PDA

View Full Version : FAQ from MOBILE-FILES.COM



GSM™
02-05-2010, 01:06 PM
Q: what is db2000,db2010,db2020,pnx5230,db3150,db3210 ?

A: that is chipsets of new SEMC phones.

db2000 (otherwise called marita "full") is inside next phones: z1010/v800/z800/w900/lg3g/sharp3g
db2010 (otherwise called "marita compact") is inside j300/k300/k500/k700/s700/k750 phones.
db2020 (otherwise called "marika") is inside k610/k550/k790/k800/w850/w880/z610/well, almost in all new phones.
pnx5230 is philips chipset and can be found inside z310,w350,w380,z555 phones.
db3150 is A2 generation, phones like k850,w910,w890,z750,etc have it
db3200,db3210,db3350 is further revisions of A2 platform.


Q: how to enable "search mode" and "GSM/3g networks" in "mobile networks" menu item of v800/k600/k608 ?

A: use following script (all in one string,without spaces !!!!)



gdfswrite:00020CCD00000000000000000000000000000000 00000000000000000100000000000000000000000000000000 0000000000000000000000000000000000


Q: i unlocked my z520 and my phone is dead !!! help ! help !

A:detach phone from cable, remove battery for 20 seconds ,then insert it back and try to turn phone on. must be ok.

still not work ? select in "main firmware file" edit file eroms\k750_w800_z520_new_erom.ssw and flash it.
detach cable, remove battery, wait for 20 seconds, insert it back.
must work.

if still not work - you made something besides simple pressing "unlock" button and phone must be repaired other way.

Q: i flashed my phone and it became dead !!! aaargh !!! help me , help !

A:relax. current semc phones can't be killed completely by software. well, some can, but setool2 will not allow it to do it.. simple ;)

general way to do:

scenario:

a friend comes with phone. phone not powers on at all.

way:

1. try to flash phone with corresponding flashfiles. if it flashes - good, flash it.

following step should not be applied to db2020/pnx5230/db2010 cid49/cid50/cid51/cid52 phones.

2. if after complete phone reports "csloader startup error, fs startup error 1,2,23" then you need to restore erom.

all needed EROMs is inside "eroms" folder of setool2 distribution.
for db2000 phones erom is z800_v800_k600_old_erom.ssw
for db2010 phones erom is k750_w800_z520_old_erom.ssw
for w550/w600/s600 phone erom is w550_erom.ssw
when flashing EROM you MUST set cid to OTP cid !!!!!

3. if after succefull flashing (complete ok) phone powers on with white screen/freezes on "please wait" step - you need to UNLOCK phone

4. if it can't be unlocked - most probably gdfs is damaged and you must rewrite gdfs with re-formatting (go to settings tab, check "format gdfs").

all needed gdfs is inside "gdfs_in_bin_format,gdfs_in_ssw_format" folders of setool2 distr.
select corresponding gdfs in "misc files" edit and press "write gdfs"
always make "unlock" after write gdfs.

please note, that you SHOULD NOT mess with gdfs in db2020 phones, pnx5230 phones, cid50/51/52 db2010 phones.
actually, you only can safely rewrite gdfs on db2000/db2010 cid16/29/36/49 phones.

Q: how to remove "strange" "1e0w" or simular from service menu?

A:
for z1010 use script:



gdfswrite:00040CBF00
for all other db2000/db2010 phones use script:



gdfswrite:00020CB800
for db2020 use next script



gdfswrite:00020DE400000000000000000000
Q: i really like to make some pre-defined email/gprs account !

A:all pre-defined gprs and so on account stored in customize.xml file.
you can readout that file from phone with such accounts,using script command



readfile:/tpa/preset/custom/customize.xml
(file will be in PC directory ph_out\tpa\preset\custom\customize.xml)
then you can modify it as you need and write back into phone with script command



wrfile:test.xml,/tpa/preset/custom/customize.xml

GSM™
02-05-2010, 01:12 PM
Some general information:
CID = Certificate ID. You can say that this "number" defines the version of SE's protection present in the phone. Each CID require their own loaders.
New CIDs are deployed from time to time, for the sole reason of preventing them from beeing unlocked/flashed/tampered with by non-SE service tools. Current CIDs in use by SE are 29/36/37/49/50/51/52. SE-based LG/Sharp phones use the same system (but different versions), hence they are supported by SETool. The OTP (One Time Programmable memory) and EROM of a phone might be protected by different CIDs, usually the case in newer K600s/K608s. If SETool reports OTP CID36 and Flash CID49, doing a "Recovery" in the software and replacing the EROM with a CID36 one will render the phone a normal and fully non-TP supported CID36 one.

CDA = This "number" defines which variant of a specific firmware a phone is supposed to have.
It lets among others SEUS (Sony Ericsson Update Service) know which language-pack/branding/bandlocks a phone is to be flashed with. A generic (unbranded) K750 for use in Scandinavia will be CDA102337/12, whilst a Telenor-branded K750 will be CDA102338/62. Both will be flashed with the same languages/dictionaries, but the latter will be flashed with Telenor-branded firmware (branded firmwares are considered by most as utter crap).

BLUE/BROWN/RED:
This "color" defines what kind of phone we are dealing with.
BLUE phones has been assembled at the factory, but never been programmed with software/GDFS/IMEI (remember kids: the IMEI is stored in the OTP (One Time Programmable memory))
BROWN phones are usually "developer phones", for testing. Less restrictions are present, as these are used for "debugging/beta" purposes. In the case of CID36, a phone has to be converted to BROWN for unlocking. If you ever encounter an OTP CID49 BROWN phone, it must be converted to RED for servicing. (Click here for a guide. (http://www.mobile-files.com/forum/showpost.php?p=176984&postcount=19))
RED phones are your typical retail ones.

GDFS:
This is the phones "stash", where all settings and calibration data is stored (this also goes for the firmwares IMEI-resource as well as the SIMlocks). Similar to other brands use of NVRAM (Non-Viotile Random Access Memory).

IMEI = International Mobile Equipment Identity.
A 15-digit number which includes information on the origin, model, and serial number of the device. The model and origin comprise the initial 8-digit portion of the IMEI, known as the "Type Allocation Code/TAC". The remainder of the IMEI is manufacturer-defined, with a "Luhn check digit" at the end (which is never transmitted). The "Luhn check digit" is calculated from the rest of the IMEI.

It should be noted that in SE-based phones, the IMEI is stored in two places, the OTP (One Time Programmable memory) and GDFS. The GDFS IMEI is normally read from the OTP, but this can be circumvented by SETool function to "change" the IMEI. This patches the firmware into allowing different OTP/GDFS IMEIs. It is the GDFS IMEI that is reported to the network, so changing this will "de-bar" blocked phones. SEUS is not fooled by this, on the other hand, and it should also be noted that doing this is illegal in most countries.

EMMA = Service software/solution by SE themselves. Protected by the EMMA smartcard to prevent non-licensed usage. Current version is EMMA3, though EMMA2 is still alive (but kinda useless on newer phones). The EMMA smartcard contains an algorithm that allows EMMA to communicate directly to/with the phones CID, so performing operations the way they were intended. The smartcard and its algorithm has not been cracked. Current EMMA access levels exists:
Service Update - Can't unlock phones.
Service Update Pro - Can't unlock phones.
Network Operator - Can't unlock phones (but sure as hell can lock them ;)).
Service Center Std - Can't unlock phones.
Service Center Rc - Can unlock phones, as they have a special version of the smartcard with a CSCA key.
Research & Development - Can unlock phones, as they have a special version of the smartcard with a CSCA key.

GSM™
02-05-2010, 01:13 PM
q: How to use script to backup GPRS/MMS/Browser settings then write back??

a:
script


readpkg:/system/wap/profile/
will create pkg_imei.pkg

then,to write it back use


writepkg:/pkg_imei.pkg

GSM™
02-05-2010, 01:15 PM
SEMC posted some documents about problems with Z520.


Introduction
There is a problem with some Z520 phones where the phone has no network. When you look at the PCB, you may see that R1242 or R1245 are missing, damaged, or askew. (See attached word doc with photos)

Comments
The problem area on the PCB may appear as mechanical damage. You may even see scrape marks. This is not customer abuse. This damage is being caused in the factory. These phones should be repaired under warranty. Both of the parts (R1242 & R1245) are in the parts list and are shown on the component placing drawing. If you find the part missing, and if the damage does not affect other parts, and if the pads are still intact, replace the missing parts. If the part is slightly askew, and there is not solder damage, then leave it. (The example in the photo is acceptable as is.) If it is severely askew, (less than 50% contact coverage) de-solder and re-solder it.

GSM™
02-05-2010, 01:16 PM
q:
I have tried to flash Z1010 with unbranded file. This is the result.



GUI v0.91380009/UNI
Card serial:00000004
Loaded 49 flash descriptors
Open COM port OK
ChipID:7100,EMP protocol:0301
PHONE IS RED RETAIL PRODUCT
FLASH CID detected:29
Speed:921600
DB2000 only supports 460800,fallback.
OTP status:0 locked:1 CID:29 PAF:1 IMEI:35345600144480 CERT:RED
Loader:041214 0759 MATCXC1325712_PRODUCTION R2Z
Flash ID check:8964
Flash props sent ok
Switching to USB...
Phone stays at current interface.
writing C:\Documents and Settings\c1am1k\My Documents\UNLOCK\SONY ERICSON\z1010\z1010_r1h_fs.hk.cry
CURRENT FLASH FILE CID:16
........
SSW loading returns:0
CSloader version:
041109 1252 GOHCXC125904_SEMC_VIOLA_FILE_SYSTEM_LOADER_R1E
loader startup: executed
loader filesystem startup: executed
csloader refused to start gdfs services,error is:29
loader gdfs startup failed, that is fatal
Elapsed:517 secs.
RECOVERY MODE STARTED
Open COM port OK
DB2000 only supports 460800,fallback.
Recovery:041213 1451 MATCXC1325413_CERTLOADER R3S
Fetching phone data from OTP
OTP status:0 locked:1 CID:29 PAF:1 IMEI:35345600144480 CERT:RED
Recovery succefull. Reflash phone now
Elapsed:17 secs.
a:
your phone OTP CID is 29, while flashfiles CID is 16. CIDs can be greater, but not lower.

you need to do now

1. recovery (you done it)
2. select cid change= redcid16
3. flash main+fs+complete

GSM™
02-05-2010, 01:17 PM
1.
Choose correct model ( DB200x/DB201x/DB2020/PNX5230 CID49/CID50/CID51/CID52/CID53 supported )

2. Choose "SETTINGS" tab.
Check

"PATCH OTP<>GDFS CHECK IN FIRMWARE"
"ALLOW TO CHANGE IMEI WHEN UNLOCKING"
for DB2012/DB2020 only
"USE SERVER FOR UNLOCK/FLASH"
"USE ALTERNATIVE SECURITY BYPASS"


3. go back to SEMC tab, press UNLOCK

4. when prompted, enter required IMEI

NOTE:
REAL IMEI NOT changed, flashpatch "forges" IMEI via some trick.
no worry though, network (and customer) will see NEW IMEI.
but, once phone will be updated on SEUS it will return to original IMEI.
same applies to flashing main part of firmware.

BE AWARE THAT CHANGING IMEI IS ILLEGAL AND PROHIBITED BY LAW.
USE IT FOR EDUCATIONAL PURPOSE OR IF YOU HAD CHANGED FLASH CHIP WITH ALREADY FILLED OTP!!!

GSM™
02-05-2010, 01:18 PM
starting from w810 and z530, semc changed langpack names (as i see - only emea)
i only write here changed names.

c_asia UK TR RU AR
cent_europe SK PL HU CS
m_east_africa FR FA AR
mediterr SQ RO EL BG
baltic RU LV LT ET
s_asia_levan RU HE FR FA AR

GSM™
02-05-2010, 01:18 PM
about gdfs file formats.

there is 2 gdfs format,which setool2 can support.

first format is "common" format, "small" file , where only units and their values stored.
that file must be written using "misc. files" edit and "write gdfs" button.
such file can be produced with "read gdfs button"
if gdfs area is damaged, or loader can't find be written and thats why we came to ...
second format. it is pure flash image of gdfs area.
can be written only as "firmware files". can be written regardless of damaged or not gdfs area.

i suggesting to use "gdfs-in-ssw-format" in situations of "complete dead" phone (for example, after we tried to write s700 firmware into k300 ;) )

GSM™
02-05-2010, 01:18 PM
q: how to enable amr on xxx ?

a:
for db2010 phones, execute following script

execute following script.



gdfswrite:000000a60001020405

GSM™
02-05-2010, 01:19 PM
If you are experiencing cable issues, it might help lowering the latency.

Standard symptom: "llbug: can't get all data, got:0 expected:***"

This is done through "Device Manager" (Right-click "My Computer"->"Properties"->"Ports(COM & LPT)". Check the attachments.

Set the latency to "1" and try servicing a phone. Increase the value (once per procedure) until errors start apperaring, then set the previous value.

Example:
Latency 1,2,3,4,5,6,7 goes OK, but then
8 - "llbug: can't get all data, got:0 expected:***"

Set the value to seven or six (to be sure).

if you experiencing same "llbug: can't get all data, got:0 expected:***" using UFS as interface
then you can do one of following (or all)

1. lower speed to 115200
2. use normal SHIELDED USB2.0 cable. it must be SHORT (no more than 30 cm)
3. try to connect UFS into different USB controller on motherboard
4. try to connect UFS into EXTERNAL POWERED USB HUB
Attached Thumbnails http://support.setool.net/attachment.php?attachmentid=16424&stc=1&thumb=1&d=1210499561 (http://support.setool.net/attachment.php?attachmentid=16424&d=1161773972) http://support.setool.net/attachment.php?attachmentid=16425&stc=1&thumb=1&d=1210499561 (http://support.setool.net/attachment.php?attachmentid=16425&d=1161773972)

GSM™
02-05-2010, 01:20 PM
K790 Phone hang

Only Applicable for K790!

Background:
One of the main reasons for permanent phone hangs at start up or standby
can be resolved by replacing two resistors under the Bluetooth cavity.

