meo786
Welcome to meo786
Please Log In and Enjoy with us. I hope you will find more "Fun With Mobile, Computer & Management"

Thanks.

Muhammad Afzal Meo
+092 333 497 62 77

Join the forum, it's quick and easy

meo786
Welcome to meo786
Please Log In and Enjoy with us. I hope you will find more "Fun With Mobile, Computer & Management"

Thanks.

Muhammad Afzal Meo
+092 333 497 62 77
meo786
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Hot NEWS !!!???

Go down

Hot NEWS !!!??? Empty Hot NEWS !!!???

Post by UMER BUTT Wed Oct 22, 2008 11:20 am

Hot NEWS !!!???
There was rumors that some guy can unlock old(TP) bb5 phones using
patched flash loaders. And hints are pointed to thread:

[You must be registered and logged in to see this link.]

First Nokia BUG: (Tested)
Once 2nd loader is loaded and run, first 4 received bytes represents count of incoming data for 3th loader. That's mean that if you send enough data to internal RAM buffer, page error will triger exception on ADDR: ffff0010 that points to second ADDR: FF00000C (this is logical address for rap2v2 and it is different for other RAP models) BUT in all cases it is 0800000C phisical address.

Second Nokia Bug.(Tested)
When is running 2nd loader, maped vector table is NOT initialised so there
will be some garbage, and when exeption comes it will run unknown codes
(garbage).

3'th Nokia Bug(Not tested because RAP3gv2 have garbage that
will loop infinite but on other RAP3gv3 and rapido maybe works)
Since 2nd loader is loaded on phisical address 08000300 and if
garbage allows code runing without new exception, there is posibility
to patch 2nd loader to run your own code.

4'th Nokia Bug(Tested)
All BB5 loader have places where you can insert any code you want!
Like header which is first loaded on ADDR:08000300 first 4 bytes are start offset of block, second 4 bytes are size of block and than comes some
zeros enough to make jump to bigest area with your code.

Anyway since I have no time to implemend that solution (there is a two days
to D-day) but with this help It will be posible soon or later to made update
for unlocking ALL BB5 models!!!
Posible problem can be that for that solution it have to be used flasing
device, and since I'm not played with flasher for BB5 maybe it will be done
by JAF or similar.

[You must be registered and logged in to see this link.]
UMER BUTT
UMER BUTT
VIP Moderator

Number of posts : 1013
Age : 36
Location : PAKISTAN
Job/hobbies : REPARING LAB
Mode (i.e. cool, angry etc) : YES
Warining :
Hot NEWS !!!??? Left_bar_bleue0 / 1000 / 100Hot NEWS !!!??? Right_bar_bleue

Rate by Admin :
Hot NEWS !!!??? Left_bar_bleue0 / 1000 / 100Hot NEWS !!!??? Right_bar_bleue

Reputation : 20
Registration date : 2008-03-03

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum