MTTECHNOLOGY

Member
Joined
Sep 6, 2010
Posts
147
Likes
1
Hi,
for downgrading any new (including new crypto RAPIDO phones) you need complete backups of your phone (PM and RPL). At moment, Cyclone box is one and only device on market which support dumping full RPL from New Nokia Rapido v1.15 based phones (5230,new 6120c,X6,...). After downgrading, phone still might be authorized with Original SX4 card - we will use this in this example, so we can show that phone security is completly untouched (others rewrite alien SD keys ... bad behaviour). More over, after reading out full PM before downgrade, phone will have also untouched RF / EM Calibration area.

PS. It is also possible using USB bus ...
wink.gif


E52

MCU Version V ICPR82_09w46.8
MCU Date 30-03-10
Product RM-469 (Nokia E52)
Manufacturer (c) Nokia
IMEI 355216039314532
Mastercode 2637612627
IMEI Spare 3A55120693135403
IMEI SV 3355120693135443F5000000
PSN SEL942389
Product Code 0575063
Basic Product Code 0565921
PSD 0000000000000000
LPSN 0
WLAN MAC 00BD3A99AD93
APE SW 034.001
APE Variant 034.001034.001.06.01034.001.C00.01
APE Test 0.073
APE HW 256
APE ADSP 256
RETU 40
TAHVO 00
AHNE 11
HW 6010
RFIC |Vapaus_5.1 | Aura_?.?
DSP ICPR82_09w46.2_RIO
Simlock Server SIMLOCK SERVER
Simlock Key 2440700000000000
Simlock Profile 0000000000000000
Simlock Key Cnt 0
Simlock FBUS Cnt 5
Simlock [1,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [1,2] State: OPENED Type: GID Data: FFFF
Simlock [1,3] State: OPENED Type: GID Data: FFFF
Simlock [1,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [1,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [2,2] State: OPENED Type: GID Data: FFFF
Simlock [2,3] State: OPENED Type: GID Data: FFFF
Simlock [2,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [3,2] State: OPENED Type: GID Data: FFFF
Simlock [3,3] State: OPENED Type: GID Data: FFFF
Simlock [3,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [4,2] State: OPENED Type: GID Data: FFFF
Simlock [4,3] State: OPENED Type: GID Data: FFFF
Simlock [4,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [5,2] State: OPENED Type: GID Data: FFFF
Simlock [5,3] State: OPENED Type: GID Data: FFFF
Simlock [5,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [6,2] State: OPENED Type: GID Data: FFFF
Simlock [6,3] State: OPENED Type: GID Data: FFFF
Simlock [6,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [7,2] State: OPENED Type: GID Data: FFFF
Simlock [7,3] State: OPENED Type: GID Data: FFFF
Simlock [7,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Step 1
Create RPL From Phone

RPL Creation started...
Processing CMT Part...
Storing Product Code...
Storing PSN...
Storing HWID...
Trying to store Simlock...
Reading Configuration Key...
Hashing...
Reading SHA1-RSA Signature...
Reading SHA1-HMAC Signature...
Storing Simlock...
Trying to store WMDRM RPL...
Reading Keys...
Storing WMDRM PD...
Reading Security Block...
Security block OK and saved to "RM-469_355216039314532_2011-06-18_025810.SecurityBlock.PM"
"1BB0020A296303443292389F545846C201100A5C.C0003160 " Exists, That is good...
Storing Additional Data...
Checking Superdongle Key...
Encrypting Superdongle Key...
Storing Superdongle Key...
Checking CMLA Key...
Storing CMLA Key...
Booting CMT...
CMT_SYSTEM_ASIC_ID: 000000030000022600010007600C192102011104
CMT_EM_ASIC_ID: 00001040
CMT_EM_ASIC_ID: 00001030
CMT_PUBLIC_ID: 1BB0020A296303443292389F545846C201100A5C
CMT_ASIC_MODE_ID: 00
CMT_ROOT_KEY_HASH: 25B977A055BE9B5DEC0C38A2A279C695
CMT_BOOT_ROM_CRC: 3E273BF6
CMT_SECURE_ROM_CRC: 37BE26FA
CMT Ready!
Searching for BootCode: DualLine 32Bit
RAPUv11_2nd.fg, Type: 2nd Boot Loader, Rev: 768.11.16.0, Algo: BB5
Flashbus Write baud set to 1.0Mbits
Flashbus Read baud set to 98Kbits
Using NEW BB5 FLASHING PROTOCOL
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
If software STUCK HERE with box TX LED lit, that means:
1. You have not attached yellow TX2 Adapter (IT IS REQUIRED FOR BB5 PHONES WHEN USING JAF/UFS CABLES!)
2. Your cable is not TX2 Enabled!
3. Transmission error occured, try again
In either cases, you need to reconnect your box from USB.
FlashChip[0,CMT]: 0x0000000000000000, Unknown, RAM
FlashChip[0,CMT]: 0xFFFF000000000000, Unknown, MMC
FlashChip[0,CMT]: 0x0020004000000031, ST, NOR
FlashChip[1,CMT]: 0x0000000100000000, Unknown, NOR
FlashChip[0,CMT]: 0x0020004000000031, ST, ONENAND
Requested Algorithm: XSR 1.6 (CMT)
Searching for BootCode: DualLine 32Bit
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
RAPUv11_XSR17_alg.fg, Type: Algorithm, Rev: 768.11.16.0, Algo: XSR 1.6
Initializing TurboCache...
TurboCache Loaded!
Writing CMT PASUBTOC Certificate...
Writing CMT ALG Certificate...
CMT Algorithm Ready!
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
Adding FUR Client (CMT, State: Ready)...
CMT FUR Ready!
Box VPP disabled
Internal CMT Phone VPP Enabled
PAPUBKEYS Hash for CMT: 85F252E351E225CAFC4DFBC8041EABD2823E3500
APE Subsystem Not Found
Flashbus Write baud set to 5.0Mbits
Storing NPC...
Storing CCC...
Storing HWC...
CMT VARIANT Not Found
Restarting MCU...
RPL Saved OK
Step 2
Read full PM 0-512