Instruction:
ROA (PCB) with revision R3A and R3B have not been modified.
ROA (PCB) with revision R3C has the new resistor values already from
factory.
ROA (PCB) with revision R3D has a new version of Dolphin 2 which prevents
the problem and they SHOULD NOT have the resistors replaced.

For ROA revision R3A and R3B with permanent phone hang at start up or
standby:
Change:
R1404 to 470 ohms, REP 621 003/47.
R1405 to 4.7k ohms, REP 621 004/47
Both resistors are located under the Bluetooth cavity
Attached Thumbnails http://support.setool.net/attachment.php?attachmentid=16546&stc=1&thumb=1&d=1210499561 (http://support.setool.net/attachment.php?attachmentid=16546&d=1162409513) http://support.setool.net/attachment.php?attachmentid=16547&stc=1&thumb=1&d=1210499561 (http://support.setool.net/attachment.php?attachmentid=16547&d=1162409513)

GSM™
02-05-2010, 01:21 PM
Case:
Let's say you have a DB2020 phone with some GDFS issue, say you wrote K800 firmware to a K790 and now you have "no network".

Solution:You'll have to rewrite the original GDFS. Sadly, most users never back it up before proceeding with whatever operation they intended to do in the first place. This is done through the "Read GDFS" button in SETool, btw ;). it will produce a .bin-file named with the phones IMEI and can be found in your SETool basedir. Take good care of it.

Now, lets say you didn't back up the phones GDFS and did something to screw it up. Then you have a problem, because rewriting it with another phones GDFS will screw the security units and the phone will be bricked. Generally a bad thing, right ;)?.

Luckily, there is a way to solve this and the procedure is as follows:


Use only COM/UFS interfaces!

1 (Optional): Back up the corrupt GDFS (yes, even though it's corrupted, so you have a full backup just in case). Again: "Read GDFS". Move it to a safe place on your HD, this is to avoid accidentally deleting it and for avoiding confusion with all the other txt-files that will appear later on.
2: Create a scriptfile (a normal txt-file will do) with the following contents:


gdfsread:00020e5a
gdfsread:00020e48
gdfsread:00010851
gdfsread:00000006
gdfsread:0000000E
gdfsread:00000013
gdfsread:0000001C
gdfsread:00000018
gdfsread:000000AA
Now save it. Name it "readsecunits.txt" or whatever. Select the file in SETool's MISC-field and press "Write SCRIPT".

All the read units will be stored in a single file named by the phone's IMEI.
rename it as "secunitsbackup.txt" to avoid confusion

3: Apply the GDFS from a working DB2020 phone.
- Read it out from the source phone (it will be stored in the SETool basedir named by the source phone's IMEI)

- Check "Format GDFS" in "Settings" and write it to the damaged phone by selecting it in the MISC-field and pressing "Write GDFS".
If the phone in question is OTP/FLASH CID52, DO NOT CHECK "Format GDFS"

Do NOT turn the phone on afterwards.

4: Now, you'll have to write back the original units. Apply the "secunitsbackup.txt" you created by selecting it in the MISC-field and pressing "Write SCRIPT".

Voila, it should have done the trick.
I'll ask the_laser to produce some DB2020 GDFS files in case you don't have a working phone to read from.

Another method (Without the need for GDFS backup/etc...)

Create and execute the following script:



gdfswrite:000000ACXX
Set XX to whatever corresponds to your phones bandlock:



;00 MS_GSM900
;01 MS_EGSM900
;02 MS_DCS1800
;03 MS_PCS1900
;04 MS_GSM900_DCS1800
;05 MS_EGSM900_DCS1800
;06 MS_GSM900_PCS1900
;07 MS_EGSM900_PCS1900
;08 MS_DCS1800_PCS1900
;09 MS_GSM900_DCS1800_PCS1900
;0a MS_EGSM900_DCS1800_PCS1900
;0b MS_GSM850
;0c MS_GSM850_PCS1900
;0d MS_EGSM900_GSM850
;0e MS_DCS1800_GSM850
;0f MS_EGSM900_DCS1800_GSM850
;10 MS_EGSM900_GSM850_PCS1900
;11 MS_DCS1800_GSM850_PCS1900
;12 MS_EGSM900_DCS1800_GSM850_PCS1900

GSM™
02-05-2010, 01:24 PM
I've made this little guide so that more users will be able to use HyperTerminal in detecting phone HW problems. Too many users are blaiming SETool for their dead phones.

Case:
Let's say you're only getting a white screen when turning your phone on, or that you're getting the infamous "Can't get packet properties."-error.

Solution:
Either pick a random reason (and that won't do much good for your phone ;))or do the following to see if the phone itself can provide you with a hint:

1: Open HyperTerminal (Start->Programs->Accessories->Communications).
2: Configure a name for the connection. I've called mine "Debug".
3: Select the proper COM port.
4: Configure baudrate and press "OK".
5: In the "Transfer"-menu, click "Capture Text", then choose a path and name for the log. You will see that the "Capture" indicator has been activated.
6: Attach a powered-off phone (the phone might start charging, this is OK). Give it a minute or two to run selftests, then post the captured text as an attachment if you want an opinion from us.



FSFLASH: NAND Flash device @ [0x50000000-0x5FFFFFFF] 262144 Kb
FSFLASH: Vendor (0x20): ST
FSFLASH: Device: NAND02GR3B (0x00AA)
............
FSFLASH: Bad block found @ 0x50000000
FSFLASH: Bad block found @ 0x50020000
FSFLASH: Bad block found @ 0x50040000
.................
FSFLASH: Bad block @ 0x500C0000 replaced by 0x501C0000
FSFLASH: Bad block @ 0x500E0000 replaced by 0x501E0000
FSFLASH: Too many bad blocks
If you see this during flashing, it's safe to assume that SETool is not to blaim. (The above error is not related to a case of WSOD, it's only for demonstrational purposes).
Attached Thumbnails http://support.setool.net/attachment.php?attachmentid=17617&stc=1&thumb=1&d=1210499631 (http://support.setool.net/attachment.php?attachmentid=17617&d=1166574134) http://support.setool.net/attachment.php?attachmentid=17618&stc=1&thumb=1&d=1210499631 (http://support.setool.net/attachment.php?attachmentid=17618&d=1166574134) http://support.setool.net/attachment.php?attachmentid=17619&stc=1&thumb=1&d=1210499631 (http://support.setool.net/attachment.php?attachmentid=17619&d=1166574134) http://support.setool.net/attachment.php?attachmentid=17620&stc=1&thumb=1&d=1210499631 (http://support.setool.net/attachment.php?attachmentid=17620&d=1166574134) http://support.setool.net/attachment.php?attachmentid=19324&stc=1&thumb=1&d=1210499748 (http://support.setool.net/attachment.php?attachmentid=19324&d=1173367804)

GSM™
02-05-2010, 01:25 PM
Q: i flashed CHINESE flash into my P990/M600 phone, but after power on phone starts to reboot ;(

A: "reboot loop" can be fixed by writing
"3_P1A_Zebra_R8_CCPU_GDFS_QWERTY_keyboard_settings .gdfs" file in phone.

