Louie

Louie
This Vista

Saturday, January 16, 2010

Hacking SmartbRo

Originally Posted by multitech
set up mo canopy mo, access mo 169.254.1.1 pag ayaw

1. set your ip 10.20.30.40
2. subnet 255.255.255.0
3. punta ka run type cmd
4. type mo arp -a
5. makikita mo ip ng canopy mo
6. it loks usually 10.x.x.x <<-- see it starts with 10 not 169.x.x.x
7. acces canopy( punta ka firefox type your canopy ip ther ex. 10.x.x.x) hit enter

canopy page --> tools --> ap eval dun hanapin mo mababa na jitter at mataas na rssi > kunin mo ung colorcode --> balik ka configuration > radio > paste mo dun ung nakuha mong colorcode

save change --> reboot > antay muna dapat blink ung dalawa maliit na tv sa systray..

open mo firefox mo check mo kong redirect ka sa portal..... use ka proxy para makapag brows ka , lagyan mo prxy ung browser mo.. pag di pa rin mag ka browse gamit ka wireshark para maka kuha ka ip sa lugar mo manual setup mo ung tcp/ip mo









Getting MCU ID

MCU ID: 0x3040
FLASH ID0: 2C7E0001 <=> SPANSION -> 72NS128N Addr0: 0x01000000 - 0x01FFFFFF, SectorSize0: 11
FLASH ID1: 00010000 <=> Flash -> not used Addr1: 0x02000000 - 0x02FFFFFF, SectorSize1: 0
First 16 bytes: AD 7E B6 1A 1B BE 0B E2 7D 58 6B E4 DB EE 65 14
Checking RAM for ALGO...
Algo is ready...
Checking FAID calculation...
P-key nokia module version 01.02
Done!
Phone Restarted...
FILES SET FOR FLASHING:
MCU Flash file: NONE
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Switching to serial...
Powering the phone...
Reading...
MCU SW version: V 04.90
10-01-07
RH-86
(c) Nokia.
HW version: 6501
PCI version:
UEM version: 1328
UPP version: 12352
RFIC version: 0500
DSP version: P05w45.v45
LCD version: ELBE
PPM version: V 04.90
10-01-07
RH-86_87
(c) Nokia.
IC
Content Pack version: Content: ic
V 04.90
10-01-07
RH-86_87
(c) Nokia.
Production serial number: 2EJ290926
Product code: 0533261
Module code: 0202930
Basic production code: 0530409
Flash code:
Order number:
Product specific data:
Long production SN:
ATO:
Default SN type:
IMEI plain: 355528014928155
IMEI spare to net: 3A 55 25 08 41 29 18 05
IMEI SV to net: 33 55 25 08 41 29 18 35 F2
Master Code: 2072220756
Phone type: RH-86, Software version: 04.90, Language Pack: IC
User code: 12345

Block 1:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 2:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 3:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 4:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 5:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 6:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 7:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN

Searching for saved ini...
Checking for file C:\Program Files\ODEON\JAF\JAF_RH-86.ini
Saved INI not found, loading INI list...
Setting local mode...
Reading product code...
Product Code: 0533261
Checking path: C:\Program Files\Nokia\Phoenix\Products\RH-86\

Searching for default location of ini...
Checking path: \Products\RH-86\
Searching for JAF saved location of ini...
Checking path: C:\Program Files\Nokia\Phoenix\Products\RH-86\
No ini files found...
FILES SET FOR FLASHING:
MCU Flash file: NONE
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Done!
Done!
FILES SET FOR FLASHING:
MCU Flash file: NONE
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Phone Type:
FILES SET FOR FLASHING:
MCU Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.mcusw
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Phone Type:
FILES SET FOR FLASHING:
MCU Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.mcusw
PPM Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.ppm_ej
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Phone Type:
FILES SET FOR FLASHING:
MCU Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.mcusw
PPM Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.ppm_ej
CNT Flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.image_ej
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Backing up PM Field 208 as RPL...
Setting local mode...
Reading IMEI...
Reading IMEI data...
Building RPL backup file...
C:\Program Files\ODEON\JAF\ProgData\355528014928155_imei_backup_1356156.rpl
Done!
Backup imei OK!
MCU: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.mcusw
Booting phone...
MCU ID: 0x3040
BOOT file: C:\Program Files\ODEON\JAF\Flash\u3_2nd.fia
Loader version: 04.46.01 -> Revision: 0007
Boot size is 0x09A8
Boot is ready...
FLASH ID0: 2C7E0001 <=> SPANSION -> 72NS128N Addr0: 0x01000000 - 0x01FFFFFF, SectorSize0: 11
FLASH ID1: 00010000 <=> Flash -> not used Addr1: 0x02000000 - 0x02FFFFFF, SectorSize1: 0
First 16 bytes: AD 7E B6 1A 1B BE 0B E2 7D 58 6B E4 DB EE 65 14
Flash ID is 0x7E2C0100
Flash loader is C:\Program Files\ODEON\JAF\Flash\u3_amd.fia
Loader version: 04.46.01 -> Revision: 0007
Loader size is 0x7528; Loader chk: 84
Loader is ready...
P-key nokia module version 01.02
MSID: 8421CB7E41EA827645CBE50118
MSID decoded: F145BAE900413E3AA8000000
FAID: 5636C95CA42B4993CC469484
Operation took 0 minutes 6 seconds...
Erasing...
Found 3 interval(s) to erase
Erasing area: 01000000 - 0101FFFF...
Erasing area: 01020000 - 018DFFFF...
Erasing area: 01EE0000 - 01FDFFFF...
Operation took 0 minutes 54 seconds...
Writing...
Perm. Data Restore OK
Operation took 1 minutes 46 seconds...
Restarting MCU...
CNT: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.image_ej
Booting phone...
MCU ID: 0x3040
BOOT file: C:\Program Files\ODEON\JAF\Flash\u3_2nd.fia
Loader version: 04.46.01 -> Revision: 0007
Boot size is 0x09A8
Boot is ready...
FLASH ID0: 2C7E0001 <=> SPANSION -> 72NS128N Addr0: 0x01000000 - 0x01FFFFFF, SectorSize0: 11
FLASH ID1: 00010000 <=> Flash -> not used Addr1: 0x02000000 - 0x02FFFFFF, SectorSize1: 0
First 16 bytes: AD 7E B6 1A 1B BE 0B E2 7D 58 6B E4 DB EE 65 14
Flash ID is 0x7E2C0100
Flash loader is C:\Program Files\ODEON\JAF\Flash\u3_amd.fia
Loader version: 04.46.01 -> Revision: 0007
Loader size is 0x7528; Loader chk: 84
Loader is ready...
P-key nokia module version 01.02
MSID: 84701478670826196E0E7E988F
MSID decoded: D26EBAF100413E3AAA000610
FAID: 344D12B15D8F9D820EF11AB7
Operation took 0 minutes 6 seconds...
Erasing Content Pack...
Found 1 interval(s) to erase
Erasing area: 01B80000 - 01EDFFFF...
Operation took 0 minutes 20 seconds...
Writing...
Writing converted flash to 128k page
Perm. Data Restore OK
Operation took 0 minutes 14 seconds...
Restarting MCU...
Operation took 0 minutes 0 seconds...
Extracting Content Pack...
Running: (c) Nokia File Server
CNT Extract Skiped.
Operation took 0 minutes 5 seconds...
PPM: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.ppm_ej
Booting phone...
MCU ID: 0x3040
BOOT file: C:\Program Files\ODEON\JAF\Flash\u3_2nd.fia
Loader version: 04.46.01 -> Revision: 0007
Boot size is 0x09A8
Boot is ready...
FLASH ID0: 2C7E0001 <=> SPANSION -> 72NS128N Addr0: 0x01000000 - 0x01FFFFFF, SectorSize0: 11
FLASH ID1: 00010000 <=> Flash -> not used Addr1: 0x02000000 - 0x02FFFFFF, SectorSize1: 0
First 16 bytes: AD 7E B6 1A 1B BE 0B E2 7D 58 6B E4 DB EE 65 14
Flash ID is 0x7E2C0100
Flash loader is C:\Program Files\ODEON\JAF\Flash\u3_amd.fia
Loader version: 04.46.01 -> Revision: 0007
Loader size is 0x7528; Loader chk: 84
Loader is ready...
P-key nokia module version 01.02
MSID: 84FEA55149E45F328ED4633AD9
MSID decoded: 3E4EBAE900413E3AA8000000
FAID: 22D5F76003BA415AE7541F77
Operation took 0 minutes 5 seconds...
Erasing PPM...
Found 1 interval(s) to erase
Erasing area: 018E0000 - 01B7FFFF...
Operation took 0 minutes 14 seconds...
Writing...
Perm. Data Restore OK
Operation took 0 minutes 20 seconds...
Restarting MCU...
Flashing Done!
Operation took 4 minutes 18 seconds...

After flash processing...
Waiting for phone to boot...
Reading...
Phone type: RH-86, Software version: 06.70
IMEI: 355528014928155
Product Code: 0533261
Resetting PPC...
Done!
Powering the phone...
Unlocking...
IMEI: 355528014928155
ASIC: b
SW version: 06.70
Selected flash file: C:\Documents and Settings\mhel\Desktop\lsd_rh-86_v6.70\rh86_87__06.70.mcusw
Decrypting flash...Done
Checking ROM call...Done
Checking security function...Done
Encrypting....Done
Patch status: 00
MCU ID: 0x3040
BOOT file: C:\Program Files\ODEON\JAF\Flash\u3_2nd.fia
Loader version: 04.46.01 -> Revision: 0007
Boot size is 0x09A8
Boot is ready...
FLASH ID0: 2C7E0001 <=> SPANSION -> 72NS128N Addr0: 0x01000000 - 0x01FFFFFF, SectorSize0: 11
FLASH ID1: 00010000 <=> Flash -> not used Addr1: 0x02000000 - 0x02FFFFFF, SectorSize1: 0
First 16 bytes: AD 7E B6 1A 1B BE 0B E2 7D 58 6B E4 DB EE 65 14
Flash ID is 0x7E2C0100
Flash loader is C:\Program Files\ODEON\JAF\Flash\u3_amd.fia
Loader version: 04.46.01 -> Revision: 0007
Loader size is 0x7528; Loader chk: 84
Loader is ready...
P-key nokia module version 01.02
MSID: 8421CB7E41EA827645CBE50118
MSID decoded: F145BAE900413E3AA8000000
FAID: 5636C95CA42B4993CC469484
Erasing area: 01000000 - 0101FFFF...
Erasing area: 01080000 - 0109FFFF...
Perm. Data Restore OK
Unlocking...
Checking locks...

Block 1:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 2:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 3:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 4:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 5:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 6:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 7:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN

Done!
DCT4 unlock counter: 212
Setting test mode...
Setting FULL FACTORY...
Operation took 0 minutes 5 seconds...
Done!
Setting test mode...
Resetting USER DATA...
Operation took 0 minutes 0 seconds...
Done!
Setting test mode...
Resetting LEAVE FACTORY...
Operation took 0 minutes 0 seconds...
Done!
Setting test mode...
Resetting SERVICE CENTER...
Operation took 0 minutes 0 seconds...
Done!
Setting test mode...
Resetting UPGRADE SOFTWARE...
Operation took 0 minutes 1 seconds...
Done!
Setting test mode...
Resetting PRODUCTION TUNE...
Operation took 0 minutes 0 seconds...
Done!
FILES SET FOR FLASHING:
MCU Flash file: NONE
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Switching to serial...
Powering the phone...
Reading...
MCU SW version: V 06.70
16-11-07
RH-86
(c) Nokia.
HW version: 6501
PCI version:
UEM version: 1328
UPP version: 12352
RFIC version: 0500
DSP version: P05w45.v49
LCD version: ELBE
PPM version: V 06.70
16-11-07
RH-86_87
(c) Nokia.
EJ
Content Pack version: Content: ej
V 06.70
16-11-07
RH-86_87
(c) Nokia.
Production serial number: 2EJ290926
Product code: 0533261
Module code: 0202930
Basic production code: 0530409
Flash code:
Order number:
Product specific data:
Long production SN:
ATO:
Default SN type:
IMEI plain: 355528014928155
IMEI spare to net: 3A 55 25 08 41 29 18 05
IMEI SV to net: 33 55 25 08 41 29 18 55 F5
Master Code: 2072220756
Phone type: RH-86, Software version: 06.70, Language Pack: EJ
User code: 12345

Block 1:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 2:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 3:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 4:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 5:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 6:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN
Block 7:
Lock 1: OPEN Lock 2: OPEN Lock 3: OPEN Lock 4: OPEN Lock 5: OPEN

Searching for saved ini...
Checking for file C:\Program Files\ODEON\JAF\JAF_RH-86.ini
Saved INI not found, loading INI list...
Checking path: C:\Program Files\Nokia\Phoenix\Products\\

Searching for default location of ini...
Checking path: \Products\\
Searching for JAF saved location of ini...
Checking path: C:\Program Files\Nokia\Phoenix\Products\\
No ini files found...
FILES SET FOR FLASHING:
MCU Flash file: NONE
PPM Flash file: NONE
CNT Flash file: NONE
ADSP Flash file: NONE
APE Variant file: NONE
APE User Flash file: NONE
Done!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)