Here is some often asked question about understanding using SETool box for repairing Sony Ericsson’s software fault.

for start:

Q: what is db2000,db2010,db2020,pnx5230,db3150,db3210 ?

A: that is chipsets of new SEMC phones.

db2000 (otherwise called marita “full”) is inside next phones: z1010/v800/z800/w900/lg3g/sharp3g
db2010 (otherwise called “marita compact”) is inside j300/k300/k500/k700/s700/k750 phones.
db2020 (otherwise called “marika”) is inside k610/k550/k790/k800/w850/w880/z610/well, almost in all new phones.
pnx5230 is inside z310,w350,w380,z555 phones.
db3150 is A2 generation, phones like k850,w910,w890,z750,etc have it
db3210 is next revision of A2 platform and there is not yet retail phones released with that ASIC.
db3350 is even future platform from SEMC.

Q: how to enable “search mode” and “GSM/3g networks” in “mobile networks” menu item of v800/k600/k608 ?

A: use following script (all in one string,without spaces !!!!)

Code:

gdfswrite:00020CCD00000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000

—————-

Q: how to use script ? what is script ?

A: script is text file, which consists of commands.
usage is simple:
make a text file with commands, then select file in “misc. files” edit, then press “write script” button.

Q: i unlocked my z520 and my phone is dead !!! help ! help !

A:detach phone from cable, remove battery for 20 seconds ,then insert it back and try to turn phone on. must be ok.

still not work ? select in “main firmware file” edit file eroms\k750_w800_z520_new_erom.ssw and flash it.
detach cable, remove battery, wait for 20 seconds, insert it back.
must work.

if still not work – you made something besides simple pressing “unlock” button and phone must be repaired other way.

Q: i flashed my phone and it became dead !!! aaargh !!! help me , help !

A:relax. current semc phones can’t be killed completely by software. well, some can, but setool2 will not allow it to do it.. simple

general way to do:

scenario:

a friend comes with phone. phone not powers on at all.

way:

1. try to flash phone with corresponding flashfiles. if it flashes – good, flash it.

following step should not be applied to db2020/pnx5230/db2010 cid49/cid50/cid51/cid52 phones.

2. if after complete phone reports “csloader startup error, fs startup error 1,2,23″ then you need to restore erom.

all needed EROMs is inside “eroms” folder of setool2 distribution.
for db2000 phones erom is z800_v800_k600_old_erom.ssw
for db2010 phones erom is k750_w800_z520_old_erom.ssw
for w550/w600/s600 phone erom is w550_erom.ssw
when flashing EROM you MUST set cid to OTP cid !!!!!

3. if after succefull flashing (complete ok) phone powers on with white screen/freezes on “please wait” step – you need to UNLOCK phone

4. if it can’t be unlocked – most probably gdfs is damaged and you must rewrite gdfs with re-formatting (go to settings tab, check “format gdfs”).

all needed gdfs is inside “gdfs_in_bin_format,gdfs_in_ssw_format” folders of setool2 distr.
select corresponding gdfs in “misc files” edit and press “write gdfs”
always make “unlock” after write gdfs.

please note, that you SHOULD NOT mess with gdfs in db2020 phones, pnx5230 phones, cid50/51/52 db2010 phones.
actually, you only can safely rewrite gdfs on db2000/db2010 cid16/29/36/49 phones.

Q: how to remove “strange” “1e0w” or simular from service menu?

A:
for z1010 use script:

Quote:

for all other db2000/db2010 phones use script:

Quote:

for db2020 use next script

Quote:

Q: i really like to make some pre-defined email/gprs account !

A:all pre-defined gprs and so on account stored in customize.xml file.
you can readout that file from phone with such accounts,using script command

Quote:

then you can modify it as you need and write back into phone with script command

Quote:

CID = Certificate ID. You can say that this “number” defines the version of SE’s protection present in the phone. Each CID require their own loaders.
New CIDs are deployed from time to time, for the sole reason of preventing them from beeing unlocked/flashed/tampered with by non-SE service tools. Current CIDs in use by SE are 29/36/37/49/50/51/52. SE-based LG/Sharp phones use the same system (but different versions), hence they are supported by SETool. The OTP (One Time Programmable memory) and EROM of a phone might be protected by different CIDs, usually the case in newer K600s/K608s. If SETool reports OTP CID36 and Flash CID49, doing a “Recovery” in the software and replacing the EROM with a CID36 one will render the phone a normal and fully non-TP supported CID36 one.

CDA = This “number” defines which variant of a specific firmware a phone is supposed to have.
It lets among others SEUS (Sony Ericsson Update Service) know which language-pack/branding/bandlocks a phone is to be flashed with. A generic (unbranded) K750 for use in Scandinavia will be CDA102337/12, whilst a Telenor-branded K750 will be CDA102338/62. Both will be flashed with the same languages/dictionaries, but the latter will be flashed with Telenor-branded firmware (branded firmwares are considered by most as utter crap).

BLUE/BROWN/RED:
This “color” defines what kind of phone we are dealing with.
BLUE phones has been assembled at the factory, but never been programmed with software/GDFS/IMEI (remember kids: the IMEI is stored in the OTP (One Time Programmable memory))
BROWN phones are usually “developer phones”, for testing. Less restrictions are present, as these are used for “debugging/beta” purposes. In the case of CID36, a phone has to be converted to BROWN for unlocking. If you ever encounter an OTP CID49 BROWN phone, it must be converted to RED for servicing.
RED phones are your typical retail ones.

GDFS:
This is the phones “stash”, where all settings and calibration data is stored (this also goes for the firmwares IMEI-resource as well as the SIMlocks). Similar to other brands use of NVRAM (Non-Viotile Random Access Memory).

IMEI = International Mobile Equipment Identity.
A 15-digit number which includes information on the origin, model, and serial number of the device. The model and origin comprise the initial 8-digit portion of the IMEI, known as the “Type Allocation Code/TAC”. The remainder of the IMEI is manufacturer-defined, with a “Luhn check digit” at the end (which is never transmitted). The “Luhn check digit” is calculated from the rest of the IMEI.

It should be noted that in SE-based phones, the IMEI is stored in two places, the OTP (One Time Programmable memory) and GDFS. The GDFS IMEI is normally read from the OTP, but this can be circumvented by SETool function to “change” the IMEI. This patches the firmware into allowing different OTP/GDFS IMEIs. It is the GDFS IMEI that is reported to the network, so changing this will “de-bar” blocked phones. SEUS is not fooled by this, on the other hand, and it should also be noted that doing this is illegal in most countries.

EMMA = Service software/solution by SE themselves. Protected by the EMMA smartcard to prevent non-licensed usage. Current version is EMMA3, though EMMA2 is still alive (but kinda useless on newer phones). The EMMA smartcard contains an algorithm that allows EMMA to communicate directly to/with the phones CID, so performing operations the way they were intended. The smartcard and its algorithm has not been cracked. Current EMMA access levels exists:
Service Update – Can’t unlock phones.
Service Update Pro – Can’t unlock phones.
Network Operator – Can’t unlock phones (but sure as hell can lock them).
Service Center Std – Can’t unlock phones.
Service Center Rc – Can unlock phones, as they have a special version of the smartcard with a CSCA key.
Research & Development – Can unlock phones, as they have a special version of the smartcard with a CSCA key.