- go to PDA tab
- select file in misc edit
- press write script. note - if yours PDA is NEW revision, you will need 1 credit.

hint: you can add that file into firmware package with any zip-capable archiver, by doing that you can save one credit when you will flash P990/M600 with chinese flash.

thanks goes to imobile for careful research of that reboot bug.

Q: i want to change keyboard layout on my P990/M600.

A: write desired keyboard settings file, same way as in previous question.

GSM™
02-05-2010, 01:25 PM
q: What languages are in PDA generic world1 and generic world2 ?

a: Languages included in World1 and 2 are;
American English (AE), Arabic (AR), Canadian French (CF), Czech (CS), Danish (DA), Dutch (NL), Finnish (FI), French (FR), German (DE), Greek (EL), Hebrew (IW), Hungarian (HU), Latin American Spanish (XL), Norwegian (NO), Polish (PL), Portuguese (PT), Russian (RU), Swedish (SV), Spanish (ES), Turkish (TR).

GSM™
02-05-2010, 01:26 PM
Q: I'm unlocking many A1 phones using CSCA method,my comports number is about ~300 and that things really annoy me.
Are there any way to fix it ?

A:

save next strings in file "reset.reg" and execute in windows explorer.
that will reset first available comport to 5. (read: next time new comport will be installed it will be COM5)

important!
you need to UNINSTALL present phone drivers in order to reset comports,which are allocated for them.



REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\COM Name Arbiter]
"ComDB"=hex:0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00

improtant update
if you will execute attached .reg file, then SAME MODELS of phones with DIFFERENT IMEI will not be discovered as NEW,
if attached to SAME USB PORT.

GSM™
02-05-2010, 01:27 PM
Q: I want to reset lifetime counter,flip counter, etc on DB2020,PNX5230 phone.

A:

execute following script



gdfswrite:00000099000000
gdfswrite:0000009B00000000
gdfswrite:0000009D00000000
gdfswrite:00020E000000000000000000
gdfswrite:00020DC80000000000000000

Q: I want to flip counter on DB2010 phone.


A:

execute following script.



gdfswrite:000200С9С00000000
Q: I want to reset lifetime counter on A2 phone.

A:

execute following script (note, you SHOULD use setool2 >=v0.914012)



tawrite:0002188c00000000
gdfswrite:0000012d00000000
gdfswrite:0000012e00000000
gdfswrite:0000012f00000000
gdfswrite:0000013000000000
gdfswrite:0000013100000000
gdfswrite:0000013200000000
gdfswrite:0000188c00000000
important!
lifetimer will be reset on A2 phones only after firmware reflash. (maybe SEMC will change it in future)

GSM™
02-05-2010, 01:28 PM
Q:
i trying to service w810/w300/z530/z550/k310/k510 phone and getting
such result


ChipID:8040,EMP protocol:0301
PHONE IS RED RETAIL PRODUCT
FLASH CID detected:49
Speed:921600
ldr_on_ldr hdr no ack,err:10what to do ? phone was working before !!! (variant: phone was dead before)

A:

that is hardware problem and nothing to do with software. usually it is bad soldered flash chip.
latest mid-range semc phones quality is below zero.


as last resort, you can try to raise voltage on FLASH VPP upto 12v
(for start, try to flash it with dcu60, it also has increased voltage)

but what say to customer if phone works before servicing?
have no idea - think yourself- that is risk that you including in each service cost.
sadly, but such thing can be happened - flash sector can read good, but fails on erase/write.


Q:
i trying to service w810/w300/z530/z550/k310/k510 phone and getting
such result



Loader:060718 0842 LIE_DB2010_FLASHLOADER_R2A003_CXC1326738
OTP LOCKED:1 CID:49 PAF:1 IMEI:00000000000000 CERT:RED

REMOVE BATTERY FROM PHONE, THEN INSERT IT BACK
THEN PRESS 'TESTPOINT OK'

Open COM port OK
ChipID:8040,EMP protocol:0301
PHONE IS RED RETAIL PRODUCT
FLASH CID detected:49
Speed:921600
Trying to launch embedded bootloader...
Abort all operations.
embedded bootloader not responds !
Elapsed:46 secs.

phone has damaged EROM.
solution - make reset procedure.

GSM™
02-05-2010, 01:30 PM
SI K510 i/c No or Weak Network
Affected product
K510 i/c

Information
If a K510 i/c is returned with complaints of, or similar to:
• No network coverage,
• Low network coverage,
• No signal,
• Weak signal.

Then in some cases, the problem can be fixed by running the script "K510i/c Low or no network coverage patch".



gdfswrite:000000ac0a
gdfswrite:0000006905

GSM™
02-05-2010, 01:31 PM
K550/W610 Key problem

This is applicable for K550/W610 all models.

When camera key is slightly depressed main keypads keys 4, 0, 6 will not function.

Solution;
Advise customer not to depress camera key when using main keypad.


FUNNY SOLUTION, EH ?

GSM™
02-05-2010, 05:53 PM
Q: i have emptyboard phone. how to convert it to normal ?

A:

warning ! steps are important.

for db2000/db2010:

1. go to empty board tab
2. select needed model, on settings tab: uncheck all settings.
3. select needed cid
- select cid53 for all NEW SECURITY db2012 phones (w200/k320/latest W810/etc)
- select cid49 for all "modern" phones,
- select cid36 for "old" phones (k700,k500,s700,k300),
- select cid29 for ancient z1010
3. press recovery
5. if board is totally empty (new flash chip), select needed gdfs_in_ssw_format
6. select respective EROM (if phone need EROM) from EROMs folder
7. fill IMEI number, check WRITE OTP (it can be done only once, be careful)

DOUBLE CHECK THAT "OTP CID" (WHICH YOU SELECTED) LOWER OR EQUAL TO EROM CID
8. press flash

phone now normal retail and can be serviced as any other phone.


for db2020.

1. go to empty tab
2. select any db2020 model, on settings tab: uncheck all settings
3. select cid49 (that is REQUIRED)
4. press recovery
5. if board is totally empty (new flash chip), select needed gdfs_in_ssw_format
6. select respective EROM
7. fill IMEI number, check WRITE OTP (it can be done only once, be careful)

DOUBLE CHECK THAT "OTP CID" (WHICH YOU SELECTED) LOWER OR EQUAL TO EROM CID
8. press flash

phone now normal retail and can be serviced as any other phone.


a little example of emptyboard filling for db2020 :

count db2020gdfs_in_ssw_format_CID49_BROWN.ssw.cry as empty "template" of GDFS.
that template should be written on empty flash chip during emptyboard filling process.

then you can write gdfs in .binary format on semc tab, check phone and if all ok - close OTP.



so, lets assume we have
1. k810 with empty flash chip
2. db2020gdfs_in_ssw_format_CID49_BROWN.ssw.cry
3. k810gdfs.bin

1. go to empty tab
2. select cid49, press recovery
3. add to fw tab DB2020EROM_CNV_RED52_BROWN_CID49_DB2020.ssw (example),
db2020gdfs_in_ssw_form at_CID49_BROWN.ssw.cry, press flash
4. go to semc tab, flash any situable main firmware
5. on semc tab, write k810gdfs.bin using "write gdfs" and misc. edit.
6. back to empty board
7. select cid49, press recovery
8. add to fw tab DB2020EROM_CNV_RED52_BROWN_CID49_DB2020.ssw ,press flash
9. go to semc tab, flash complete firmware (main+fsimage+custpack)
OR just flash fsimage,situable to main,written on step4 +custpack
10. now check - phone should be able to turn on normally
11. finally, write IMEI and write OTP, for that
12. go to empty board,select cid49, press recovery
13. add to fw tab k610_erom_cnv_brown2red.cry,fill IMEI,
check "write OTP", press flash.
important!
use only EROMS from setool2 dist\eroms folder - they are resistant for EROM UPGRADE feature (means yours phone will stay not damaged after emma/etc)

GSM™
02-05-2010, 05:55 PM
How to enter new support area?
Download latest version of Supporter software from www.setool.net (http://www.setool.net/), start it and press "GO SUPPORT" button. Also you can enter support area from SETool software by pressing the same button (v0.91380070 and higher).

