vkp patch structure
flashing firmware and patching
using elfpack directory structure + BCFGmanager
(elf creation + patch porting)

EMMA (Ericsson Mobile Maintenance Application) is the manufacturers service tool. We don't have it. Use DCU-60 USB cable for fastport phones.
You need to be on BROWN certificate. Changing from RED is possible for CID⇐53. Use Omnius (now for free ) for CID53. CID81/RED only has really limited runtime patching via jjpatcher jar.
Modified DSS-20/25 can be used for phones with T28 Connector as serial adapter.

#for A2
After flashing A2 firmware (.fbn), flash custpack and 'finalize' the phone.
Resetting the phone from menu will not remove patches but files and (even some preinstalled) content.
Firmware is split into three parts:
1) MBN: main firmware that contais all code for running, which vkp patches on.
2) FBN: image of internal filesystem (FS), contains all files that are used by the main firmware, (GUI, drivers, lang, sounds, pre-installed Java apps, etc
3) Custpack or Customization files: files stored in FS, which are modified by phone carriers to customize the operating system. Unpack to modify yourself - clean custpack from ad-links or do afterwards in FS.

backup - if you ask yourself what it is, learn how to backup GDFS NOW!

📘 Glossary

CID (Content Identifier)

A security level marking for firmware and loader signing (e.g., CID49, CID52, CID53); higher CIDs have stricter checks and restrictions.

A1 / A2 Platforms

A1 = early SE platform (e.g., DB2010, DB2020); A2 = newer architecture (e.g., DB3150, DB3200) with stricter security and different file structure.

DB (Database)

Internal hardware code name for SE baseband platforms (e.g., DB2010, DB2020, DB3150), tied to CPU, RAM, and bootloader layout.

Certificate Colour

Phones had certificate “colors”: Brown (developer), Red (retail), Blue (factory)test. CID53+ restricts patching and unsigned loader access without signed tools.

Browning
refers to changing certificate colour to “brown”

GDFS (Global Data File System)

A region of phone memory storing unique configuration, IMEI, and calibration data; also used to store flags enabling patch access. BACKUP! This is unique device specific!

VKP Patch

A plaintext format (.vkp) for firmware patches; used to modify ROM functions or bypass checks by patching mainly the MAIN flash (MBN).
There are simple and advanced vkp patches: either they just replace/modify code (simple) or advanced patch uses free blocks to add functions (mostly converted by elf2vkp).

ELF / ELFpack / ELFloader / ELFlib

ELF (Executable and Linkable Format): small native apps written in c. ELFloader is the launcher; ELFpack combines it with ELFlib.

DynLib (Dynamic Library)

Shared binary used by ELF files (like a DLL); loaded at runtime by ELFloader to provide reusable functions (e.g., file I/O).

QA (QuickAccess) Patch (DB2020)

Firmware patch to disable signature checks on DB2020 phones, allowing FS/GDFS access and .vkp patching without a service box.

Heap Shift

Patch offset of Heap area to win space for advanced vkp patches

T28 11‑pin Connector

The legacy serial connector from the Ericsson T28 era; used for flashing, service mode, and accessories before the FastPort standard.

FastPort

A proprietary all-in-one connector used in most SE phones (A1 and A2) after T610; supported charging, data, audio, and accessory control

We, the community, are in search for former Omnius owners/maintainers to retrieve the source code or SEUS signing process.