:COOL: GREAT NEWS FOR ALL s60v3 device users ... this is not my project it was all done by FCA00000 from sf and former modo in smo forum ... he deviced a way for users to access all the files on ur s60v3 phones like : n80 n73 etc.. including the sys folder and the private folder ... here it is in his own words ...


"""Good news: I managed to hack my Nokia-N80 using a software-only solution, and remove all permissions limitation.
I was able to browse c:\sys and private directories.
Now I need someone else to try.
So, if you have a Nokia with S60v3 , a connecting USB cable, and some time, please reply.
If you have CodeWarrior and MetroTRK up and running, much better.
Thanks


=========================================

Goodbye S60 Platform Security! Hack to override permissions?



As I have already said numerous times, there is no perfect protection, there are no perfect solutions and it is only a question of time when the 3rd Edition security will be hacked.

Actually it has been broken already by the firmware patching but it is the extremely dangerous procedure and also Nokia have fixed it by encoding that part of firmware with the latest updates.

I guess that everything about the "new" Symbian's platform security is very well known and already discussed numerous times here on SF, especially over at our forum section, so I’ll not repeat it again. This obnoxious concept was introduced by Nokia few years ago with its first S60 3 rd edition phone (N80) and it is based on the idea that nobody gets access to those data ca... ..

Read more: S60 3rd Ed platform security has been kacked - full story

Sincerely yours,
Teo"""

ps:this hack will only work for pre fp1 phones like [the n80 and the n73] and confirmed to be working only on n95 and 5700 and (n95-8gb by mr.papadocta) AND (the n82 by mr.nightshift).. still no news on other fp1 or fp2
pps: :D there are some issues on running this hack on vista so use xp for a sure result .. :devilish:

Unstuck - Dansco

here is what u need .. also a quote from mr.FCA00000 at SF forums ... i just wanted to share this great news with all ipmart users ...

i have attached a how to for dummies in this post for the less advanced members .. i advice u to read it before u ask

"" First of all: you can get the needed files from

[Only registered and activated users can see links](i attached them here)


1) Current state:

In S60v3, Symbian implemented a security mechanism: applications need to be signed in order to access some services.
A developper can self-sign his own applications, but the most critical services need a powerful certificate, which not everyone can afford.
For example, you can not make a file browser able to access c:\sys . This is not very important, but some people feels that they should be able
to do anything they want.

2) The theory:

When a program is signed and you install it, its privileges are stored in a internal folder. When the program is executed and
tries to access a service, the privileges are checked. If they don't match, the service can not be executed, and gives an error.
In the PC emulator for Symbian, it is possible to overrride this, so that missing privileges give a warning, not an error.
This is controlled through a file called EPOC.INI that includes a line like
PlatSecEnforcement OFF
In the phone, this is not modifiable directly.
The routine controlling this is called
DProcess:: DoHasCapability(TCapability , char const)

In my Nokia N80, this is at F80478BC and says
....
F8047968 BL log_missing_capabilities (F80458D8)
....

Look at F80458D8:
....
F8045930 LDR R0, =pSuperPage
F8045934 LDR R0, [R0]
F8045938 LDR R0, [R0,#0x148]
F804593C TST R0, #2
F8045940 BEQ loc_F804597C
F8045944 ADR R1, aError
F8045948 MOV R0, R1
....


Basically, this looks at the data at [pSuperPage+0x148] and checks bit 2.
If it is set, any missing capability will give an error.
If not, it will log the problem, but the check will succeed.

So, all you need to do is to change this value.

In my mobile, pSuperPage has value 0x60000000, so the data is stored at 0x60000148

3) the hack:

The programming enviroment Carbide.c++ v1.2 includes a file called s60_3_0_app_trk_2_7.sisx
It also comes with CodeWarrior Pro for Symbian, although it is version S60_App_TRK_2_5.sisx
This file is a On-Device-Debugger, used to run programs inside the phone, and see the flow and data in the PC.
In my experience, CodeWarrior is easier to use for debugging.
It allows to look at the program registers, phone memory, processes, and change the data.
At memory address 0x60000148 the value stored is 0x0000001E , which means that
PlatSecEnforcement is ON
So, change it from 0x0000001E to 0x00000010 and you get all the permissions !

4) The tools:

You need a Nokia phone using Symbian 9 .
You also need some way to connect it to a PC, for example USB or bluetooth. Infrared is not valid.
Next step is the MetroTRK.
If you have CodeWarrior, it is the preferred solution. If not, I made a Python program to emulate it.
If you have IDA-disassembler a a ROM dump, then you can investigate in case it doesn't work.

5) The phone:

I have tested with Nokia-N80. I suppose it works with any phone using S60v3.
The changes I make are only in memory. This means that when the phone is switched-off, the hack dissapears.
You need to run it again after a restart. I know this is a limitation, but a permanent solution will come later.
On he other hand, this is good: there is (almost) no risk on permanently breaking your phone.
Of course, do it under your own risk. I take no responsability

6) The connection:

I use a USB cable labelled CA-42 which is a simple data cable; no fancy stuff.
Connect the phone to the PC.
The phone asks the mode you want to use: 'PC Suite'
My operating system is Windows-XP and my PC detects automatically the driver, installing
something called 'Nokia N80 USB modem'.
If not, drivers are available in many places, for example
[Only registered and activated users can see links]
If you have PC-Suite, you probably have the driver already. But remember that you need to disable in the PC: stop the program.
At this point, you probably have a new serial port:
Control Panel->System->Hardware->Device Manager->Ports
should show
'Nokia N80 USB (COM6)'
It might happen that you have both COM6 and COM7 . You will need to try both.

7) The MetroTRK:

This is a debugger that installs in the phone. It has powerfull permissions and a strong certificate, which allows to read/write memory.
Transfer the file s60_3_0_app_trk_2_7.sisx into your mobile, and install it.
You should see a new application called 'TRK'.
Run it.
By default it tries to use BlueTooth, so it might give an error because no available ports.
Options->Settings->Connection=USB
Options->Settings->Port=1
Options->Settings->Baud Rate=115200
Options->Connect should tell:
Welcome to TRK for Symbian OS
Status: Connected
PDD: NONE
LDD: EUSBC
CSY: ECACM
Port Number: 1
Baud rate: 115200

This is the most difficult step.
If you get
'Failed to open port.Error Code: -21'
this means that your PC is not talking to the mobile. This is the case when the driver is not installed.

7.1) You need another program called HelloCarbide . It is a simple example. Install it in c:
You also need to transfer HelloCarbide.exe directly under c:\HelloCarbide.exe using any FileBrowser, ex: SExplorer

The hacker:
If you have CodeWarrior, go to 8.2 . If not, go to 8.1
8.1) I made a program called hack_perms_s60v3.py
It is written in pyhton, so you need Python25 from [Only registered and activated users can see links]
It uses the serial port, so you also need pyserial ([Only registered and activated users can see links])
and probably pywin32 ([Only registered and activated users can see links])
Download the binaries and execute them. As simple as that.

My program uses COM6 at line
ser = serial.Serial(5)
If you have another port, change this number. example: COM9= ser 8(so just see what ur com port # is and -1 is ur ser #) [see reply number 26 for tuto]

Run my program by typing
hack_perms_s60v3.py

It logs a lot of information. In case of problems, investigate. I _might_ try to help.

If you get
serial.serialutil.SerialException: could not open port: ... The system cannot find the file specified.
this means that the port doesn' exist.

If you get
serial.serialutil.SerialException: could not open port: ... The process cannot access the file because it is being used by another process.
this means that there is another program using the port. Most probably you are trying COM7 instead of COM6.

If it hangs after
sendFrame=00
sendFrame=FF
sendFrame=7E
this means that MetroTRK is not running in the mobile.

If everything goes OK, it takes 40 seconds and the last line are:
Close
End+Exit

Look at the trace: you should see 2 lines like:
Read Memory 60000148=1E 00 00 00
candidate!!!

This is good. It means that it found the correct address and patched it.

8.2) If you have CodeWarrior and know how to use it, it is better.
Load any program you have (HelloWorld.mmp is perfect) and start a mobile debugging session:
The target should be GCCE UDEB .
In its settings->Remote Debugging->Connection = Symbian Metro TRK
Same window->Edit Connection->Connection Type=Serial ; Port = COM6
Same window->Remote dowload path = c:\
settings->Remote Download-> Remove any file here
Remember that, because of security, applications can't be downloaded into c:\sys\bin , so they
need to be installed before. I do this manually.
See:
[Only registered and activated users can see links]
[Only registered and activated users can see links]-6299
[Only registered and activated users can see links]
[Only registered and activated users can see links]
[Only registered and activated users can see links]

Now, start debugging the program.
You should see the 'Metro TRK Communication Log' with lots of information.
Break the program.
Select the stack.
Menu->Data->View Memory . Ignore the error
Display 0x60000000
Look at 0x60000148. Probably has value 0x1E
Double-click, and type 0x10. Hit enter.
Run program.
Close Thread window. Resume.

9) Advanced: 9not for all users.. only hardcore people)

If you have IDA-disassembler and a ROM dump, you can see the actual code.
This is a heavy task, but the main file is ekern.exe
You can get a full Dump using this Symbian code:
RFs fileSession;
fileSession.Connect();

RFile file;
file.Replace(fileSession, _L("e:\\F8000000.bin"), EFileWrite);

TBuf8<0x200> buf;

TUint8 *p =(TUint8*)0xF8000000; // (TUint8*)0xF8000000;
TUint8 *pEnd = (TUint8*)0xFA000000; // (TUint8*)0xFA000000;
TUint8 iVal = 0;
for(;p < pEnd;p++)
{
iVal = *p;
buf.Append(iVal);

if(buf.Length() == buf.MaxLength())
{
file.Write(buf);
buf.Zero();
}
}

file.Close();
fileSession.Close();
And then extract files using ROMTools from Syminternals. If you can't get it, I can provide it.
To use IDA, get the Symbian SDK, and process through ROMTools . Name the routines and study the disassembled code.

10) Test:

Start any application which needs pivileges. I tried SExplorer and TrueExplorer, and I was able to
browse c:\sys , although:
10.1) SExplorer can not access Z:\sys

10.2) TrueExplorer can not find files under c:\sys\bin



It works in my Nokia-80, and I expect to work also in other models.

Did it work for you? Please post results."""

for fp1 devices(n95 etc .. u can try the fp1 attachment see if it works see reply #46 on page 2 for more details)
n82 users try the alternative trk instead....


Check this for more user friendly process : [Only registered and activated users can see links]

i have personally tried his method on my n80ie .. and it worked perfectly i opened the sys folders using xplore .

and also mr.NIGHTSHIFT made a colored oplogo for me .. that i copied to the private folder without any patching to the fw .. thanks alot to him and to FCA00000 for there great helps

ps: this method will work until u restart ur phone .. then u will have to do it all over again (takes like 10 secs)

apparently mr.FCA00000 has updated the py script .. so i attached the new one here instead of the old one (thanks go to daddyfatsax)
added nokia cable drivers old and newer version if the older doesnt work for u try th new one ... thanks to our members for the tip

GREAT NEWS UPDATE :thanks for mr.nightshift for the link . and to FCA00000 for all his efforts all credits go
to that great man ..

now u can use the hack on ur own phone with no need for the pc (except to apply the hack for

the first time only) here is what he said...


"" This is a way to apply the hack without need of a computer.
Don't get too excited: you NEED to hack it the first time, although not afterwards.

This initial post is only for people having a preFP1 phone: N80, E50, E61, N73, E60.
Doesn't work for FP1 models: N95, 5700, N81, N82

It works like this:
1) apply the python script to patch the phone and hack permissions. Look at the above post

2) download S60_3_0_Prof_v1_62.sisx from

[Only registered and activated users can see links] (attached here)
3) install it
4) now the hack:
4.1)go to my own folder->Profiler
4.2) menu Options->Profiler->Start. It says 'Status: initialising'
4.3) then it says 'Status: sampling'
4.4) Options->Profiler->Stop
4.5) it says 'Status: finished'
4.6) Exit
5) get [Only registered and activated users can see links] (attached here)
6) copy into your phone c:\sys\bin\CProfDriver_SISX.ldd (this is why you need the initial

hack)
7) it will ask to overwrite.choose yes ..... the old version had 6 Kb. The new one has 17

Kb. Please verify.

everytime you restart your phone, do step "4) "again. (only 4 dont do 5 or 6)

If you want to test, just reset your phone and do only step " 4) "


edit// I TRIED IT AND IT WORKS ON MY N80IE ... WOHOOOOO

editt//
for fp1 he posted this info maybe u can try see if it works too ...

for FP1:
Same as before, except:
2) download S60_3_1_Prof_v1_62.sisx
5) get [Only registered and activated users can see links]
5.1) rename as CProfDriver_SISX.ldd (the file in my attachment is already renamed .. dont

rename)

if 4.2) fails the first time, do
2) download S60_3_1_Prof_v1_62_SIZE.sisx
and don't do 5)

prefp1 devices are :n80 . n73 . 5700 ... etc
fp1 devices:n95 n95-8gb etc ...

EDIT:// there was a mix up with the files .. please anybody who downloaded the "fp1 hack on phone needed files" before 28th of march re-download the fixed one .. sorry for the inconvenience

UPDATE:now the silent hack by FCA00000 .. u can turn the hack on and off using the apps capsoff and caps on(attached) .. here is what he wrote ... ...
1) apply the hack using the script (or Profiler aplication) (as written above)
2)install CapsOn.sisx
3) install CapsOff.sisx

To hack the phone, run CapsOff. To revert to normal, run CapsOn
Program runs and exits inmediatly.
To test it, run any unprivileged application and see if it gets permissions.
For example, unpatched X-plorer should be able to access c:\sys\bin\

Remember: CapsOn is normal. CapsOff means hacked.

for a tuto on signing unsigned apps using this method by Mr.swankyleo please go here click me ([Only registered and activated users can see links])

I never understood why people have to sign their software.... I own a nokia E65 for a year now, (spanish vodafone), and I never ever had to sign a program. I just install it and it works...

ok i will give it a try

I never understood why people have to sign their software.... I own a nokia E65 for a year now, (spanish vodafone), and I never ever had to sign a program. I just install it and it works...

Someone needs it, some other one doesn't.....

Pretty nice post. I can confirm it working for N73.
That trick works for every pre FP1 device.

Pretty interesting post, bAsem!

lol thanks NS ma man ... it was ur idea to post it ,, so i just did it :D

hope more people try it and tell us if its workin on other devices and i can help them as much as i can

thanks again for the oplogo .. here is how it looks

I never understood why people have to sign their software.... I own a nokia E65 for a year now, (spanish vodafone), and I never ever had to sign a program. I just install it and it works...

maybe ur using open applications that need no signing .. but now i think if people cant sign something they could just unpack the sis and just copy it to the phone without the need to connect the phone to the pc in mass storage .. i mean in theory that is

this method can be very usefull for many things .. and i beleive i have the right to open every damn folder in my device with no restrictions :D

peace ,,

here i give u this file i get this thing from other sits
so check it out

Goodbye S60 Platform Security! Hack to override permissions?



As I have already said numerous times, there is no perfect protection, there are no perfect solutions and it is only a question of time when the 3rd Edition security will be hacked.

Actually it has been broken already by the firmware patching but it is the extremely dangerous procedure and also Nokia have fixed it by encoding that part of firmware with the latest updates.

I guess that everything about the "new" Symbian's platform security is very well known and already discussed numerous times . This obnoxious concept was introduced by Nokia few years ago with its first S60 3 rd edition phone (N80) and it is based on the idea that nobody gets access to those data ca..


1) Current state:
In S60v3, Symbian implemented a security mechanism: applications need to be signed in order to access some services.
A developper can self-sign his own applications, but the most critical services need a powerful certificate, which not everyone can afford.
For example, you can not make a file browser able to access c:\sys . This is not very important, but some people feels that they should be able
to do anything they want.

2) The theory:
When a program is signed and you install it, its privileges are stored in a internal folder. When the program is executed and
tries to access a service, the privileges are checked. If they don't match, the service can not be executed, and gives an error.
In the PC emulator for Symbian, it is possible to overrride this, so that missing privileges give a warning, not an error.
This is controlled through a file called EPOC.INI that includes a line like
PlatSecEnforcement OFF
In the phone, this is not modifiable directly.
The routine controlling this is called
DProcessHasCapability(TCapability , char const)

In my Nokia N80, this is at F80478BC and says
....
F8047968 BL log_missing_capabilities (F80458D8)
....

Look at F80458D8:
....
F8045930 LDR R0, =pSuperPage
F8045934 LDR R0, [R0]
F8045938 LDR R0, [R0,#0x148]
F804593C TST R0, #2
F8045940 BEQ loc_F804597C
F8045944 ADR R1, aError
F8045948 MOV R0, R1
....


Basically, this looks at the data at [pSuperPage+0x148] and checks bit 2.
If it is set, any missing capability will give an error.
If not, it will log the problem, but the check will succeed.

So, all you need to do is to change this value.