Starting PM read in range 0-512...
[1] Reading 27 records
[1,0] Reading 114 bytes
[1,2] Reading 10 bytes
[1,4] Reading 110 bytes
[1,6] Reading 10 bytes
[1,7] Reading 214 bytes
[1,8] Reading 110 bytes
[1,13] Reading 10 bytes
[1,16] Reading 208 bytes
[1,18] Reading 208 bytes
[1,20] Reading 208 bytes
[1,22] Reading 16 bytes
[1,23] Reading 4 bytes
[1,24] Reading 84 bytes
[1,26] Reading 110 bytes
[1,28] Reading 10 bytes
[1,29] Reading 10 bytes
[1,31] Reading 208 bytes
[1,33] Reading 36 bytes
[1,34] Reading 376 bytes
[1,35] Reading 16 bytes
[1,39] Reading 36 bytes
[1,40] Reading 16 bytes
[1,41] Reading 182 bytes
[1,42] Reading 4 bytes
[1,43] Reading 36 bytes
[1,44] Reading 182 bytes
[1,45] Reading 182 bytes
[2] Reading 1 records
[2,0] Reading 2080 bytes
[4] Reading 4 records
[4,3] Reading 10 bytes
[4,4] Reading 8 bytes
[4,5] Reading 8 bytes
[4,9] Reading 5 bytes
[8] Reading 8 records
[8,0] Reading 2 bytes
[8,1] Reading 16 bytes
[8,2] Reading 16 bytes
[8,3] Reading 128 bytes
[8,4] Reading 128 bytes
[8,8] Reading 8 bytes
[8,9] Reading 8 bytes
[8,10] Reading 32 bytes
[11] Reading 5 records
[11,0] Reading 4 bytes
[11,1] Reading 4 bytes
[11,2] Reading 4 bytes
[11,3] Reading 4 bytes
[11,4] Reading 1058 bytes
[12] Reading 1 records
[12,0] Reading 102 bytes
[26] Reading 2 records
[26,0] Reading 16 bytes
[26,1] Reading 68 bytes
[31] Reading 1 records
[31,4] Reading 20 bytes
[44] Reading 1 records
[44,0] Reading 1 bytes
[50] Reading 1 records
[50,0] Reading 2 bytes
[54] Reading 2 records
[54,0] Reading 2 bytes
[54,2] Reading 24 bytes
[88] Reading 1 records
[88,0] Reading 36 bytes
[96] Reading 2 records
[96,0] Reading 2 bytes
[96,1] Reading 20 bytes
[107] Reading 6 records
[107,0] Reading 41 bytes
[107,1] Reading 89 bytes
[107,2] Reading 89 bytes
[107,3] Reading 70 bytes
[107,25] Reading 236 bytes
[107,26] Reading 12 bytes
[117] Reading 11 records
[117,0] Reading 4 bytes
[117,1] Reading 3 bytes
[117,2] Reading 6 bytes
[117,3] Reading 1 bytes
[117,4] Reading 9 bytes
[117,5] Reading 10 bytes
[117,6] Reading 8 bytes
[117,8] Reading 42 bytes
[117,13] Reading 3 bytes
[117,14] Reading 3 bytes
[117,16] Reading 40 bytes
[120] Reading 4 records
[120,0] Reading 944 bytes
[120,1] Reading 160 bytes
[120,2] Reading 130 bytes
[120,3] Reading 112 bytes
[153] Reading 7 records
[153,0] Reading 68 bytes
[153,1] Reading 68 bytes
[153,2] Reading 68 bytes
[153,3] Reading 68 bytes
[153,4] Reading 68 bytes
[153,5] Reading 68 bytes
[153,6] Reading 68 bytes
[193] Reading 4 records
[193,2] Reading 8 bytes
[193,3] Reading 32 bytes
[193,4] Reading 32 bytes
[193,9] Reading 64 bytes
[217] Reading 1 records
[217,0] Reading 32 bytes
[239] Reading 7 records
[239,0] Reading 2 bytes
[239,1] Reading 3284 bytes
[239,2] Reading 3284 bytes
[239,3] Reading 3284 bytes
[239,4] Reading 3284 bytes
[239,5] Reading 3284 bytes
[239,6] Reading 218 bytes
[291] Reading 1 records
[291,0] Reading 92 bytes
[308] Reading 7 records
[308,0] Reading 1 bytes
[308,1] Reading 8192 bytes
[308,3] Reading 1 bytes
[308,4] Reading 1 bytes
[308,6] Reading 1 bytes
[308,7] Reading 1 bytes
[308,9] Reading 40 bytes
[309] Reading 7 records
[309,0] Reading 4 bytes
[309,1] Reading 2 bytes
[309,2] Reading 12 bytes
[309,3] Reading 36 bytes
[309,4] Reading 12 bytes
[309,7] Reading 12 bytes
[309,17] Reading 12 bytes
[313] Reading 1 records
[313,0] Reading 173 bytes
[322] Reading 1 records
[322,0] Reading 1 bytes
[329] Reading 1 records
[329,0] Reading 8392 bytes
[334] Reading 1 records
[334,0] Reading 1 bytes
[341] Reading 3 records
[341,0] Reading 1 bytes
[341,3] Reading 4 bytes
[341,4] Reading 4512 bytes
[354] Reading 1 records
[354,0] Reading 28 bytes
[356] Reading 2 records
[356,0] Reading 2 bytes
[356,1] Reading 8 bytes
[360] Reading 3 records
[360,0] Reading 1 bytes
[360,1] Reading 2 bytes
[360,2] Reading 3 bytes
[369] Reading 1 records
[369,0] Reading 40 bytes
PM Read OK, Time taken 17.0s
Step 3
Use Full Erase button (implemented in latest sw)

