151 replies to this topic

[Canti]

i see we can change the model name etc. with this tool nice
could we change the gdfs in a way so that SEUS will see our phones as not branded? and flash debranded firmware?
its just a guess

Edited by Canti, 06 October 2007 - 09:22 PM.

[BLiZZARD777]

every time i select process it says "out of memory"!
why?my gdfs is messed up?

[jagheterfredrik]

What kind of backup are you using ? You should use a backup from XS++ v >= 2.0.

[reactos]

i used a gdfs from setool2 Lite and it worked

[BLiZZARD777]

I am using backup from far manager.
EDIT: backup from xs++ works,but the size is 72kb,shouldn't it be 1mb?

Edited by BLiZZARD777, 08 October 2007 - 09:02 AM.

[Stonos]

BLiZZARD777, on 2007-10-08 11:58, said:

EDIT: backup from xs++ works,but the size is 72kb,shouldn't it be 1mb?

Afaik, XS++ backups only the available variables while Far Manager does a raw backup.

[jagheterfredrik]

Stonos is correct;
XS++ makes backup of all used variables (Size varies depending on used variables and variable size)
while
FAR makes a backup of the memory containing all the variables (no matter if they're used or not)

that is why it's a lot smaller.

Edited by jagheterfredrik, 08 October 2007 - 03:31 PM.

[hassani]

Who has the address of IMEI in gdfs
it's not clear as other like CDA
I'm trying to find this but i can't. I open this file with WinHex and IDA Pro ang gdfsedit but there is no answer

Please

Thanks

[Jeppa]

btw. :
Why there ist the IMEI in the GDFS ? (2 times)
I thougt the phones IMEI is in EROM/OTP ???

[hassani]

No I think it's in the GDFS because you know if you flash a phone with changed IMEI the phone shows "please wait" and stop
in our persian site we make a patch that cause not to check OTP with Gdfs and "please wait" after 20 sec goes

this patch doesn't unlock the phone but doesn't allow to phone to check changed serial with OTP

So i think that the Imei is in GDFS
some program works this way for unlocking

but the correct unlocking Need UFS-Cruiser - ... cables

and one other thing- when setool2lite make a backup the name is GDFS - Your IMEI

Sorry For My English

Edited by hassani, 08 October 2007 - 10:56 PM.

[soybean]

@jagheterfredrik
I couldn't find unit 0x0Cxx, the gdfs unit jump from 0x0B1F to 0x0DAE. Also I've quote your post :
"Make you way to;
For DB2010: Block 0x02 Unit 0x0CBC
For DB2020: Block 0x02 Unit 0x0DE8
Change the string using the editor"

Do we need to add the variable? what string do we need to fill in?

jagheterfredrik, on 2007-10-08 15:31, said:

Stonos is correct;
XS++ makes backup of all used variables (Size varies depending on used variables and variable size)
while
FAR makes a backup of the memory containing all the variables (no matter if they're used or not)

that is why it's a lot smaller.

[_Sensible]

soybean; well what phone r u using?

[number1]

where is the imei number hiding

[soybean]

@gbrooks3
The phone is K800i

gbrooks3, on 2007-10-09 09:22, said:

soybean; well what phone r u using?

Attached Files

•  0x0Cxx.jpg   21.55K   238 downloads

[intrax]

jagheterfredrik, on 2007-10-06 18:31, said:

Using GDFSEdit:

Open GDFSEdit, open a backup of your gdfs, press process.

Make you way to;
For DB2010: Block 0x02 Unit 0x0CBC
For DB2020: Block 0x02 Unit 0x0DE8

Change the string using the editor, click Save temporary modified variable, select your output, and press save. Then restore the new file to the phone using the restore-function in XS++.

I have db2020 cid52 but my IMEI is not in Block 0x02 0x0DE8 using setool2lite GDFS backup ??

Is possible to do full GDFS security analysis to be able to move towards unlock crack by gdfs patch...

Edited by intrax, 12 October 2007 - 03:50 PM.

[PrinceFX]

can anybody tell me how this http://forums.se-nse...n...&pid=178074 happened?

[reactos]

intrax, on 2007-10-11 14:24, said:

I have db2020 cid52 but my IMEI is not in Block 0x02 0x0DE8 using setool2lite GDFS backup ??

Is possible to do full GDFS security analysis to be able to move towards unlock crack by gdfs patch...

look at the phones imei number and serch for it in the gdfs it's in 2 places and i think it's  near the end

[den_po]

imei and phone locks are stored in protected variables. it's impossible to change imei or to unlock a phone by gdfsedit or some scripts.

btw, gdfs is stored in 0000:0013 (GD_COPS_StaticVariable) and is encoded (not a plain text)

[intrax]

den_po, on 2007-10-14 09:59, said:

imei and phone locks are stored in protected variables. it's impossible to change imei or to unlock a phone by gdfsedit or some scripts.

btw, gdfs is stored in 0000:0013 (GD_COPS_StaticVariable) and is encoded (not a plain text)

@reactos - thanks !

well not if you manage to also change the hash for the variable, which is what i'm investigating...nothing is impossible mate..

Edited by intrax, 15 October 2007 - 04:20 PM.

[den_po]

intrax, on 2007-10-15 20:19, said:

@reactos - thanks !

well not if you manage to also change the hash for the variable, which is what i'm investigating...nothing is impossible mate..

man, cryptoalgo is unknown, a key is also unknown. and i suppose a key is individual for each phone.