In my mobile, pSuperPage has value 0x60000000, so the data is stored at 0x60000148

3) the hack:
The programming enviroment Carbide.c++ v1.2 includes a file called s60_3_0_app_trk_2_7.sisx
It also comes with CodeWarrior Pro for Symbian, although it is version S60_App_TRK_2_5.sisx
This file is a On-Device-Debugger, used to run programs inside the phone, and see the flow and data in the PC.
In my experience, CodeWarrior is easier to use for debugging.
It allows to look at the program registers, phone memory, processes, and change the data.
At memory address 0x60000148 the value stored is 0x0000001E , which means that
PlatSecEnforcement is ON
So, change it from 0x0000001E to 0x00000010 and you get all the permissions !

4) The tools:
You need a Nokia phone using Symbian 9 .
You also need some way to connect it to a PC, for example USB or bluetooth. Infrared is not valid.
Next step is the MetroTRK.
If you have CodeWarrior, it is the preferred solution. If not, I made a Python program to emulate it.
If you have IDA-disassembler a a ROM dump, then you can investigate in case it doesn't work.

5) The phone:
I have tested with Nokia-N80. I suppose it works with any phone using S60v3.
The changes I make are only in memory. This means that when the phone is switched-off, the hack dissapears.
You need to run it again after a restart. I know this is a limitation, but a permanent solution will come later.
On he other hand, this is good: there is (almost) no risk on permanently breaking your phone.
Of course, do it under your own risk. I take no responsability

6) The connection:
I use a USB cable labelled CA-42 which is a simple data cable; no fancy stuff.
Connect the phone to the PC.
The phone asks the mode you want to use: 'PC Suite'
My operating system is Windows-XP and my PC detects automatically the driver, installing
something called 'Nokia N80 USB modem'.
If not, drivers are available in many places, for example
[Only registered and activated users can see links]
If you have PC-Suite, you probably have the driver already. But remember that you need to disable in the PC: stop the program.
At this point, you probably have a new serial port:
Control Panel->System->Hardware->Device Manager->Ports
should show
'Nokia N80 USB (COM6)'
It might happen that you have both COM6 and COM7 . You will need to try both.

7) The MetroTRK:
This is a debugger that installs in the phone. It has powerfull permissions and a strong certificate, which allows to read/write memory.
Transfer the file s60_3_0_app_trk_2_7.sisx into your mobile, and install it.
You should see a new application called 'TRK'.
Run it.
By default it tries to use BlueTooth, so it might give an error because no available ports.
Options->Settings->Connection=USB
Options->Settings->Port=1
Options->Settings->Baud Rate=115200
Options->Connect should tell:
Welcome to TRK for Symbian OS
Status: Connected
PDD: NONE
LDD: EUSBC
CSY: ECACM
Port Number: 1
Baud rate: 115200

This is the most difficult step.
If you get
'Failed to open port.Error Code: -21'
this means that your PC is not talking to the mobile. This is the case when the driver is not installed.

7.1) You need another program called HelloCarbide . It is a simple example. Install it in c:
You also need to transfer HelloCarbide.exe directly under c:\HelloCarbide.exe using any FileBrowser, ex: SExplorer

The hacker:
If you have CodeWarrior, go to 8.2 . If not, go to 8.1
8.1) I made a program called hack_perms_s60v3.py
It is written in pyhton, so you need Python25 from [Only registered and activated users can see links]
It uses the serial port, so you also need pyserial ([Only registered and activated users can see links])
and probably pywin32 ([Only registered and activated users can see links])
Download the binaries and execute them. As simple as that.

My program uses COM6 at line
ser = serial.Serial(5)
If you have another port, change this number. COM6 = port 5

Run my program by typing
hack_perms_s60v3.py

It logs a lot of information. In case of problems, investigate. I _might_ try to help.

If you get
serial.serialutil.SerialException: could not open port: ... The system cannot find the file specified.
this means that the port doesn' exist.

If you get
serial.serialutil.SerialException: could not open port: ... The process cannot access the file because it is being used by another process.
this means that there is another program using the port. Most probably you are trying COM7 instead of COM6.

If it hangs after
sendFrame=00
sendFrame=FF
sendFrame=7E
this means that MetroTRK is not running in the mobile.

If everything goes OK, it takes 40 seconds and the last line are:
Close
End+Exit

Look at the trace: you should see 2 lines like:
Read Memory 60000148=1E 00 00 00
candidate!!!

This is good. It means that it found the correct address and patched it.

8.2) If you have CodeWarrior and know how to use it, it is better.
Load any program you have (HelloWorld.mmp is perfect) and start a mobile debugging session:
The target should be GCCE UDEB .
In its settings->Remote Debugging->Connection = Symbian Metro TRK
Same window->Edit Connection->Connection Type=Serial ; Port = COM6
Same window->Remote dowload path = c:\
settings->Remote Download-> Remove any file here
Remember that, because of security, applications can't be downloaded into c:\sys\bin , so they
need to be installed before. I do this manually.
See:
[Only registered and activated users can see links]
[Only registered and activated users can see links]-6299
[Only registered and activated users can see links]
[Only registered and activated users can see links]
[Only registered and activated users can see links]

Now, start debugging the program.
You should see the 'Metro TRK Communication Log' with lots of information.
Break the program.
Select the stack.
Menu->Data->View Memory . Ignore the error
Display 0x60000000
Look at 0x60000148. Probably has value 0x1E
Double-click, and type 0x10. Hit enter.
Run program.
Close Thread window. Resume.

9) Advanced:
If you have IDA-disassembler and a ROM dump, you can see the actual code.
This is a heavy task, but the main file is ekern.exe
You can get a full Dump using this Symbian code:
RFs fileSession;
fileSession.Connect();

RFile file;
file.Replace(fileSession, _L("e:\\F8000000.bin"), EFileWrite);

TBuf8<0x200> buf;

TUint8 *p =(TUint8*)0xF8000000; // (TUint8*)0xF8000000;
TUint8 *pEnd = (TUint8*)0xFA000000; // (TUint8*)0xFA000000;
TUint8 iVal = 0;
for(;p < pEnd;p++)
{
iVal = *p;
buf.Append(iVal);

if(buf.Length() == buf.MaxLength())
{
file.Write(buf);
buf.Zero();
}
}

file.Close();
fileSession.Close();
And then extract files using ROMTools from Syminternals. If you can't get it, I can provide it.
To use IDA, get the Symbian SDK, and process through ROMTools . Name the routines and study the disassembled code.

10) Test:
Start any application which needs pivileges. I tried SExplorer and TrueExplorer, and I was able to
browse c:\sys , although:
10.1) SExplorer can not access Z:\sys
10.2) TrueExplorer can not find files under c:\sys\bin



It works in Nokia-80, and I expect to work also in other models.

Threads merged ... The description with attachment will have the priority, too. So, no need to lock it. Just merged with the original thread... All the other off-topics deleted...

this is amazing... very interesting read - thanks for sharing.

isn't this a very dangerous process and might permanently damage my phone and wont be replaced by warranty?

no its not dangerous at all ... there is no fw patching involved

tho FCA00000 doesnt take any responsibility for anydamage it might make .. as he wrote

trust me its very easy and very safe

Nice trick ...but very complicated as well for new bees.

i have personally tried his method on my n80ie .. and it worked perfectly i opened the sys folders using xplore .

and also mr.NIGHTSHIFT made a colored oplogo for me .. that i copied to the private folder without any patching to the fw .. thanks alot to him and to FCA00000 for there great helps ...

ps: this method will work until u restart ur phone .. then u will have to do it all over again (takes like 10 secs) :D
pps:this method appears not to be working on fp1 and fp2 devices yet .. like (n95 , n82 ,etc....)

here are some pics from my n80

The coloured logo in ur post, is this a transparent coloured logo or is it specifically meant for this theme...

It grat news for everbody.
Thanks for giving it for us.
Make hack your phones!

i have personally tried his method on my n80ie .. and it worked perfectly i opened the sys folders using xplore .

and also mr.NIGHTSHIFT made a colored oplogo for me .. that i copied to the private folder without any patching to the fw .. thanks alot to him and to FCA00000 for there great helps ...

ps: this method will work until u restart ur phone .. then u will have to do it all over again (takes like 10 secs) :D
pps:this method appears not to be working on fp1 and fp2 devices yet .. like (n95 , n82 ,etc....)

here are some pics from my n80

Yo.. could u share on how to make the color oplogo? could you explain what is the content of /private etc...

regards,

Yo.. could u share on how to make the color oplogo? could you explain what is the content of /private etc...

regards,

:excited:
Yes! We want an instruction how make the color logo easily.
Please :ashamed:

I gave instructions some time ago:

Hi people!

Tired of the black and white operator logo?
So here is the long awaited solution to use a colored op logo on S60V3


[Only registered and activated users can see links]

the op logo lies in
C:\PRIVATE\10000850\Logo_262_3_OTA.mbm
the marked part is different for every provider u use. it's the MCC/NMC provider code.

-So all you have to do is create a *.mbm file.
The bitmap inside the mbm must be 128x32px!
U could use the mbmwizard or the mbmtool by the famous Z-Team!
-Name it just like above but check your provider code.

I didn't try other file types, yet. And I did not try to make a transparent op logo.

Try and post your results.

Have fun.

My old Thread is located here: [Only registered and activated users can see links]

please,when you create a hacked firmware,share it on forum!!

It's absolutly not possible to create a hacked FW!
The aikon security policy is very strong.
Think of the certs.

Maybe one day they will go back to "not-that-strong-security" like it was in SX1-Times.

It's so sad, that we can't do with our purchased devices what we wanna do!
I wanna control everything on my device!

I'm sure nokia will see what they did when the first G-Phone is out.

mr nighshift made that logo for me and it is not transparent .. its on a black background

check his thread to know how to make them

Nice trick ...but very complicated as well for new bees.

not at all .. i just did it all in less than 20 minutes man ...

if there are any queries please ask maybe i can help ..

Yo Bob :P

You should add to your first post, that this trick only works for pre FP1 devices like N80 or N73 etc.

We must wait what will be with FP1 and FP2 devices like N82, N95 or N78

ok NS .. info added ;)

for people who want to change the com port settings (this tuto was made with com6 on mind)

here is what u do .. first open python select file>open>browse for the (hack_perms_s60v3.py) u have downloaded earlier ..

a new window will open for that module .. now in that new window press cntrl+f to open the find window and type (com6) .. it will direct u the part in the script where the com port settings is present .. (look at the pic attached)


now here is what u do ... if for example ur device is on com 4 then u change the number on the com(right arrow) to "4" .. AND then change the number between the brackets(left arrow) to "3" ..

if ur com was 7 then make com 7 and ser 6 etc .etc u get the idea .

cheers, hope this helps

and please no pms

SO, does it mean that I can now use Advance Device Lock on my n73 without signing It ??? somebody plz reply me. I am dieing to use this application on my n73ME, but cannot sign it!!

thnx.

Hmmm.... maybe.... you need to try it this way:

extract your unsigned sis (with sisware or unsis)
and then copy the extracted files to their place on your phone....

Just try and post results ;)

//EDIT:
I'm not sure about the hash file....
Didn't try anything like this....

With such behavior you open doors for viruses!

Yeeeeaaah :D it works great :D :ilove:

REP+ for u basem :) Really grate share :)

alrigt . . Some success stories finaly . Ur welcome mate thanks for the rep . And of course all respect goes to the creator FCA00000

thats bul*crap doesnt work with N95 8GB

It works only with OS 9.1... u should read topic more carefully. It works great on my N73


Edit. I dunno what happened, but it doesnt work for me anymore. I can no longer acces sys... :afraid: Is it because i've uninstalled those apps from my phone?


Edit2. I've patched by Python again, and it works for now... hope it'll work permanently if i won't uninstall those apps...

Edit3. Doesnt work again... I have no idea, what to do to make it work all time...

Actually I'm use the Symbaali way. It permit me to install unsigned Sises with unprotected range UIDs, but not the ones who began with 0x2xxxxxxx.
Is this method allow installing sis with protected UIDs ?
If no this suxx...

EDIT: I've tested it. It suxx. Like symbaali, cannot install sis files with protected UID. So not the solution to new SymbianSigned restrictions.

If it works for sisx file how about sis file?

the hack only work until u restart ur phone dude . Then u have to apply it again . And about that signed thing it was just a theory and u proved it wrong so thanks mate

So currently the only use of this seems to be able to change the operator logo without a firmware patch, which is pretty useless, considering the fact that you need to do this everytime you restart your phone.

Well, it's not that useless... for some people.
As far as I'm concerned I have an allfile filemanager working on my N73.
And that permanent.
That is really usefull.

thread moved to the correct section... i have tired that hack myself a few weeks ago and still no luck.... and i believe this has been posted here before...

[Only registered and activated users can see links]

hi
try to do this and i get error when i try to run "hack_perms_s60v3.py"
Traceback (most recent call last):
File "D:\hack_perms_s60v3\hack_perms_s60v3.py", line 9, in <module>
import serial
ImportError: No module named serial

please help
thanks

So currently the only use of this seems to be able to change the operator logo without a firmware patch, which is pretty useless, considering the fact that you need to do this everytime you restart your phone.

whats useless to u .. might be usefull to someone else ..

and the oplogo stays after the restart ..

so please say something usefull or dont say anything at all


thanks

hi
try to do this and i get error when i try to run "hack_perms_s60v3.py"
Traceback (most recent call last):
File "D:\hack_perms_s60v3\hack_perms_s60v3.py", line 9, in <module>
import serial
ImportError: No module named serial

please help
thanks

make sure you have this installed [Only registered and activated users can see links] and you have specified the correct serial port

yes it seems like python cant talk with ur ports . Install the pyserial and follow the tuto . And read my reply about how to change the com settings in the module

What more interesting ideas except colored oplogo u've got about this trick? :]

well removing protection will allow in the future(near future i hope) ..

to mod ur firmware to add more capabillities or make a cutomized firmware with ur own apps .. u can remove the clutter apps .. u can do a million things ..

if u ever had a siemens sx1 u would understand what modding of fw can do .. it can turn ur phone into a whole new thing ..

and this man FCA00000 was one of the major programers in that process so i would think he knows what he is doing ..

so just sit tight and wait for it

cheers .. :)

Unlucky n73 is my 1st phone on symbian, so i lost a lot o nice things in history of symbian... but i hope there are many interesting things in the future, which will change appearance of our phones :)

Can i ask u, which part of wallpaper do i have to take for background of colored oplogo? 134x34 from 88,2 ? (u should know what i mean :P )

FCA00000 is trying to break in the fp1 devices .. am just updating u with the latest news

in reply #2 there is the new fp1 files ( the py module and the trk for fp1)
install that trk to ur phone and run it .. connect it and then apply the py module

let me know whats the results

ps: (this is only a trial ... if it doesnt work then maybe wait for a newer release) .. i hear someone had a success with an n95


cheers

FCA00000 is trying to break in the fp1 devices .. am just updating u with the latest news

in reply #2 there is the new fp1 files ( the py module and the trk for fp1)
install that trk to ur phone and run it .. connect it and then apply the py module

let me know whats the results

ps: (this is only a trial ... if it doesnt work then maybe wait for a newer release) .. i hear someone had a success with an n95


cheers

and he did it

Download
Code:
[Only registered and activated users can see links]
[Only registered and activated users can see links]
[Only registered and activated users can see links]
Follow instructions from hack_perms_s60v3.txt
but use s60_3_1_app_trk_2_7.sisx instead of s60_3_0_app_trk_2_7.sisx
and hack_perms_s60v3_FP1.py instead of hack_perms_s60v3.py

in hack_perms_s60v3_FP1.py , adjust
ser = serial.Serial(5)

Usually the most difficult step is connecting the PC to the phone, so follow steps 6) and 7) carefully.


confirmed and working on N73,N80,N95,5700 (n82 not yet at time posting this)

@Dansco: it is ok like this? be happy it's working now

@kays i already posted those files on my reply #2(even the updated 2.85 of trk ;) ) for easier access .. and thanks alot for ur kind confirm rep+ to u dude ..

[Only registered and activated users can see links]
@ this thread [Only registered and activated users can see links]

I just hack my N95 firmware v.20.0.015 and it's great to have permission to all folders LASTLY!!!:dance::dance::dance:
I must say, big thanx and rep. +++ to Kays & bAsem!!! :)

nice . . Now confirmed on n95 . . Great news . And rep to u mr.jarbamare for the screenies

not working on N95 8GB :(

Mm . Well maybe the n95 8gb is like the n82 (different coding) . Or maybe u missed a step or something . . Recheck ur steps and update us

i did all the steps correctly .... i have been testing that code since day one.. ;)

well then mr.papadocta . If there are any updates i will post here

thanks mr. bAsem :D

well then mr.papadocta . If there are any updates i will post here


Dear bAsem

Can u make tutorial about this how to do it with screen shot:dance2: ? I read it many time but not success do i miss s.th ? do i need to have c++ app in pc or not ? i wanna rock like u men :excited:

thanks u :friends:

Wow.. so it can be done on N95? great! Thanks for ur confirmation jarbamare.
Also to mr bAsem for sharing info here.

just wondering, new fw v21.0.0.16 for N95 is now available via NSU, is it possible to hack this fw also if i upgrade?

