Differences

This shows you the differences between two versions of the page.

--- sony_ericsson:basics [2025/09/07 22:05] – [Glossary] admin
+++ sony_ericsson:basics [2025/11/20 07:39] (current) – [Development] admin
@@ Line 18: / Line 18: @@
 There is a collection of tutorials here: [[https://www.akshayy.com/sonyericsson/index/]] \\
+Have Gordon's Gate Flash Driver installed - you might need to turn off driver signature enforcement for Windows. \\
+There are three common ways: \\
+   * [[https://www.terasic.com.tw/wiki/Disable_Driver_Signature_Enforcement_in_Windows10_x64|Use Advanced Boot Menu]] → Disable Driver Signature Enforcement (temporary)
+   * Enable Test Signing Mode (Requires Secure Boot OFF)
+   * or better [[https://woshub.com/how-to-sign-an-unsigned-driver-for-windows-7-x64/|self-sign the drivers]]
+To use cmd command line (as admin):
+<code>
+bcdedit.exe /set testsigning on     ← works with Win10/11 (needs Secure Boot OFF)
+#only for Win7/8:
+bcdedit.exe /set nointegritychecks on
+  or
+bcdedit.exe /set loadoptions DISABLE_INTEGRITY_CHECKS
+</code>
+\\
 How to use Setool2-lite for A1 phones: [[https://sony.yt/topic/3199-setool2-lite-v111-user-guide-identify-gdfs-backup-flashing-patching-unlocking/]] \\
+Latest Setool (not lite) is broken for PDA and does not work with WinXP (works with Win7 and newer, even Win11). \\
 How to use A2 Uploader: [[https://sony.yt/topic/942-a2-uploader-a2-tool-tutorial/]] \\
@@ Line 47: / Line 65: @@
 ====== Glossary ======
-backup - if you ask yourself what it is, learn how to backup GDFS NOW! \\
+backup - if you ask yourself what it is, learn how to backup GDFS / REST file NOW! \\
 📘 Glossary
@@ Line 62: / Line 80: @@
 >    Internal hardware code name for SE baseband platforms (e.g., DB2010, DB2020, DB3150), tied to CPU, RAM, and bootloader layout. It was //Locosto// before DB-plattform.
-Certificate Colour
+CDA = Customer Delivery Assembly
->    Phones have certificate "colors": Red (retail), Brown (developer), Blue (factory)test. Brown allows to run unsigned code. CID53+ restricts patching and unsigned loader access without signed tools.
+>    The customization package that defines branding, language, and region
->    "Browning": refers to changing certificate colour to "brown".
->    SCRC (Security Certificate) is in OTP and therefore cannot be changed (hence called OTP Cert colour). Instead the cert colour used for patching is faked: It is emulated in Loader (to skip certificate enforcement) or it is a patch-based certificate conversion, like QA-patch with DB2020.
-GDFS (Global Data File System)
+Certificate Colour / Domain
+>    Phones have a certificate "color" (also called domain): Red (retail), Brown (developer), Blue (factory)test. Brown allows reading file contents and write access to FS.
+>    "Browning": refers to changing certificate colour to "brown". It is currently not possible for CID80+
+>    SCRC (Security Certificate) is in OTP and therefore cannot be changed (hence called OTP Cert colour). Instead the cert colour used for patching is emulated in Loader (to skip certificate enforcement) or it is a patch-based certificate conversion, like QA-patch with DB2020.
+GDFS (Global Data File System) / TA (Trim Area)
 >    A region of phone memory storing unique configuration. It contains IMEI, SIM/network lock info, RF calibration data, Bluetooth/WiFi addresses, call timers and also used to store flags enabling patch access.
 >    BACKUP GDFS! This is unique device specific! If lost/damaged, the phone is screwed.
 >    Note: If you repair GDFS the 'total call timer' is reset.
+REST file
+>    'restore file' preserves FS-based customization on A1 phones and is required on flashing. A2 phones have critical data in TA. \\
 VKP Patch
@@ Line 101: / Line 127: @@
 > /ifs/ – stands for "Internal File System"
 > /system/ – Core Operating System Files (A2 only)
+====== Basis ======
+Following is some crap that reminds me to rewrite this section. It may be untrue too. \\
+#########################\\
+#TODO\\
+> SEMCBOOT is the bootloader in OTP. It waits for either a normal boot from flash or a service connection via USB. SEMCBOOT enforces CID/SCRC checks.
+Methods to make SEMCBOOT see different cert colour:
+     * CSCA Method (obsolete)
+     * Patch-Based Unlock (Quick Access Patch)
+     * Bypass loaders
+> CSCA = Certificate Signed Certificate Authority (formerly sometimes just called “Central Sony Certificate Authority”) = Sony Ericsson's official signing server used to validate and authorize service operations, the phone's SEMCBOOT verified this signature
+> How does Loader bypass work?
+<code>
+[Phone powered on]
+      ↓
+[SEMCBOOT in OTP]
+      ↓  (USB)
+[Tool uploads signed SE loader into RAM]
+      ↓
+[Loader runs in RAM → certificate checks bypassed]
+      ↓
+[Tool can patch FS / MAIN / GDFS]
+      ↓  (reboot)
+[Phone back to RED, RAM cleared]
+</code>
+>  SEMCBOOT sees RED in OTP, but a signed SE loader loaded in service mode. The loader hooks its certificate-check routines in RAM. While the loader is active, you can patch FS, MAIN (CXC), GDFS, etc. After reboot, the loader disappears, and the phone reports RED again. A patched phone
+################################ \\