Ericsson Mobile Tips & Tricks

Saturday, September 01, 20071comments

Ericsson Mobile Tips & Tricks

Ericsson T28

*#06# for checking the IMEI (International Mobile Equipment Identity)

>*<<*<* for checking the firmware revision information (software release) >*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.

The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.
To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:
<**<>

Ericsson T18

*#06# for checking the IMEI (International Mobile Equipment Identity) Information you get from the IMEI:

XXXXXX XX XXXXXX X

TAC FAC SNR SP

TAC = Type approval code
FAC = Final assembly code
SNR = Serial number
SP = Spare

To access SIM-Locking menu of your phone, press: < * [CLR] <>Ericsson T10s

*#06# for checking the IMEI (International Mobile Equipment Identity)

>*<<*<* for checking the firmware revision information (software release) >*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.

Shortcut for Last Dialed call menu
If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key stroke instead: First '0' then '#'.

Access menu without Sim card
To access to the menu in your phone without having a card inside do the following: type **04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?, Mail, Phone book. NOTE if you try this on your phone may stop at Keylock On? menu and you´ll have to take your battery out to turn the phone on again. And this will not care about Phone lock!

A way to (un)lock your cell phone on to the network(subset):
1. Press <**<>Ericsson SH888

*#06# for checking the IMEI (International Mobile Equipment Identity)

>*<<*<* for checking the firmware revision information (software release) >*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.

>*<<*<*>>> IR version info. if pressing yes you can check the phones IR device's driver version.

The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.

To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:

<**<>Ericsson GH688

*#06# for checking the IMEI (International Mobile Equipment Identity)

*#0000# to reset the phones menu-language to English.

*#103# then YES Time and date will be shown.

>*<<*<* for checking the firmware revision information (software release) >*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language. (298 entries)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language. (160 entries?)

The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.

To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:

<**<> keys.

Monitor mod on Ericsson GH688
How to enable net monitor on Ericson 688..

1. Remove SIM from phone
2. Dial 112, press YES, hear something
3. Dial 112YESNO 4. Press <(left arrow) before SETTINGS 5. Then YES, <(left arrow), then you will see NM on? 6. press YES Free phone calls using the GH688 This trick has only been reported working on PREPAID GSM CARDS and in some countries and with some sw versions. The prepaid GSM SIM CARD is a kind of "SIM card" which only has a sertant amount of credit on it (like a normal phonebox telecard)... if it can be traced? - we don't know... Well..here's the trick you dial the no. normally and press YES. While "connecting" is shown on the screen, the following procedure should be carried out: Press CLR then 0 then # and then NO (twice) so as to switch OFF the phone. You can then still speak on the phone while it is switched off but the SIM card does not record your calls which will lead to FREE phone calls in some countries.. we hope!! Another variant of the code Make a Call, while the phone says Connecting type 083# (the position 83 must be empty! ), when phone says Pos Emtpy, press the NO key and turn off the phone. If you can make the call with the phone turned off you will face a problem when you need to hang up the phone...the only way for you to do that is remove the battery...??? Ericsson GF768

To return the language back to english on the ericsson GF768, just press left ( <-- ), zero four times (0,0,0,0), and then right ( --> ).


Ericsson GA628

*#06# for checking the IMEI (International Mobile Equipment Identity)

*#0000# to reset the phones menu-language to English.

*#103# then YES Time and date will be shown.

>*<<*<* for checking the firmware revision information (software release) >*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language. (298 entries)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language. (160 entries?)

The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.

To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:

<**<> key for a second or two The option Menu size turns up Choose 'yes' and go from there.

An alarm clock turned up too but it never rang. I think this was because there is no clock in the phone.

Free phone calls using the GA628
This trick has only been reported working on PREPAID GSM CARDS and in some countries and with some sw versions.

The prepaid GSM SIM CARD is a kind of "SIM card" which only has a sertant amount of credit on it (like a normal phonebox telecard)... if it can be traced? - we don't know...

Well..here's the trick you dial the no. normally and press YES. While "connecting" is shown on the screen, the following procedure should be carried out: Press CLR then 0 then # and then NO (twice) so as to switch OFF the phone. You can then still speak on the phone while it is switched off but the SIM card does not record your calls which will lead to FREE phone calls in some countries.. we hope!!

Another variant of the code
Make a Call, while the phone says Connecting type 083# (the position 83 must be empty! ), when phone says Pos Emtpy, press the NO key and turn off the phone.

If you can make the call with the phone turned off you will face a problem when you need to hang up the phone...the only way for you to do that is remove the battery...???


Ericsson DH368, GF768, A1018s
Ericsson DH368

Try these Codes on your DH-368 phone:

1. Power on.
2. Press 904059 + 'MENU'
3. 'TEST SET' display ...
4. Press 'YES' will display @ then press 1 'RCL' will turn light off and you will see 'DONE'
5. Press 'YES' will display @ then press 86 'RCL' display 'DONE' also you will hear static... You can just enter the channel number (up to 1023) by pressing 'Yes' 3 'CLR' XXXX - channel number to enter a channel directly. You can also see the signal level on channel by pressing 3 'MENU'. You can see the ESN number by pressing 'YES' 1 'RCL' 96 in HEX format.
6. Press 3 to exit, now you phone will power down and power up again. You can install the phone number into the phone by pressing 923885 + 'MENU'


Ericsson GF768
Edit Greetings Tip

1. Go to the Keylock menu.
2. Set lock to Auto.
3. Press YES then hold the left arrow untill the Greetings menu appears.

GF788 menu in your GF768 phone! (1)

1. Go to the EDIT MENU and press YES.
2. Type the number "2" and press YES.
3. In "NAME" HOLD DOWN the "2" key untill the number "2" apperars. Press YES.
4. Press YES again (to save any position) then QUICKLY press and hold left arrow (<) untill "SIZE" appears in the display. 5.Press YES and choose "Full size". You now have the GF788 menu! NB. Confirmed working on version 970716 and 980318. GF788 menu in your GF768 phone! (2) 1.Go to MissedCall 2. Empty the list 3. Press the -> key for a second or two
4. The option Menu size turns up
5. Choose 'yes' and go from there

NB. Confirmed working on version 990122.

GF788 menu in your GF768 phone! (3)

1. Go and set the ring volume and press yes.
2. When 'STORED' is displayed - keep the right button -> pressed until 'Extended Menu' is displayed.
3. Select "Activate" the menus and you now have lots of extra features

NB. Confirmed working on version 980910

Ericsson A1018s

(UN)LOCKING YOUR ERICSSON A1018s TO SPECIFIC NETWORK :

A way to (un)lock your cell phone on to the network:

1. Press : <**<>Ericsson 868/888

To view IMEI number *#06#
To view Software Version enter * -> * <- <- * <- * (you also get version of InfraRed driver software and text labels) Pinouts 1 = + external power supply. 7.2v @ 600mA. 2 = RS232 input (TTL) 3 = GND (digital) 4 = RS232 output (TTL) 5 = +5V output. Limited. 6 = Test. Switch phone off and provide +5V and switch back on. (set comms at 9600, n,8,1) 7 = Mute (0 - Normal, 1 - In Call) 8 = Internal/external (0 - External Mic/Speak, 1 - Internal Mic/Speak) 9 = GND (analog) 10 = Related to Mic/Speak 11 = BF in 12 = BF out Ericsson AH 230/238 PROGRAMMINGPress and hold down FCN while entering the digits 9 8 7. You must enter the digits within ten seconds. The text "SER NUMBER" is displayed along with the telephone's electronic serial number. The number contains 11 digits, so the most significant digit is shown for one second, followed by the other 10 digits. ENTRY DISPLAY TEXT PERMISSABLE VALUE Electronic Serial # ESN Not Changeable Phone Number MIN x (where x is NAM choice) 10 digits System ID SID x (where x is NAM choice) 00000 to 32767 Press # to review MIN & SID, or END/PWR to exit the short NAM- programming mode. NB: The Number Assignment Module (NAM) is programmed through the telephone keypad. There are two NAM-programming modes available; the short and the long. The short programming mode is all that is required in most cases. The long programming mode is required if a value set by the short mode is not desired. Either mode may be used stand-alone, or the short mode can be used to set up most of the values and then the long mode can be used to make any changes desired. To enter either of the two NAM programming modes, press and hold down the FCN key while entering a specific series of digits. You must enter the digits within ten seconds. In each programming step, you can either keep the displayed setting or value, or you can change it. a. To go to the next step, without changing anything, press #. b. In some steps, you can "toggle" a setting from ON or OFF, or vice versa. To change the setting, press any numeric key. In other steps, you can replace a displayed value. To replace a value, enter the digits on the numeric keys. If you enter a wrong digit, you can erase it by pressing FCN CLR. Pressing * key restores the original value in the display. Press # to store new setting/value and go to next step. Press END/PWR in any step to leave the NAM-Programming mode. If you have changed anything in a step, you must store the setting by pressing # before pressing END/PWR. Ericsson 688

To view IMEI number *#06#
To view Software Version enter -> * <- <- * <- * CLR (Use with Care) To reset phone language to English *#0000# >*<<*<*> 1-row text strings. If pressing YES you can check the phones 1-row text programming in currently selected language.

>*<<*<*>> n-row text strings. If pressing YES you can check the phones n-row text programming in currently selected language.
Pinouts
1 = + external power supply. 7.2v @ 600mA.
2 = RS232 input (TTL)
3 = GND (digital)
4 = RS232 output (TTL)
5 = +5V output. Limited.
6 = Test. Switch phone off and provide +5V and switch back on. (set comms at 9600, n,8,1)
7 = Mute (0 - Normal, 1 - In Call)
8 = Internal/external (0 - External Mic/Speak, 1 - Internal Mic/Speak)
9 = GND (analog)
10 = Related to Mic/Speak
11 = BF in
12 = BF out
Ericsson 768/788To view IMEI number *#06#
To view Software Version enter * -> * <- <- * <- * Service Provider Lock is * <- <- * but it is now called the ME lock. There are two options after selecting yes on another menu. These are lock to Network or lock to NetSubet. Command set The following commands are recongnized by the phone.Use 9600 baud, 1 stopbit, 8 data bits, no parity. ATA Pick up phone during ring AT+GMI Manufacturer identification AT+GMO Request model Identification AT+GMR Request revision Identification AT+GMM ATDxxx; Dial number xxx ATH Hangup phone AT+CFUN=? Define levels of fuctionality in the order of power consumed AT+CFUN=0 Switches off the phone AT+CBC Query battery level Each command has to be followed by a 0x0A, 0x0D sequence, that is carriage return - line feed. These commands will be ackowledged with an 'OK' prompt. An incoming call is signalled by the string 'RING' sent by the phone at 9600b in normal mode. Portable Handsfree Unit 1 Earphone: 16 Ohm 2 Microphone: <- 2 kOhm 5 Connected to 04 (GND) Pinouts Left to right, keyboard up. 1 Audio Out 2 Audio In 3 Accessory Sense. GND to enable External Mic and Speaker (Analog) 4 Audio Signal GND. 5 Portable handsfree In. 6 Music Mute Out, High when phone is used. 7 In Flash Memory Voltage and Service Voltage, In 0V=normal,+5V=test, +12V=test+flash 8 Logic Out, Status On. Sources over 100mA 9 Data Out from Mobile Station. Debug messages appear here at 112KBaud when in debug mode. 10 Digital Ground and DC return 11 Data in 12 DC in for battery charging, DC out for accessory power Ericsson 388

*#06# for checking the IMEI (International Mobile Equipment Identity)

*#0000# to reset the phones menu-language to English.

>*<<*<* for checking the firmware revision information (software release) >*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language. (298 entries)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language. (160 entries?)

The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.

To activate/deactivate this lock one needs a special secret code that is not available to the end user. (not even to you... or is it ? in case please let me know!)

<**<>Ericsson 318/338

To view IMEI number *#06#To view Software Version enter -> * <- <- * <- * CLR (Use with Care) The Latest Software Version is under Phone Info. To fine tune sound and clean up any echos, place the 388 into the car kit HF 2600. Then close all windows, engine off and type * # * # 3. The E 388 will fine-tune itself in about a few seconds. To activate operator lock <- * * <- (This locks the phone to one carriers SIM card - Use with lots of care) Press Yes to lock and No to notlock. You can also use the codes below to undo this function. USE AT OWN RISK I have tested the function Lock to SP... At least on the 337 there's a submenu: Enter SPCK-code. There are 5 attempts, which is showed (05 attempts). At final attempt the phone beeps as a warning, 'this is the final try', when entering the menu... Wrong code exits the menu, so you are not stuck in something... When you have tried to enter the code (wrong) all five times, the menu is deactivated, and you'll get: 'Not allowed' when entering <-**<- Accessing the Service Program that is not provided with the 388. 1. Connect the 388 to Cable with RS232/TTL converter. 2. Set Comport to 9600bps, 8 data, 1 stop, no parity. 3. Power ON, wait for "2" and send "0B" to the phone. DO NOT Press ENTER. 4. R should be on screen. 5. Send TEST.BIN. (Send as a binary file) 6. 388 should answer "SP,OK". 7. R should be on screen. DO NOT write or read from the IMEI or SPCK area! If you try that you can send the phone to service at once, because you will automatically write FE or EF to EVERY cell in the EEPROM. In other words, all the calibration values for the radio is overwritten... (NOT good) Some commands in the ServiceProg: eere read from eeprom eewe write eeprom lime xxxx xxxx xxxx xxx Learn imei no. Returns Error. imei - Displays IMEI number To FlashProgram a 388: 1. Connect the 388 to Cable with RS232/TTL converter. 2. Set Comport to 9600bps, 8 data, 1 stop, no parity. 3. Power ON, wait for "2" and send "OB" to the phone. DO NOT Press ENTER. 4. R should be on screen. 5. send pre_xxx.bin to the MS. 6. You should recieve a ">".
7. send "0B" again.
8. R should be on screen
9. send prodload.bin to the MS.
10. recieve ">".
Done, I don't have the above files so please don't ask for them.
Interesting Informating (well I thought so :)
The names on the files, sj.....X45 tells you a couple of things. "sj" stands for Sofia-Jane, thats the internal name for the model and x45 stands for "sub-model". The 388 is called model 4/5. The latest 337 phones is called "cr", like in Cost Reduction. They rebuilt the oscillator from a bought-in to one built up with discrete components and that was cheaper.
Programming Channel Indicator or RBS
To enable, send the following command:
EEWR 3EE 1
Wait for the OK prompt, power off* the phone and disconnect it from the interface cables. Powerup and browse through the menus.
To diasable, send the following command:
EEWR 3EE 0
Clearing Electronic Lock
To clear the electronic lock you have to clear the EEPROM address range 03CF to 03DA by sending the commands:
EEWR 3CF 00
EEWR 3D0 00
EEWR 3D1 00
EEWR 3D2 00
EEWR 3D3 00
EEWR 3D4 00
EEWR 3D5 00
EEWR 3D6 00
EEWR 3D7 00
EEWR 3D8 00
EEWR 3D9 00
EEWR 3DA 00
COOL STUFF TO DO
Set ComPort to 115200bps, 8 data, 1 stop, no parity and watch all the phone commands on the screen and so on. Make a call and see what happens as well as shutting down.
*POWER OFF
You should press the NO button a few times until Shut Down comes up on the screen, when it does press yes and this will shut down the phone properly.
Reading the Channel Info now that's it's enabled
|-------|-------|-------| D

| | | | I

| 1 | 2 | 3 | S

|-------|-------|-------| P

| | | | L

| 4 | 5 | 6 | A

|-------|-------|-------| Y
1. This is three different channels things depending on the phone state.