Why did you change support system? Get all back!
Old support system will not be installed back. Users and administrators are more satisfied with new one. Please no more discussions on this topic.

Very slow downloading
Approximate download speed per peer is 50Kb/s. If your download speed is slower, it seems, that your internet provider has too narrow connection to the direction of SETool support server location. Unfortunately, we cannot deal with this problem. You need to check your internet connection

Cannot connect to server/Cannot display page/Connection has been reset, mysql reports error, etc.
Maybe server is currently down. Please create one (only!) topic in this section and wait until support access will be restored. If such topic already exists, no need to even post in it. It is enough for us that it exists to pay attention to problem

Resuming downloads
Download resuming is supported. You should use it if possible. Please pay attention to the fact that several Download Managers are incorrectly use features of HTTP protocol, incrementing by this daily download counter by 2 instead of one. I checked FlashGet only. It is working fine. Cannot say something about the others.

Errors list explained

Your account is suspended by admin. Please contact your reseller.
Please contact your reseller. Don't spam forum. Contact your reseller first and do as he says.

This link is already used. Please relogin from software.
If you closed browser window, you need to relogin to support area from software only.

Please login from soft only
Please ensure you entered support exactly from software. If you did so, then probably the problem is in the fact, that your browser does not accept cookies. You need to set it up to allow cookies at least from setool.net. If you will still get this error with IE, download Mozilla FireFox, install it and make default browser: http://www.getfirefox.com (http://www.getfirefox.com/).

Wrong IP. Please relogin from soft
Your IP is changed during browsing support area. Please relogin from software.
Please ensure also, that you don't use proxy server for internet surfing.

This session is expired. Please relogin from soft
Just relogin from software.

You have exceeded your today's download limit
Just wait for the next day for daily download limit to be reset.



If there is no answer to your question in this FAQ, please create one (only!) topic in this forum, clearly describe your problem and wait for us to answer. If such topic already exists, don't create another one.

GSM™
02-05-2010, 05:56 PM
Q: after i made csca unlock on k320 phone (or other) i have 5-locks in service menu and phone not accepting any card.
what to do ? i lost x logs !!!

A:
Welcome to SEMC "security addon".
in such case you must

1. select in "misc. edit" file
%setool%\backup\%imei%_%datetime%.fixup (created from version 076)
2. execute "write script".

if you restored .seczone file by accident ( unwise ) - you MUST repeat CSCA unlock (lose another 4 creds) and go to step 1.

important addon

that bug is fixed in R4GC012 firmware series (for k320,w810 phones)
so, if you lost somehow (?) your original .fixup, just flash phone with R4GC012 firmware and redo CSCA unlock.

alternatively, you can just unlock phone using reset procedure.

GSM™
02-05-2010, 05:56 PM
Question:
"What are custpacks, and how do I use them?"

Answer:
Custpacks are zip-files containing ORIGINAL customization files. These serve as basic configuration files for the handset, which languages to allow, data accounts, branding etc...

Using custpacks is preferable to checking "COMPLETE PHONES AFTER FLASH" in "Settings". "Complete..." uploads a "working" customization, but the files are not handset-specific and their use might lead to the following:
1: Phone won't work with SEUS.
2: Phone will be refused at a service-center as EMMA might pick it up, and that it's pretty obvious that the phone has been "tampered with".
3: Software ****ups.
4: Etc...
Now, some of the above will be avoided by using custpacks. I''ve attached some screenshots to demonstrate their use.

Screen one:
Select a proper MAIN/FS combination (duh...). Then select the desired custpack in MISC. SETool => v.0***77 will tell you which languages it contains/allows, the CDA etc.
Screen two:
Uncheck "Complete..." in "Settings".
Press FLASH.

Screens three and four serve only as a map for finding custpacks @support. In my example, the selected custpack will configure the K750 as a generic EUROPE_4 one. It is found inside the large K750 custpack archive. Other handset custpacks might have been uploaded separately. Just look for the desired CDA.

GSM™
02-05-2010, 06:01 PM
Some questions with some answers...

Q: How can i know wich CID is my phone?
A: Press "IDENTIFY"

Q: Can i change IMEI on my PDA?
A: If is NEW SECURITY, no, you can't. If is OLD security, you can do it.

Q: After unlock my K310/K510/W300/W810/Z530/Z550 CID50/51 phone is dead and rest was present. What must i do?
A: reMake RESToration file and repeat procedure.

Q: If i unlock a phone using patch metodh, will be blocked if flashed?
A: Yes, phone will be locked again

Q: If i unlock a phone using patch metodh, will be blocked if flashed again using Alternative Bypass?
A: phone will be unlocked if you check "UNLOCK DURING FLASH" option.

GSM™
02-05-2010, 06:01 PM
Here is Language Description for A2 phones (W910, V640, K850, Z750 and newers...):

FS_BALTIC: English, Estonian, Latvian, Lithuanian, Russian
FS_HONG_KONG: English, Chinese (Hong Kong)
FS_NORDIC: English, Albanian, Arabic, Croatian, Danish, Finnish, IS, Norwegian, Swedish, Turkish
FS_WESTERN-EUROPE: English, Euskara, Catala, Dutch, French, Galego, Portuguese, Spanish, Turkish, Nederlands.
FS_ADRIATIC: English, Albanian, Bulgarian, Croatian, French, German, Greek, Italian, Romanian, Russian
FS_AMERICA: English, Portuguese, Canadian French, Dutch, French, Latin American Spanish, Spanish
FS_APAC-ANZ: English, Dutch, French, German, Malay, Indonesian-Bahasar, Philippine-Tagalog, Thai, Vietnamese, Chinese simplified
FS_C-ASIA: English, Arabic, AZ, Persian-Farsi, KK, Russian, Turkish, Ukrainian
FS_CENTRAL-EUROPE: English, BS, Croatian, German, Czech, Hungarian, Polish, Serbian, Slovakian, Slovenian
FS_FRANCE: English, French
FS_S-E-EUROPE: English, Albanian, Bulgarian, Croatian, Greek, Hungarian, Macedonian, Romanian, Russian, Serbian
FS_S-ASIA-LEVAN: English, AR, AZ, BN, Persian-Farsi, French, Philippine-Tagalog, Hebrew, Hindi, Russian
FS_S-CENTR-AFR: English, AR, Dutch, Persian-Farsi, HA, German, IG, Sesotho (South Africa), YO, Zulu, Portuguese
FS_TAIWAN: English, Chinese traditional Taiwan

Languages like "AR", "AZ", "YO", etc are unknow yet (at least for me). http://support.setool.net/images/green/reputation.gif (http://support.setool.net/reputation.php?p=298447) http://support.setool.net/images/green/post_thanks.gif (http://support.setool.net/post_thanks.php?do=post_thanks_add&p=298447)

GSM™
02-05-2010, 06:05 PM
SETOOL WINDOW OR SOFTWARE DISAPPEARS WHEN I TRY TO CONNECT TO A PHONE

Reason - You have a virus, trojan, malware or other memory resident software that is trying to debug Setool software.

