6C
    Decoded FAID: 17 CA 60 89 E8 35 9F 76 00 00 00 00
    Encoded IMEI: D2 1A B1 1E 94 DB D3 06 F4 91 E2 24
    Decoded IMEI: 79 29 35 01 01 23 45 67 89 FF 00 00

    Sooo... All you need is just crypt IMEI All infromation, which hash function to use for IMEI encryption, is in decoded MSID at byte 10 (=A9).

    Clue:
    Bytes A8 A9 AA in decoded MSID isn't just signature, it's key IDs for FAID, IMEI & SPlock algorithms accordingly So IMEI encode algorithm is same as FAID encode algorithm Just another value encoded and with another key ID . Btw, first byte in MSID (=82) it's also key ID like these for FAID, IMEI & SPLock. Accordings between key ID and key values you can find in TDS6.bin that was posted by Zulea looong time ago at GSM-Forums Btw, all this stuff also relates to DCT3 CDMA, TDMA phones and DCT4 too, but for DCT4 there is no key ID values for IMEI & SPLock since they use different algorithm.
    Last edited by Al; 05-05-2006 at 05:59 PM.

  3. #3
    Thanks for replying Al however, I dont have idea in IMEI encryption...can u give me a code to do that? One more thing...the last byte in MBUS frame to send is "FE" and I've seen in other fames that it's not always "FE" how do I generate that? Or is it just the checksum of mbus frame?

    BR,
    eleoson

  4. #4

    Smile

    re: mbus frame chksum.

    ur sample.
    1F 00 10 40 [ 00 19 ] 00 01 b6 2C d2 1a b1 1e 94 db d3 06 f4 91 e2 24 35 01 01 23 45 67 89 FF FE seq xchk

    [ 00 19 ] size of data

    in order to calc the Xored Chksum u must include the seq number w/c u can use from 1 to 0x7F.
    like this xchk = xchk ^ data[x]; where x is from 0 to size + 1;
    on ur sample now if we use seq no. 0x4, xchk = 0x2B

    it's been long time since i did mbus thing on dct3. hope this helps.

    re: dct3 imei algo. try d/l from. http://www.blutacgsm.net/forums/showthread.php?t=205

    regards
    - 9ball champ! with a Handycam stick.

  5. #5
    Sorry to resurrect this old thread, but my question is directly about this also..

    Kontatc, your info was very helpful, but you didn't answer properly the question about the last digit in the MBUS frame (NOT chk or sequence, but other one in IMEI frame).

    I'm trying to write program for IMEI on DCT3. I am able decrypt MSid and encrypt IMEI, but in the MBUS frame i don't understand where to find this last byte:

    1F 00 10 40 00 1A 00 01 B6 57
    [98 BD C2 7F 09 A3 82 AB D9 E8 B5 C5] - Enc IMEI
    [35 07 70 10 89 24 92 FF] - Clear IMEI
    [B1] - How to claclulate this?
    FF
    06 - Seq
    35 - Chksum

    any help please? I been working for hours trying to find this!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Latest firmware versions of all Nokias
    By PhreakTastic in forum DCT 3 Flashing / Upgrading / Modding
    Replies: 58
    Last Post: 11-12-2007, 01:45 PM
  2. dct3 clip
    By dejo in forum DCT 3 Flashing / Upgrading / Modding
    Replies: 2
    Last Post: 19-02-2004, 09:48 AM
  3. Replies: 1
    Last Post: 27-02-2003, 11:34 PM
  4. 9110 with dct3 clip possible?
    By KnOeFz in forum DCT 3 Flashing / Upgrading / Modding
    Replies: 0
    Last Post: 12-09-2002, 06:44 PM
  5. DCT3 Flasher source files needed
    By bluelights in forum DCT 3 Flashing / Upgrading / Modding
    Replies: 0
    Last Post: 19-05-2002, 06:56 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •