***************************************************************************
Nokia Flasher v1.00b
Copyright (c)2000 Dejan Kaljevic
(Web: http://www.net.yu/~dejan)
(eMail: dejan@net.yu)
***************************************************************************



DISTRIBUTION

You can freely make copies of the archive and distribute them as 
long as no alterations are made to the contents.


DISCLAIMER

THIS SOFTWARE AND ALL THE ACCOMPANYING FILES ARE PROVIDED "AS IS" AND 
WITHOUT ANY WARRANTIES EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO 
IMPLIED WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE. 

IN NO EVENT SHALL I BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING WITHOUT 
LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION,
LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF
THE USE OR INABILITY TO USE THIS PRODUCT.

All other trademarks mentioned herein are property of their respective
companies.


;******************************************************************************




		   How to make Nokia flasher
		   *************************


First you have to make Flashing interface using schematic from: "flasher.gif"
I suggest to use for cables: on interface female D-9 and male D-9 on cables.

Pin outs for D-9:

1) Btemp
3) Vpp
6) GND
7) Fbus Tx
8) Fbus Rx
9) Mbus


For proper work it is enough to use only:

Mbus
Fbus Tx
Fbus Rx
GND

NOTE: For 3210 you have to use also: Vpp !!!

(Btemp is used for POWER ON phone!)

---------------------------------
There is pin out for 3210:

Btemp
Fbus Tx
GND
Mbus
Fbus Rx
Vpp
---------------------------------

For other phones you can find pinouts on the NET.



Next, you have to have original NOKIA boot loader and some of flash loaders.
Since those files are property of NOKIA Phones LTD I'm unable to help you.
But you can find those files over the INTERNET!
Search for FPS4 or FLS1 etc flasher archive.

Inside you will find:

dct3bt2.tia 	;It is boot loader !!!

i28f008.tia 	;Flash loaders for various Flash vendors 
iw28f008.tia 	;(Intel, AMD, Atmel,..)
iw28f016.tia
w29lv800.tia

All those files that you can find on the Internet it is old and support
only old Nokia models like 51xx, 61xx
If you want to flash new one like 3210,8210,3310,6210, etc. you have to
find some files from 2000 year.

Those new *.tia files you can find in some hacked SP-unlocker that are 
available over the NET.


Every *.tia file (except dct3bt2.tia) starts with (Dump file):
00,00,00,20h,0EAh,00,00
and ends with "DCT3 ALGORITHM",00,00
So you can easily to cut from it!
 
Since original files NOT allows you to read data from phone, look for
Next flash loader:

Original file size is 5.580 bytes
And inside of file you can with some text editor to see
"May 10 2000 14:44:10 DCT3 ALGORITHM"


Patching this flash loader it will allows yo to read FLASH from every Nokia
phone.


In this file on address 7ECh you will find next data:
46 40 68 02 78 10 09 80 D3 FA 48 61 68 00 78 03

You have to change with following data:
B4 07 1C 08 21 01 F0 0F FC A1 1C 13 BC 07 46 C0


Now rename that file to "f_loader.bin" and copy to directory:
c:\nk_files\
Also rename "dct3bt2.tia" to "boot.bin" and also copy to:
c:\nk_files\

Files from archive flasher.zip you must to install in directory:
c:\flasher\

In that directory you have to have next files:
c:\flasher\flasher.com
c:\flasher\flasher.cfg
c:\flasher\alias.id


		flasher.cfg
	        ===========

Inside of this file on first line you will find:
"time 300" (this is not implemented so don't change)
On second line start definition of Nokia phones:

4 bytes are name of phone in ASCII  	;51xx
1 byte  is blank
2 bytes is HEX parameter 1  		;61
1 byte  is blank
2 bytes is HEX parameter 2  		;02
2 bytes is New Line

So you can add new phone inside of "flasher.cfg"

Parameter 1 is used in Nokia phones to set hardware:

Value	60h is used for 8 byte Flash and RAM
 	61h is used for 16 byte Flash and 8 byte RAM
 	65h is used for 16 byte Flash and RAM

Parameter 2 is used for hardware definition of Vpp, Flash size, etc.
It seems that Parameter 2 must not have value above than 7 !??
 
Value 	02h is used for 51xx, 61xx
	06h is used for 3210, 8210

======================================================
  
Finally you can start "flasher.com"

There are 3 function:

Esc 	Escape from program
==============================

F1 	Read RAM, FLASH from phone
=====================================

You have to select Phone Type (That is defined in "flasher.cfg"!)
After that you have to set Start address from where data will be read
and End address to define size of data block.

Now Program will ask you to press "ENTER". After that if you NOT have
connected to your phone "Btemp" you have to power ON phone by pressing key
on phone!

After successful reading program will make file "c:\flasher\flash.out"
You have to rename this file to "xxxx.fls" and to copy to directory:
c:\nk_files\

DOING THIS YOU WILL GOT THE FLASH IMAGE THAT IS FIRMWARE OF 
NOKIA PHONES LTD!!!


F2 Write to Flash
=========================

First be sure that you already have at last one flash image file with
extension .fls in directory:
c:\nk_files\

Again you have to select Phone Type. 
After that select flash image file
(brows files allows only 22 files to be listed and selected)
On the end you have to set start address or address of Flash base
(size will get from file size of selected file)

And this is it!


***************************************************************

With this program you can only to repair flash with same version.
If you use different version or different PPM package,
Phone will work but will not find network!!!
If you want to update version or change language you have after
flashing to set Flash image CHK in EEPROM using Mbus and TDF-4 box or...

So you can repair some of next errors:
Contact Service:  Bad Flash CHK
    		  Bad PPM CHK

Also you can SP unlock phone but you have first to find phone with same
version that is already unlocked by partial flashing and to copy flash 
to your phone.

Next, you can find some old 5110 with bad RX or TX part and to 
make universal "Flash programing device".
Just remove original flash from board and connect some Textol package.

But most interested is that you can patch flash, writing some routines
to CPU, to play with phone.

Especially if you play with phone that stores data to Flash 
(emulation of EEPROM) like 8210 you can make FULL backup.
(On 8210 firmware is in range from 200000 to 3d0000, EEPROM 
starts on 3d0000 to end!)



Some more information about MAD CPU, disassembler, Flash format, PPM
format, etc. maybe will be available in future when I find some free time.


*********************************************************************
Since it is a beta version there is a lots of bugs.
Program is tested on Win95,98 and on Intel cpu's P1, Celeron.
If you have any problem with this program then just DO NOT USE IT!!!
*********************************************************************


Dejan Kaljevic



