Use this only in education purposes, and this shows how 1024 RSA key,AES,etc on N95 can be avoid using ONLY 32 CPLD logic cells!
You need:
Xilinx CPLD xc2c32a-6-qfg32
push button
some copper wire,etc
You have to program CPLD with file "n95unlocker.jed"
Details about xc2c32a can be found on www.xilinx.com on document "ds310.pdf"
On same site can be found FREE tools for programing, also look for FREE simple
JTAG interface for Xilinx devices.
Solder:
pins 11,21,26 to GND
pins 4,12,20,27 to VCC +1.8v (more than 2v will destroy chip!!!)
(Don't forget to solder small smd 100nF on GND and VCC!)
pin 6 = clk (test point)
pin 7 = ad0 (test point)
pin 8 = push button (and second end of push button to GND)
pin 14 = jtag TDI
pin 15 = jtag TMS
pin 16 = jtag TCK
pin 25 = jtag TDO
Jtag wires is used only once to program xc2c32a and can be removed after
programing.
Unlocking procedure:
===============
First, be sure that version of N95 is: V 06wk41v23.4 17-04-07 RM-159 (c) Nokia
Next, you can make backup of field 308,1
Dissasemble N95 and solder 4 wires: ad0,clk,vcc,gnd
Use some isolating tape on edge of N95 board and assemble N95.
Power phone WITHOUT SIM card inside!!!
Once phone enter OFFLINE mode, enter: #pw+aaaaaaaaaaaaaaa+b
(aaaaaaaaaaaaaaaa= can be any 15 digits number,b = appropriate provider
unlock key Nr from 1 to 7 !!!)
now press push button and fast enter on phone #
If everything is ok, PHONE WILL BE UNLOCKED! and you can remove 4 wires