Good work, thanks.

finally got it working and it indeed woks in N95-2 (8GB)

the problem was with vista... i used windows xp and worked fine Wink

i have been trying all day with vista and no luck there was an error when i first tried to run in vista about indentation or something like that and when i fixed that error still got all -1 but when i switched to xp sp2 worked fine and i'm using trk ver 2.8.5.. so people with vista try xp and it will work ...
cheers

congratz to u mr.papadocta am happy for ya dude . And about that tuto maybe i will make one if i have time . Got exams till monday

شكرا bAsem
thanks bAsem if i have the time as well i will do a clean tutorial as well... it's very simple :D

omg u speak arabic :D

where r u from dude !!

finally got it working and it indeed woks in N95-2 (8GB) ........
Hehe, now we can enjoy in our phones without any limits or OS restrictions!
FExplorer S60v3 now can open "private" and "sys" folders like on screenshots:

very good news .. and it would seem like nightshift got it working on his n82 by using the old trk file .. mabe n82 users can try to use the trk in here :
[Only registered and activated users can see links]

cheers

if we can only edit the swipolicy.ini then it would be great... cuz then you will be able to install any file without signing :D

But we have to "unlock" our phones every reboot? Is there something to make it work permanently?

wojtaliban not yet.. but something is better than nothing ;)

i have problem whit n82

i have uploaded image's error

[Only registered and activated users can see links] ([Only registered and activated users can see links])
[Only registered and activated users can see links] ([Only registered and activated users can see links])
[Only registered and activated users can see links] ([Only registered and activated users can see links])


the com port is 6
i've have installed hello carbide
next i have copied hellocarbide.exe to C: on the phone
when i tipe the string appear this error:
[Only registered and activated users can see links]

instead when i double click on the script receive the error on the three previous images

please help me

Did u set COM ports properly? (in script)

and u have to run TRK app in phone before u start script...

the com port is 6 and on the script i have set ser= serial.Serial (5)

right??

yes ur right . Well which trk did u use . Go back to my 2nd reply and download the proper one then install it and run it on the phone before applying the patch . Let us know

The proper COM port you can see in the Device Manager:

[Only registered and activated users can see links]

as you can see on the picture, my PC use for USB cable COM port -> 15, so i just edit in the hack_perms_s60v3_FP1.py next string:
:::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::
# This is the port minus 1. If you have COM4, then use Serial(3)
ser = serial.Serial(14) # I have COM15
:::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::

>I hope, this will help to all you ... ;)

which os r u using .. ?? looks like a mac lol .. is it pimped out xp

for N95-2 and N82 use this FP1.zip file (bAsem why did you remove that attachment? ) and it should work without install carbide.sis or anything else.. just the trk.sis

edit

here i attached the file again... and this is for N95-2 and N82

Btw. what is the use of the HelloCarbide.sis? I install this app. on phone memory, and ...?!?
Beside that, there is one more usefull picture info for everybody:

i updated the files to have the carbides for easier access .... sorry reuploaded now

i think the carbide is used to collect the contents of the ekern folder or so .. like a dumping application

it does bAsem but if you read in the python script file
" History: 2008.03.12 v0.2 Doesn't need to run HelloCarbide.exe because now uses the ekern thread.
# Also includes an example to dump memory into a file
# Also tries to read memory using DS_MSG_MEMORY_PROTECTED+DS_MSG_MEMORY_SEGMENTED . With and without a process. Let's see if it works"

so it means we don't need HelloCarbide.exe :D but it won't harm if we have it there

Basem, thank you very much !!! reputation added !!!
and thank you also to all the other people testing this hack !!!


to resume, the hack only work until the next reboot, and it allows to install without signing, am I right ?
And changing operator logo will work permanently ???

thanks again.

waxzus yes the hack will work until you reboot then you have to do it again... (not a big deal) and no it won't allow you to install unsigned files.. but you can try and extract them and install them manually.. and as for the op logo it should be permanent ;)

well waxzus thanks for the rep .. and did it work for ya .. what kinda phone do u have ..

@papadocta .. lol dude ur fast u beat me to it

thanks !
I have a N95 8Gb, I will do the trick this week end !
PapaDocta, I don't understand "no it won't allow you to install unsigned files.. but you can try and extract them and install them manually.", what do you want to say by "install them manually" ?

Recently, I tried to modify the UID of a .sis application (changing a protected UID to an unprotected UID) by extracting the internal files and changing the UID in the files .exe or .dll, I managed to change the CRC, etc, and I managed to sign with Symbian Open Sign Online. Then, installing the application works perfectly but the application doesn't start :-(
Do you have some idea why it doesn't work ?

Hallo,
Where i can a download pythonwin?

Hallo,
Where i can a download pythonwin?

please read the posts carefully before posting

Here(all needed PC files):
- PythonWin from (hxxp://[Only registered and activated users can see links])
- pyserial (hxxp://sourceforge.net/projects/pyserial)
- pywin32 (hxxp://sourceforge.net/projects/pywin32)

btw. this is writen on the page 1 of this thread and sevent33 don't be lazy to read FIRST PAGE for example!

thanks !
I have a N95 8Gb, I will do the trick this week end !
PapaDocta, I don't understand "no it won't allow you to install unsigned files.. but you can try and extract them and install them manually.", what do you want to say by "install them manually" ?

Recently, I tried to modify the UID of a .sis application (changing a protected UID to an unprotected UID) by extracting the internal files and changing the UID in the files .exe or .dll, I managed to change the CRC, etc, and I managed to sign with Symbian Open Sign Online. Then, installing the application works perfectly but the application doesn't start :-(
Do you have some idea why it doesn't work ?


You need to make hash and put it to C:/sys/hash. Hash consists of last four bytes of SHA1 hash, which you can get here:
[Only registered and activated users can see links]

Test it first on something, where you have already made hash by system :)

This tutorial permits to see hidden folders on your s60 3rd Edition, it is not mine, i'm simply going to report here on ipmart as i searched for it but it was not posted, so if it has already been posted, please mods delete this thread and sorry:

Original tutorial posted here:

[Only registered and activated users can see links] DOES THIS HACK ALLOW ME TO DO?

It will allow you to install UNSIGNED applications. It will allow you to give applications FULL permissions. Basically, it will give you FREEDOM.

OK, let's go, you need to download and install these files:

Download ActivePython
[Only registered and activated users can see links] install it.

Download and install PySerial from
[Only registered and activated users can see links]

Download and install AppTRK (to your phone)
[Only registered and activated users can see links] Hack Perms
[Only registered and activated users can see links] THE IMAGES FOR A LARGER SIZE!

Let's get to business:

Connect your phone to your PC via USB in PC Suite mode.

Go to Control Panel>System>Hardware>Device Manager>Ports OR in Windows Vista it's Control Panel>Hardware and Sound>Device Manager>Ports.
[Only registered and activated users can see links] ([Only registered and activated users can see links])
Once you're there, look for your phone, in my case it's called 'Nokia GSM Phone USB (COM3)'. Make a note of the number after COM, you'll need it later.

Open AppTRK on your phone and press cancel when it trys to connect via bluetooth. Go to options>settings>connection and change it to USB. Go back and press options then connect. This is what you should see:
[Only registered and activated users can see links] ([Only registered and activated users can see links])


Now open up the Hack Perm python file in notepad on your PC, press CTRL+F on your PC and search for "ser =" (Without quotation marks, of course). Once you're there change the 5 that's in the brackets to the 1 less than the number that followed COM in the step above.
[Only registered and activated users can see links] ([Only registered and activated users can see links])
For example, if your number was 7, you would change the number in the brackets to 6 and if your number was 5, you would change the number in the brackets to 4. Once you've done that, save the python file (JUST SAVE, NOT SAVE AS).

Once you have done this, just double click the Hack Perms file and wait for about 5 seconds, during this time, you should see this, notice the "!!!!!!!!!!!candidate!!!!!!!!!!!", this shows you've been successful:

[Only registered and activated users can see links] ([Only registered and activated users can see links])



DONE!

Things to note:

1)I will not be held responsible for anything happening to your phone. Nothing bad should happen anyway.

2)This hack is temporary, upon rebooting your phone, you will have to run the python script from yor computer again. FCA00000 says he's got something in the works that should make this hack permanent.

3)This hack has been confirmed on the N95, N95 8GB, N82 and some others. If you perform this hack, please tell me your phone model.



EDIT: mods can be made permanent for X-Plore thanks to Disable post :


And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)

NOTE: all credits to FCA00000 and to the other guys that worked hard for make this easy to do for all people ;)

Hello... sorry for my bad english...

my cell is n82 and i have problem with script pyton.

>>> Traceback (most recent call last):
File "C:\Python25\Lib\site-packages\pythonwin\pywin\framework\scriptutils.py", line 310, in RunScript
exec codeObject in __main__.__dict__
File "K:\n82\n82 hack\hack_perms_s60v3_FP1.py", line 19, in <module>
import serial
ImportError: No module named serial
>>>

Use PythonWin 2.5.2 and set correctly my port
# This is the port minus 1. If you have COM4, then use Serial(3)
ser = serial.Serial(10) # I have COM11
ser.timeout = 1 #required so that the reader thread can exit

I used:
s60_3_1_app_trk_2_7
s60_3_1_app_trk_2_7 Alternative for n82
s60_3_1_app_trk_2_8_5

but it responds always:
File "K:\n82\n82 hack\hack_perms_s60v3_FP1.py", line 19, in <module>
import serial
ImportError: No module named serial

If I cut line 19 it responds:
>>> Traceback (most recent call last):
File "C:\Python25\Lib\site-packages\pythonwin\pywin\framework\scriptutils.py", line 310, in RunScript
exec codeObject in __main__.__dict__
File "K:\n82\n82 hack\hack_perms_s60v3_FP1.py", line 324, in <module>
ser = serial.Serial(10) # I have COM11
NameError: name 'serial' is not defined
>>>

Can Someone help me??

Thk in advanced

P.S. all version of TRK apparently work right on my cell

this tutorial is only for FP1?

And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)

great Disabled thanks!!! :D

@xone: i tested it on n95 8gb and n81, i read about people using it on n80, so not only fp1 i think :)

great tuttorial pasco thanks for this :)

[Only registered and activated users can see links]

did you install pyserial (hxxp://sourceforge.net/projects/pyserial)?

great Disabled thanks!!! :D

@xone: i tested it on n95 8gb and n81, i read about people using it on n80, so not only fp1 i think :)

awesome :)

and if you already tested it can you copy N95 8GB original themes? :)

tested on n91 the apptrck doesnt connect :(

Yes i've install pyserial 2.2...

I'll try to download again

Thk for your help

Also working on N95 v21.

Thanks a lot mate! Working great on N95-1. :)

THANKS :LoL:!!!

Also working on N95 v21.
It's great to know that. Now i can update my phone and take this method ... Thanx for info, rep +++!;)

jarbamare jus press the report button if have any issues.. mod team will look into the matter...
Thanx mate, i have just did!;)
I don't like people who take other members credits, because that i'm angry!

These instructions looks much more clearer to me. :dance:

Connect your phone to your PC via USB in PC Suite mode.

Go to Control Panel>System>Hardware>Device Manager>Ports OR in Windows Vista it's Control Panel>Hardware and Sound>Device Manager>Ports.
[Only registered and activated users can see links] ([Only registered and activated users can see links])
Once you're there, look for your phone, in my case it's called 'Nokia GSM Phone USB (COM3)'. Make a note of the number after COM, you'll need it later.


If there is NO any number, and just Nokia N95 8GB USB, just right click it, Properties / Port Settings / Advanced - and there is the number of your Com port :)

THIS TUTORIAL IS MUCH BETTER, than the first one, please DON'T delete it!

anyone is able to copy original themes from N85-2, please?

can sum1 hack the latest y-browser to use with this hack after we reboot? Thanx

[Only registered and activated users can see links]

And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)

How I can replace files on my pc I can't :( I need acces to sys but how ?? help plz!

working like hell on my N95 8GB, after reboot, unsigned apps cant be installed. after doing this again, i can again install unsigned apps :) YAY NO OPENSIGNED ANYMORE!!!

Thanx mate, i have just did!;)
I don't like people who take other members credits, because that i'm angry!

i'm really sorry mate, i searched for the AppTRK but there was no result on the search box, so i posted it here... :(

btw, the old tutorial was for expert people, and i'm not, i think this one with just few steps is simpler... :)

best regards

amazing! and very easy to follow!... I cant wait when the permanent solution comes out :D

can i do this to my n73?

I've reinstalled pyserial... all OK

It work on N82 with:
hack_perms_s60v3_FP1 and s60_3_1_app_trk_2_8_5

You are great

P.S. I can't see on N82 Logo_XXX_X_OTA.mbm
my folder C:\PRIVATE\10000850\ is empty :confused:
so i can't change my logo operator
:ilove:

Best regards

that was a great tutorial.can you elaborate a bit more about the outcome?rep added+++









***rep added to JARBAMARE ,too.+++

How can I replace this sys files to my phone ?? any solution
and I can't install unsigned apps :( help please!

working like hell on my N95 8GB, after reboot, unsigned apps cant be installed. after doing this again, i can again install unsigned apps :) YAY NO OPENSIGNED ANYMORE!!!So you are able to install unsigned applications without doing any additional things? Just hack and install unsigned app, is it correct?

thread moved to the correct section

I don't think that he can install unsigned apps. I "hacked" my phone and I have permisson to sys folder, but only that.

I confirm it works on N95 firmware 21 that was released yesterday.

i have access to system folders on c but i cant install unsigned apps.see the screenshots from my N95.

i ll try the trick with xplore in a while..

thanks for that.

bummer :(
so this means that we are still unable to sign apps without the cert? *SIGH*

cheers mate rep added to both to you

I wonder if you're able to get the n95 8gb themes to share with us. If yes then that would be great.

Also i wonder if this will be the beginning of hacking n-gage games as some unknown files are installed to the system folder on the phone memory. Interesting if we could

Can I do this trick for my N73 ME ?
Thx b4

working like hell on my N95 8GB, after reboot, unsigned apps cant be installed. after doing this again, i can again install unsigned apps :) YAY NO OPENSIGNED ANYMORE!!!

You mean you make the trick two times ?

it doesn't work in N73 ME

@ALL:
This hack still WON'T allow u to install unsigned apps!!
BUT.. u can extract the unsigned sis file then u can copy it one by one to the respective folder in ur phone or card. It shud work.. 90% chance.
Try and post here the result! :D

Will it lose my warranty by doing this? Something like changing the product code...? Will the people from Nokia Service Point know? And one more thing which is i heard from somewhere that if the c drive had been hack,N-Gage's COTD cannot be play,is that true?

no u just create an oplogo and copy it to that folder then restart ur phone

it will be there after u restart

And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)


what do you mean with "self -acces" with x-plore?

no u just create an oplogo and copy it to that folder then restart ur phone

it will be there after u restart

:prayer::prayer::prayer:

I'm ashamed for my english

thanks a lot

has anyone ran the following test.

1. install an app without cert. with temporary superuser access, reboot ? does the app still run?

2. if 1 is good, then install the full manuf. capab. version of active file while having the temporary su access, when you reboot can you still see the entire C drive?

thanks..

a little more on what modo does. would be appreciated. thanks

It works on my N95 8GB!!!
This is awesome!
Reminds me of the old s60v1/2 days when you could look at whatever folders or files you wished no matter where they were on your phone.
Now all we need is FCA00000 to make this solution permanent for our phones :)

[Only registered and activated users can see links]

@ALL:
This hack still WON'T allow u to install unsigned apps!!
BUT.. u can extract the unsigned sis file then u can copy it one by one to the respective folder in ur phone or card. It shud work.. 90% chance.
Try and post here the result! :D

still doesnt work!
its already discussed from these morning on symbianfreak, reading seems that you have to build a right hash file. Well thats what i've understood,but i suggest you to take a look at the latest 5-6 pages of that discussion

Yes Thompson, Im reading it.. ;)
We wud also need to edit the hash n bin file using petran apps.. get it here: hxxp://[Only registered and activated users can see links]

:prayer::prayer::prayer:

I'm ashamed for my english

thanks a lot

lol .. np and ur english is very good :)

Works on the E51 ;)

Doesn't allow to install unsigned apps but x-plore has access to the sys and private catalogs ;)


rep added


br

blesio

xplore hasnt access after restart to be.i did all said on post 3.this worked with you?

After deep consideration we decided tis thread shud b merged with previous thread by BaSem bcos basically tis is same method..

Sorry for inconvenience. Thread merged and stucked until further notice.. Thank you.. :)

xplore hasnt access after restart to be.i did all said on post 3.this worked with you?

Try Disabled's X-plore and Modo on page 9 before resetting,it worked for me{i used Pascoes tutorial}

After deep consideration we decided tis thread shud b merged with previous thread by BaSem bcos basically tis is same method..

Sorry for inconvenience. Thread merged and stucked until further notice.. Thank you.. :)

thank you mate, i'm sorry for the mistake, i searched for the AppTRK but i had no response from the search :(

Thanks all for appreciation, but all credits are for developers and creators of the app :)

ps:this hack will only work for pre fp1 phones like [the n80 and the n73] and confirmed to be working only on n95 and 5700 and (n95-8gb by mr.papadocta) AND (the n82 by mr.nightshift).. still no news on other fp1 or fp2
pps: there are some issues on running this hack on vista so use xp for a sure result ..
it is said that this hack wont work on nokia 5700...is thera any other solution for that?

X-Plore works fine after restart and has access to the sys and private folders ;)

You need to make hash and put it to C:/sys/hash. Hash consists of last four bytes of SHA1 hash, which you can get here:
[Only registered and activated users can see links]

Test it first on something, where you have already made hash by system :)

can you be more precise please ?

Regarding the hardware hack, once it is done, is there something to do to be able to install unsigned applications ?
Moreover, what about the method consisting in changing a protected uid to an unprotected UID ? does it also work ???

Thanks in advance, and I would like to understand before playing with the firmware ! lol

Just for info, I already have a certificat for my phone, but I want to test the hack just for fun ! :D

the "Great News >> Now U Can Hack On Ur Own Phone" tuto is moved to the first page for better access ..


cheers

After deep consideration we decided tis thread shud b merged with previous thread by BaSem bcos basically tis is same method..

Sorry for inconvenience. Thread merged and stucked until further notice.. Thank you.. :)

no problem any help is appreciated .. tho it is a bit confusing now ..

all credits go to FCA00000 we are all only mesengers

cheers

hi

maybe you could write a howto - how to create the hash file ?! - i would like to add allfiles also for python itself !

ciao


And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)

hi

maybe you could write a howto - how to create the hash file ?! - i would like to add allfiles also for python itself !

ciao

dude have u read my post .. there is no need for all that nooow .. read my previous post :O:O:O

hi

just for interest - i would like to know the hash thing ! tx for your effort - appreciate it ! works great on e90 7.40 !

with on-device hack - phone froze after try to copy ldd file to c: ! (xplorer - selected ldd - push 1 for copy and then some sec and freeze ! - reset via battery change ) (after i closed profiler)

after restart - i can not overwrite ldd file ! (did not start the profiler though ! ( i forgot to do the via-pc trick !) now it is ok !

ciao

Did u apply the pc patch before doing the phone one . Coz i used xplore and it didnt freeze mine . Just try again and let me know

If it's possible (sorry for the off top) for ppl with N82 or the N95 8GB to post here the z:\private\10207218 folder (with it's contents) and also z:\resource\skins folder with it's contents.

I can do the same with the E51 for original themes ;)

br

blesio

I have a tryed with n95 with this software
1 app trk
2 pythonwin
3 hack_perms_s60v3_FP1.py
4 pyserial-2.2.win32.exe
I get this message:
PythonWin 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32.
Portions Copyright 1994-2006 Mark Hammond - see 'Help/About PythonWin' for further copyright information.
>>> Using port:
\\.\COM15
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit
What i did wrong?

app track will not install on my n81 fw 11.0.0.45

first I set the clock back a yr. due to cert issues

then when I try to install it says cannot install install base package first..

this is the file I am trying to install

Directory of C:\zn81\hack

03/27/2008 08:52 AM 39,828 s60_3_1_app_trk_2_7.sisx

thanks in advance

never mind I was a douceback and installing wrong file..
I was trying to install aftrack.v1.1.s60v3.patch.cracked-xraipda.sis

will let you know if it works on a n81 in a few

looks good on an n81

ie

received message number 03
kDSReplyNoError
Read Memory C0000148=1E 00 00 00
!!!!!!!!!!!!!!!!!!!!!!!!!!!candidate!!!!!!!!!!!!!! !!!
>Write Memory C0000148
write Memory at C0000148=C0 00 01 48
sending message number 04
<kDSReplyACK
received message number 04
kDSReplyNoError
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

fexplorer can see sys in c drive and I copied x-plore.exe in the has there but explore still will not see the sys folder do I have to register it first or something? Ok found it have to set configuration for it.. do we have a registration code for it??? on reboot success I can see all files even in sys on c: without reapplying hack with x-plore??? awesome... so N81 is a GO!!!!

:excited:

I have a tryed with n95 with this software
1 app trk
2 pythonwin
3 hack_perms_s60v3_FP1.py
4 pyserial-2.2.win32.exe
I get this message:
PythonWin 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32.
Portions Copyright 1994-2006 Mark Hammond - see 'Help/About PythonWin' for further copyright information.
>>> Using port:
\\.\COM15
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit
What i did wrong?

did u change the com and ser numbers in the py script . Read the posts carefully and try again :)

thanks for mr.nightshift for the link . and to FCA00000 for all his efforts all credits go to that great man ..

editt//
for fp1 he posted this info maybe u can try see if it works too ...

I've used S60_3_1_Prof_v1_62 normal file and SIZE but doesn't work on my N82 FP1 model

Thk for your work

If it's possible (sorry for the off top) for ppl with N82 to post here the z:\private\10207218 folder (with it's contents)

On my N82 there are:
AKNMEMORYCARDUI.R01
AKNMEMORYCARDUI.R02
AKNMEMORYCARDUI.R03
AKNMEMORYCARDUI.R05
AKNMEMORYCARDUI.R014
AKNMEMORYCARDUI.R018
backup_registration.xml


If it's possible (sorry for the off top) for ppl with N82 to post here the z:\resource\skins folder with it's contents.

There are some folders:
101f84b9
2000a62a
2000a62b
2000a62c
2000a62d
2000a62e

On my N82 there are:
AKNMEMORYCARDUI.R01
AKNMEMORYCARDUI.R02
AKNMEMORYCARDUI.R03
AKNMEMORYCARDUI.R05
AKNMEMORYCARDUI.R014
AKNMEMORYCARDUI.R018
backup_registration.xml



There are some folders:
101f84b9
2000a62a
2000a62b
2000a62c
2000a62d
2000a62e

The skins folder is ok, about the first one it should be 10207114, my BAD ;)

could you extract them and post them here please? Can you upload the two folders here? The Skins and 10207114 folders with all their contents ;)

br

blesio

.......................
6) copy into your phone c:\sys\bin\CProfDriver_SISX.ldd (this is why you

for FP1:
Same as before, except:
2) download S60_3_1_Prof_v1_62.sisx
5) get [Only registered and activated users can see links]
5.1) rename as CProfDriver_SISX.ldd (the file in my attachment is already renamed .. dont rename)

if 4.2) fails the first time, do
2) download S60_3_1_Prof_v1_62_SIZE.sisx
and don't do 5)

prefp1 devices are :n80 . n73 . 5700 ... etc
fp1 devices:n95 n95-8gb etc ...
Great info, but on FP1 devices like Nokia N95 etc. CProfDriver_SISX.ldd is located at the C:\sys\hash\CProfDriver_SISX.ldd not in C:\sys\bin\..........

Not working ... btw. of-course, first i made backup of the original file "CProfDriver_SISX.ldd", and than i try this copy/paste method.
It must be some solution for FP1 devices ....

hehe now I know how to change sms content and sender phone number :)

Apptrk dont connect on N73 ME; what zup ? :(

could you extract them and post them here please

Here resource skin and private folder on n82
In : private\10207114 there's a folder import

Ciauz

lucasat blesio needs c: private\10207114 too

Argh, it worked too good for me... Now i have problem when patching:



Traceback (most recent call last):
File "C:\Python25\hack_perms_s60v3.py", line 312, in <module>
ser = serial.Serial(4) # COM5
File "C:\Python25\serial\serialutil.py", line 156, in __init__
self.open()
File "C:\Python25\serial\serialwin32.py", line 55, in open
raise SerialException("could not open port: %s" % msg)
serial.serialutil.SerialException: could not open port: (2, 'CreateFile', 'Nie m
o\xbfna odnale\x9f\xe6 okre\x9clonego pliku.')




Edit. Problem solved - i had problems with ports

I don't speak english. I'm sorry... :|
bAsem, go to: click ([Only registered and activated users can see links])
I had the similar problem, it was successful him to solve to me.
I'm sorry for my engilsh :/

can someone post the sys/.exe and hash/.exe for the following files

thanks

so that I can put extended capabilities on after installing basic version'

activefile_s60_9.1_man_cap_unsigned.sis

and

activefile_s60_9.2_man_cap_unsigned.sis

you can get them in the following thread

[Only registered and activated users can see links]

I wondering Route66 v8. Could someone post all content C, E, and Z from 6110 Navigator with working maps ?

here is the thread to get the keygen for x-plore so once you have it installed it removes the annoying nags..

[Only registered and activated users can see links]

also this fix is permanent if you install the x-plore file provided here either in phone memory or on memory card and then overwrite the sys/bin/x-plore.exe (in either c: or e: dependiing on where you installed it) and then overwrite the sys/hash/x-plore.exe with the one provided in the zip here.. then even if you don't redo the hack xplore will be installed will full system priviledges that survive upon reboot.. not sure if this was clear as many people are asking to make it permanent and this in effect does..

get the correct x-plore version on page 9 of this post.. this zip has the two files you need to replace on your phone after install then you will have full priviledges

lgkahn After reboot you’ve got RO only, and for full access you need run script again. But when you install Carbide Profile, and patch it you’ve got access every time after running it.

yep you are correct I can read everything on the c drive but not write to the .sys directory how does the carbide patch work with fp1 phones?

[Only registered and activated users can see links]
hi friends i saw this article and i tried it on my e 51.....i have been able to install core player...i didnt try other applications...so anyone try this and post your results......also see this...

[Only registered and activated users can see links]

Great info, but on FP1 devices like Nokia N95 etc. CProfDriver_SISX.ldd is located at the C:\sys\hash\CProfDriver_SISX.ldd not in C:\sys\bin\..........

Not working ... btw. of-course, first i made backup of the original file "CProfDriver_SISX.ldd", and than i try this copy/paste method.
It must be some solution for FP1 devices ....

This is working for me. Hash-folder has just hash file there. ;)

Just follow the instructions given.

Working perfect for me.....now able to see all files in sys and private folders. Thankyou guys.:D

hehe now I know how to change sms content and sender phone number :)

Can u tell in brief.....how do u change them? I mean which files to change for this.

after i run pprofiler again after restart but n95 sticks and restarts.i dont see system files then

It would be great if there is a way to edit and save swipolicy.ini z:\system\data.

If it's possible (sorry for the off top) for ppl with N82 or the N95 8GB to post here the z:\private\10207218 folder (with it's contents) and also z:\resource\skins folder with it's contents.

I can do the same with the E51 for original themes ;)

br

blesio

please mr.blesio lets keep the thread clutter free .. u can ask people to post to some upload site and send u a link to ur pm ..

sorry

Working perfect for me.....now able to see all files in sys and private folders. Thankyou guys.:D

nice .. so we have some success and some failure ..

for people who cant do it. just do the xplore permanent hack .. its working perfect for me

no need for all the hastle ;)

just install xplore 1.21 then copy the hacked files posted before to sys\bin and hash folders and thats it :D

Can I do this trick for my N73 ME ?
Thx b4

yes of course u can .. just use the prefp1 files i attached to my post and follow the instructions ..

its very easy

yaay we made sticky .. thanks for the modos and the admins .. :D :D
w00t w00t

Can u tell in brief.....how do u change them? I mean which files to change for this.
Check files in:
c:\private\1000484b
But I don't know why when I change phone number in message still displaying old one ? Perhaps something is written on sim card ?
When you inbox and you choose detailed you will see both numbers.

LoL.. sticky already from last nite bro :LoL:
didnt u realize? :weedman:

btw nice thread & the trick works on 6120c latest firmware v4.21..
:excited::excited::excited:

LoL.. sticky already from last nite bro :LoL:
didnt u realize? :weedman:

btw nice thread & the trick works on 6120c latest firmware v4.21..
:excited::excited::excited:

:excited: no i didnt .. thanks alot mate .. and glad to see it working for ya :excited:

I have noticed. on n95-1 v21 the hack is permanent. Even after reboor i can still see the hidden files and folders without additional modification. Jus the patch with perl.

I have noticed. on n95-1 v21 the hack is permanent. Even after reboor i can still see the hidden files and folders without additional modification. Jus the patch with perl.

well thats weird .. r u sure u didnt use the xplore and modo hacked files ...

I have noticed. on n95-1 v21 the hack is permanent. Even after reboor i can still see the hidden files and folders without additional modification. Jus the patch with perl.

Without Carbide Profile you have read only. Just make sure :)

well thats weird .. r u sure u didnt use the xplore and modo hacked files ...

No xplore and modo hack applied.

:afraid:

I m very sorry to ask u a very stupid Question that.

I have Nokia N73 and Plz tell me how to connect my phone through PC SUITE.

PLZ PLZ.



As whenever I connect it to the PC, it give me nothing.



PLZPLZPLZ

Without Carbide Profile you have read only. Just make sure :)

You mean with Carbide i can edit and save swipolicy.ini in z:\system\data?

it doesn't work in N73 ME, if anybody have done it then tell me how?

You mean with Carbide i can edit and save swipolicy.ini in z:\system\data?
Would be cool, but we can't change ROM files.
Unfortunately only for C: drive
Perhaps it be working when somebody discover how redirect reading swpolicy.ini to c:\data instead Z:\data

the carbide hack will NOT work on an n81 as far as I can tell as there is no

CProfDriver_SISX.ldd

in c:\sys\bin

?????

any suggestions

ok I installed to e drive instead of c so it is in e:\sys\bin..

this is promising that means on phones like mine where you have a memory card access to the e drive you don't need the hack to replace the CProfDriver_SISX.ldd

any comments.


Ive tried both the standard S60_3_1_Prof_v1_62.sisx
and the S60_3_1_Prof_v1_62_SIZE.sisx

on my n81 no go.. both hang for like two minutes on initializing and when done i dont have write access to c drive or e:\sys
etc.

Quote:
Originally Posted by jarbamare
Great info, but on FP1 devices like Nokia N95 etc. CProfDriver_SISX.ldd is located at the C:\sys\hash\CProfDriver_SISX.ldd not in C:\sys\bin\..........

Not working ... btw. of-course, first i made backup of the original file "CProfDriver_SISX.ldd", and than i try this copy/paste method.
It must be some solution for FP1 devices ....

This is working for me. Hash-folder has just hash file there.

Just follow the instructions given.

I've rejected on my N82 and after restart I've lost my backup original file CProfDriver_SISX.ldd :(
No happy, my cell has lost file CProfDriverxxxx.exe that i remember was into folder :( :(
Result... after i've deleted installation Profiler. Now i can't reinstall Caribe Profiler...
At half installation the application exit with install error...

I only hack succeed my cell with PytonWin.

Can someone help me, like bAsem :good2::good2: as always

Ciauz

P.S. In post #155 on page 16 and i see there are:
CProfApp_SISX.exe
CProfDriver_SISX.ldd
CProfUI_SISX.exe
But i lost everything after reboot

[Only registered and activated users can see links]

that doesnt make sense the .ldd in the hash is not the executable just the 4 hex sha1 has for it.. the notes say to replace the 6k executable with the 17kb one

ie

5) get [Only registered and activated users can see links]
6) copy into your phone c:\sys\bin\CProfDriver_SISX.ldd (this is why you need the initial hack)
7) the old version had 6 Kb. The new one has 17 Kb. Please verify.
everytime you restart your phone, do 4) again.

anyway I have followed the directions carefully other than installing on e instead of c but that shouldnt make any difference and it doesnt work for my n81 same as you only full access after running the python script.

that doesnt make sense the .ldd in the hash

In N82 or N95 models those file are locate into sys\HASH

However i don't know what files processing end if are essential for good operation my cell

In N82 or N95 models those file are locate into sys\HASH

However i don't know what files processing end if are essential for good operation my cell

for all fp1 users please go to page 1 and re-download the needed files again . .. there was a mix up of files ..

@lucasat maybe that was the problem .. also if u could tell me what did u do exactly i could help u more

sorry for the silly mistake :$

the carbide hack will NOT work on an n81 as far as I can tell as there is no

CProfDriver_SISX.ldd

in c:\sys\bin

?????

any suggestions

ok I installed to e drive instead of c so it is in e:\sys\bin..

this is promising that means on phones like mine where you have a memory card access to the e drive you don't need the hack to replace the CProfDriver_SISX.ldd

any comments.


Ive tried both the standard S60_3_1_Prof_v1_62.sisx
and the S60_3_1_Prof_v1_62_SIZE.sisx

on my n81 no go.. both hang for like two minutes on initializing and when done i dont have write access to c drive or e:\sys
etc.

for all fp1 users who fail with the standard S60_3_1_Prof_v1_62.sisx try the S60_3_1_Prof_v1_62_size.sisx WITHOUT copying the ldd file .. thats what mr.FCA00000 said .. give it a shot see what happens

Allfiles + hash made easy!