Solution - Run a full virus scan with a QUALITY commercial virus scanner such as Norton 360, NOD, Kaspersky etc. Free solutions such as Avast and other public domain software will not fully remove the offending software (they may not even detect the virus). You may also consider installing software such as Adaware or another spyware detection

GSM™
02-05-2010, 06:05 PM
some handy scripts for a2 phones (you know how to write script, right ? )

a2_enable_3g.txt


gdfswrite:0000013C00
a2_amr_hr_on.txt


gdfswrite:00000152020004050F
a2_amr_hr_off.txt


gdfswrite:000001520200040F0F
a2_amr_fr_on.txt


gdfswrite:00000152020004050F
a2_amr_fr_off.txt


gdfswrite:000001520200050F0F
a2_efr_on.txt


gdfswrite:00000152020004050F
a2_efr_off.txt


gdfswrite:000001520004050F0F
a2_ciphering_indicator_on.txt


gdfswrite:0000147301
a2_ciphering_indicator_off.txt


gdfswrite:0000147300

GSM™
02-05-2010, 06:08 PM
K850 - Keyflex update

Description
There has a quality problem with the K850 keyflex (1200-2656) causing touchkey problem.

When pressing a touchkey, the visual indication in the lower part of the display will not work, nor will the actual touchkey. This may be intermittent as there might be microscopic cracks in the solder joints of the affected component that is soldered onto the keyflex.


Solution:
use new keyflex.

GSM™
02-05-2010, 06:09 PM
important information:


K800 and K790 will also start use the new RNH 942 271 LCD in production
which requires R8BF003 software.

CS will continue to use RNH 942 268 LCD as sparepart that works with any
software revision.

The RNH 942 268 part no. is found on the label on the LCD flex foil.

in short, bulletin means that some k800 and k790 MUST be flashed
with R8BF003 software in order to display something other,than white screen.

GSM™
02-05-2010, 06:16 PM
I have a T250i (Vodafone branded) to unlock and change LP to Portuguese Br. Unlocking ok. Testing phone before flash and phone is working. So, go flash phone. All done, but after flash (and unlock again) phone, i had aways "No Network" message. Checking phone´s info screen (press "*" key 3 times without SIM inserted), i´ve found the problem:



So, flashing it again with second file. Same problem:



Flashing again with third file, and problem is solved!



For my language (PT Br), there are 3 flashfiles on Support Area:
- T258c_T250i_T250a_DPY1013220_8_Generic_Latin_Ameri ca: 850/1900Mhz
- T258c_T250i_T250a_DPY1013221_8_Generic_Latin_Ameri ca: 850/1900Mhz
- T258c_T250i_T250a_DPY1013217_15_Generic_Latin_Amer ica: 900/1800Mhz

So, if you have network problems after flash, check info screen to verify SW network operation band. It must be matching with HW band:



If band not match, flash it again with a different flashfile. If match and not works, you have HW (or "blacklist") problems.

GSM™
02-05-2010, 06:27 PM
q:
How to service db2010/db2020/pnx5230 cid49/cid50/cid51/cid52/cid53 using setool2 alternative bypass method ?
what problems i can meet and how to resolve them ?
what precautions should i follow ?

a:

terms:
phone should work fine.
red blink, white blink, etc phones are NOT supported.

you can only use alternative bypass if your phone has supported firmware (you need BOTH rest file and bypass package)
if your firmware not supported, either flash supported firmware (only main part in enough) or post request on forum.
note, that you MUST flash firmware in SIGNED MODE.

please, visit support area to fetch latest bypass packages.

if you will use USB as interface, then you SHOULD turn phone on and install CSCA(MODEM) drivers.

if you are capable user, you can edit .inf files of CSCA(MODEM) drivers - we only need to install
Sony Ericsson Device XXX bus driver and Sony Ericsson Device xxx USB WMC Device Management
- all other devices is not needed.
that will help you to save comport numbers.

important! if your phone had unsupported firmware and you flashed main part (all parts) of supported - you MUST power on phone, so phone will update new firmware info.

because of way new alternative bypass method works, you need
TEST SIM card (mcc/mnc 00101) or OPERATOR SIM card. (you must be able browse phone menu,etc)

supported following models:

db201x cid50/cid51 - k320,k310,k510,w300,etc
db2012 cid52 - normal CID52 phones (w200,w300), abnormal CID52 phones (k310,k510,w810,z550)
db2012 cid53 - normal cid53 phones (w200)
db2020 cid49/cid51/cid52/cid53 phones
pnx5230 cid49/cid51/cid52/cid53 phones

supported operations:
unlock via patch, all additional things that setool2 can provide.

YOU AGAIN NEED REST FILES !!!! FOR ALL MODELS, WHICH ARE SUPPORTED FOR ALTBYPASS !!!
GET THEM FROM SUPPORT SITE OR DO IT YOURSELF

Procedure of new alternative security bypass :

1. select correct phone model
2. go to settings tab,
3. check BOTH "signed mode (using server)", "enable alternative security bypass", that is required
4. optionally, check "unlock after flash", "patch otp<>gdfs check in firmware"+"allow to change IMEI when unlocking" (read precautions)
5. optionally, check "complete phone after flash" (i recommend to use custpacks)
6. go back to semc tab
7. if you need, add main+fsimage+custpack (script)
8. press desired operation
9. when asked, disconnect phone, insert TEST SIM, POWER ON PHONE FULLY and connect again.


when i say "POWER ON FULLY" - i mean state of phone,
when it shows main screen with operator name ("no network" with test sim)

10.
if you using USB as interface:
"executor" applet will be run automatically

if you using COM/UFS as interface:
in phone menu go to games, find and run "executor" applet.

phone should enter preloader mode ( will appear as dead )

11. try to power on phone.
phone must NOT power on.
it is OKAY.


If phone power on, go to phone menu->games,
run "executor" application, go to step 11.

12. Disconnect phone, remove battery, insert battery, press "READY".

if you use USB as interface:
connect phone while holding corresponding button ('C' or '2' for w880).
notice,that you MUST NOT use "2+5" button combo.

wait for operation to finish.

13. turn phone on and check it. delete "executor" from games.



after unlock in phone will be application called "executor"
(menu->games->executor)
it is leftover from unlock procedure, you should delete it ... or....
if you run it - it will install preloader in phone and then you able to do
any setool2 function without all that long steps...
(just check ONLY "enable alternative security bypass")
phone will appear as "dead" for user in preloader mode
approximate time for unlock by patch using new alternative bypass method is 160-180 seconds on one phone.


precautions:
please take care that there is NO (at least, i can't get) cid52 firmwares for following db2010 phones: k310,k510,w810,z530,z550.
because of that if altbypass operation will go wrong for that phones - you should use reset operation in order to fix phone.

under "go wrong"i mean:
- terminated flash procedure or anything,which prevents phone from starting up
- changed IMEI of phone, which prevents phone from using new alternative bypass method.

possible problems:

in case of terminated flash/etc you can always return phone to life by flashing any original firmwares into them -
and then it ready for execution again ;)


on "step 12" phone not booting, embedded loader not responding in 15 seconds)

due delicate bypass process such thing is possible, but that happens VERY rare.
nothing weird happens in that case, all you need to do:

reflash only main part of firmware in "signed mode" and start from step 1.


by accident procedure was stopped on "step 10" or user run executor and phone entered preloader mode ("died")

go to settings, check ONLY "enable alternative security bypass" - now you can do any operation with phone, like unlock/etc.


if using USB as interface, on step 10 setool2 stucks in loop with message "PHONE NOT READY YET", but phone is turned on okay

well, better ask SEMC programmers why that happens... anyway - to solve that -
just press "STOP" ONCE - setool2 will continue procedure.


if using USB as interface, on step 10 i got message "CAN'T START EXECUTOR,RETRYING..."

it is okay to have that message if phone not in "normal mode" or starting up. just switch phone to normal mode and wait.


if using USB as interface, on step 10 i got message "There is NO EXECUTOR in phone !"

perhaps, there is not space for virus, perhaps other problems inside phone fs.
just flash phone fully using "signed mode" and repeat desired procedure in "alternative security bypass" mode

GSM™
02-05-2010, 06:30 PM
q:
when i attaching phone using dcu60 i see following messages:



erom_readvar: error reading unit 1/725
error while reading security units
SECURITY UNITS CAN'T BE READ !
DAMAGED FIRMWARE/GDFS OR EMPTY PHONE

or

erom_readvar: error reading unit 1/851
error while reading security units
SECURITY UNITS CAN'T BE READ !
DAMAGED FIRMWARE/GDFS OR EMPTY PHONE
and process stops,but phone works normally on com/ufs.
what is root cause and what is solution ?

A:
that phone is tampered by dreambox software.

during their "famous' method of "testpoint bypass", they writing patched erom with own custom loader embedded, patching simlock signature check and ... erasing simlock signature without any reason, which prevents setool2 from making backup.

i had write a post on their forum, but they too arrogant even to read it.

fix is extremly simple:

using com/ufs write next script in SIGNED MODE (check ONLY "USE SIGNED MODE" on settings)

for db2020:


gdfswrite:0001085144554D4D5944415441
for db2012:


gdfswrite:0001072544554D4D5944415441
alas, they custom loader also breaks alternative bypass support using dcu60 cable,
so you only can use SIGNED MODE with dcu60 after their "testpoint".

i suggest to use setool2 reset method to put proper erom instead of tampered one.

GSM™
02-05-2010, 06:31 PM
q:
when i flashing/completing/etc phone i got error like


loader startup: executed
Loader refused to start GDFS services,error is:29
loader GDFS startup failed, that is fatal
Elapsed: 734 secs.
what to do ?

a:
that error can be caused by different problems. lets see all of them

1. user has run "executor" application, which was not deleted after "new altbypass unlock".

solution -
select correct model
on settings check only "use preloader security bypass".
execute any operation, say : "read flash"

2. main software somehow has been damaged (cause of free tools, etc)
solution -
select correct model
on settings check only "use signed mode".
add to firmware area only main part of firmware
press flash (use com/ufs or dcu60 with "2+5" keys if phone not connecting with "C" )
after that, phone should show identify normally.

.... and if not....

3. gdfs area has been damaged (bad flash ic, firmware error,etc)
solution -

a) repair gdfs area with reset procedure
b) install empty flash chip and do emptyboard fill procedure
c) change both mcu+flash chip from other phone

GSM™
02-05-2010, 06:32 PM
q: i have A2 (db3150) phone, which was unlocked by kukuruzer tool and it is "factory" now, i want to make it "retail", what to do

a:
you need setool2 version >=v0.95 for that.

1. go to a2 tab
2. select correct model, that is important.
3. go to settings tab.
4. mark "use signed mode" , "use alternative security bypass"
5. go back to a2 tab
6. set "retail" domain
7. press unlock
8. follow program instructions
9. your phone is converted to "retail" state.

you do not need credits for that procedure.

q: how to unlock/repair a2 phone (db3000,db3150,db3210) using altbypass option?
what problems can i encounter and how to avoid them ? how many credits i need ?

a:
you need setool2 version >=v0.95 for that.

first, you can repair ANY software problems for currently released A2 phones.
for that, you need to do several simple steps:

1. go to a2 tab
2. select correct model, that is important.
3. go to settings tab.
4. mark "use signed mode" , "use alternative security bypass", "unlock after flash"
5. go back to a2 tab
6. set desired domain ("retail" is best choice)
7. if you want to flash phone, add neccessary firmwares to firmware area and select correct custpack
8. if you selected firmwares, press flash, otherwise press unlock.
9. follow program instructions
10. your phone is repaired and unlocked (and flashed)

you do not need credits for that procedure.

if phone is totally damaged (foreign trim area), you required to write gdfs package from normal phone and make unlock again.

q: What is filemanager ? how to run it? why i can't read files ?

a:
you need setool2 version >=v0.914042 for that.

filemanager is visual tool to play with files.
create script (text files) with one string


fsManager:
and select it in misc edit, then press "write script" button.

note ! you can check only "signed mode", it will run filemanager fast, but you will not be able to read files, only write.
in order to read files, you need:

for db2000,db2010 phones <= cid49 - uncheck ALL settings
for db2010,db2020,pnx5230 phones <= cid53 - check "use signed mode","use alternative security bypass", "use preloader security bypass"
for a2 phones (db3150,db3210) <=cid52 - "use signed mode", "use alternative security bypass" and set domain to "r&d" or "factory"

to rename file/directory press F2 or select "rename" from popup menu
to delete file/directory press DEL or select "delete" from popup menu
note, that directory should be empty in order to delete it.
to write file/directory, drag-and-drop it from windows explorer to desired directory on phone.
to read file/directory press F5 or select "read" from popup menu.
note, that files/directory will be save to %setool2%\ph_out directory,existing files overwriting without notice.

q: i want to service j132 phone, but it not have fastport connector, only minuUSB. what to do ?

a:
you need setool2 version >=v0.914042 for that.

you should create connector yourself: select either ufs or com modification
794
(pinout discovered by rockerdongle team)
please note, that if you will create cable with 3 pins only, you should manually press power on button on phone when program displays "powering..."


q: for curiosity i have flashed ROM image in my lg ku580/kf75x/kt52x.
phone goes dead. i unlocked it and it came back to life, but i have no network. what to do ?

a:
you need setool2 version >=v0.95 for that.

you need write gdfs package from working phone.
just select correct model, add to misc. edit gdfs package and press "write gdfs".

q: i can not connect lg ku580/lg75x/kt52x/sagem my805c to setool2 with supplied USB cable. phone simple turns on and setool2 don't recognize it.

a:
you need setool2 version >=v0.95 for that.

for LG A2 phones with you should use special service USB cable :
793

to connect Sagem A2 phones you need modify USB cable, connect pin 9 with GND via 40K resistor :
795

or you can buy ready cable from GPG industries http://forum.gsmhosting.com/vbb/showthread.php?t=613936

for LG A2 phones with Micro-B USB connector you need standart micro-usb cable and simple trick - in order to enable boot mode,
connect points DCIO and VPP together (see photo). after you finish working with phone - DISCONNECT points, otherwise battery will be drained in 2-3 hours.

dcio<>vpp pins for KG757:
796

dcio<>vpp pins for CF360
797

NOTICE !
looks like ALL newer LG phones (with microUSB connector) can be put in BOOTROM MODE by HOLDING VOLUME UP while connecting cable.

