{"id":43500435,"url":"https://github.com/farid1991/seftool","last_synced_at":"2026-02-03T11:20:05.189Z","repository":{"id":316380263,"uuid":"1061705208","full_name":"farid1991/seftool","owner":"farid1991","description":"Command-line Sony Ericsson AVR\u0026ARM DB1000/DB2000/DB2010/DB2012/DB2020/PNX5230 flashtool. Supports firmware flashing, patching (with RSA break), GDFS backup/restore, flash reading, and basic unlocking. Cross-platform (Linux, macOS, Windows).","archived":false,"fork":false,"pushed_at":"2025-12-06T03:13:01.000Z","size":12902,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-09T19:24:44.181Z","etag":null,"topics":["ericsson","firmware","flasher","flashtool","sony-ericsson"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/farid1991.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-22T09:20:05.000Z","updated_at":"2025-12-06T03:13:04.000Z","dependencies_parsed_at":"2025-10-23T10:21:31.043Z","dependency_job_id":null,"html_url":"https://github.com/farid1991/seftool","commit_stats":null,"previous_names":["farid1991/seftool"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/farid1991/seftool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farid1991%2Fseftool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farid1991%2Fseftool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farid1991%2Fseftool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farid1991%2Fseftool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/farid1991","download_url":"https://codeload.github.com/farid1991/seftool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farid1991%2Fseftool/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29044106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ericsson","firmware","flasher","flashtool","sony-ericsson"],"created_at":"2026-02-03T11:20:04.442Z","updated_at":"2026-02-03T11:20:05.177Z","avatar_url":"https://github.com/farid1991.png","language":"C","readme":"```\n███████╗███████╗███████╗████████╗ ██████╗ ██████╗ ██╗\n██╔════╝██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔═══██╗██║\n███████╗█████╗ █████╗ ██║ ██║ ██║██║ ██║██║\n╚════██║██╔══╝ ██╔══╝ ██║ ██║ ██║██║ ██║██║\n███████║███████╗██║ ██║ ╚██████╔╝╚██████╔╝███████╗\n╚══════╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝\n```\n\n# SEFTool / SE Flash Tool\n\nA command-line utility for flashing, unlocking, and managing Sony Ericsson AVR \u0026 ARM phones (DB1000, DB2000, DB2010, DB2012, DB2020, PNX5230) over a serial connection.\nSupports firmware flashing and patching, GDFS (phone data) backup/restore, flash reading, and basic unlock operations.\n\n---\n\n## Features\n\n- Identify connected Sony Ericsson phone\n- Flash main and filesystem firmware\n- Read raw flash memory\n- Backup and restore GDFS (phone settings/data)\n- Unlock phone (usercode, simlock planned)\n- Patch firmware\n- Cross-platform (Linux/Windows, built with CMake + libserialport)\n\n---\n\n## Building\n\n### Prerequisites\n- CMake **3.10+**\n- C compiler:\n - **Linux/macOS**: GCC or Clang\n - **Windows**: MinGW (recommended)\n\n### Dependencies\nRequired runtime/build libraries:\n- [zlib](https://zlib.net/)\n- [bzip2](https://sourceware.org/bzip2/)\n- [minizip](https://github.com/domoticz/minizip)\n- [libserialport](https://sigrok.org/wiki/Libserialport)\n\n### Install packages per platform:\n\n- **Debian / Ubuntu**\n```sh\nsudo apt update\nsudo apt install build-essential cmake pkg-config libserialport-dev zlib1g-dev libbz2-dev libminizip-dev\n```\n\n- **Fedora**\n```sh\nsudo dnf install gcc make cmake pkg-config libserialport-devel zlib-devel bzip2-devel minizip-devel\n```\n\n- **Arch Linux**\n```sh\nsudo pacman -S --needed base-devel cmake libserialport zlib bzip2 minizip\n```\n\n- **macOS (Homebrew)**\n```sh\nbrew install cmake pkg-config libserialport zlib bzip2 minizip\n```\n\n- **Windows (MSYS2 / MinGW64)**\n```sh\npacman -Syu\npacman -S --needed mingw-w64-x86_64-toolchain mingw-w64-x86_64-cmake \\\n mingw-w64-x86_64-libserialport \\\n mingw-w64-x86_64-zlib mingw-w64-x86_64-bzip2 mingw-w64-x86_64-minizip\n```\n\n### Build Steps\n#### Basic build steps (works on Linux/macOS and MSYS2 MinGW when using the appropriate shell):\n```sh\ngit clone https://github.com/farid1991/seftool.git\ncd seftool\nmkdir build \u0026\u0026 cd build\ncmake ..\ncmake --build . --config Release\n```\n\n#### Windows (MSYS2 MinGW64) — recommended in the MinGW64 shell:\n```sh\ngit clone https://github.com/farid1991/seftool.git\ncd seftool\nmkdir build \u0026\u0026 cd build\n/mingw64/bin/cmake -G \"MinGW Makefiles\" ..\nmingw32-make\n```\n\n---\n\n### Linux Serial Port Permissions\n\nOn Linux systems (Armbian, Debian, Ubuntu, etc.), accessing `/dev/ttyUSB*`\nor `/dev/ttyACM*` often requires being in the **dialout** group.\nIf you see: sp_open failed: Permission denied\nFix it by adding your user to the dialout group:\n\n```bash\nsudo usermod -aG dialout $USER\n```\n\n## Usage\n```sh\nUsage: ./seftool -p \u003cport\u003e [-b \u003cbaudrate\u003e] -a \u003caction\u003e\n```\n### Options:\n```\n -p, --port \u003cname\u003e Serial port name (e.g. COM2, /dev/ttyUSB0)\n -b, --baud \u003crate\u003e Baudrate (default: 115200)\n -a, --action \u003caction\u003e Specify an action (see below)\n\nGeneral action:\n identify Identify phone and show basic info\n\nEricsson\nPlatform: Z80\nAvailable actions:\n identify Identify phone and show basic info\n read-eeprom Backup EEPROM area\n write-eeprom \u003ceeprom_file\u003e Restore EEPROM area\n\nPlatform: AVR\nAvailable actions:\n identify Identify phone and show basic info\n\nSony Ericsson\nPlatform: pre-A1 (DB1000)\nAvailable actions:\n identify Identify phone and show basic info\n flash-avr \u003cavr_file\u003e Flash AVR MCU firmware\n flash-arm \u003carm_file\u003e Flash ARM/DSP firmware\n\nPlatform: A1 (DB2000 / DB2010 / DB2012 / DB2020 / PNX5230)\nAvailable actions:\n identify Identify phone and show basic info\n flash [main \u003cfile\u003e] [fs \u003cfile\u003e] [cda \u003cfile\u003e] Flash MAIN / FS firmware and/or upload CDA\n read-flash start \u003caddr\u003e size \u003cbytes\u003e | block \u003ccount\u003e Read flash (specify start \u0026 size or block count)\n read-gdfs Backup GDFS area\n write-gdfs \u003cfilename\u003e Restore GDFS from file\n write-script \u003cfile1\u003e [file2 ...] Apply VKP or GDFS script(s)\n unlock \u003cusercode|simlock\u003e Unlock user code or SIM lock\n fsx-upload src \u003clocal...\u003e [dest \u003cfs path\u003e] Upload files to internal FS\n fsx-download src \u003cfs path\u003e/\u003cfile\u003e [dest \u003clocal\u003e] Download files from internal FS\n upload-anycid Upload AnyCID package for exploit access\n\nUtility actions:\n convert babe2raw \u003cfilename\u003e Convert BABE -\u003e raw\n convert raw2babe \u003cfilename\u003e \u003caddr\u003e Convert raw -\u003e BABE at address\n\nA1 Global options:\n --anycid Ignore CID restrictions (DB2012/DB2020/PNX5230)\n --break-rsa Break RSA on DB2000 \u0026 DB2010 RED49\n\nGeneral options:\n -h, --help Show this help message\n```\n## Platform-specific action summary\n\n#### Platform: pre-A1 (DB1000 — chip IDs 0x5807, 0x5808)\n* identify — Identify phone and show basic info\n* flash-avr \u003cavr_file\u003e — Flash AVR MCU firmware\n* flash-arm \u003carm_file\u003e — Flash ARM/DSP firmware\n\n#### Platform: A1 (DB2000 / DB2010 / DB2012 / DB2020 / PNX5230)\n* identify — Identify phone and show basic info\n* flash [main \u003cfile\u003e] [fs \u003cfile\u003e] [cda \u003cfile\u003e] — Flash MAIN / FS firmware and/or upload CDA\n* read-flash start \u003caddr\u003e size \u003cbytes\u003e | block \u003ccount\u003e — Read flash (specify start \u0026 size or block count)\n* read-gdfs — Backup GDFS area\n* write-gdfs \u003cfilename\u003e — Restore GDFS from file\n* write-script \u003cfile1\u003e [file2 ...] — Apply VKP or GDFS script(s)\n* unlock \u003cusercode|simlock\u003e — Unlock user code or SIM lock\n* fsx-upload src \u003clocal...\u003e [dest \u003cfs path\u003e] — Upload files to internal FS\n* fsx-download src \u003cfs path\u003e/\u003cfile\u003e [dest \u003clocal\u003e] — Download files from internal FS\n* upload-anycid — Upload AnyCID package for exploit access\n\n#### Utility actions\n* convert babe2raw \u003cfilename\u003e — Convert BABE -\u003e raw\n* convert raw2babe \u003cfilename\u003e \u003caddr\u003e — Convert raw -\u003e BABE at address\n---\n\n## Supported devices\n\n| Action | DB2000 | DB201x | DB2020 | PNX5230 |\n|:-------------------|:-------------:|:---------------------:|:--------------:|:-------:|\n| identify | OK | OK | OK | OK |\n| flash | OK | OK | OK | OK |\n| read-flash | CID29,36,49 | CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |\n| read-gdfs | OK | OK | OK | OK |\n| write-gdfs | OK | OK | OK | OK |\n| write-script[gdfs] | OK~~CID29~~ | OK | OK | OK |\n| write-script[vkp] | CID36,49 | CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |\n| unlock-usercode | OK | OK | OK | OK |\n| unlock-simlock | TODO | TODO | TODO | TODO |\n| upload-anycid | NOTHING | OK | OK | OK |\n| fsx-upload | OK | OK | OK | OK |\n| fsx-download | OK~~CID29~~ | CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |\n\n\n---\n\n## Examples\n\n### Identify phone (identify)\nBackup security units on first operation.\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a identify\n```\n\u003cdetails\u003e\n\u003csummary\u003eoutput\u003c/summary\u003e\n\n```sh\nPort: COM2\nBaudrate: 921600\nAction: identify\n\nPowering phone\nWaiting for reply (30s timeout):\n30 seconds remaining...\nConnected\n\nDetected Sony Ericsson\nChip ID: 9900, Platform: DB2020\nEMP Protocol: 03.01\nSPEED: 921600\n\nLDR: 071130 1150 NPACXC1250330_DB2020_PRODUCTIONIDLOADER_P3M\nFLASH ID: 0x897e (Intel)\nOTP: LOCKED:1 CID:51 PAF:1 IMEI:35958401******\nACTIVE CID:53 COLOR:RED\nActivating GDFS.. activated\n\nPhone Info (from GDFS):\nModel: W660i\nBrand: Sony Ericsson\nMAPP CXC article: R8BB001 prgCXC1250446_GENERIC_FY\nMAPP CXC version: R8BB001\nLanguage Package: C_ASIA\nCDA article: CDA102568/7\nCDA revision: R8A\nDefault article: cxc1250839\nDefault version: R6AD001\nSIMLOCKS NOT DETECTED\nProvider: 000-000\n\nShutdown phone\nDone\n```\n\u003c/details\u003e\n\n### Flashing firmware (flash):\nSupport only firmware with BABE format. bin, ssw, mbn, fbn.\n\n#### Flash main + filesystem firmware:\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn fs fs.fbn\n```\n\n#### Flash main + filesystem firmware + CDA upload:\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn fs fs.fbn cda cda.zip\n```\n\n#### Flash main only:\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn\n```\n\n#### Flash ARM firmware (DB1000):\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 115200 -a flash-arm T610_R6C005_TAE.arm\n```\n\n#### Flash AVR firmware (DB1000):\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 115200 -a flash-avr T610_R6C005_ASIAN_LAT_1_EN-ID-MS.bin\n```\n\n#### Flash filesystem only:\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash fs fs.fbn\n```\n\n#### Flash (upload) CDA only:\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash cda cda.zip\n```\n\n#### Cross-flash DB201x CID49 (example: K310 → W200)\nSome DB201x phones (e.g. K310) can be flashed with firmware from a different model (e.g. W200).\nThis requires enabling RSA-break, otherwise the flash is rejected due to CID mismatch.\n\n```sh\n$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main w200_main.mbn fs w200_fs.fbn cda w200_cda.zip --break-rsa\n```\n\n### Read flash (read-flash):\n\n#### Read 512 KB starting at 0x44000000 and save as RAW (.bin):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a read-flash start 0x44000000 size 0x80000\n```\n\n#### Read 0x10 blocks starting at 0x20100000 with anycid:\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a read-flash start 0x20100000 block 0x10 --anycid\n```\n\n#### Read 0x40000 bytes starting at 0x20100000 and save as BABE (.ssw):\n```sh\nseftool -p COM2 -b 921600 -a read-flash start 0x20100000 size 0x40000 save-as-babe --anycid\n```\n\n### Backup GDFS (read-gdfs):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a read-gdfs\n```\n\n### Restore GDFS from file (write-gdfs):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a write-gdfs ./backup/gdfs.bin\n```\n\n### Write GDFS script (write-script):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a write-script secsunitbackup.txt\n```\n\n### Write VKP patch (write-script):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a disable_setup_wizard.vkp no_simcard.vkp\n```\n\n### Write VKP patch with anycid exploit (write-script):\n```sh\n$ .\\seftool.exe -p COM2 -b 921600 -a disable_setup_wizard.vkp no_simcard.vkp --anycid\n```\n\n### Unlock usercode:\n```sh\n# Linux\n./seftool -p /dev/ttyUSB0 -b 921600 -a unlock usercode\n\n# Windows:\n.\\seftool.exe -p COM2 -b 921600 -a unlock usercode\n```\n\n### Upload filesystem (fsx-upload)\n\n#### Upload a local directory or a zip archive to the phone filesystem.\n\n- If `dest` is provided, files are placed under that phone directory.\n- If `dest` is `/` (default), the tool preserves the relative path inside the source directory.\n- You may pass a single directory or a single `.zip` file as the source.\n\n##### Upload a local directory into a specific phone directory:\n```sh\n# Upload local directory \"./Z530\" into /tpa/preset/system/language on the phone\n.\\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./Z530 dest /tpa/preset/system/language\n```\n##### Upload a local file(s) into a specific phone directory:\n```sh\n# Upload local file \"./file1.txt\" \"../file2.txt\" into /tpa/user/other on the phone\n.\\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./file1.txt ../file2.txt dest /tpa/user/other\n```\n##### Upload a ZIP archive and extract its contents on the fly (dest defaults to root):\n```sh\n# Extract ZIP to ./tmp then upload files preserving internal paths (default dest is root '/')\n.\\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./Z530i_CDA102462_75_R1A_Generic_Trade_Indonesia.zip\n```\n##### Upload from local directory but place all files directly under the given destination:\n```sh\n# Put the contents of ./lang directly into /tpa/preset/system/language\n./seftool -p /dev/ttyUSB0 -b 921600 -a fsx-upload src ./lang dest /tpa/preset/system/language\n```\n\n### Upload anycid bypass package (upload-anycid) : auto detection, do identify first\n```sh\n./seftool -p /dev/ttyUSB0 -b 921600 -a upload-anycid\n```\n\n### Download filesystem (fsx-download)\n\n##### Download an internal FS directory into a specific local directory:\n```sh\n.\\seftool.exe -p COM2 -b 921600 -a fsx-download src /tpa/preset/system/language' dest ./lng\n```\n\n##### Download an internal FS file(s) into a specific local directory:\n```sh\n.\\seftool.exe -p COM2 -b 921600 -a fsx-download src /tpa/preset/system/settings/splash' dest ./startup\n```\n\n### Convert firmware(BABE format) to RAW binary:\n```sh\n$ ./seftool -a convert babe2raw Z310_R8BA024_prgCXC1250594_GENERIC_AL.PNX5230_CID53_RED.mbn\n```\n\n### Convert RAW binary to BABE format:\n```sh\n$ ./seftool -a convert raw2babe prgCXC1250594_GENERIC_AL.bin 0x20100000\n```\n\n---\n\n## Disclaimer\nThis software is provided **\"as is\"**, without any warranty of any kind.\nUsing `seftool` may permanently damage your device if used incorrectly.\n\n- Always make backups before writing to flash or GDFS.\n- The authors and contributors are **not responsible** for any data loss, malfunction, or device damage caused by this tool.\n- Interruption during flashing or GDFS operations will not permanently brick the phone, but it may leave it in a corrupted state until reflashed.\n- Use at your own risk.\n\n---\n\n## Notes\n* Do identify first before other operation\n* Backups are automatically saved in a backup/ directory when using identify, read-gdfs, write-gdfs, or read-flash.\n* Use a stable power supply(battery 50%++) and reliable serial connection when flashing to avoid bricking the phone.\n* **DB2000** has max **460800** baudrate.\n* Restore firmware files are included in `./rest` (packaged alongside the executable).\n `.rest` files are generated with **mkrest2** by **den_po**.\n* Anycid package files are included in `./anycid` (packaged alongside the executable).\n* Only support bin firmware for **flash-avr** right now.\n* **flash-arm** only support max baudrate **115200**\n* AVR devices only support firmware with raw/bin format.\n---\n\n## TODO\n1. ~~CDA upload (flash customization).~~\n2. Complete operation for phone with CID16 and ~~CID29~~ (DB2000 \u0026 DB2010)\n3. ~~VKP patching~~\n4. ~~Break RSA RED49 DB2000 \u0026 DB2010~~\n5. Patch DB2000 CID29\n6. ~~Read file(s) / directory from FS~~\n7. Implement *mkrest* action\n8. SIM unlock by patch\n9. Fix SBN Flash on Ericsson and early SE AVR devices\n10. ...\n\n---\n\n## Contributing\nContributions are welcome!\nYou can help by:\n- Reporting bugs or issues via GitHub Issues\n- Adding support for new chipsets or features\n- Improving documentation and usage examples\n- Submitting pull requests with bug fixes or enhancements\n\nTo contribute:\n1. Fork the repository\n2. Create a new branch for your feature or fix\n3. Make your changes and add tests if applicable\n4. Submit a pull request for review\n\nPlease follow existing code style (C99, consistent formatting, warnings enabled).\n\n---\n\n## Credits\n- [**the_laser**](https://support.setool.net/) – setool creator\n- [**den_po**](https://github.com/justdanpo) - jdflasher creator\n- **phoneXS team** - xs++ creator\n- **fixeria** - help with gdfs format structure\n- **B-Con** – [crypto-algorithms](https://github.com/B-Con/crypto-algorithms) (SHA1 implementation)\n\n## License\n[MIT License](LICENSE) – free to use and modify.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarid1991%2Fseftool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffarid1991%2Fseftool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarid1991%2Fseftool/lists"}