FAID updating and B-Phreaks Logger v1.2

**||Joe** · 04-02-2002, 11:24 PM

**||Joe** · 05-02-2002, 01:27 AM

hi, just want to ask what are the frames? is it the communication between the pc and the phone? how did the faid came about and all of the phone id's? (see below)
is bphreaks v1.2 the same as v1.7? can you attach v1.2 please coz v1.7 produces [ppm_ver]
in=562020352E32330A32302D30332D30300A4E534D2D310A286329204E4D502E

[imei]
in=343439323038333032363139383933

[msid]
in=82740A563EADF707D7CBE1ECF1

[data]
in=2C42

for my 6150 when upgraded to 5.23
thnx.. explain it further please.....
Get DSP Internal
-----------------------------------------------

m) 1F 00 10 40 00 11 00 01 B8 2C 3D 09 CB 14 F4 3B 42 92 70 2C FC 37 DB 07 74
^^ ^^ ^^
phone_id FAID "Checksum"

CMD 40, 0001, B8: Set FAID

Checksum: B8 + phone_id + all numbers of FAID
(in that case: B8 + 2C + 3D + 09 + CB + 14 + F4 + 3B + 42 + 92 + 70 + 2C + FC + 37 = DB)

-----------------------------------------------

n) 1F 10 00 40 00 06 01 01 B9 01 2C E6 0E 35
^^ ^^
| |-> Checksum
|----> phone_id

Answer: kind of Ack
Checksum: B9 + 01 + phone_id

**HOUSIN ELASKARY** · 05-02-2002, 05:22 AM

hi man please give us easy explain

**HOUSIN ELASKARY** · 05-02-2002, 07:02 AM

and edate?????? please help

**Leandros** · 05-02-2002, 02:53 PM

hi tek

I'd like to contact you personally, please send an email to me.
I've also seen that you're from the Confederatio Helvetica - I'm speaking german, maybe you too. so please contact me...

best regards,

Leandros

**||Joe** · 05-02-2002, 05:36 PM

**||Joe** · 05-02-2002, 05:43 PM

**NokDoc** · 05-02-2002, 08:59 PM

U have the wisdom of how to read (& write) to the Phone and delivered some very interresting numbers!

Can U eXplain how to do this ourselves?

I would very much appreciate that because I know lot about bytes & addresses but nothing about FBUS/ MBUS communicating.

Otherwise there's no way for me to see if 0x2C is also my phoneID.

Minor question in general:
Is it only my phone where the MSID nr is changing after each network conn.?

NokDoc

**||Joe** · 05-02-2002, 09:18 PM

@NokDoc:

0x2C is surely not your phoneID...you can check this by logs [data]in=xx.

the MSID should be static...if not hmm...the whole thing with those logs wouldn't work...

greetings,
-tek-

**||Joe** · 07-02-2002, 12:36 AM

hey nokdoc...

send me your knowledge about " bytes & addresses " ...

greets,
-tek-

**NokDoc** · 07-02-2002, 11:44 PM

Your 0x2Ch is definately the Phone ID nr in [Data]in, mine is 4Fh (=79) in Wintesla Phone Identity, correct, good thinking!
This value is officially called "Product ID" there.
I bet the same [edat]out can be used in wintesla there if owning the proper devices.

Changing MSID: Not of importance at all, the logger reboots too and still it works though?

Now only the calculation to be done.

I found this on the net, very interresting, gNokii: "the Wisdom!"
I bet now it'll be possible to obtain all required info.
This is just fragment from gNokii project:
r Get "Made" Date { 0x01c8, 0x05, 0x00, date(4 bytes), 0x00 }
s Get DSP Internal SW { 0x01c8, 0x09 }
r Get DSP Internal SW { 0x01c8, 0x09, 0x00, version (1 bytes), 0x00 }
s Get PCI version { 0x01c8, 0x0a }
r Get PCI version { 0x01c8, 0x0a, 0x00, version, 0x00 }
s Get system ASIC { 0x01c8, 0x0c }
r Get system ASIC { 0x01c8, 0x0c, 0x00, string, 0x00 }
s Get COBBA { 0x01c8, 0x0d }
r Get COBBA { 0x01c8, 0x0d, 0x00, string, 0x00 }
s Get PLUSSA { 0x01c8, 0x0e }
r Get PLUSSA { 0x01c8, 0x0e, available, 0x00 }
where available: 0x01: not available
s Get CCONT { 0x01c8, 0x0f }
r Get CCONT { 0x01c8, 0x0f, available, 0x00 }
where available: 0x01: not available
s Get PPM version { 0x01c8, 0x10 }
r Get PPM version { 0x01c8, 0x10, 0x00, "V ", "firmware", 0x0a, "firmware date", 0x0a, "model", 0x0a, "(c) NMP.", 0x00 }
s Get PPM info { 0x01c8, 0x12 }
r Get PPM info { 0x01c8, 0x12, 0x00, PPM version ("B", "C", etc.), 0x00 }
s Set HW version { 0x01c9, 0x05, version, 0x00 }
s Get Product Code { 0x01ca, 0x01 }
r Get Product Code { 0x01ca, 0x01, 0x00, number, 0x00 }

Good Luck

Mr. Tek:
What specific you want to know about adresses in the flash then?
I'd studied flashes for months and know more as the nFree prg now!
Look at the PPM_Addressing text some while ago.
I have it for MCU/ Eeprom too, but still figuring out some particular areas.
I'm not familiar with the corresponding tech. terms, I only use compare methods and analyse differences between versions/ updates etc.

Remeber: Just 'clear thinking' will solve most of the problems!

NokDoc

**||Joe** · 08-02-2002, 09:10 PM

hi all
you say msid stays the same - it does not, changes every sw reboot. but the msid is just a crypted version of cobba id, ppm chksum, random number and maybe some other stuff. but those values are static for the phone you are working with.
could you also send me these files please. I need to work out info regarding IMEI and FAID. Now the hex is here, I'm gonna reverse it to get FAID calc. and write software to update phones without need for dejan box......but also want to incorporate custom ppms and IMEI changing, full unlock etc... please help, I know you are the guys that have the wisdom
thanks
outerc0re

**||Joe** · 11-02-2002, 02:21 AM

**||Joe** · 17-02-2002, 01:51 AM

hello!

@outcore: if you want to know more about FAID calc, email me.

-tek-

in a few days i'll release my FAID calculator...

1.) the whole flash is needed (mcu+ppm), without EEPROM
2.) MSID

that's all...so if you wanna calc FAID you always need the file you flashed...

bye,
-tek-

Thread: FAID updating and B-Phreaks Logger v1.2

Thread Tools

Display

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions