Remove SIM-lock patch generator

[simox]

Hi everybody!

I made a little tool what can generate SIM-Lock remover vkp patches that you can use with SETool2 Lite, Far Manager with SEFP (Sony Ericsson Flash Plugin) and compatible tools. It is able to generate vkp patches for DB2000/DB2010/DB2012/DB2020 CID36/49/50/51/52 MAIN firmwares (*.mbn, *.bin), but at the moment you can apply patches to DB2000/DB2010 CID36/49 and DB2020 CID52 platforms only. You can also apply patches to any DB2000/DB2010 CID36/49 and DB2020 CID52 cross flashed phone (e.g. DB2010 CID49 K310@W200).

DISCLAMER: If the generated patch will brick your phone DO NOT blame me. But the worst thing may happen is that you need to reflash the MAIN firmware.

Any comments, suggestions are welcome...


New Homepage:
My new site is http://www.simox-se.co.cc/. You can download this tool from my homepage too.

Unlocking tutorial

How to connect the phone to flashing/patching tools:
Many users asked me how to connect the phone to SETool2 Lite, XS++, etc., so I decided to write it up. First of all fully charge your battery.

I. Install USB Flash driver:
If you never modded your phone, then probably you don't have the USB Flash driver, what is required to be able to communicate with phone. So install the driver: USB Flash Driver Installation - Guide

II. Connect the phone to SETool2 Lite(or any other flasher tool):
Click on button what you need/guide says(Identify, Read GDFS, etc.)...
When SETool2 Lite says to press the C key and connect the cable you need to:
1. Turn off the phone(if it was turned on)
2. Remove the battery, wait a few seconds(2-3 seconds is enough) and put it back, but DO NOT turn the phone on
3. Press and hold the C key on phone and connect the DCU-60 cable(data cable, what comes with phone). FOR W880 owners only: if your phone is a W880 then you need to press the 2 key instead of C key.
4. When you see some progress on SETool2 Lite status window(on left side) release the C key.

What is your phone's platform and EROM CID?
If you don't know what is your phone's platform(DB2010, DB2020 etc.) and EROM CID, then read this: General Information about Patch-Unlocking (start here if you want to unlock)


A. How to apply the generated patches to DB2010 CID49 phones:

IMPORTANT: First you need backup the GDFS. If something goes wrong you can unbrick your phone with this backup. Here is how to do:
Open SETool2 Lite v1.08 or v1.11.
1. Select your phone model.
2. Click on Read GDFS button.
3. Follow the instructions given by SETool2 Lite.
4. You will get a gdfs_[yourIMEI].bin file in SETool2 Lite folder. Put it to a safe place.

I. We need to generate an unlock patch.
Run SIMLockPatchGen.exe, select the MAIN firmware (what match your phone firmware) by clicking on ... (three dots) button, then press the Make patch button. In status window you will get the path to the generated vkp file(e.g. "D:\...\SIMLockPatchGen\vkp\Remove_SIM_lock_XXX_XX XXXXX.vkp" patch file created.) Do not close the SIMLockPatchGen yet, because you may need it in next step.

II. Make sure you have the required rest(oration) file, otherwise your phone will not turn on after applied the patch.
With SETool2 Lite:
1. Select your phone model.
2. Click on Identify button.
3. If in left status window you see the RESTORATION FILE NOT PRESENT line, then follow the next step, otherwise jump to III.
4. So, no rest file for your firmware. It's time to make one. Start a command prompt(Start menu->Run, type cmd and press Enter).
5. In command prompt call the ssw2rest.exe like:

Code:

[SeToolLiteFolder]\make_rest\ssw2rest MAIN_firmware address

where:
- MAIN_firmware is the MAIN firmware with full path that you used to generate the unlock patch
- address is the base address of MAIN firmware. You can get this address from SIMLockPatchGen's status window(ex. Base address: 44140000).
The rest file will be placed aside ssw2rest.exe. Copy the generated rest file to [SeToolLiteFolder]\rest\ folder.
Here is an example how to call the ssw2rest tool:

Code:

D:\SETool2Lite\make_rest\ssw2rest "D:\firmwares\W810\W810xxx.mbn" 44140000

III. We will apply the generated patch to unlock the phone.
With SETool2 Lite:
1. Select your phone model.
2. Click on ... (three dots) button near MISC files box, and select the vkp file generated by SIMLockPatchGen.
3. Click Write SCRIPT button
4. Follow the instructions in left status window...
5. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Wait until "ELAPSED x SECONDS" appears in status window. Your phone is unlocked.


B. How to apply the generated patches to DB2020 CID52 phones:

IMPORTANT: First you need backup the GDFS. If something goes wrong you can unbrick your phone with this backup. Here is how to do:
Open SETool2 Lite v1.11.
1. Select your phone model.
2. Click on Read GDFS button.
3. Follow the instructions given by SETool2 Lite.
4. You will get a gdfs_[yourIMEI].bin file in SETool2 Lite folder. Put it to a safe place.

I. We will apply the quick access patch to phone. It is needed to be able to use the quick access method in future. Due to this great patch you can easily apply the further patches, just like to DB2010 CID 49 phones.
!!!YOU NEED TO DO THIS ONLY ONCE!!!

With SETool2 Lite v1.11.
1. Select your phone model.
2. In Windows Explorer drag (Windows drag and drop operation) the MAIN firmware (*.mbn) onto [SETool2 Lite v1.11 folder]\qamaker\qamaker.exe's icon. In the qamaker's folder you will get a quick_access_XXXX_XXXXXXX.vkp file.
3. Click on ... (three dots) button near MISC files box, and select the vkp file generated in step 2.
4. Tick Bypass DB2020 security check box.
5. Click on Add button and select the MAIN firmware file.
6. Press FLASH button.
7. Follow the instructions given by SETool2 Lite.
8. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Note: After pressed the FLASH button, at one moment you will believe that nothing happens and the status windows is not changing! DO NOT remove the CABLE! Wait until "ELAPSED x SECONDS" appears in status window.
This process will take some time, about 10-15 minutes or a little more...

II. Now we need to generate an unlock patch.
Run SIMLockPatchGen.exe, select that MAIN firmware (used earlier) by clicking on ... (three dots) button, then press the Make patch button. In status window you will get the path to the generated vkp file(e.g. "D:\...\SIMLockPatchGen\vkp\Remove_SIM_lock_XXX_XX XXXXX.vkp" patch file created.) Close the SIMLockPatchGen.

III. We will apply the generated patch to unlock the phone.
With SETool2 Lite v1.11:
1. Click on Clear button.
2. Select your phone model.
3. Tick Use "quick access" patch checkbox
4. Uncheck(remove the tick from) Bypass DB2020 security check box.
5. Click on ... (three dots) button near MISC files box, and select the vkp file generated by SIMLockPatchGen.
6. Click Write SCRIPT button
7. Follow the instructions in left status window...
8. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Wait until "ELAPSED x SECONDS" appears in status window. Your phone is unlocked.



How to check the SIM-lock status:
To be sure that the phone is really unlocked, put a SIM card from another network provider. Another method to check the SIM-lock status is to access the service menu with >*<<*<* key sequence, where: > - joystick right, < - joystick left, * - asterisk key near 0 (zero). Now go to Service Info menu, then SIM Lock sub menu. In case your phone is unlocked, all padlocks are open.


---------------------------------------------------------------------
History
------ v2.1 ------
Fix: Now can generate patches for hopefully all DB2020 firmware files

------ v2.0 ------
New:Added DB2020 support
Bug: Unable to generate patches from many DB2020 firmware files

------ v1.5 ------
Fix: Now can generate patches from all supported firmware files

------ v1.4 ------
Fix: Now generates working patches for all DB2000 firmware files
Bug: Cannot generate patches from some firmware files

------ v1.3 ------
New:Added DB2000 support
Bug: Generates bad patches from some DB2000 firmware files

------ v1.2 ------
Fix: Now can generate patch from GSlide generated firmware files

------ v1.1 ------
New: Added CID36 support
Bug: Unable to generate patch from firmware files generated by GSlide

------ v1.0.1 ------
New: Added platform detection routine
Info: I decided not to support the DB2020 firmware files at the moment because we cannot apply the generated patches anyway...

------ v1.0.0(Beta) ------
New: Initial release
Bug: Unable to generate patch from DB2020 firmware files
-----------------------------------------------------------------------