Differences

This shows you the differences between two versions of the page.

--- sony_ericsson:basics [2025/09/12 21:23] – [Glossary] admin
+++ sony_ericsson:basics [2026/01/24 22:47] (current) – admin
@@ Line 8: / Line 8: @@
 Feel free to try giving a shot at tracking down mizar (and his set up shell company). \\
 </hidden>
-The community is in search for former Omnius owners/maintainers to retrieve the source code or SEUS signing process. \\
+@vi0let/lucy: Please release non-functional Omnius server side program w/o database for reverse engineering, to retrieve signed se loaders.. should have bought it in 2018... \\
-@vi0let/lucy: Please release non-functional Omnius server side program w/o database for reverse engineering. should have bought it in 2018... \\
@@ Line 18: / Line 17: @@
 There is a collection of tutorials here: [[https://www.akshayy.com/sonyericsson/index/]] \\
+<hidden Have Gordon's Gate Flash Driver installed.>
+You might need to turn off driver signature enforcement for Windows. \\
+There are three common ways: \\
+   * [[https://www.terasic.com.tw/wiki/Disable_Driver_Signature_Enforcement_in_Windows10_x64|Use Advanced Boot Menu]] → Disable Driver Signature Enforcement (temporary)
+   * Enable Test Signing Mode (Requires Secure Boot OFF)
+   * or better [[https://woshub.com/how-to-sign-an-unsigned-driver-for-windows-7-x64/|self-sign the drivers]]
+To use cmd command line (as admin):
+<code>
+bcdedit.exe /set testsigning on     ← works with Win10/11 (needs Secure Boot OFF)
+#only for Win7/8:
+bcdedit.exe /set nointegritychecks on
+  or
+bcdedit.exe /set loadoptions DISABLE_INTEGRITY_CHECKS
+</code>
+</hidden> \\
 How to use Setool2-lite for A1 phones: [[https://sony.yt/topic/3199-setool2-lite-v111-user-guide-identify-gdfs-backup-flashing-patching-unlocking/]] \\
+Latest Setool (not lite) is broken for PDA and does not work with WinXP (works with Win7 and newer, even Win11). \\
 How to use A2 Uploader: [[https://sony.yt/topic/942-a2-uploader-a2-tool-tutorial/]] \\
@@ Line 32: / Line 50: @@
 DCU-60 USB cable is used for fastport phones. \\
-[[sony_ericsson:links#modifications|Modified DSS-20]]/25 can be used for phones with T28 Connector as serial adapter. \\
+[[sony_ericsson:links#hardware_modification|Modified DSS-20]]/25 can be used for phones with T28 Connector as serial adapter. \\
 > Use the service cable to read (boot) logs from the phone! \\
@@ Line 47: / Line 65: @@
 ====== Glossary ======
-backup - if you ask yourself what it is, learn how to backup GDFS NOW! \\
+backup - if you ask yourself what it is, learn how to backup GDFS / REST file NOW! \\
 📘 Glossary
@@ Line 71: / Line 89: @@
-GDFS (Global Data File System) / TA partition
+GDFS (Global Data File System) / TA (Trim Area)
 >    A region of phone memory storing unique configuration. It contains IMEI, SIM/network lock info, RF calibration data, Bluetooth/WiFi addresses, call timers and also used to store flags enabling patch access.
 >    BACKUP GDFS! This is unique device specific! If lost/damaged, the phone is screwed.
 >    Note: If you repair GDFS the 'total call timer' is reset.
+REST file
+>    'restore file' preserves FS-based customization on A1 phones and is required on flashing. A2 phones have critical data in TA. \\
 VKP Patch
@@ Line 88: / Line 110: @@
 QA (QuickAccess) Patch (DB2020)
->    Firmware patch to disable signature checks on DB2020 phones, allowing FS/GDFS access and .vkp patching without a service box.
+>    Firmware patch to disable signature checks on DB2020 phones, allowing FS/GDFS access and .vkp patching without a service box. No QA needed if you swap cert to BROWN49.
 Heap Shift
@@ Line 105: / Line 127: @@
 > /ifs/ – stands for "Internal File System"
 > /system/ – Core Operating System Files (A2 only)
+====== Basis ======
+Following is some crap that reminds me to rewrite this section. It may be untrue too. \\
+#########################\\
+#TODO\\
+> SEMCBOOT is the bootloader in OTP. It waits for either a normal boot from flash or a service connection via USB. SEMCBOOT enforces CID/SCRC checks.
+Methods to make SEMCBOOT see different cert colour:
+     * CSCA Method (obsolete)
+     * Patch-Based Unlock (Quick Access Patch)
+     * Bypass loaders
+> CSCA = Certificate Signed Certificate Authority (formerly sometimes just called “Central Sony Certificate Authority”) = Sony Ericsson's official signing server used to validate and authorize service operations, the phone's SEMCBOOT verified this signature
+> How does Loader bypass work?
+<code>
+[Phone powered on]
+      ↓
+[SEMCBOOT in OTP]
+      ↓  (USB)
+[Tool uploads signed SE loader into RAM]
+      ↓
+[Loader runs in RAM → certificate checks bypassed]
+      ↓
+[Tool can patch FS / MAIN / GDFS]
+      ↓  (reboot)
+[Phone back to RED, RAM cleared]
+</code>
+>  SEMCBOOT sees RED in OTP, but a signed SE loader loaded in service mode. The loader hooks its certificate-check routines in RAM. While the loader is active, you can patch FS, MAIN (CXC), GDFS, etc. After reboot, the loader disappears, and the phone reports RED again. A patched phone
+################################ \\