Booting CMT...
CMT_SYSTEM_ASIC_ID: 000000030000022600010007600C192102011104
CMT_EM_ASIC_ID: 00001040
CMT_EM_ASIC_ID: 00001030
CMT_PUBLIC_ID: 1BB0020A296303443292389F545846C201100A5C
CMT_ASIC_MODE_ID: 00
CMT_ROOT_KEY_HASH: 25B977A055BE9B5DEC0C38A2A279C695
CMT_BOOT_ROM_CRC: 3E273BF6
CMT_SECURE_ROM_CRC: 37BE26FA
CMT Ready!
Searching for BootCode: DualLine 32Bit
RAPUv11_2nd.fg, Type: 2nd Boot Loader, Rev: 768.11.16.0, Algo: BB5
Flashbus Write baud set to 1.0Mbits
Flashbus Read baud set to 98Kbits
Using NEW BB5 FLASHING PROTOCOL
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
If software STUCK HERE with box TX LED lit, that means:
1. You have not attached yellow TX2 Adapter (IT IS REQUIRED FOR BB5 PHONES WHEN USING JAF/UFS CABLES!)
2. Your cable is not TX2 Enabled!
3. Transmission error occured, try again
In either cases, you need to reconnect your box from USB.
FlashChip[0,CMT]: 0x0000000000000000, Unknown, RAM
FlashChip[0,CMT]: 0xFFFF000000000000, Unknown, MMC
FlashChip[0,CMT]: 0x0020004000000031, ST, NOR
FlashChip[1,CMT]: 0x0000000100000000, Unknown, NOR
FlashChip[0,CMT]: 0x0020004000000031, ST, ONENAND
Requested Algorithm: XSR 1.6 (CMT)
Searching for BootCode: DualLine 32Bit
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
RAPUv11_XSR17_alg.fg, Type: Algorithm, Rev: 768.11.16.0, Algo: XSR 1.6
Initializing TurboCache...
TurboCache Loaded!
Writing CMT PASUBTOC Certificate...
Writing CMT ALG Certificate...
CMT Algorithm Ready!
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
Adding FUR Client (CMT, State: Ready)...
CMT FUR Ready!
Box VPP disabled
Internal CMT Phone VPP Enabled
Warning: PAPUBKEYS Hash Missing!
APE Subsystem Not Found
Flashbus Write baud set to 5.0Mbits
Erasing flash chip...
Started group flash erase
EraseArea[0,CMT]: 0x00000000-0x0FFFFFFF, ONENAND
Waiting 640s for erasure finish...
Erase taken 1.94s
Restarting MCU...
BB5 Full Erase Finished!
Step 4
Flash with needed software

Step 5
Read info, looks like mobile is completly bricked

MCU Version V ICPR82_09w36.5
MCU Date 09-10-09
Product RM-469 (Nokia E52)
Manufacturer (c) Nokia
IMEI 12345610654321?
IMEI Spare 1A32541660452301
IMEI SV 1332541660452321F8000000
PSN 0
PSD 0000000000000000
LPSN 0
APE SW 022.009
APE Variant 022.009022.009.06.01022.009.C00.01
APE Test 0.071
APE HW 256
APE ADSP 256
RETU 40
TAHVO 00
AHNE 11
RFIC |Vapaus_5.1 | ???
DSP ICPR82_09w36.4_RIO
Failed to read info -> Failed to read SP info
Step 7
Write created RPL

Quote:
Skipping RPL decryption...
Parsing decrypted RPL...
Processing FBUS Part...
Writing Product Code...
Writing PSN...
Writing HWID...
Writing Simlock...
Handling as SL3 Simlock Data
Reading Security Block...
Security block OK and saved to "RM-469_12345610654321_2011-06-18_031557.SecurityBlock.PM"
Simlock ACCEPTED OK !
Writing Superdongle key...
Superdongle Key ACCEPTED OK !
Writing CMLA key...
CMLA Key ACCEPTED OK !
Writing WMDRM PD Data...
WMDRM PD Data ACCEPTED OK !
Processing FLASHBUS Part...
Booting CMT...
CMT_SYSTEM_ASIC_ID: 000000030000022600010007600C192102011104
CMT_EM_ASIC_ID: 00001040
CMT_EM_ASIC_ID: 00001030
CMT_PUBLIC_ID: 1BB0020A296303443292389F545846C201100A5C
CMT_ASIC_MODE_ID: 00
CMT_ROOT_KEY_HASH: 25B977A055BE9B5DEC0C38A2A279C695
CMT_BOOT_ROM_CRC: 3E273BF6
CMT_SECURE_ROM_CRC: 37BE26FA
CMT Ready!
Searching for BootCode: DualLine 32Bit
RAPUv11_2nd.fg, Type: 2nd Boot Loader, Rev: 768.11.16.0, Algo: BB5
Flashbus Write baud set to 1.0Mbits
Flashbus Read baud set to 98Kbits
Using NEW BB5 FLASHING PROTOCOL
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
If software STUCK HERE with box TX LED lit, that means:
1. You have not attached yellow TX2 Adapter (IT IS REQUIRED FOR BB5 PHONES WHEN USING JAF/UFS CABLES!)
2. Your cable is not TX2 Enabled!
3. Transmission error occured, try again
In either cases, you need to reconnect your box from USB.
FlashChip[0,CMT]: 0x0000000000000000, Unknown, RAM
FlashChip[0,CMT]: 0xFFFF000000000000, Unknown, MMC
FlashChip[0,CMT]: 0x0020004000000031, ST, NOR
FlashChip[1,CMT]: 0x0000000100000000, Unknown, NOR
FlashChip[0,CMT]: 0x0020004000000031, ST, ONENAND
Requested Algorithm: XSR 1.6 (CMT)
Searching for BootCode: DualLine 32Bit
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
FlashChip 0x00200040 (ST), Size: 256MBytes, VPP: Not Supported
RAPUv11_XSR17_alg.fg, Type: Algorithm, Rev: 768.11.16.0, Algo: XSR 1.6
Initializing TurboCache...
TurboCache Loaded!
Writing CMT PASUBTOC Certificate...
Writing CMT ALG Certificate...
CMT Algorithm Ready!
Default Transmission Mode Requested by Loader: Dual Line, 32 bit, Overriding
Transmission Mode Requested: Dual Line, 32 bit, Accepted: Dual Line, 32 bit
Box TX2 Data Pin set to: Service Pin 3
Adding FUR Client (CMT, State: Ready)...
CMT FUR Ready!
Box VPP disabled
Internal CMT Phone VPP Enabled
PAPUBKEYS Hash for CMT: 85F252E351E225CAFC4DFBC8041EABD2823E3500
APE Subsystem Not Found
Flashbus Write baud set to 5.0Mbits
CMT NPC Erased
CMT NPC Written
CMT HWC Erased
CMT HWC Written
CMT CCC Erased
CMT CCC Written
Restarting MCU...
Write RPL Finished!
MCU Version V ICPR82_09w36.5
MCU Date 09-10-09
Product RM-469 (Nokia E52)
Manufacturer (c) Nokia
IMEI 355216039314532
Mastercode 2637612627
IMEI Spare 3A55120693135403
IMEI SV 3355120693135423F8000000
PSN SEL942389
Product Code 0575063
PSD 0000000000000000
LPSN 0
WLAN MAC 00BD3A99AD93
APE ADSP 256
RETU 40
TAHVO 00
AHNE 11
HW 6010
RFIC |Vapaus_5.1 | ???
DSP ICPR82_09w36.4_RIO
Simlock Server SIMLOCK SERVER
Simlock Key 2440700000000000
Simlock Profile 0000000000000000
Simlock Key Cnt 0
Simlock FBUS Cnt 0
Simlock [1,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [1,2] State: OPENED Type: GID Data: FFFF
Simlock [1,3] State: OPENED Type: GID Data: FFFF
Simlock [1,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [1,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [2,2] State: OPENED Type: GID Data: FFFF
Simlock [2,3] State: OPENED Type: GID Data: FFFF
Simlock [2,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [3,2] State: OPENED Type: GID Data: FFFF
Simlock [3,3] State: OPENED Type: GID Data: FFFF
Simlock [3,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [4,2] State: OPENED Type: GID Data: FFFF
Simlock [4,3] State: OPENED Type: GID Data: FFFF
Simlock [4,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [5,2] State: OPENED Type: GID Data: FFFF
Simlock [5,3] State: OPENED Type: GID Data: FFFF
Simlock [5,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [6,2] State: OPENED Type: GID Data: FFFF
Simlock [6,3] State: OPENED Type: GID Data: FFFF
Simlock [6,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [7,2] State: OPENED Type: GID Data: FFFF
Simlock [7,3] State: OPENED Type: GID Data: FFFF
Simlock [7,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Now much better.. we see Simlock and IMEI back...
Step 6
Authorize SX4

SX4 Authorization / SD Repair Procedure Started....
"1BB0020A296303443292389F545846C201100A5C.C0003160 " Exists, That is good...
MCU Version V ICPR82_09w36.5
MCU Date 09-10-09
Product RM-469 (Nokia E52)
Manufacturer (c) Nokia
IMEI 355216039314532
Mastercode 2637612627
Reading Security Block...
Security block OK and saved to "RM-469_355216039314532_2011-06-18_031759.SecurityBlock.PM"
SX4 Status: Not authorized (74)
Started mutual authenthication with card...
Receiving Phone Seed 1...
Phone Seed 1 Received
Sending calculated Data 1, and expecting Seed 2...
Calculated Data 1 accepted, Phone Seed 2 Received
Sending calculated Data 2
Calculated Data 2 sent, Checking Authorization Status again
Authorization successfully finished!
Looking for Virgin PM In Database...
Virgin PM Not found in local database, obtain one (with fields 1 and 309) and write it using "Write PM" Button
Step 7
Write previously readen PM File
[1,0] Written, Length: 114 bytes, Status: OK
[1,2] Written, Length: 10 bytes, Status: OK
[1,4] Written, Length: 110 bytes, Status: OK
[1,6] Written, Length: 10 bytes, Status: OK
[1,7] Written, Length: 214 bytes, Status: OK
[1,8] Written, Length: 110 bytes, Status: OK
[1,13] Written, Length: 10 bytes, Status: OK
[1,16] Written, Length: 208 bytes, Status: OK
[1,18] Written, Length: 208 bytes, Status: OK
[1,20] Written, Length: 208 bytes, Status: OK
[1,22] Written, Length: 16 bytes, Status: OK
[1,23] Written, Length: 4 bytes, Status: OK
[1,24] Written, Length: 84 bytes, Status: OK
[1,26] Written, Length: 110 bytes, Status: OK
[1,28] Written, Length: 10 bytes, Status: OK
[1,29] Written, Length: 10 bytes, Status: OK
[1,31] Written, Length: 208 bytes, Status: OK
[1,33] Written, Length: 36 bytes, Status: OK
[1,34] Written, Length: 376 bytes, Status: OK
[1,35] Written, Length: 16 bytes, Status: OK
[1,39] Written, Length: 36 bytes, Status: OK
[1,40] Written, Length: 16 bytes, Status: OK
[1,41] Written, Length: 182 bytes, Status: OK
[1,42] Written, Length: 4 bytes, Status: OK
[1,43] Written, Length: 36 bytes, Status: OK
[1,44] Written, Length: 182 bytes, Status: OK
[1,45] Written, Length: 182 bytes, Status: OK
[2,0] Written, Length: 2080 bytes, Status: OK
[4,3] Written, Length: 10 bytes, Status: OK
[4,4] Written, Length: 8 bytes, Status: OK
[4,5] Written, Length: 8 bytes, Status: OK
[4,9] Written, Length: 5 bytes, Status: OK
[8,0] Written, Length: 2 bytes, Status: OK
[8,1] Written, Length: 16 bytes, Status: OK
[8,2] Written, Length: 16 bytes, Status: OK
[8,3] Written, Length: 128 bytes, Status: OK
[8,4] Written, Length: 128 bytes, Status: OK
[8,8] Written, Length: 8 bytes, Status: OK
[8,9] Written, Length: 8 bytes, Status: OK
[8,10] Written, Length: 32 bytes, Status: OK
[11,0] Written, Length: 4 bytes, Status: OK
[11,1] Written, Length: 4 bytes, Status: OK
[11,2] Written, Length: 4 bytes, Status: OK
[11,3] Written, Length: 4 bytes, Status: OK
[11,4] Written, Length: 1058 bytes, Status: OK
[12,0] Written, Length: 102 bytes, Status: OK
[26,0] Written, Length: 16 bytes, Status: OK
[26,1] Written, Length: 68 bytes, Status: OK
[31,4] Written, Length: 20 bytes, Status: OK
[44,0] Written, Length: 1 bytes, Status: OK
[50,0] Written, Length: 2 bytes, Status: OK
[54,0] Written, Length: 2 bytes, Status: OK
[54,2] Written, Length: 24 bytes, Status: OK
[88,0] Written, Length: 36 bytes, Status: OK
[96,0] Written, Length: 2 bytes, Status: OK
[96,1] Written, Length: 20 bytes, Status: OK
[107,0] Written, Length: 41 bytes, Status: OK
[107,1] Written, Length: 89 bytes, Status: OK
[107,2] Written, Length: 89 bytes, Status: OK
[107,3] Written, Length: 70 bytes, Status: OK
[107,25] Written, Length: 236 bytes, Status: OK
[107,26] Written, Length: 12 bytes, Status: OK
[117,0] Written, Length: 4 bytes, Status: OK
[117,1] Written, Length: 3 bytes, Status: OK
[117,2] Written, Length: 6 bytes, Status: OK
[117,3] Written, Length: 1 bytes, Status: OK
[117,4] Written, Length: 9 bytes, Status: OK
[117,5] Written, Length: 10 bytes, Status: OK
[117,6] Written, Length: 8 bytes, Status: OK
[117,8] Written, Length: 42 bytes, Status: OK
[117,13] Written, Length: 3 bytes, Status: OK
[117,14] Written, Length: 3 bytes, Status: OK
[117,16] Written, Length: 40 bytes, Status: OK
[120,0] Written, Length: 944 bytes, Status: OK
[120,1] Written, Length: 160 bytes, Status: OK
[120,2] Written, Length: 130 bytes, Status: OK
[120,3] Written, Length: 112 bytes, Status: OK
[153,0] Written, Length: 68 bytes, Status: OK
[153,1] Written, Length: 68 bytes, Status: OK
[153,2] Written, Length: 68 bytes, Status: OK
[153,3] Written, Length: 68 bytes, Status: OK
[153,4] Written, Length: 68 bytes, Status: OK
[153,5] Written, Length: 68 bytes, Status: OK
[153,6] Written, Length: 68 bytes, Status: OK
[193,2] Written, Length: 8 bytes, Status: OK
[193,3] Written, Length: 32 bytes, Status: OK
[193,4] Written, Length: 32 bytes, Status: OK
[193,9] Written, Length: 64 bytes, Status: OK
[217,0] Written, Length: 32 bytes, Status: OK
[239,0] Written, Length: 2 bytes, Status: OK
[239,1] Written, Length: 3284 bytes, Status: OK
[239,2] Written, Length: 3284 bytes, Status: OK
[239,3] Written, Length: 3284 bytes, Status: OK
[239,4] Written, Length: 3284 bytes, Status: OK
[239,5] Written, Length: 3284 bytes, Status: OK
[239,6] Written, Length: 218 bytes, Status: OK
[291,0] Written, Length: 92 bytes, Status: OK
[308,0] Written, Length: 1 bytes, Status: Not accepted, Code: 19
[308,1] Written, Length: 8192 bytes, Status: Not accepted, Code: 19
[308,3] Written, Length: 1 bytes, Status: Not accepted, Code: 19
[308,4] Written, Length: 1 bytes, Status: Not accepted, Code: 19
[308,6] Written, Length: 1 bytes, Status: Not accepted, Code: 19
[308,7] Written, Length: 1 bytes, Status: Not accepted, Code: 19
[308,9] Written, Length: 40 bytes, Status: Not accepted, Code: 19
[309,0] Written, Length: 4 bytes, Status: OK
[309,1] Written, Length: 2 bytes, Status: OK
[309,2] Written, Length: 12 bytes, Status: OK
[309,3] Written, Length: 36 bytes, Status: OK
[309,4] Written, Length: 12 bytes, Status: OK
[309,7] Written, Length: 12 bytes, Status: OK
[309,17] Written, Length: 12 bytes, Status: OK
[313,0] Written, Length: 173 bytes, Status: OK
[322,0] Written, Length: 1 bytes, Status: OK
[329,0] Written, Length: 8392 bytes, Status: OK
[334,0] Written, Length: 1 bytes, Status: OK
[341,0] Written, Length: 1 bytes, Status: OK
[341,3] Written, Length: 4 bytes, Status: OK
[341,4] Written, Length: 4512 bytes, Status: OK
[354,0] Written, Length: 28 bytes, Status: OK
[356,0] Written, Length: 2 bytes, Status: OK
[356,1] Written, Length: 8 bytes, Status: OK
[360,0] Written, Length: 1 bytes, Status: OK
[360,1] Written, Length: 2 bytes, Status: OK
[360,2] Written, Length: 3 bytes, Status: OK
[369,0] Written, Length: 40 bytes, Status: OK
Write PM Finished, Record written OK: 118, Record written NOT OK: 7
That's all!

MCU Version V ICPR82_09w36.5
MCU Date 09-10-09
Product RM-469 (Nokia E52)
Manufacturer (c) Nokia
IMEI 355216039314532
Mastercode 2637612627
IMEI Spare 3A55120693135403
IMEI SV 3355120693135423F8000000
PSN SEL942389
Product Code 0575063
Basic Product Code 0565921
PSD 0000000000000000
LPSN 0
WLAN MAC 00BD3A99AD93
APE SW 022.009
APE Variant 022.009022.009.06.01022.009.C00.01
APE Test 0.071
APE HW 256
APE ADSP 256
RETU 40
TAHVO 00
AHNE 11
HW 6010
RFIC |Vapaus_5.1 | ???
DSP ICPR82_09w36.4_RIO
Simlock Server SIMLOCK SERVER
Simlock Key 2440700000000000
Simlock Profile 0000000000000000
Simlock Key Cnt 0
Simlock FBUS Cnt 5
Simlock [1,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [1,2] State: OPENED Type: GID Data: FFFF
Simlock [1,3] State: OPENED Type: GID Data: FFFF
Simlock [1,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [1,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [2,2] State: OPENED Type: GID Data: FFFF
Simlock [2,3] State: OPENED Type: GID Data: FFFF
Simlock [2,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [2,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [3,2] State: OPENED Type: GID Data: FFFF
Simlock [3,3] State: OPENED Type: GID Data: FFFF
Simlock [3,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [3,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [4,2] State: OPENED Type: GID Data: FFFF
Simlock [4,3] State: OPENED Type: GID Data: FFFF
Simlock [4,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [4,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [5,2] State: OPENED Type: GID Data: FFFF
Simlock [5,3] State: OPENED Type: GID Data: FFFF
Simlock [5,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [5,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [6,2] State: OPENED Type: GID Data: FFFF
Simlock [6,3] State: OPENED Type: GID Data: FFFF
Simlock [6,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [6,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,1] State: OPENED Type: MCC-MNC Data: FFFFFF
Simlock [7,2] State: OPENED Type: GID Data: FFFF
Simlock [7,3] State: OPENED Type: GID Data: FFFF
Simlock [7,4] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF
Simlock [7,5] State: OPENED Type: IMSI Data: FFFFFFFFFFFFFFFF