a. When the phone is idle, this shows "Bxxx". "B" stands for "Broadcast channel" (a logic GSM channel)b. When a phonecall is in progress, this shows "Sxxx". S stands for "Stand Alone Dedicated Control Channel" SDCCH for short.
c. When the phoncall in up, this shows "Txxx". "T" Stands for Traffic channel. The "xxx" thing is the channel number, 1-124.
2. This shows Rx Level. The values displayed is from 0 to 63. Rx Level is a indicator on how good your reception is for the moment. 0 is a signal strength of -110dBm. 63 is approx -45 to -50dBm.RXLEV is measured in dBm in such a way that incoming signal equals -110.5+RXLEV so that a RXLEV at 50 equals an incoming signal strenght at -50.5 dBm (plus or minus max deviation 0.5dBm)
3. This shows the output power in dBm.
4. This shows the timeslot used for the moment. You can see it when making a call.
5. This shows Rx Quality. Rx Quality is a measurement of how much error correction is required to the speech. 0 indicates none and as the figure rises you hear more pings and pongs on the speech as large parts of the frame are missing. If you have more RxQ then 5, you are on good way to loose your call. RxQuality reads 0-7.RXQUAL is measured by using a table wereas the biterrorrate or BER is interesting and measured in %
RXQUAL table
0 BER < follows="1,11*TA/2." 5v="External" 0v="Battery" 5v="POWER" 0v="POWER" 0v="normal,+5V=" 12v="test+flash" sec =" POWER"> * <- <- * <- * To read all programmed texts enter -> * <- <- * <- * ->

To view phone network lock status enter < * * < (wait 3 sec) To fast dial press phone number pos nr and # (Example: 1 5 #) To fast dial last number press 0 # To reset main menu language to english enter * # 0 0 0 0 # To see battery level while phone is turned off quickly press and release on/off(NO button). To see Extended menus (on older versions) go to MISSED CALLS, empty directory, press and HOLD right arrow button, choose menu type To see Extended menus (on newer versions) go to READ, empty directory, press and HOLD left arrow button, choose menu type To edit phone book Turn on extended menus and choose "EditPh.Bk". Command set The following commands are recongnized by the phone.Use 9600 baud, 1 stopbit, 8 data bits, no parity. ATA Pick up phone during ring AT+GMI Manufacturer identification AT+GMO Request model Identification AT+GMR Request revision Identification AT+GMM ATDxxx; Dial number xxx ATH Hangup phone AT+CFUN=? Define levels of fuctionality in the order of power consumed AT+CFUN=0 Switches off the phone AT+CBC Query battery level Each command has to be followed by a 0x0A, 0x0D sequence, that is carriage return - line feed. These commands will be ackowledged with an 'OK' prompt. An incoming call is signalled by the string 'RING' sent by the phone at 9600b in normal mode. Portable Handsfree Unit 1 Earphone: 16 Ohm 2 Microphone: <- 2 kOhm 5 Connected to 04 (GND) Pinouts Left to right, keyboard up. 1 Audio Out 2 Audio In 3 Accessory Sense. GND to enable External Mic and Speaker (Analog) 4 Audio Signal GND. 5 Portable handsfree In. 6 Music Mute Out, High when phone is used. 7 In Flash Memory Voltage and Service Voltage, In 0V=normal,+5V=test, +12V=test+flash 8 Logic Out, Status On. Sources over 100mA 9 Data Out from Mobile Station. Debug messages appear here at 112KBaud when in debug mode. 10 Digital Ground and DC return 11 Data in 12 DC in for battery charging, DC out for accessory power Ericsson 218/337

To view IMEI number *#06#To view Software Version enter -> * <- <- * <- * CLR (Use with Care) To activate operator lock <- * * <- (This locks the phone to one carriers SIM card - Use with lots of care) Press Yes to lock and No to notlock. You can also use the codes below to undo this function. USE AT OWN RISK I have tested the function Lock to SP... At least on the 337 there's a submenu: Enter SPCK-code. There are 5 attempts, which is showed (05 attempts). At final attempt the phone beeps as a warning, 'this is the final try', when entering the menu... Wrong code exits the menu, so you are not stuck in something... When you have tried to enter the code (wrong) all five times, the menu is deactivated, and you'll get: 'Not allowed' when entering <-**<- A "secret test mode" can be accessed on the GH337. There seems to be two methods:> * < < * > * displays software version, such as 940810 1310
> * < < * < * displays software version, such as 951024 1054 After entering this mode, the <> keys scroll through a menu. There seems to be different menus for different versions of software.

Software version number are apparently a date and time stamp.

940810 1310 version commands:

TEXT CHECK - shows 254 messages in current language

INIT EEPROM MMI - resents NVRAM settings (User Settings).

Other, probably more recent version:

FLASH - will restart the phone, to the point of entering PIN numbers.You can't kill a 337 when pressing YES while it says "FLASH?", you must connect it to 5/12 volts first to be able to erase the flash-memory.