Right... My first guide for this forum. Let's hope it works Smile

So you've got a hacked phone. Nice, but every time you restart, you have to rehack or the folders are hidden again. How do you convert your preferred file browser into an Allfiles version?

Download this file. It contains all you'll need. Petran, a hex editor and the hashtab program. Run and install the hex editor and the hashtab programs.
[Only registered and activated users can see links]

Editing privileges.
1. Let's say you want Y-Browser to have full privileges. Install it like you would normally do to C:\. Hack the phone and use the Y-Browser to navigate to C:\Sys\Bin, where most programs are installed.

2. Find the exe called YuccaBrowser.exe and copy it to the memory card. Then copy the file to the PC using a USB cable or whatever.

3. Create a folder containing YuccaBrowser.exe and Petran.exe, which you downloaded earlier. Open a Commando prompt and CD into this folder.

4. Paste this string into the Command Prompt window
petran.exe -capabilities NetworkServices+LocalServices+ReadUserData+WriteUs erData+UserEnvironment+AllFiles YuccaBrowser.exe

5. Move the patched file back onto the phone memory card and use Y-Browser to paste it into the C:\Sys\Bin folder.

Creating the hash file.
1. Navigate to the file you need to create a hash for. The file you pacthed above, for example. Right click and select Properties.

2. Select the 'File Hashes' tab. Right click on the SHA-1 hash and select 'Copy'. Close the Properties window.

3. Run WinHex. Select 'Edit/Clipboard Data/Paste Into New File'. In the window 'Choose Clipboard Format' you select 'ASCII Hex'. Save the file using the same name as the exe, like YuccaBrowser.exe and move it to the memory card of your phone.

4. Use Y-Browser to copy the file to the C:\Sys\Hash folder. Done!

Actually you don't need the hash file when installing to drive C:\ because it is expected to be protected (!), but now you know how to do it anyway Smile

GuyZ, heres a link to all the files u need plus some tutorials!

the .mht file are compress html webpages - just double click on it and it will open in internet explorer, with clickable link and all!

Hope this is useful to someone!

s60_3rd_edition_hacks___ALL_U_NEED___.rar ([Only registered and activated users can see links])

:partyman:

wow .. thats a pretty awesome tuto mr.phoezies .. i actually wanted to make y-browser into and allfile manager or fexplorer aswell .. rep++ to u man .. and if u could move it to the 1st page with all the rest of the tutos it would be awesome to have a single source for all the hacks ..

oh and i love the "hacked" edition in ur info :D am changin mine aswell

GuyZ, heres a link to all the files u need plus some tutorials!

the .mht file are compress html webpages - just double click on it and it will open in internet explorer, with clickable link and all!

Hope this is useful to someone!

s60_3rd_edition_hacks___ALL_U_NEED___.rar ([Only registered and activated users can see links])

:partyman:

ok thanks alot mr.rasdonny for the nice tuto .. but it doesnt say anymore than we just did .. but rep++ for all ur hard work

also how did u rip those pages what proggy did u use .. thanks alot in advance

ok thanks alot mr.rasdonny for the nice tuto .. but it doesnt say anymore than we just did .. but rep++ for all ur hard work

also how did u rip those pages what proggy did u use .. thanks alot in advance

No worries m8, i know that the tuts are the same as what in this thread...

...it just one download with all files for who might get confused with all the different links etc.

The app i used to rip is call SNAGIt ([Only registered and activated users can see links])

...it really good - have been using it for years - quick and easy!

:friends:

Fist I've used S60_3_1_Prof_v1_62 normal file or SIZE and I put file CProfDriver_SISX.ldd into c:\sys\bin\ but doesn't work on my N82

Subsequently I read post Jarbamare he said:


Great info, but on FP1 devices like Nokia N95 etc. CProfDriver_SISX.ldd is located at the C:\sys\hash\CProfDriver_SISX.ldd not in C:\sys\bin\..........

Then I've rejected on my N82,
I've installed Carbide Profile... and overwrite file CProfDriver_SISX.ldd on C:\sys\hash\
previously i made backup original file CProfDriver_SISX.ldd C:\sys\hash\ and put it into folder D:

When I run Profiler it said error, i've removed installation and I tried standard S60_3_1_Prof_v1_62.sisx and subsequently S60_3_1_Prof_v1_62_SIZE.sisx (always removed previus version)
Dosn't work...

Then, after restart, I've lost my backup original file CProfDriver_SISX.ldd on D: and lost all CProxxx exe file locate in C:\sys\hash...

That's no problem becouse I got backup my cell but I would like to understand what's the problem

I hope you understood my poor English

Thk

for all fp1 users who fail with the standard S60_3_1_Prof_v1_62.sisx try the S60_3_1_Prof_v1_62_size.sisx WITHOUT copying the ldd file .. thats what mr.FCA00000 said .. give it a shot see what happens
I say once and again: not working.
After phone reboot i did:

4.1) icons->Profiler
4.2) menu Options->Profiler->Start. It says 'Status: initialising'
4.3) then it says 'Status: sampling'
4.4) Options->Profiler->Stop
4.5) it says 'Status: finished'
4.6) Exit
All going well, BUT ... when i start X-Plore or any file manager i cannot open "private" or "sys" folders.

Still must practise PythonWin procedure ...

for all fp1 users who fail with the standard S60_3_1_Prof_v1_62.sisx try the S60_3_1_Prof_v1_62_size.sisx WITHOUT copying the ldd file .. thats what mr.FCA00000 said .. give it a shot see what happens

I tried this still no go.. now profiler runs correctly and doesn't hang but no access after running it..

No I will try the alternate approach give xplore and fexplorer allfiles access instead.

P.S. where we can find this version -> S60_3_1_Prof_v1_62_SIZE.sisx?!?

Only awaylable file for download is S60_3_1_Prof_v1_62.sisx(56.764b) without "SIZE".
?!?

Sorry ... i find: hxxp://tools.ext.nokia.com/agents/index.htm
I will try later with this "SIZE" version for single CPU ....

added to my attachment in page in the fp1 needed files .. for better access

we no success with the has /all file solution either.. it does kinda work I now have read access to sys on c drive with fexplorer but neither fexplorer or x-plore can write files there they see the file and prompt for overwrite but then I get
a "cannot open file" error in x-plore and a "not done error with some negative number" in fexplorer... bummer...

I say once and again: not working.
After phone reboot i did:

4.1) icons->Profiler
4.2) menu Options->Profiler->Start. It says 'Status: initialising'
4.3) then it says 'Status: sampling'
4.4) Options->Profiler->Stop
4.5) it says 'Status: finished'
4.6) Exit
All going well, BUT ... when i start X-Plore or any file manager i cannot open "private" or "sys" folders.

Still must practise PythonWin procedure ...

well am sorry for that news .. there must be some step that u missed .. am no expert at this but i think some fp1 devices have some issues with it maybe .. so on sf forum people fp1 devices got it workin .. i asked fca00000 about that issue .. maybe he can help

sorry ,, also u can try the allfile hash thing .. should not be hard for u

EDIT:// there was a mix up with the files .. please anybody who downloaded the "fp1 hack on phone needed files" before 28th of march re-download the fixed one .. sorry for the inconvenience

I've re-downloaded and now I managed to reistall Cardibe Profiler

Unfortunately, as Jarbamare, don't work for me

well am sorry for that news .. there must be some step that u missed ...
No mate, i don't miss nothing ... this method using "Profiler" not working at Nokia N95!
I just try this "...SIZE" version, it's the same.
Never mind, fca00000 will find a solution!;)

it doesn't work on my Nokia N82. Just followed 1 page instruction and nothing.... There is below screen with executed hack_perms_s60v3_FP1.py . Help me please-what to do ?

I have this massage but a canot instal unsigned aplications?
PythonWin 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32.
Portions Copyright 1994-2006 Mark Hammond - see 'Help/About PythonWin' for further copyright information.
>>> Using port:
\\.\COM15
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>SupportMask
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyNoError
Level=DS_PROTOCOL_RTOS. (OS-level debugger)
ProcessID=0001 ThreadID=0002
>Test 0xC8xxxxxx
Read Memory at C0000148=C0 00 01 48
sending message number 03
<kDSReplyACK
received message number 03
kDSReplyNoError
Read Memory C0000148=1E 00 00 00
!!!!!!!!!!!!!!!!!!!!!!!!!!!candidate!!!!!!!!!!!!!! !!!
>Write Memory C0000148
write Memory at C0000148=C0 00 01 48
sending message number 04
<kDSReplyACK
received message number 04
kDSReplyNoError
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

On my N82 works fine..

GoTo first page and download FP1 package...
Install PyWin and Pyserial...
Make sure that icon Nokia PCSuite are killed in system tray
Install TRK 2.85 on your cell
Connect cell in PCSuite version
Run TRK
GoTo Pannel control - system - Hardware and read your N82 port
Open PyWin and load file hack_perms_s60v3_FP1.py
Search into script serial.serial and make sure to set your port - 1
Run It and good work

lucasat

done as you said- but nothing


>>> Using port:
COM4
>Ping
sending message number 00
<kDSPing
received message number 00
>Connect
sending message number 01
<kDSConnect
received message number 01
>SupportMask
sending message number 02
<kDSSupportMask
received message number 02
ProcessID=0001 ThreadID=0002
>Test 0xC8xxxxxx
Read Memory at C0000148=C0 00 01 48
sending message number 03
<kDSReadMemory
received message number 03
Read Memory C0000148=C0 00 01 48
>Scanning memory 0xC8000000 and 0xC0000000
Read Memory at C8000000=C8 00 00 00
sending message number 04
<kDSReadMemory
received message number 04
Read Memory C8000000=C8 00 00 00
Read Memory C8000004=00 00 00 01
Read Memory C8000008=00 00 00 02
Read Memory C800000C=1B -1 -1 -1
Read Memory C8000010=-1 -1 -1 -1
Read Memory C8000014=-1 -1 -1 -1
Read Memory C8000018=-1 -1 -1 -1
Read Memory C800001C=-1 -1 -1 -1
Read Memory C8000020=-1 -1 -1 -1
Read Memory C8000024=-1 -1 -1 -1
Read Memory C8000028=-1 -1 -1 -1
Read Memory C800002C=-1 -1 -1 -1
Read Memory C8000030=-1 -1 -1 -1
Read Memory C8000034=-1 -1 -1 -1
Read Memory C8000038=-1 -1 -1 -1
Read Memory C800003C=-1 -1 -1 -1
Read Memory C8000040=-1 -1 -1 -1
Read Memory C8000044=-1 -1 -1 -1
Read Memory C8000048=-1 -1 -1 -1
Read Memory C800004C=-1 -1 -1 -1
Read Memory C8000050=-1 -1 -1 -1
Read Memory C8000054=-1 -1 -1 -1
Read Memory C8000058=-1 -1 -1 -1
Read Memory C800005C=-1 -1 -1 -1
Read Memory C8000060=-1 -1 -1 -1
Read Memory C8000064=-1 -1 -1 -1
Read Memory C8000068=-1 -1 -1 -1
Read Memory C800006C=-1 -1 -1 -1
Read Memory C8000070=-1 -1 -1 -1
Read Memory C8000074=-1 -1 -1 -1
Read Memory C8000078=-1 -1 -1 -1
Read Memory C800007C=-1 -1 -1 -1
Read Memory C8000080=-1 -1 -1 -1
Read Memory C8000084=-1 -1 -1 -1
Read Memory C8000088=-1 -1 -1 -1
Read Memory C800008C=-1 -1 -1 -1
Read Memory C8000090=-1 -1 -1 -1
Read Memory C8000094=-1 -1 -1 -1
Read Memory C8000098=-1 -1 -1 -1
Read Memory C800009C=-1 -1 -1 -1
Read Memory C80000A0=-1 -1 -1 -1
Read Memory C80000A4=-1 -1 -1 -1
Read Memory C80000A8=-1 -1 -1 -1
Read Memory C80000AC=-1 -1 -1 -1
Read Memory C80000B0=-1 -1 -1 -1
Read Memory C80000B4=-1 -1 -1 -1
Read Memory C80000B8=-1 -1 -1 -1
Read Memory C80000BC=-1 -1 -1 -1
Read Memory C80000C0=-1 -1 -1 -1
Read Memory C80000C4=-1 -1 -1 -1
Read Memory C80000C8=-1 -1 -1 -1
Read Memory C80000CC=-1 -1 -1 -1
Read Memory C80000D0=-1 -1 -1 -1
Read Memory C80000D4=-1 -1 -1 -1
Read Memory C80000D8=-1 -1 -1 -1
Read Memory C80000DC=-1 -1 -1 -1
Read Memory C80000E0=-1 -1 -1 -1
Read Memory C80000E4=-1 -1 -1 -1
Read Memory C80000E8=-1 -1 -1 -1
Read Memory C80000EC=-1 -1 -1 -1
Read Memory C80000F0=-1 -1 -1 -1
Read Memory C80000F4=-1 -1 -1 -1
Read Memory C80000F8=-1 -1 -1 -1
Read Memory C80000FC=-1 -1 -1 -1
Read Memory at C8000100=C8 00 01 00
sending message number 05
<kDSReadMemory
received message number 05
Read Memory C8000100=C8 00 01 00
Read Memory C8000104=00 00 00 01
Read Memory C8000108=00 00 00 02
Read Memory C800010C=19 -1 -1 -1
Read Memory C8000110=-1 -1 -1 -1
Read Memory C8000114=-1 -1 -1 -1
Read Memory C8000118=-1 -1 -1 -1
Read Memory C800011C=-1 -1 -1 -1
Read Memory C8000120=-1 -1 -1 -1
Read Memory C8000124=-1 -1 -1 -1
Read Memory C8000128=-1 -1 -1 -1
Read Memory C800012C=-1 -1 -1 -1
Read Memory C8000130=-1 -1 -1 -1
Read Memory C8000134=-1 -1 -1 -1
Read Memory C8000138=-1 -1 -1 -1
Read Memory C800013C=-1 -1 -1 -1
Read Memory C8000140=-1 -1 -1 -1
Read Memory C8000144=-1 -1 -1 -1
Read Memory C8000148=-1 -1 -1 -1
Read Memory C800014C=-1 -1 -1 -1
Read Memory C8000150=-1 -1 -1 -1
Read Memory C8000154=-1 -1 -1 -1
Read Memory C8000158=-1 -1 -1 -1
Read Memory C800015C=-1 -1 -1 -1
Read Memory C8000160=-1 -1 -1 -1
Read Memory C8000164=-1 -1 -1 -1
Read Memory C8000168=-1 -1 -1 -1
Read Memory C800016C=-1 -1 -1 -1
Read Memory C8000170=-1 -1 -1 -1
Read Memory C8000174=-1 -1 -1 -1
Read Memory C8000178=-1 -1 -1 -1
Read Memory C800017C=-1 -1 -1 -1
Read Memory C8000180=-1 -1 -1 -1
Read Memory C8000184=-1 -1 -1 -1
Read Memory C8000188=-1 -1 -1 -1
Read Memory C800018C=-1 -1 -1 -1
Read Memory C8000190=-1 -1 -1 -1
Read Memory C8000194=-1 -1 -1 -1
Read Memory C8000198=-1 -1 -1 -1
Read Memory C800019C=-1 -1 -1 -1
Read Memory C80001A0=-1 -1 -1 -1
Read Memory C80001A4=-1 -1 -1 -1
Read Memory C80001A8=-1 -1 -1 -1
Read Memory C80001AC=-1 -1 -1 -1
Read Memory C80001B0=-1 -1 -1 -1
Read Memory C80001B4=-1 -1 -1 -1
Read Memory C80001B8=-1 -1 -1 -1
Read Memory C80001BC=-1 -1 -1 -1
Read Memory C80001C0=-1 -1 -1 -1
Read Memory C80001C4=-1 -1 -1 -1
Read Memory C80001C8=-1 -1 -1 -1
Read Memory C80001CC=-1 -1 -1 -1
Read Memory C80001D0=-1 -1 -1 -1
Read Memory C80001D4=-1 -1 -1 -1
Read Memory C80001D8=-1 -1 -1 -1
Read Memory C80001DC=-1 -1 -1 -1
Read Memory C80001E0=-1 -1 -1 -1
Read Memory C80001E4=-1 -1 -1 -1
Read Memory C80001E8=-1 -1 -1 -1
Read Memory C80001EC=-1 -1 -1 -1
Read Memory C80001F0=-1 -1 -1 -1
Read Memory C80001F4=-1 -1 -1 -1
Read Memory C80001F8=-1 -1 -1 -1
Read Memory C80001FC=-1 -1 -1 -1
Read Memory at C0000000=C0 00 00 00
sending message number 06
<kDSReadMemory
received message number 06
Read Memory C0000000=C0 00 00 00
Read Memory C0000004=00 00 00 01
Read Memory C0000008=00 00 00 02
Read Memory C000000C=21 -1 -1 -1
Read Memory C0000010=-1 -1 -1 -1
Read Memory C0000014=-1 -1 -1 -1
Read Memory C0000018=-1 -1 -1 -1
Read Memory C000001C=-1 -1 -1 -1
Read Memory C0000020=-1 -1 -1 -1
Read Memory C0000024=-1 -1 -1 -1
Read Memory C0000028=-1 -1 -1 -1
Read Memory C000002C=-1 -1 -1 -1
Read Memory C0000030=-1 -1 -1 -1
Read Memory C0000034=-1 -1 -1 -1
Read Memory C0000038=-1 -1 -1 -1
Read Memory C000003C=-1 -1 -1 -1
Read Memory C0000040=-1 -1 -1 -1
Read Memory C0000044=-1 -1 -1 -1
Read Memory C0000048=-1 -1 -1 -1
Read Memory C000004C=-1 -1 -1 -1
Read Memory C0000050=-1 -1 -1 -1
Read Memory C0000054=-1 -1 -1 -1
Read Memory C0000058=-1 -1 -1 -1
Read Memory C000005C=-1 -1 -1 -1
Read Memory C0000060=-1 -1 -1 -1
Read Memory C0000064=-1 -1 -1 -1
Read Memory C0000068=-1 -1 -1 -1
Read Memory C000006C=-1 -1 -1 -1
Read Memory C0000070=-1 -1 -1 -1
Read Memory C0000074=-1 -1 -1 -1
Read Memory C0000078=-1 -1 -1 -1
Read Memory C000007C=-1 -1 -1 -1
Read Memory C0000080=-1 -1 -1 -1
Read Memory C0000084=-1 -1 -1 -1
Read Memory C0000088=-1 -1 -1 -1
Read Memory C000008C=-1 -1 -1 -1
Read Memory C0000090=-1 -1 -1 -1
Read Memory C0000094=-1 -1 -1 -1
Read Memory C0000098=-1 -1 -1 -1
Read Memory C000009C=-1 -1 -1 -1
Read Memory C00000A0=-1 -1 -1 -1
Read Memory C00000A4=-1 -1 -1 -1
Read Memory C00000A8=-1 -1 -1 -1
Read Memory C00000AC=-1 -1 -1 -1
Read Memory C00000B0=-1 -1 -1 -1
Read Memory C00000B4=-1 -1 -1 -1
Read Memory C00000B8=-1 -1 -1 -1
Read Memory C00000BC=-1 -1 -1 -1
Read Memory C00000C0=-1 -1 -1 -1
Read Memory C00000C4=-1 -1 -1 -1
Read Memory C00000C8=-1 -1 -1 -1
Read Memory C00000CC=-1 -1 -1 -1
Read Memory C00000D0=-1 -1 -1 -1
Read Memory C00000D4=-1 -1 -1 -1
Read Memory C00000D8=-1 -1 -1 -1
Read Memory C00000DC=-1 -1 -1 -1
Read Memory C00000E0=-1 -1 -1 -1
Read Memory C00000E4=-1 -1 -1 -1
Read Memory C00000E8=-1 -1 -1 -1
Read Memory C00000EC=-1 -1 -1 -1
Read Memory C00000F0=-1 -1 -1 -1
Read Memory C00000F4=-1 -1 -1 -1
Read Memory C00000F8=-1 -1 -1 -1
Read Memory C00000FC=-1 -1 -1 -1
Read Memory at C0000100=C0 00 01 00
sending message number 07
<kDSReadMemory
received message number 07
Read Memory C0000100=C0 00 01 00
Read Memory C0000104=00 00 00 01
Read Memory C0000108=00 00 00 02
Read Memory C000010C=1F -1 -1 -1
Read Memory C0000110=-1 -1 -1 -1
Read Memory C0000114=-1 -1 -1 -1
Read Memory C0000118=-1 -1 -1 -1
Read Memory C000011C=-1 -1 -1 -1
Read Memory C0000120=-1 -1 -1 -1
Read Memory C0000124=-1 -1 -1 -1
Read Memory C0000128=-1 -1 -1 -1
Read Memory C000012C=-1 -1 -1 -1
Read Memory C0000130=-1 -1 -1 -1
Read Memory C0000134=-1 -1 -1 -1
Read Memory C0000138=-1 -1 -1 -1
Read Memory C000013C=-1 -1 -1 -1
Read Memory C0000140=-1 -1 -1 -1
Read Memory C0000144=-1 -1 -1 -1
Read Memory C0000148=-1 -1 -1 -1
Read Memory C000014C=-1 -1 -1 -1
Read Memory C0000150=-1 -1 -1 -1
Read Memory C0000154=-1 -1 -1 -1
Read Memory C0000158=-1 -1 -1 -1
Read Memory C000015C=-1 -1 -1 -1
Read Memory C0000160=-1 -1 -1 -1
Read Memory C0000164=-1 -1 -1 -1
Read Memory C0000168=-1 -1 -1 -1
Read Memory C000016C=-1 -1 -1 -1
Read Memory C0000170=-1 -1 -1 -1
Read Memory C0000174=-1 -1 -1 -1
Read Memory C0000178=-1 -1 -1 -1
Read Memory C000017C=-1 -1 -1 -1
Read Memory C0000180=-1 -1 -1 -1
Read Memory C0000184=-1 -1 -1 -1
Read Memory C0000188=-1 -1 -1 -1
Read Memory C000018C=-1 -1 -1 -1
Read Memory C0000190=-1 -1 -1 -1
Read Memory C0000194=-1 -1 -1 -1
Read Memory C0000198=-1 -1 -1 -1
Read Memory C000019C=-1 -1 -1 -1
Read Memory C00001A0=-1 -1 -1 -1
Read Memory C00001A4=-1 -1 -1 -1
Read Memory C00001A8=-1 -1 -1 -1
Read Memory C00001AC=-1 -1 -1 -1
Read Memory C00001B0=-1 -1 -1 -1
Read Memory C00001B4=-1 -1 -1 -1
Read Memory C00001B8=-1 -1 -1 -1
Read Memory C00001BC=-1 -1 -1 -1
Read Memory C00001C0=-1 -1 -1 -1
Read Memory C00001C4=-1 -1 -1 -1
Read Memory C00001C8=-1 -1 -1 -1
Read Memory C00001CC=-1 -1 -1 -1
Read Memory C00001D0=-1 -1 -1 -1
Read Memory C00001D4=-1 -1 -1 -1
Read Memory C00001D8=-1 -1 -1 -1
Read Memory C00001DC=-1 -1 -1 -1
Read Memory C00001E0=-1 -1 -1 -1
Read Memory C00001E4=-1 -1 -1 -1
Read Memory C00001E8=-1 -1 -1 -1
Read Memory C00001EC=-1 -1 -1 -1
Read Memory C00001F0=-1 -1 -1 -1
Read Memory C00001F4=-1 -1 -1 -1
Read Memory C00001F8=-1 -1 -1 -1
Read Memory C00001FC=-1 -1 -1 -1
>Disconnect
sending message number 08
<kDSDisconnect
received message number 08
>Close
>End+Exit