Quote:
Selftests to proceed: 49
Passed ST_SLEEP_X_LOOP_TEST
Passed ST_UEM_CBUS_IF_TEST
Passed ST_EAR_DATA_LOOP_TEST
Passed ST_SIM_CLK_LOOP_TEST
Passed ST_SIM_LOCK_TEST
Passed ST_SECURITY_TEST

Passed ST_PWR_KEY_TEST
Passed ST_CURRENT_CONS_TEST
Passed ST_HOOKINT_TEST
Passed ST_BTEMP_TEST
Passed ST_MBUS_RX_TX_LOOP_TEST
Passed ST_KELVIN_BATVOLTAGE_TEST
Passed ST_KELVIN_VIBRA_TEST
Passed ST_KELVIN_CAPACITOR_TEST
Passed ST_KELVIN_MISC_TEST
Failed ST_KELVIN_CHARGING_TEST
Passed ST_KELVIN_AUDIO_TEST
Passed ST_KELVIN_XEAR_TEST
Passed ST_AMB_LIGHT_SENSOR_TEST
Passed ST_USB_CHARGING_TEST
Passed ST_DIGIMIC_TEST
Passed ST_LED_CONTROLLER_TEST
Passed ST_CDSP_SLEEPCLOCK_FREQ_TEST
Passed ST_CDSP_RF_BB_IF_TEST
Passed ST_CDSP_RF_SUPPLY_TEST
Passed ST_CDSP_TX_IQ_TEST
Passed ST_CDSP_TXC_DATA_TEST
Passed ST_CDSP_RX_PLL_PHASE_LOCK_TEST
Passed ST_CDSP_TX_PLL_PHASE_LOCK_TEST
Passed ST_CDSP_WCDMA_TX_POWER_TEST
Passed ST_CDSP_RX_IQ_LOOP_BACK_TEST
Passed ST_CDSP_GSM_TX_POWER_TEST
Passed ST_KEYBOARD_STUCK_TEST
Passed ST_LPRF_IF_TEST
Passed ST_CAMERA_IF_TEST
Passed ST_SEC_CAMERA_IF_TEST
Passed ST_LED_FLASH_TEST
Passed ST_LPRF_AUDIO_LINES_TEST
Passed ST_MAIN_LCD_IF_TEST
Passed ST_BT_WAKEUP_TEST
Passed ST_WLAN_TEST
Passed ST_BT_WLAN_COEXISTENCE_TEST
Passed ST_ACCEL_IF_TEST
Passed ST_VIBRA_TEST
Passed ST_USB_LOOP_TEST
Passed ST_RADIO_TEST
Passed ST_MAGNETOMETER_TEST
Passed ST_USB_CHARGER_TEST
Passed ST_LED_FLASH_IF_TEST
Selftests done, Tests total: 49, Tests passed: 48, Tests not passed: 1
 
Top