(works for gr500,gt500,kf757,etc)

GSM™
02-05-2010, 06:33 PM
q: i tried to unlock lg kf75x/kt52x with IMEI "01xxx..." and got weird error,
phone goes dead. what to do ?

a:
you need setool2 version >=v0.915020 for that.

just unlock phone again - it will be fixed and properly handled.
but - you must manually enter generated unlock code.
unlock code can be entered by typing 2945#*750#
in some cases, it will not work until you flash generic (open) firmware from support area.

edit:
from setool2 version >=v0.915025 direct unlock of such units reintroduced, you do not need enter codes manually.


q: i tried to unlock lg gt500,gt505. unlock process appeared to be okay, but phone dead after that ?
what to do ?

a:
reflash phone with any situable firmware from support.


q: there is too many bypass options. i'm stuck.

a:

here is short cheatlist of different phones and scenarios.

db2000 cid 16,29,36,37,49

normal bypass settings state - all unchecked, there is no any special bypass options for that phones.
if "use signed mode" checked - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks/repair seczone no settings should be checked.
if phone has cid 37,49 and EROM is damaged - you need use hardware things to repair.
to unlock network locks using server "use signed mode" should be checked.
usercode can be seen in identify output.

db2001 cid 53

such asic can only be encountered in pda phones.
"use signed mode" should be checked
to unlock network locks "perform full unlock instead of usercode reset" should be checked
usercode can be seen in identify output
setool2 can not repair seczone in such phones at all.

db2010 cid 16,29,36,49

normal bypass settings state - all unchecked, there is no any special bypass options for that phones.
if "use signed mode" checked - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks/repair seczone no settings should be checked.
if phone has cid 49 and EROM is damaged - you need use hardware things to repair.
to unlock network locks using server "use signed mode" should be checked.
usercode can be seen in identify output.

db2010 cid 50,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones without hardware things.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
usercode can be seen in identify output.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid50,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db2020 cid 49,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones without hardware things.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid49,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db2020 cid 80,81

not officially released by semc, but kukuruzer tool,using unique hardware device, can be used to create such phones.
such phones can not be serviced with anything, until CID will be lowered again via kukuruzer tool.

pnx5230 cid 49,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
setool2 can not repair seczone for that type of phones at all.
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is two type of alternative bypass (bypass enables patch unlock, full fs operations, crossCID flash)

1. using server: should check "use signed mode", "enable alternative security bypass" (will work for cid49,51 only)
2. using local bypass: should check "use signed mode", "enable alternative security bypass", "enable preloader security bypass"

db3150,db3200,db3210,db3350 cid 49,51,52,53

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is one type of alternative bypass (bypass enables full unlock, full fs operations):

using local bypass: should check "use signed mode", "enable alternative security bypass"

db3200,db3210,db3350 cid 80,81

"use signed mode" should be checked for RETAIL phones - you can only flash signed (flash file CID/DOMAIN=phone CID/DOMAIN)
to unlock network locks using server "use signed mode" AND "perform full unlock instead of usercode reset" should be checked
to reset usercode lock you must check "use signed mode" only.

there is no alternative bypass.

semc ODM phones

"enable preloader security bypass" has no effect and must be disabled.

if "use signed mode" checked - you can use usb interface for some models, can use only signed flashes, can reset usercode and total time.
if "do full unlock instead user code reset" checked WITH "use signed mode" - you can do network unlock, server account required.
if "enable alternative security bypass" checked WITH "use signed mode" - you can do network unlock by patch, server account required.
if "use signed mode" NOT checked - you can make network unlock by patch using security hole, but that security hole is closed in all latest locosto chipset revisions.


lg3g,sharp cid 17,24,41,42,54 phones

"use signed mode", "enable alternative security bypass", "enable preloader security bypass" has no effect and must be disabled.

lg,sagem A2-based cid 54,60,185,186

"use signed mode" should be enabled (it has no effect for most functions,though)

GSM™
02-05-2010, 06:34 PM
q: Phone totally damaged, identify not working, gdfs is corrupted, erom is absent, etc. How to fix it ?

q: What is RESET feature ?

a:
that feature require release >= v0.915043.

1. make sure you have needed quantity of credits on your account
2. select proper model
3. on settings check only "signed mode (using server)"
4.
if phone db200x,db201x select COM/UFS as interface.
if phone is db2020 - you can select COM/UFS/USB as interface.
5. press "recovery".
6. if phone hardware okay (flash chip,ram,etc) - phone will be reset to developer status (brown)
7. on settings uncheck "signed mode (using server)"
8. staying on "emptyboard fill and repair" write correct gdfs_in_ssw format. step not needed if you unlocking phone or fixing security units !!!
9. staying on "emptyboard fill and repair" flash correct EROM with CID>=OTP CID.
10. if step 8,9 okay - just flash phone on usual "semc" tab with any situable firmware.

GSM™
02-05-2010, 06:35 PM
Q: what is C902AS firmwares on support ? how to determine if i need them ?

A:

C902 New Hardware implementation

A new C902 hardware was phased in from week 09W16 in production, this new hardware requires new application software and it must be version R3EA038 or later to work.

Old C902 Hardware has used the following TAC:
35379702
35714902
35879002
35892102

New hardware will start with TAC:
35362603 but there will be more TAC later.

new hardware - firmwares with _AS
old hardware - firmwares w/o _AS

GSM™
02-05-2010, 06:36 PM
SI-C905 PBA Key Flex Flip Complete problem Update3

Applicable for: C905 produced before 08W45 and 09W19.

Background:
C905 units produced before 08W45 may unfortunately have a batch problem with the PBA Key Flex Flip Complete. This can result in No Audio problem, Display problem or more unlikely GPS problem.

the_laser
10-08-2014, 11:13 AM
Sony Mobile have released on CSPN/Mechanical a “all in one” application that support part calibration for all products that have calibration requirements; such as proximity sensor, touch, gyroscope calibration etc.

Sony Mobile Repair Application replaces the old:
Trouble Shooting Application 1269-2060
Trouble Shooting Application 1257-2706
Trouble Shooting Application 1262-6643
Trouble Shooting Application 1276-8378
which will not be supported anymore!!