u must have written a wrong port or didnt change the ser# in the script go back to first page and read carefully .. its working on n82 (mr.nightshift) has it working so it must be something u missed ..

hope u get it :)

cheers

Can you tell me your N82 port in start - control panel - hardw - port?

So I edit for you my file for N82

bAsem

u must have written a wrong port or didnt change the ser# in the script go back to first page and read carefully .. its working on n82 (mr.nightshift) has it working so it must be something u missed ..

hope u get it

cheersi've checked and set
- real port
-and changed ser = string
And also reinstall pywin, pyserial and activepython....


lucasat
com4

below-changed to com4 py file

bAsem
lucasat
Thanks mate for your help!

I dont think it is the wrong port. you wouldnt get that far it is getting responses my guess is that it is a different version of the f/w and the stuff is not in the same place in memory or slightly different.. but just a guess


wish I could find a way to make it permanent with write access... hopefully soon.. niether approach works for me..

sevent33 Who told you than you can ?
This hack in not for unigned apps

bAsem
i've checked and set
- real port
-and changed ser = string
And also reinstall pywin, pyserial and activepython....


lucasat
com4

below-changed to com4 py file

bAsem
lucasat
Thanks mate for your help!

try this one .. i have a prefp1 so am not sure if its gonna work for ya . but its worth the try

lgkahn

I dont think it is the wrong port. you wouldnt get that far it is getting responses my guess is that it is a different version of the f/w and the stuff is not in the same place in memory or slightly different.. but just a guess


wish I could find a way to make it permanent with write access... hopefully soon.. niether approach works for me..

i'll hope/wish you can do it. If it helps you-firmware v11.0.117

@ Ferdin

1. I use python-2.5.2... download and install it
2. open my file rar and run py serial and pywin
3. Killed process PCSuite on system tray
4. connect usb cable and set on cell PCSuite
5. click on s60_3_1_app_trk_2_8_5 and install it (make suce you remove previous file on your cell)
6. Run TRK app on cell and make sure It work right connect. Not BlueTooth
7. Goto start - program - Pyton 2.5 and run PythonWin
8. Load hack_perms_s60v3_FP1 into my folde. I just set correct your port
9. run script

I hope in your good news

lucasat

1. I use python-2.5.2... download and install it
2. open my file rar and run py serial and pywin
3. Killed process PCSuite on system tray
4. connect usb cable and set on cell PCSuite
5. click on s60_3_1_app_trk_2_8_5 and install it (make suce you remove previous file on your cell)
6. Run TRK app on cell and make sure It work right connect. Not BlueTooth
7. Goto start - program - Pyton 2.5 and run PythonWin
8. Load hack_perms_s60v3_FP1 into my folde. I just set correct your port
9. run script
done


>>> Using port:
COM4
>Ping
sending message number 00
<kDSPing
received message number 00
>Connect
sending message number 01
<kDSConnect
received message number 01
>SupportMask
sending message number 02
<kDSSupportMask
received message number 02
ProcessID=0001 ThreadID=0002
>Test 0xC8xxxxxx
Read Memory at C0000148=C0 00 01 48
sending message number 03
<kDSReadMemory
received message number 03
Read Memory C0000148=C0 00 01 48
>Scanning memory 0xC8000000 and 0xC0000000
Read Memory at C8000000=C8 00 00 00
sending message number 04
<kDSReadMemory
received message number 04
Read Memory C8000000=C8 00 00 00
Read Memory C8000004=00 00 00 01
Read Memory C8000008=00 00 00 02
Read Memory C800000C=1B -1 -1 -1
Read Memory C8000010=-1 -1 -1 -1
Read Memory C8000014=-1 -1 -1 -1
Read Memory C8000018=-1 -1 -1 -1
Read Memory C800001C=-1 -1 -1 -1
Read Memory C8000020=-1 -1 -1 -1
Read Memory C8000024=-1 -1 -1 -1
Read Memory C8000028=-1 -1 -1 -1
Read Memory C800002C=-1 -1 -1 -1
Read Memory C8000030=-1 -1 -1 -1
Read Memory C8000034=-1 -1 -1 -1
Read Memory C8000038=-1 -1 -1 -1
Read Memory C800003C=-1 -1 -1 -1
Read Memory C8000040=-1 -1 -1 -1
Read Memory C8000044=-1 -1 -1 -1
Read Memory C8000048=-1 -1 -1 -1
Read Memory C800004C=-1 -1 -1 -1
Read Memory C8000050=-1 -1 -1 -1
Read Memory C8000054=-1 -1 -1 -1
Read Memory C8000058=-1 -1 -1 -1
Read Memory C800005C=-1 -1 -1 -1
Read Memory C8000060=-1 -1 -1 -1
Read Memory C8000064=-1 -1 -1 -1
Read Memory C8000068=-1 -1 -1 -1
Read Memory C800006C=-1 -1 -1 -1
Read Memory C8000070=-1 -1 -1 -1
Read Memory C8000074=-1 -1 -1 -1
Read Memory C8000078=-1 -1 -1 -1
Read Memory C800007C=-1 -1 -1 -1
Read Memory C8000080=-1 -1 -1 -1
Read Memory C8000084=-1 -1 -1 -1
Read Memory C8000088=-1 -1 -1 -1
Read Memory C800008C=-1 -1 -1 -1
Read Memory C8000090=-1 -1 -1 -1
Read Memory C8000094=-1 -1 -1 -1
Read Memory C8000098=-1 -1 -1 -1
Read Memory C800009C=-1 -1 -1 -1
Read Memory C80000A0=-1 -1 -1 -1
Read Memory C80000A4=-1 -1 -1 -1
Read Memory C80000A8=-1 -1 -1 -1
Read Memory C80000AC=-1 -1 -1 -1
Read Memory C80000B0=-1 -1 -1 -1
Read Memory C80000B4=-1 -1 -1 -1
Read Memory C80000B8=-1 -1 -1 -1
Read Memory C80000BC=-1 -1 -1 -1
Read Memory C80000C0=-1 -1 -1 -1
Read Memory C80000C4=-1 -1 -1 -1
Read Memory C80000C8=-1 -1 -1 -1
Read Memory C80000CC=-1 -1 -1 -1
Read Memory C80000D0=-1 -1 -1 -1
Read Memory C80000D4=-1 -1 -1 -1
Read Memory C80000D8=-1 -1 -1 -1
Read Memory C80000DC=-1 -1 -1 -1
Read Memory C80000E0=-1 -1 -1 -1
Read Memory C80000E4=-1 -1 -1 -1
Read Memory C80000E8=-1 -1 -1 -1
Read Memory C80000EC=-1 -1 -1 -1
Read Memory C80000F0=-1 -1 -1 -1
Read Memory C80000F4=-1 -1 -1 -1
Read Memory C80000F8=-1 -1 -1 -1
Read Memory C80000FC=-1 -1 -1 -1
Read Memory at C8000100=C8 00 01 00
sending message number 05
<kDSReadMemory
received message number 05
Read Memory C8000100=C8 00 01 00
Read Memory C8000104=00 00 00 01
Read Memory C8000108=00 00 00 02
Read Memory C800010C=19 -1 -1 -1
Read Memory C8000110=-1 -1 -1 -1
Read Memory C8000114=-1 -1 -1 -1
Read Memory C8000118=-1 -1 -1 -1
Read Memory C800011C=-1 -1 -1 -1
Read Memory C8000120=-1 -1 -1 -1
Read Memory C8000124=-1 -1 -1 -1
Read Memory C8000128=-1 -1 -1 -1
Read Memory C800012C=-1 -1 -1 -1
Read Memory C8000130=-1 -1 -1 -1
Read Memory C8000134=-1 -1 -1 -1
Read Memory C8000138=-1 -1 -1 -1
Read Memory C800013C=-1 -1 -1 -1
Read Memory C8000140=-1 -1 -1 -1
Read Memory C8000144=-1 -1 -1 -1
Read Memory C8000148=-1 -1 -1 -1
Read Memory C800014C=-1 -1 -1 -1
Read Memory C8000150=-1 -1 -1 -1
Read Memory C8000154=-1 -1 -1 -1
Read Memory C8000158=-1 -1 -1 -1
Read Memory C800015C=-1 -1 -1 -1
Read Memory C8000160=-1 -1 -1 -1
Read Memory C8000164=-1 -1 -1 -1
Read Memory C8000168=-1 -1 -1 -1
Read Memory C800016C=-1 -1 -1 -1
Read Memory C8000170=-1 -1 -1 -1
Read Memory C8000174=-1 -1 -1 -1
Read Memory C8000178=-1 -1 -1 -1
Read Memory C800017C=-1 -1 -1 -1
Read Memory C8000180=-1 -1 -1 -1
Read Memory C8000184=-1 -1 -1 -1
Read Memory C8000188=-1 -1 -1 -1
Read Memory C800018C=-1 -1 -1 -1
Read Memory C8000190=-1 -1 -1 -1
Read Memory C8000194=-1 -1 -1 -1
Read Memory C8000198=-1 -1 -1 -1
Read Memory C800019C=-1 -1 -1 -1
Read Memory C80001A0=-1 -1 -1 -1
Read Memory C80001A4=-1 -1 -1 -1
Read Memory C80001A8=-1 -1 -1 -1
Read Memory C80001AC=-1 -1 -1 -1
Read Memory C80001B0=-1 -1 -1 -1
Read Memory C80001B4=-1 -1 -1 -1
Read Memory C80001B8=-1 -1 -1 -1
Read Memory C80001BC=-1 -1 -1 -1
Read Memory C80001C0=-1 -1 -1 -1
Read Memory C80001C4=-1 -1 -1 -1
Read Memory C80001C8=-1 -1 -1 -1
Read Memory C80001CC=-1 -1 -1 -1
Read Memory C80001D0=-1 -1 -1 -1
Read Memory C80001D4=-1 -1 -1 -1
Read Memory C80001D8=-1 -1 -1 -1
Read Memory C80001DC=-1 -1 -1 -1
Read Memory C80001E0=-1 -1 -1 -1
Read Memory C80001E4=-1 -1 -1 -1
Read Memory C80001E8=-1 -1 -1 -1
Read Memory C80001EC=-1 -1 -1 -1
Read Memory C80001F0=-1 -1 -1 -1
Read Memory C80001F4=-1 -1 -1 -1
Read Memory C80001F8=-1 -1 -1 -1
Read Memory C80001FC=-1 -1 -1 -1
Read Memory at C0000000=C0 00 00 00
sending message number 06
<kDSReadMemory
received message number 06
Read Memory C0000000=C0 00 00 00
Read Memory C0000004=00 00 00 01
Read Memory C0000008=00 00 00 02
Read Memory C000000C=21 -1 -1 -1
Read Memory C0000010=-1 -1 -1 -1
Read Memory C0000014=-1 -1 -1 -1
Read Memory C0000018=-1 -1 -1 -1
Read Memory C000001C=-1 -1 -1 -1
Read Memory C0000020=-1 -1 -1 -1
Read Memory C0000024=-1 -1 -1 -1
Read Memory C0000028=-1 -1 -1 -1
Read Memory C000002C=-1 -1 -1 -1
Read Memory C0000030=-1 -1 -1 -1
Read Memory C0000034=-1 -1 -1 -1
Read Memory C0000038=-1 -1 -1 -1
Read Memory C000003C=-1 -1 -1 -1
Read Memory C0000040=-1 -1 -1 -1
Read Memory C0000044=-1 -1 -1 -1
Read Memory C0000048=-1 -1 -1 -1
Read Memory C000004C=-1 -1 -1 -1
Read Memory C0000050=-1 -1 -1 -1
Read Memory C0000054=-1 -1 -1 -1
Read Memory C0000058=-1 -1 -1 -1
Read Memory C000005C=-1 -1 -1 -1
Read Memory C0000060=-1 -1 -1 -1
Read Memory C0000064=-1 -1 -1 -1
Read Memory C0000068=-1 -1 -1 -1
Read Memory C000006C=-1 -1 -1 -1
Read Memory C0000070=-1 -1 -1 -1
Read Memory C0000074=-1 -1 -1 -1
Read Memory C0000078=-1 -1 -1 -1
Read Memory C000007C=-1 -1 -1 -1
Read Memory C0000080=-1 -1 -1 -1
Read Memory C0000084=-1 -1 -1 -1
Read Memory C0000088=-1 -1 -1 -1
Read Memory C000008C=-1 -1 -1 -1
Read Memory C0000090=-1 -1 -1 -1
Read Memory C0000094=-1 -1 -1 -1
Read Memory C0000098=-1 -1 -1 -1
Read Memory C000009C=-1 -1 -1 -1
Read Memory C00000A0=-1 -1 -1 -1
Read Memory C00000A4=-1 -1 -1 -1
Read Memory C00000A8=-1 -1 -1 -1
Read Memory C00000AC=-1 -1 -1 -1
Read Memory C00000B0=-1 -1 -1 -1
Read Memory C00000B4=-1 -1 -1 -1
Read Memory C00000B8=-1 -1 -1 -1
Read Memory C00000BC=-1 -1 -1 -1
Read Memory C00000C0=-1 -1 -1 -1
Read Memory C00000C4=-1 -1 -1 -1
Read Memory C00000C8=-1 -1 -1 -1
Read Memory C00000CC=-1 -1 -1 -1
Read Memory C00000D0=-1 -1 -1 -1
Read Memory C00000D4=-1 -1 -1 -1
Read Memory C00000D8=-1 -1 -1 -1
Read Memory C00000DC=-1 -1 -1 -1
Read Memory C00000E0=-1 -1 -1 -1
Read Memory C00000E4=-1 -1 -1 -1
Read Memory C00000E8=-1 -1 -1 -1
Read Memory C00000EC=-1 -1 -1 -1
Read Memory C00000F0=-1 -1 -1 -1
Read Memory C00000F4=-1 -1 -1 -1
Read Memory C00000F8=-1 -1 -1 -1
Read Memory C00000FC=-1 -1 -1 -1
Read Memory at C0000100=C0 00 01 00
sending message number 07
<kDSReadMemory
received message number 07
Read Memory C0000100=C0 00 01 00
Read Memory C0000104=00 00 00 01
Read Memory C0000108=00 00 00 02
Read Memory C000010C=1F -1 -1 -1
Read Memory C0000110=-1 -1 -1 -1
Read Memory C0000114=-1 -1 -1 -1
Read Memory C0000118=-1 -1 -1 -1
Read Memory C000011C=-1 -1 -1 -1
Read Memory C0000120=-1 -1 -1 -1
Read Memory C0000124=-1 -1 -1 -1
Read Memory C0000128=-1 -1 -1 -1
Read Memory C000012C=-1 -1 -1 -1
Read Memory C0000130=-1 -1 -1 -1
Read Memory C0000134=-1 -1 -1 -1
Read Memory C0000138=-1 -1 -1 -1
Read Memory C000013C=-1 -1 -1 -1
Read Memory C0000140=-1 -1 -1 -1
Read Memory C0000144=-1 -1 -1 -1
Read Memory C0000148=-1 -1 -1 -1
Read Memory C000014C=-1 -1 -1 -1
Read Memory C0000150=-1 -1 -1 -1
Read Memory C0000154=-1 -1 -1 -1
Read Memory C0000158=-1 -1 -1 -1
Read Memory C000015C=-1 -1 -1 -1
Read Memory C0000160=-1 -1 -1 -1
Read Memory C0000164=-1 -1 -1 -1
Read Memory C0000168=-1 -1 -1 -1
Read Memory C000016C=-1 -1 -1 -1
Read Memory C0000170=-1 -1 -1 -1
Read Memory C0000174=-1 -1 -1 -1
Read Memory C0000178=-1 -1 -1 -1
Read Memory C000017C=-1 -1 -1 -1
Read Memory C0000180=-1 -1 -1 -1
Read Memory C0000184=-1 -1 -1 -1
Read Memory C0000188=-1 -1 -1 -1
Read Memory C000018C=-1 -1 -1 -1
Read Memory C0000190=-1 -1 -1 -1
Read Memory C0000194=-1 -1 -1 -1
Read Memory C0000198=-1 -1 -1 -1
Read Memory C000019C=-1 -1 -1 -1
Read Memory C00001A0=-1 -1 -1 -1
Read Memory C00001A4=-1 -1 -1 -1
Read Memory C00001A8=-1 -1 -1 -1
Read Memory C00001AC=-1 -1 -1 -1
Read Memory C00001B0=-1 -1 -1 -1
Read Memory C00001B4=-1 -1 -1 -1
Read Memory C00001B8=-1 -1 -1 -1
Read Memory C00001BC=-1 -1 -1 -1
Read Memory C00001C0=-1 -1 -1 -1
Read Memory C00001C4=-1 -1 -1 -1
Read Memory C00001C8=-1 -1 -1 -1
Read Memory C00001CC=-1 -1 -1 -1
Read Memory C00001D0=-1 -1 -1 -1
Read Memory C00001D4=-1 -1 -1 -1
Read Memory C00001D8=-1 -1 -1 -1
Read Memory C00001DC=-1 -1 -1 -1
Read Memory C00001E0=-1 -1 -1 -1
Read Memory C00001E4=-1 -1 -1 -1
Read Memory C00001E8=-1 -1 -1 -1
Read Memory C00001EC=-1 -1 -1 -1
Read Memory C00001F0=-1 -1 -1 -1
Read Memory C00001F4=-1 -1 -1 -1
Read Memory C00001F8=-1 -1 -1 -1
Read Memory C00001FC=-1 -1 -1 -1
>Disconnect
sending message number 08
<kDSDisconnect
received message number 08
>Close
>End+Exit