1-ROW TEXTS - scroll through 174 single line text messages with <>

n-ROW-TEXTS - scroll through full-screen messages with <>

950626 1405 version commands:

CXC (number) - The Application software's "product number". The GH337/GF337 is always "CXC 125 005"

PRG - Indication for Programming

Programming 337
Set ComPort to 9600bps, 8 data, 1 stop, no parity.
Power on phone by pressing "NO/ENDpwr".
When performing its powerup sequence the phone will send two ">>"
(ASCII 62 decimal) characters. Within 1 second, reply to it by
sending the 4 character sequence "TP1".
(I used Procomm Plus with this script "eric.asp")

[proc main ]

[start: ]

[ ]

[ waitfor ">>" ]

[ pause 1 ]

[ transmit "TP1^M" ]
If everything went fine you should get the "OK" prompt back.

Test the TEST PROGRAM by sending the commands terminated by a :

PROG 0 (shows Test Program product number info)
PROG 1 (shows Test Program product date info)
PROG 3 (Shows Main Application product number info)
PROG D (Shows Main Application product date info)
Programming Calculator and Channel Indicator/RBS
To enable, send the following:
EEWR 047A 01
Wait for the OK prompt, power off* the phone and disconnect it from the interface cables. Powerup and browse through the menus.
To diasable, send the following:
EEWR 047A 00
Clearing Electronic Lock
To clear the electronic lock you have to clear the EEPROM address range 045B to 0466 by sending the commands:
EEWR 045B 00
EEWR 045C 00
EEWR 045D 00
EEWR 045E 00
EEWR 045F 00
EEWR 0460 00
EEWR 0461 00
EEWR 0462 00
EEWR 0463 00
EEWR 0464 00
EEWR 0465 00
EEWR 0466 00
Disabling the Service Provider Lock
To disable send the following command:
EEWR 1587 00
To enable send the following command:
EEWR 1587 01
Experimental Commands - Use at own Risk
To dump the application software send the following:
PREA

Bank range : 00..7F

Address : 0000..BFFF

Bytestoread : 0000..BFFF
The "additional" value returned at the end are the checksum value
for the returned program memory bytes. Note, the byte-values are
always returned in format 0000 and NOT 00.
PREA FF
Returns the application checksum, takes a few seconds.
Notes on the PH 337
1. Calculator mode is NOT available on all PH sw versions.
2. Invoking Calc/RBS mode not available for GH337 sw versions below
R2A
3. SPCK attempts can be changed to 50 instead of the std 5 tries
4. The instruction LIME returns ERR but does not screw up phone
5. The instruction IMEI returns the IMEI no.
6. Pressing YES in response to FLASH? does screw up the unit.
COOL STUFF TO DO
Set ComPort to 115200bps, 8 data, 1 stop, no parity and watch all t
he phone commands on the screen and so on. Make a call and see what
happens as well as shutting down.
Pinouts
1 In Voice

2 In +5V=External Power, 0V=Battery

3 Out Ext Speak control

4 Analog GND

5 Out Voice

6 Out +5V=POWER ON, 0V=POWER OFF

7 Out Charger control

8 Digital/DC GND

9 In 0V=normal,+5V=test, +12V=test+flash

10 In Hook

11 In TTL serial in

12 Out TTL serial out

13 In 0V for aprox 1 sec = POWER ON/OFF

14 In DC Power supply



Erricson WAP Mobile Phone Bug Allows Wiretapping


Summary
Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave.


Details
Erricson Mobile Phone allows attackers to wiretap other lines. This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks.

IMPORTANT NOTE: Wiretapping is illegal. The following information is just a proof of concept that shows a potential vulnerability in Erricson's WAP implementation.

How to wiretap from an Erricson Cell Phone:
1) Type 904059
2) Menu
3) Yes
4) 1
5) RCL
6) Yes
7) 8300**
8) Yes
9) 86
(Instead of the ** you can write any number you wish, except for the number 00)

To stop the wiretapping:
1) Type RCL
2) 3
3) Yes

Share this article :

+ comments + 1 comments

12:50 AM

hey its tara, here is the website i was talking about where i made the extra summer cash.......... the website is here

Post a Comment

 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. PKSMS - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger