Hot NEWS !!!???
Hot NEWS !!!???
Hot NEWS !!!???
There was rumors that some guy can unlock old(TP) bb5 phones using
patched flash loaders. And hints are pointed to thread:
[You must be registered and logged in to see this link.]
First Nokia BUG: (Tested)
Once 2nd loader is loaded and run, first 4 received bytes represents count of incoming data for 3th loader. That's mean that if you send enough data to internal RAM buffer, page error will triger exception on ADDR: ffff0010 that points to second ADDR: FF00000C (this is logical address for rap2v2 and it is different for other RAP models) BUT in all cases it is 0800000C phisical address.
Second Nokia Bug.(Tested)
When is running 2nd loader, maped vector table is NOT initialised so there
will be some garbage, and when exeption comes it will run unknown codes
(garbage).
3'th Nokia Bug(Not tested because RAP3gv2 have garbage that
will loop infinite but on other RAP3gv3 and rapido maybe works)
Since 2nd loader is loaded on phisical address 08000300 and if
garbage allows code runing without new exception, there is posibility
to patch 2nd loader to run your own code.
4'th Nokia Bug(Tested)
All BB5 loader have places where you can insert any code you want!
Like header which is first loaded on ADDR:08000300 first 4 bytes are start offset of block, second 4 bytes are size of block and than comes some
zeros enough to make jump to bigest area with your code.
Anyway since I have no time to implemend that solution (there is a two days
to D-day) but with this help It will be posible soon or later to made update
for unlocking ALL BB5 models!!!
Posible problem can be that for that solution it have to be used flasing
device, and since I'm not played with flasher for BB5 maybe it will be done
by JAF or similar.
[You must be registered and logged in to see this link.]
There was rumors that some guy can unlock old(TP) bb5 phones using
patched flash loaders. And hints are pointed to thread:
[You must be registered and logged in to see this link.]
First Nokia BUG: (Tested)
Once 2nd loader is loaded and run, first 4 received bytes represents count of incoming data for 3th loader. That's mean that if you send enough data to internal RAM buffer, page error will triger exception on ADDR: ffff0010 that points to second ADDR: FF00000C (this is logical address for rap2v2 and it is different for other RAP models) BUT in all cases it is 0800000C phisical address.
Second Nokia Bug.(Tested)
When is running 2nd loader, maped vector table is NOT initialised so there
will be some garbage, and when exeption comes it will run unknown codes
(garbage).
3'th Nokia Bug(Not tested because RAP3gv2 have garbage that
will loop infinite but on other RAP3gv3 and rapido maybe works)
Since 2nd loader is loaded on phisical address 08000300 and if
garbage allows code runing without new exception, there is posibility
to patch 2nd loader to run your own code.
4'th Nokia Bug(Tested)
All BB5 loader have places where you can insert any code you want!
Like header which is first loaded on ADDR:08000300 first 4 bytes are start offset of block, second 4 bytes are size of block and than comes some
zeros enough to make jump to bigest area with your code.
Anyway since I have no time to implemend that solution (there is a two days
to D-day) but with this help It will be posible soon or later to made update
for unlocking ALL BB5 models!!!
Posible problem can be that for that solution it have to be used flasing
device, and since I'm not played with flasher for BB5 maybe it will be done
by JAF or similar.
[You must be registered and logged in to see this link.]
UMER BUTT- VIP Moderator
- Number of posts : 1013
Age : 36
Location : PAKISTAN
Job/hobbies : REPARING LAB
Mode (i.e. cool, angry etc) : YES
Warining :
Rate by Admin :
Reputation : 20
Registration date : 2008-03-03
Similar topics
» Hot news FREE UNLOCK SERVER VIa IMEI - ONLINE
» Good News For all Members
» GOOD NEWS FOR JAF SUPPORTERS
» Setool News !!! S1 Unlocking Enabled
» Good news! RPL service is back online
» Good News For all Members
» GOOD NEWS FOR JAF SUPPORTERS
» Setool News !!! S1 Unlocking Enabled
» Good news! RPL service is back online
Permissions in this forum:
You cannot reply to topics in this forum