the same result :(

I have firmware upgrade do to v 21.016 N95 I have this massage can sambody to help me

PythonWin 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32.
Portions Copyright 1994-2006 Mark Hammond - see 'Help/About PythonWin' for further copyright information.
>>> Using port:
\\.\COM15
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
Frame does not end with 0x7E:-1
showFrameChecksum-incorrect:-1
received message number -1
>SupportMask
sending message number 02
Traceback (most recent call last):
File "C:\Python25\Lib\site-packages\pythonwin\pywin\framework\scriptutils.py", line 310, in RunScript
exec codeObject in __main__.__dict__
File "C:\Documents and Settings\sevent\Desktop\hack_perms_s60v3_FP1.py", line 360, in <module>
sendFrame(ser,encodeHeaderCKFrame([0x05,iCommand,-1])) # SupportMask
File "C:\Documents and Settings\sevent\Desktop\hack_perms_s60v3_FP1.py", line 197, in sendFrame
ser.write(chr(i))
File "C:\Python25\Lib\site-packages\serial\serialwin32.py", line 220, in write
err, n = win32file.WriteFile(self.hComPort, s, self._overlappedWrite)
error: (31, 'WriteFile', 'A device attached to the system is not functioning.')
>>>

Ok Ferdin

I think maybe your firm. Infact I've original version but you have just upgrade

GREAT NEWS UPDATE :thanks for mr.nightshift for the link . and to FCA00000 for all his efforts all credits go

to that great man ..

now u can use the hack on ur own phone with no need for the pc (except to apply the hack for

the first time only) here is what he said...


[b]"" This is a way to apply the hack without need of a computer.
Don't get too excited: you NEED to hack it the first time, although not afterwards.

This initial post is only for people having a preFP1 phone: N80, E50, E61, N73, E60.
Doesn't work for FP1 models: N95, 5700, N81, N82

I

I can confirm that this 2nd hack works on my n80ie too!

Thanx m8

:excited:

sevent33 you have something wrong with serial port. Maybe you installed too old software ?
Try reinstall it.

gratz rasdonny ... am happy for ya ..

@ferdin .. have u tried mine yet ...

bAsem

have u tried mine yet ...
yes, but the same result :(

i think u have pcsuite running on the background and using the port .. try killing it ..

or if all else fail just remove it and try .. who uses the suite anyways it sucks .. :D

i always have mine on mass storage

And bonus from me:)
Install X-plore and Modo to C:\ drive, and replace files in sys folder with mine and you get full acces modo and self-acces x-plore after reboot:)

i installed these files but although i can see within the hidden folders with x-plore, i can't write to these folders or delete any files in them :(

question - do i have to execute the modo.exe file myself, am just thinking, maybe i dont know how to use this modo.exe or modoserver.exe ???

...anyone can help?

i did the trick with xplore and sudenly an app called modo appeared.its a filexplorer and can access system files even after restart.i had done the trick 2 days before and it appeared suddenly now.loool.anyway i have access now.i can remove xplore now?

Using nokia 6110
After hack (get candidate thing!!!) still cannot install unsiged application.
Try to install mobisophy phone pilot.
then what is use of this hack??

Using nokia 6110
After hack (get candidate thing!!!) still cannot install unsiged application.
Try to install mobisophy phone pilot.
then what is use of this hack??
My god, what a stupid question. "What is use of this hack"?!?
Are you think that only installing apps without signing is substantially???:LoL:

Man, with this hack you have permission to all system files and folders inside the phone. That permission alow to finaly made full backup of complete system, to copy/paste important files from "C" drive, to have full access to "Z" drive files, .... to backup everything, ....... N-Gage Arena "savegame" files for example, operator logo lastly can be done, ... blah, blah, ....
And you asking: "what is use of this hack"?!?
Better buy some fancy J2mE phone and leave this smart phones to experts!:exactly:

My god, what a stupid question. "What is use of this hack"?!?
Are you think that only installing apps without signing is substantially???:LoL:

Man, with this hack you have permission to all system files and folders inside the phone. That permission alow to finaly made full backup of complete system, to copy/paste important files from "C" drive, to have full access to "Z" drive files, .... to backup everything, ......."savegame" files for example, operator logo lastly can be done, ... blah, blah, ....
And you asking: "what is use of this hack"?!?
Better buy some fancy J2mE phone and leave this smart phones to experts!:exactly:

Oh that's not allow we install unsinged apps?? goshh

yeah unsigned apps cant be installed.

yeah unsigned apps cant be installed.
Clever answer from you
million thanx to you

@arekey, don't spam anymore this thread!
If you dont have own .cer file and need signing apps go to proper thread and leave this one clean for further usefull comments.
Thanx!

Hello guys..
Lets keep evrything in peace :weedman:
dont use abusive language..

whatever.the use of this hack right now is that we could crack nokia maps and ngage games maybe as we have full access to files of phone default apps.we should wait and see.

i also think that a much more easy process will be released that will make it possible to install unsigned apps too.

I agree with you aristothelhs2060 ...
25th March 2008 was the "D" day for S60v3fp1 devices ---- NOW IT'S ALL EASY!!! ;)
We S60 users should remember for all time name: FCA00000!:dance:

hell yeah brothers :D its D day allright :excited: and guyz please stop the off topic

I say once and again: not working.
After phone reboot i did:

4.1) icons->Profiler
4.2) menu Options->Profiler->Start. It says 'Status: initialising'
4.3) then it says 'Status: sampling'
4.4) Options->Profiler->Stop
4.5) it says 'Status: finished'
4.6) Exit
All going well, BUT ... when i start X-Plore or any file manager i cannot open "private" or "sys" folders.

Still must practise PythonWin procedure ...

I'm successful, now work fine on my N82

Can you try to uninstalled and reinstall X-plore?

[Only registered and activated users can see links]

Now, I can see folders SYS and PRIVATE.

Probably the METHOD didn't work because the X-plorer had already installed previously to unlock the phone with Pyton ...

Can you try?.

However, I can't understand why it worked without installing CARDIBE and I noticed that I did not file any CProxxx into my sys\has .
Another strange thing X-Plorer not asking me to insert any serial

I hope you understand my bad english

@lucasat, it's not a problem i can try to uninstall and reinstall X-plore, but this is not related only to X-Plore ... "private & sys" folders must be visible in all S60v3 file managers ...

@lucasat,
...must be visible in all S60v3 file managers ...

No... It isn't
I see only Y-Brower and X-plore... Not with Active manager...

However, I found I found what was my problem... I'we installed in Memory Card... and I wrong... Must be install ONLY in Memory Phone

I'm sorry 4 you

I just try again with fresh installation of X-Plore, i try both version of S60_3_1_Prof_v1_62 installed in phone memory/memory card .... blah, blah ... and not working.
Never mind, it's not hard to connect phone to the USB cable and run PythonWin for few seconds!:)

I just try again with fresh installation of X-Plore, i try both version of S60_3_1_Prof_v1_62 installed in phone memory/memory card .... blah, blah ... and not working.
Never mind, it's not hard to connect phone to the USB cable and run PythonWin for few seconds!:)

which phone do u have the n82 or n81 .. ?? coz am sure the n82 is working with the patch

N95-1 is my phone!
Never mind, thanx for your effort guys, i have still two solution: on every restart - PythonWin, or use X-plore and MODO!;)

yesssssssssssssssssssssssssssss it work

Will this void our warranty?

Will this void our warranty?

no i dont think it would . it doesnt involve any fw modification .. its a software hack...

u can always disable before giving it to the nokia service center

Am i allowed to post a link to rapidshare with all the files for the hack as well as how to install the unsigned apps and xplore in one file?

the files are allready posted .. but the tuto for unsigned apps would be very usefull

finally here is a method that works for applying the hack without having to hook it up to your computer.. but must be installed to c drive doesn't work on e

this is for fp1 also works on my n81

thanks

[Only registered and activated users can see links]

finally here is a method that works for applying the hack without having to hook it up to your computer.. but must be installed to c drive doesn't work on e

this is for fp1 also works on my n81

thanks

[Only registered and activated users can see links]

No you are wrong mate. You still need to use the method described in the first post of this thread for the first time since you need to copy the driver to c:\sys\bin

I didn't say you don't need to use the first method.. but this is the first method that after you hack you don't have to keep hooking it up to the computer.. read the posts the other methods don't work on the n81 (I have yet to find someone that has gotten the profiler method working on the n81 and many on the n95's are having the same issues).

Dude is this method work in
Version 21.0.0.016
14-02-08
RM-159
Nokia N95 (01.01)

Because i'm afraid the hack wouldn't work anywork if i upgrade my firmware

not working on E65 get errors
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

help

@kevinh
Dont worry N95 with v21.0.0.016 should work with method describe here..

Great work by FCA00000 and all involved here :)

Does this apptrk works on N73? Because it didn't connect to PC on my phone. I start the app, change BT to USB and press 'connect' but nothing happens.

does it says connected .. if it does then its working fine .. then u continue the rest of the method on ur pc with the python and the script as written in the tuto :)

finally here is a method that works for applying the hack without having to hook it up to your computer.. but must be installed to c drive doesn't work on e

this is for fp1 also works on my n81

thanks

[Only registered and activated users can see links]

thanks for the info ... rep++ to u :)

and i updated my first post with those files .. in an effort to make it an AIO tuto :D

thanks again

does it says connected .. if it does then its working fine .. then u continue the rest of the method on ur pc with the python and the script as written in the tuto :)

No it doesn't. I press 'connect' and nothing happens. I installed this apptrk application to phone memory, maybe it has to be installed on E?

hi
can someone help me i get this when i run the script
i have E65

Using port:
COM6
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

myakove, why dont you read carefully for change that first page of this thread?
What is your proper COM port used by USB cable on the PC?

i need some help as well. i get the the step where i need to run hack_perms_s60v3.py but when i run it the window just immediately dissapears. i have the com set up correctly and everything else is right.

edit: i have an n81 with the 8gb

myakove, why dont you read carefully for change that first page of this thread?
What is your proper COM port used by USB cable on the PC?

thanks for the reply
i have COM6 so i don't need to change the script (configure on ser=5)
Nokia E65 USB (COM6)

[Only registered and activated users can see links]

The above file has every file needed to do this procedure as well as 'installing' unsigned apps. There is my own hot to text file as well as some web sites that have been saved with guides. Enjoy :good2:

hi
can someone help me i get this when i run the script
i have E65

Using port:
COM6
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit


here are the possibilities where u could have gone wrong :

1)wrong com setting (recheck)

2)ur not running the trk and connecting it on ur phone ..

3)have the pc suite running on the background(kill the suite from the task manager)

4)ur using the wrong file (n81 is fp1 .. so use the fp1 python script)

5)ur using vista (it has problems with the hack)

6)u dont read the posts carefully ... lol

hope this helps you in some way

I have a n75 and I'm getting this error. Can someone help?

1. pc is show com4 so I edited the .py to com3
2. apptrk shows it's connected
3. killed pc suite
4. i tried both .py files
5. i'm using xp
6. i'm sure i followed the right instructions.

Result with hack_perms_s60v3_FP1.py

C:\dan\n75\hack\hack_perms_s60v3>hack_perms_s60v3_FP1.py
Using port:
COM4
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>SupportMask
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyNoError
Level=DS_PROTOCOL_RTOS. (OS-level debugger)
ProcessID=0001 ThreadID=0002
>Test 0xC8xxxxxx
Read Memory at C0000148=C0 00 01 48
sending message number 03
<kDSReplyACK
received message number 03
kDSReplyOsError
The OS reported an error :-(
>Scanning memory 0xC8000000 and 0xC0000000
Read Memory at C8000000=C8 00 00 00
sending message number 04
<kDSReplyACK
received message number 04
kDSReplyOsError
The OS reported an error :-(
Read Memory at C8000100=C8 00 01 00
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyOsError
The OS reported an error :-(
Read Memory at C0000000=C0 00 00 00
sending message number 06
<kDSReplyACK
received message number 06
kDSReplyOsError
The OS reported an error :-(
Read Memory at C0000100=C0 00 01 00
sending message number 07
<kDSReplyACK
received message number 07
kDSReplyOsError
The OS reported an error :-(
>Disconnect
sending message number 08
<kDSReplyACK
received message number 08
kDSReplyNoError
>Close
>End+Exit


------------------

hack_perms_s60v3.py

Using port:
COM4
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

which did u adjust the com or the (ser) part .. u should edit the number in this part ser = serial.Serial(3)

n75 is a prefp1 so use the prefp1 .. other than that maybe u could close ur antivirus and please make sure u closed the suite correctly .. before connection ur usb cable

which did u adjust the com or the (ser) part .. u should edit the number in this part ser = serial.Serial(3)

n75 is a prefp1 so use the prefp1 .. other than that maybe u could close ur antivirus and please make sure u closed the suite correctly .. before connection ur usb cable

It's already set to com3. Where can i get prefp1 file?

tested on n91 the apptrck doesnt connect :(

Yeah I agree with him
tried on my N91 8GB it does not connect

I have a n75 and I'm getting this error. Can someone help?

1. pc is show com4 so I edited the .py to com3
2. apptrk shows it's connected
3. killed pc suite
4. i tried both .py files
5. i'm using xp
6. i'm sure i followed the right instructions.

Result with hack_perms_s60v3_FP1.py

C:\dan\n75\hack\hack_perms_s60v3>hack_perms_s60v3_FP1.py
Using port:
COM4
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>SupportMask
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyNoError
Level=DS_PROTOCOL_RTOS. (OS-level debugger)
ProcessID=0001 ThreadID=0002
>Test 0xC8xxxxxx
Read Memory at C0000148=C0 00 01 48
sending message number 03
<kDSReplyACK
received message number 03
kDSReplyOsError
The OS reported an error :-(
>Scanning memory 0xC8000000 and 0xC0000000
Read Memory at C8000000=C8 00 00 00
sending message number 04
<kDSReplyACK
received message number 04
kDSReplyOsError
The OS reported an error :-(
Read Memory at C8000100=C8 00 01 00
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyOsError
The OS reported an error :-(
Read Memory at C0000000=C0 00 00 00
sending message number 06
<kDSReplyACK
received message number 06
kDSReplyOsError
The OS reported an error :-(
Read Memory at C0000100=C0 00 01 00
sending message number 07
<kDSReplyACK
received message number 07
kDSReplyOsError
The OS reported an error :-(
>Disconnect
sending message number 08
<kDSReplyACK
received message number 08
kDSReplyNoError
>Close
>End+Exit


------------------

hack_perms_s60v3.py

Using port:
COM4
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

I had the same issue, and I think it depends on the python script (btw, you don't have a FP1 device so you should use hack_perms_s60v3.py).
Download the latest one (download link is below) and try again, it worked fine on my N73. Hope this helps! :D

hxxp://fca00000.googlepages.com/hack_perms_s60v3.py

I change the port to ser(18) and run the hack.. however, the hack just reboots my phone and I get the errors below.

C:\Python25>python.exe hack_perms_s60v3.py
Using port:
\\.\COM19
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
Frame does not end with 0x7E:-1
showFrameChecksum-incorrect:-1
received message number -1
>Create Item
sending message number 02
Traceback (most recent call last):
File "hack_perms_s60v3.py", line 376, in <module>
sendFrame(ser,encodeHeaderCKFrame([0x40,iCommand,0x00,0x00,0x00,0x00,0x15,0x
43,0x3A,0x5C,0x48,0x65,0x6C,0x6C,0x6F,0x43,0x61,0x 72,0x62,0x69,0x64,0x65,0x2E,0x
65,0x78,0x65,0x00,0x00,-1])) # Create Item
File "hack_perms_s60v3.py", line 180, in sendFrame
ser.write(chr(i))
File "C:\Python25\Lib\site-packages\serial\serialwin32.py", line 220, in write

err, n = win32file.WriteFile(self.hComPort, s, self._overlappedWrite)
pywintypes.error: (31, 'WriteFile', 'A device attached to the system is not func
tioning.')


I have also tried the latest from the link above and that has not worked.

please help
after running hack_perms_s60v3.py
appeared blach window with these words

using port
com6(my com is 6)
ping
sending message number 00

here is screen shot [Only registered and activated users can see links]
what i need to do ? or what is my mistake ?:afraid:

please help
after running hack_perms_s60v3.py
appeared blach window with these words

using port
com6(my com is 6)
ping
sending message number 00

what i need to do ? or what is my mistake ?

Are you using Windows Vista?

Are you using Windows Vista?

yes i am using vista home pre
shot: [Only registered and activated users can see links]

Shohob, try 2check all the error possibility by basem above
[Only registered and activated users can see links]

I had the same prob like u b4.. Then I restarted my phone, Connect my phone 2pc, open the py script, last one I open the profiler.. And it works as a charm..

Well, I have hacked both my N73 and N95-2. In my experience, the python script for OS9.2 works well no matter the OS (XP or Vista), but OS9.1's didn't work on Vista (same problem as yours, the process got stuck on a black screen).
I have a dual boot on my pc so I switched to XP, tried again and everything went fine.
I suggest you to try again on a different operating system, if you can! :)

thank very much you I will try it :)

oh my god,it works great with nokia 3250!!!!
thanx for posting mate!!!

daddyfatsax
i am trying it on my brother new pc with XP :)

daddyfatsax
i am trying it on my brother new pc with XP :)

Post results, then :)

now i have :
Using port:
COM5
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>Create Item
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyOsError
ProcessID=-1-1 ThreadID=-1-1
>Read Memory 0x60000100
Read Memory at 60000100=60 00 01 00
sending message number 03
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 03
kDSReplyPacketSizeError
Read Memory 60000100=-1 -1 -1 -1
Read Memory 60000104=-1 -1 -1 -1
Read Memory 60000108=-1 -1 -1 -1
Read Memory 6000010C=-1 -1 -1 -1
Read Memory 60000110=-1 -1 -1 -1
Read Memory 60000114=-1 -1 -1 -1
Read Memory 60000118=-1 -1 -1 -1
Read Memory 6000011C=-1 -1 -1 -1
Read Memory 60000120=-1 -1 -1 -1
Read Memory 60000124=-1 -1 -1 -1
Read Memory 60000128=-1 -1 -1 -1
Read Memory 6000012C=-1 -1 -1 -1
Read Memory 60000130=-1 -1 -1 -1
Read Memory 60000134=-1 -1 -1 -1
Read Memory 60000138=-1 -1 -1 -1
Read Memory 6000013C=-1 -1 -1 -1
Read Memory 60000140=-1 -1 -1 -1
Read Memory 60000144=-1 -1 -1 -1
Read Memory 60000148=-1 -1 -1 -1
Read Memory 6000014C=-1 -1 -1 -1
Read Memory 60000150=-1 -1 -1 -1
Read Memory 60000154=-1 -1 -1 -1
Read Memory 60000158=-1 -1 -1 -1
Read Memory 6000015C=-1 -1 -1 -1
Read Memory 60000160=-1 -1 -1 -1
Read Memory 60000164=-1 -1 -1 -1
Read Memory 60000168=-1 -1 -1 -1
Read Memory 6000016C=-1 -1 -1 -1
Read Memory 60000170=-1 -1 -1 -1
Read Memory 60000174=-1 -1 -1 -1
Read Memory 60000178=-1 -1 -1 -1
Read Memory 6000017C=-1 -1 -1 -1
Read Memory 60000180=-1 -1 -1 -1
Read Memory 60000184=-1 -1 -1 -1
Read Memory 60000188=-1 -1 -1 -1
Read Memory 6000018C=-1 -1 -1 -1
Read Memory 60000190=-1 -1 -1 -1
Read Memory 60000194=-1 -1 -1 -1
Read Memory 60000198=-1 -1 -1 -1
Read Memory 6000019C=-1 -1 -1 -1
Read Memory 600001A0=-1 -1 -1 -1
Read Memory 600001A4=-1 -1 -1 -1
Read Memory 600001A8=-1 -1 -1 -1
Read Memory 600001AC=-1 -1 -1 -1
Read Memory 600001B0=-1 -1 -1 -1
Read Memory 600001B4=-1 -1 -1 -1
Read Memory 600001B8=-1 -1 -1 -1
Read Memory 600001BC=-1 -1 -1 -1
Read Memory 600001C0=-1 -1 -1 -1
Read Memory 600001C4=-1 -1 -1 -1
Read Memory 600001C8=-1 -1 -1 -1
Read Memory 600001CC=-1 -1 -1 -1
Read Memory 600001D0=-1 -1 -1 -1
Read Memory 600001D4=-1 -1 -1 -1
Read Memory 600001D8=-1 -1 -1 -1
Read Memory 600001DC=-1 -1 -1 -1
Read Memory 600001E0=-1 -1 -1 -1
Read Memory 600001E4=-1 -1 -1 -1
Read Memory 600001E8=-1 -1 -1 -1
Read Memory 600001EC=-1 -1 -1 -1
Read Memory 600001F0=-1 -1 -1 -1
Read Memory 600001F4=-1 -1 -1 -1
Read Memory 600001F8=-1 -1 -1 -1
Read Memory 600001FC=-1 -1 -1 -1
>Stop
sending message number 04
<kDSReplyNAK !!!!!!!!!!!!!!!!!!
received message number 04
kDSReplyPacketSizeError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyNoError
>Close
>End+Exit

Use this python script:

hxxp://fca00000.googlepages.com/hack_perms_s60v3.py

(the script I have downloaded from this thread doesn't work!!)

and verify that you typed the correct port!

ure it works now i knew my mistake :)

daddyfatsax , PHoeZies
thank you bro's it works perfect :) , i am soo happy :)))))

daddyfatsax per added :ilove:

Glad to know you sorted out, mate! :)

Use this python script:

hxxp://fca00000.googlepages.com/hack_perms_s60v3.py

(the script I have downloaded from this thread doesn't work!!)

and verify that you typed the correct port!



r u sure it doesnt work .. coz its the same one i used on my phone ..

please verify .. also this is the same place where i got my file from

and lastly thanks for helping people out .. rep++ to u

nice one mate, keep up the good work

r u sure it doesnt work .. coz its the same one i used on my phone ..

please verify .. also this is the same place where i got my file from

and lastly thanks for helping people out .. rep++ to u

Yes mate, compare the file on the author's website and the one you have attached to your tutorial (prefp1(n80,n73..etc).rar) and you'll see they're different. :)

too complicated but thanx anyway for your help rep to you

thats vert weird .. coz its the one am using on my n80 right now .. and ITS WORKING

what the hell

Mine is version 0.2, mate... it has been posted by the author on 03-10-08.
Yours is v0.0 (date: 03-08-08) and apparently isn't suited for all OS9.1 devices, since it didn't work on my N73 ME.
I suggest you to update your post with the newest version!
Oh and btw, rep added for your work too! :)

Mine is version 0.2, mate... it has been posted by the author on 03-10-08.
Yours is v0.0 (date: 03-08-08) and apparently isn't suited for all OS9.1 devices, since it didn't work on my N73 ME.
I suggest you to update your post with the newest version!
Oh and btw, rep added for your work too! :)



attached ur new updated script to the first page .. thanks alot for the heads up mate .. ur a good man .. cheers

:COOL:

tried it on my n80 and its working .. so its tested ..

attached ur new updated script to the first post .. thanks alot for the heads up mate .. ur a good man .. cheers

:COOL:

tried it on my n80 and its working .. so its tested ..

I have spent a few hours fighting with that damn script, wondering why it wasn't working on my phone... until I had the brilliant idea to check if there was a working version on his website! :D

Glad to help people to give "freedom" to their phones, as someone said... :LoL:

thats brilliant for sure buddy :D ..

i was just busy for a couple of days .. so i wasnt able to check it out . sorry bout that bros

I have N95 with firmware 21.0.016 and use this script hxxp://fca00000.googlepages.com/hack_perms_s60v3.py

PythonWin 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32.
Portions Copyright 1994-2006 Mark Hammond - see 'Help/About PythonWin' for further copyright information.
>>> Using port:
\\.\COM15
>Ping
sending message number 00
<kDSReplyACK
received message number 00
kDSReplyNoError
>Connect
sending message number 01
<kDSReplyACK
received message number 01
kDSReplyNoError
>SupportMask
sending message number 02
<kDSReplyACK
received message number 02
kDSReplyNoError
Level=DS_PROTOCOL_RTOS. (OS-level debugger)
ProcessID=0001 ThreadID=0001
Read memory without process. Only when DS_PROTOCOL<3 . In this case, DS_PROTOCOL=03
sending message number 03
<kDSReplyACK
received message number 03
kDSReplyUnsupportedOptionError
Read Memory SEGMENTED without process. Only when DS_PROTOCOL<3 . In this case, DS_PROTOCOL=03
sending message number 04
<kDSReplyACK
received message number 04
kDSReplyUnsupportedOptionError
>Scanning memory
Read Memory at 60000000=60 00 00 00
sending message number 05
<kDSReplyACK
received message number 05
kDSReplyOsError
The OS reported an error :-(
Read Memory at 60000100=60 00 01 00
sending message number 06
<kDSReplyACK
received message number 06
kDSReplyOsError
The OS reported an error :-(
Read Memory at C2000000=C2 00 00 00
sending message number 07
<kDSReplyACK
received message number 07
kDSReplyOsError
The OS reported an error :-(
Read Memory at C2000100=C2 00 01 00
sending message number 08
<kDSReplyACK
received message number 08
kDSReplyOsError
The OS reported an error :-(
Read Memory at C8000000=C8 00 00 00
sending message number 09
<kDSReplyACK
received message number 09
kDSReplyOsError
The OS reported an error :-(
Read Memory at C8000100=C8 00 01 00
sending message number 0A
<kDSReplyACK
received message number 0A
kDSReplyOsError
The OS reported an error :-(
>Stop
sending message number 0B
<kDSReplyACK
received message number 0B
kDSReplyOsError
>Ack Notify Stopped
sending message number 02
>Disconnect
sending message number 0C
<kDSReplyACK
received message number 0C
kDSReplyNoError
>Close
>End+Exit

Where is a problem any idea?

@sevent33

You used the script for OS9.1 phones, it won't ever work.
For OS9.2 devices like N95 you have to use this ([Only registered and activated users can see links]) one (and give props to bAsem for posting it :D)

Can somebody post script for N95 v21.0.016
Thanks!

I used the above method. but in the console, I see nak!!!!! or something where there should be candidate!!!!!

I am doing this using vmware on my macbook pro. I have some screenshots. but due to connection problem, I can't upload. TRK shows connected and i can see the phone in device manager so I know com port etc is not the problem.

I am having the exact same problem as discussed in that post. here's the permanent link to the post. [Only registered and activated users can see links]

more info that might help, my phone is a nokia E60.