Remove SIM-lock patch generator

[simox]

Hi everybody!

I made a little tool what can generate SIM-Lock remover vkp patches that you can use with SETool2 Lite, Far Manager with SEFP (Sony Ericsson Flash Plugin) and compatible tools. It is able to generate vkp patches for DB2000/DB2010/DB2012/DB2020 CID36/49/50/51/52 MAIN firmwares (*.mbn, *.bin), but at the moment you can apply patches to DB2000/DB2010 CID36/49 and DB2020 CID52 platforms only. You can also apply patches to any DB2000/DB2010 CID36/49 and DB2020 CID52 cross flashed phone (e.g. DB2010 CID49 K310@W200).

DISCLAMER: If the generated patch will brick your phone DO NOT blame me. But the worst thing may happen is that you need to reflash the MAIN firmware.

Any comments, suggestions are welcome...


New Homepage:
My new site is [Only registered can see links. ]. You can download this tool from my [Only registered can see links. ] too.

Unlocking tutorial

How to connect the phone to flashing/patching tools:
Many users asked me how to connect the phone to SETool2 Lite, XS++, etc., so I decided to write it up. First of all fully charge your battery.

I. Install USB Flash driver:
If you never modded your phone, then probably you don't have the USB Flash driver, what is required to be able to communicate with phone. So install the driver: [Only registered can see links. ]

II. Connect the phone to SETool2 Lite(or any other flasher tool):
Click on button what you need/guide says(Identify, Read GDFS, etc.)...
When SETool2 Lite says to press the C key and connect the cable you need to:
1. Turn off the phone(if it was turned on)
2. Remove the battery, wait a few seconds(2-3 seconds is enough) and put it back, but DO NOT turn the phone on
3. Press and hold the C key on phone and connect the DCU-60 cable(data cable, what comes with phone). FOR W880 owners only: if your phone is a W880 then you need to press the 2 key instead of C key.
4. When you see some progress on SETool2 Lite status window(on left side) release the C key.

What is your phone's platform and EROM CID?
If you don't know what is your phone's platform(DB2010, DB2020 etc.) and EROM CID, then read this: [Only registered can see links. ]


A. How to apply the generated patches to DB2010 CID49 phones:

IMPORTANT: First you need backup the GDFS. If something goes wrong you can unbrick your phone with this backup. Here is how to do:
Open SETool2 Lite v1.08 or v1.11.
1. Select your phone model.
2. Click on Read GDFS button.
3. Follow the instructions given by SETool2 Lite.
4. You will get a gdfs_[yourIMEI].bin file in SETool2 Lite folder. Put it to a safe place.

I. We need to generate an unlock patch.
Run SIMLockPatchGen.exe, select the MAIN firmware (what match your phone firmware) by clicking on ... (three dots) button, then press the Make patch button. In status window you will get the path to the generated vkp file(e.g. "D:\...\SIMLockPatchGen\vkp\Remove_SIM_lock_XXX_XX XXXXX.vkp" patch file created.) Do not close the SIMLockPatchGen yet, because you may need it in next step.

II. Make sure you have the required rest(oration) file, otherwise your phone will not turn on after applied the patch.
With SETool2 Lite:
1. Select your phone model.
2. Click on Identify button.
3. If in left status window you see the RESTORATION FILE NOT PRESENT line, then follow the next step, otherwise jump to III.
4. So, no rest file for your firmware. It's time to make one. Start a command prompt(Start menu->Run, type cmd and press Enter).
5. In command prompt call the ssw2rest.exe like:

Code:

[SeToolLiteFolder]\make_rest\ssw2rest MAIN_firmware address

where:
- MAIN_firmware is the MAIN firmware with full path that you used to generate the unlock patch
- address is the base address of MAIN firmware. You can get this address from SIMLockPatchGen's status window(ex. Base address: 44140000).
The rest file will be placed aside ssw2rest.exe. Copy the generated rest file to [SeToolLiteFolder]\rest\ folder.
Here is an example how to call the ssw2rest tool:

Code:

D:\SETool2Lite\make_rest\ssw2rest "D:\firmwares\W810\W810xxx.mbn" 44140000

III. We will apply the generated patch to unlock the phone.
With SETool2 Lite:
1. Select your phone model.
2. Click on ... (three dots) button near MISC files box, and select the vkp file generated by SIMLockPatchGen.
3. Click Write SCRIPT button
4. Follow the instructions in left status window...
5. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Wait until "ELAPSED x SECONDS" appears in status window. Your phone is unlocked.


B. How to apply the generated patches to DB2020 CID52 phones:

IMPORTANT: First you need backup the GDFS. If something goes wrong you can unbrick your phone with this backup. Here is how to do:
Open SETool2 Lite v1.11.
1. Select your phone model.
2. Click on Read GDFS button.
3. Follow the instructions given by SETool2 Lite.
4. You will get a gdfs_[yourIMEI].bin file in SETool2 Lite folder. Put it to a safe place.

I. We will apply the quick access patch to phone. It is needed to be able to use the quick access method in future. Due to this great patch you can easily apply the further patches, just like to DB2010 CID 49 phones.
!!!YOU NEED TO DO THIS ONLY ONCE!!!

With SETool2 Lite v1.11.
1. Select your phone model.
2. In Windows Explorer drag (Windows drag and drop operation) the MAIN firmware (*.mbn) onto [SETool2 Lite v1.11 folder]\qamaker\qamaker.exe's icon. In the qamaker's folder you will get a quick_access_XXXX_XXXXXXX.vkp file.
3. Click on ... (three dots) button near MISC files box, and select the vkp file generated in step 2.
4. Tick Bypass DB2020 security check box.
5. Click on Add button and select the MAIN firmware file.
6. Press FLASH button.
7. Follow the instructions given by SETool2 Lite.
8. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Note: After pressed the FLASH button, at one moment you will believe that nothing happens and the status windows is not changing! DO NOT remove the CABLE! Wait until "ELAPSED x SECONDS" appears in status window.
This process will take some time, about 10-15 minutes or a little more...

II. Now we need to generate an unlock patch.
Run SIMLockPatchGen.exe, select that MAIN firmware (used earlier) by clicking on ... (three dots) button, then press the Make patch button. In status window you will get the path to the generated vkp file(e.g. "D:\...\SIMLockPatchGen\vkp\Remove_SIM_lock_XXX_XX XXXXX.vkp" patch file created.) Close the SIMLockPatchGen.

III. We will apply the generated patch to unlock the phone.
With SETool2 Lite v1.11:
1. Click on Clear button.
2. Select your phone model.
3. Tick Use "quick access" patch checkbox
4. Uncheck(remove the tick from) Bypass DB2020 security check box.
5. Click on ... (three dots) button near MISC files box, and select the vkp file generated by SIMLockPatchGen.
6. Click Write SCRIPT button
7. Follow the instructions in left status window...
8. When a dialog pop-up, click "Yes" to remove the patch. Click "No" to add the patch. In this case click on "No" button.

Wait until "ELAPSED x SECONDS" appears in status window. Your phone is unlocked.



How to check the SIM-lock status:
To be sure that the phone is really unlocked, put a SIM card from another network provider. Another method to check the SIM-lock status is to access the service menu with >*<<*<* key sequence, where: > - joystick right, < - joystick left, * - asterisk key near 0 (zero). Now go to Service Info menu, then SIM Lock sub menu. In case your phone is unlocked, all padlocks are open.


---------------------------------------------------------------------
History
------ v2.1 ------
Fix: Now can generate patches for hopefully all DB2020 firmware files

------ v2.0 ------
New:Added DB2020 support
Bug: Unable to generate patches from many DB2020 firmware files

------ v1.5 ------
Fix: Now can generate patches from all supported firmware files

------ v1.4 ------
Fix: Now generates working patches for all DB2000 firmware files
Bug: Cannot generate patches from some firmware files

------ v1.3 ------
New:Added DB2000 support
Bug: Generates bad patches from some DB2000 firmware files

------ v1.2 ------
Fix: Now can generate patch from GSlide generated firmware files

------ v1.1 ------
New: Added CID36 support
Bug: Unable to generate patch from firmware files generated by GSlide

------ v1.0.1 ------
New: Added platform detection routine
Info: I decided not to support the DB2020 firmware files at the moment because we cannot apply the generated patches anyway...

------ v1.0.0(Beta) ------
New: Initial release
Bug: Unable to generate patch from DB2020 firmware files
-----------------------------------------------------------------------

[DomagojX]

fake, doesn't work with w610 main!!!!!!!!!!!!!!!!!!!!!

[simox]

fake, doesn't work with w610 main!!!!!!!!!!!!!!!!!!!!!

First of all this tool isn't fake, just because doesn't work with w610 MAIN. Like I said in first post, it is in beta stage, and may contain bugs. Please post the log(there is a log.txt file along with SIMLockPachGen.exe)...

By the way at the moment you can apply patches to DB2010 CID49 platform only.

[pp69]

that this do is create a "unlock" patch for all firmwares ( cid 49 50 51 52 etc) but the problem is that you can´t apply the patch if you have a cid 50 51 52
but if you have a cid 49 you may have you phone unlock by pacth

i´m right???

[DomagojX]

i tryed for cid49 and it works, but when i set db2020 main and press make patch, then

welcome to simox SIM-Lock remover patch generator 1.0
supported firmwares: CID49, CID50, CID51, CID52

Analyzing firmware...
BABE header found and seems ok.
Flash CID: 52
Flash Color: Red
Base address: $44140000
Generating raw firmware...
Firmware generated.
Searching for required adresses...
Entry point cannot be found. Probably it is not a MAIN firmware!
FINISHED.

[simox]

that this do is create a "unlock" patch for all firmwares ( cid 49 50 51 52 etc) but the problem is that you can´t apply the patch if you have a cid 50 51 52
but if you have a cid 49 you may have you phone unlock by pacth

i´m right???

Yes, you are right. The reason this tool support CID 50/51/52 is that there are a few cross flashed phones for e.g. K310@W200 (DB2010 CID49) with CID52 firmware in it.

DomagojX: I investigated the problem, and the cause is that the db2020 firmwares are very different from db2010/db2012.
The algorithm of this tool: first analyze the *.mbn to see if it is valid, and grab some info from it. Next step is to generate a raw MAIN(this format is identical with the firmware in phone). It will execute a couple of pattern searches to find the right addresses, and here is the problem: the pattern I used not match anywhere in W610 firmware. In db2010/2012 firmwares the routines which ones checks the SIM-lock are basicly the same, just start at different adresses.
The whole algorithm is a bit more complicated than I described, but I think you get the point...

I think it is pointless to support db2020 firmwares at the moment because we cannot apply the generated patches...

[onlyone]

if this tool works then it's a great tool. and you are a smart men.

[interferej]

I think it is pointless to support db2020 firmwares at the moment because we cannot apply the generated patches...

so when can we expect it??:o

[simox]

onlyone:

if this tool works then it's a great tool. and you are a smart men.

Yes, it works, otherwise I wouldn't publish it(I hate the fake tools).
interferej:

so when can we expect it??:o

You mean the db2020 phone patching? Honestly, I have no idea. We need to wait until someone(SETool2 Lite???, XS++???) will relase it(I haven't the necessary knowlege to do that). When db2020 patching will be available I will support it.

[joost206]

I heard that db2020 patching will be availible in Januari:)