Martin's DokuWiki

User Tools

Site Tools

You are here: start » sony_ericsson » basics
Trace:
sony_ericsson:basics

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sony_ericsson:basics [2025/09/08 16:04] – [Glossary] adminsony_ericsson:basics [2025/11/20 07:39] (current) – [Development] admin
Line 18: Line 18:
  
 There is a collection of tutorials here: [[https://www.akshayy.com/sonyericsson/index/]] \\ There is a collection of tutorials here: [[https://www.akshayy.com/sonyericsson/index/]] \\
 +
 +Have Gordon's Gate Flash Driver installed - you might need to turn off driver signature enforcement for Windows. \\
 +There are three common ways: \\
 +   * [[https://www.terasic.com.tw/wiki/Disable_Driver_Signature_Enforcement_in_Windows10_x64|Use Advanced Boot Menu]] → Disable Driver Signature Enforcement (temporary)
 +   * Enable Test Signing Mode (Requires Secure Boot OFF)
 +   * or better [[https://woshub.com/how-to-sign-an-unsigned-driver-for-windows-7-x64/|self-sign the drivers]]
 +
 +To use cmd command line (as admin): 
 +<code>
 +bcdedit.exe /set testsigning on     ← works with Win10/11 (needs Secure Boot OFF)
 +
 +#only for Win7/8:
 +bcdedit.exe /set nointegritychecks on
 +  or
 +bcdedit.exe /set loadoptions DISABLE_INTEGRITY_CHECKS
 +</code>
 +\\
  
 How to use Setool2-lite for A1 phones: [[https://sony.yt/topic/3199-setool2-lite-v111-user-guide-identify-gdfs-backup-flashing-patching-unlocking/]] \\ How to use Setool2-lite for A1 phones: [[https://sony.yt/topic/3199-setool2-lite-v111-user-guide-identify-gdfs-backup-flashing-patching-unlocking/]] \\
 +Latest Setool (not lite) is broken for PDA and does not work with WinXP (works with Win7 and newer, even Win11). \\
  
 How to use A2 Uploader: [[https://sony.yt/topic/942-a2-uploader-a2-tool-tutorial/]] \\ How to use A2 Uploader: [[https://sony.yt/topic/942-a2-uploader-a2-tool-tutorial/]] \\
Line 47: Line 65:
 ====== Glossary ====== ====== Glossary ======
  
-backup - if you ask yourself what it is, learn how to backup GDFS NOW! \\+backup - if you ask yourself what it is, learn how to backup GDFS / REST file NOW! \\
  
 📘 Glossary 📘 Glossary
Line 65: Line 83:
 >    The customization package that defines branding, language, and region >    The customization package that defines branding, language, and region
  
-Certificate Colour +Certificate Colour / Domain 
->    Phones have certificate "colors": Red (retail), Brown (developer), Blue (factory)test. Brown allows to run unsigned code. CID53+ restricts patching and unsigned loader access without signed tools.  +>    Phones have certificate "color(also called domain): Red (retail), Brown (developer), Blue (factory)test. Brown allows reading file contents and write access to FS.  
->    "Browning": refers to changing certificate colour to "brown".  +>    "Browning": refers to changing certificate colour to "brown"It is currently not possible for CID80+ 
->    SCRC (Security Certificate) is in OTP and therefore cannot be changed (hence called OTP Cert colour). Instead the cert colour used for patching is faked: It is emulated in Loader (to skip certificate enforcement) or it is a patch-based certificate conversion, like QA-patch with DB2020.+>    SCRC (Security Certificate) is in OTP and therefore cannot be changed (hence called OTP Cert colour). Instead the cert colour used for patching is emulated in Loader (to skip certificate enforcement) or it is a patch-based certificate conversion, like QA-patch with DB2020.
  
-#########################\\ 
-#TODO\\ 
  
-> SEMCBOOT is the bootloader in OTP. It waits for either a normal boot from flash or a service connection via USB. SEMCBOOT enforces CID/SCRC checks.  +GDFS (Global Data File System) / TA (Trim Area)
- +
-Methods to make SEMCBOOT see different cert colour:  +
-     * CSCA Method (obsolete) +
-     * Patch-Based Unlock (Quick Access Patch) +
-     * Bypass loaders +
- +
-> CSCA = Certificate Signed Certificate Authority (formerly sometimes just called “Central Sony Certificate Authority”) = Sony Ericsson's official signing server used to validate and authorize service operations, the phone's SEMCBOOT verified this signature +
- +
-> How does Loader bypass work? +
-<code> +
-[Phone powered on] +
-      ↓ +
-[SEMCBOOT in OTP] +
-      ↓  (USB) +
-[Tool uploads signed SE loader into RAM] +
-      ↓ +
-[Loader runs in RAM → certificate checks bypassed] +
-      ↓ +
-[Tool can patch FS / MAIN / GDFS] +
-      ↓  (reboot) +
-[Phone back to RED, RAM cleared] +
-</code> +
->  SEMCBOOT sees RED in OTP, but a signed SE loader loaded in service mode. The loader hooks its certificate-check routines in RAM. While the loader is active, you can patch FS, MAIN (CXC), GDFS, etc. After reboot, the loader disappears, and the phone reports RED again. A patched phone  +
- +
-################################ \\ +
- +
- +
-GDFS (Global Data File System)+
 >    A region of phone memory storing unique configuration. It contains IMEI, SIM/network lock info, RF calibration data, Bluetooth/WiFi addresses, call timers and also used to store flags enabling patch access.  >    A region of phone memory storing unique configuration. It contains IMEI, SIM/network lock info, RF calibration data, Bluetooth/WiFi addresses, call timers and also used to store flags enabling patch access. 
 >    BACKUP GDFS! This is unique device specific! If lost/damaged, the phone is screwed.  >    BACKUP GDFS! This is unique device specific! If lost/damaged, the phone is screwed. 
 >    Note: If you repair GDFS the 'total call timer' is reset.  >    Note: If you repair GDFS the 'total call timer' is reset. 
 +
 +REST file
 +>    'restore file' preserves FS-based customization on A1 phones and is required on flashing. A2 phones have critical data in TA. \\
 +
  
 VKP Patch VKP Patch
Line 135: Line 127:
 > /ifs/ – stands for "Internal File System" > /ifs/ – stands for "Internal File System"
 > /system/ – Core Operating System Files (A2 only) > /system/ – Core Operating System Files (A2 only)
 +
 +
 +====== Basis ======
 +
 +Following is some crap that reminds me to rewrite this section. It may be untrue too. \\
 +
 +#########################\\
 +#TODO\\
 +
 +> SEMCBOOT is the bootloader in OTP. It waits for either a normal boot from flash or a service connection via USB. SEMCBOOT enforces CID/SCRC checks. 
 +
 +Methods to make SEMCBOOT see different cert colour: 
 +     * CSCA Method (obsolete)
 +     * Patch-Based Unlock (Quick Access Patch)
 +     * Bypass loaders
 +
 +> CSCA = Certificate Signed Certificate Authority (formerly sometimes just called “Central Sony Certificate Authority”) = Sony Ericsson's official signing server used to validate and authorize service operations, the phone's SEMCBOOT verified this signature
 +
 +> How does Loader bypass work?
 +<code>
 +[Phone powered on]
 +      ↓
 +[SEMCBOOT in OTP]
 +      ↓  (USB)
 +[Tool uploads signed SE loader into RAM]
 +      ↓
 +[Loader runs in RAM → certificate checks bypassed]
 +      ↓
 +[Tool can patch FS / MAIN / GDFS]
 +      ↓  (reboot)
 +[Phone back to RED, RAM cleared]
 +</code>
 +>  SEMCBOOT sees RED in OTP, but a signed SE loader loaded in service mode. The loader hooks its certificate-check routines in RAM. While the loader is active, you can patch FS, MAIN (CXC), GDFS, etc. After reboot, the loader disappears, and the phone reports RED again. A patched phone 
 +
 +################################ \\
 +
 +
sony_ericsson/basics.1757340260.txt.gz · Last modified: by admin
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki