We reverse-engineered the remaining Sony Ericsson security protocols by analyzing original SEMC service firmwares and brute-forcing the last obfuscated SIM-lock routines. "Phase 2" in our roadmap refers to full factory SIM unlock + bootloader patch without testpoint damage .
A: Yes, if you perform a full unlock + debrand. Use the Clean Customization button. Aerix v0.99 - Unlocking Sony Ericsson 2
P.S. If your phone hard-bricks, short C123 and C124 on the PCB for 2 seconds. That resets the security zone. Not all heroes use testpoints. Use the Clean Customization button
We discovered that SEMC’s loader (version 3.2.4.5) has a during GDFS write operations. By sending a malformed WRITE_GDFS command with a specific nonce (derived from phone’s internal RSA modulus), the loader jumps to an insecure RAM routine instead of aborting. That resets the security zone
We release this not for profit, but for preservation. Thousands of these phones still exist in drawers around the world. Give them a second life.