███████╗███████╗███████╗████████╗ ██████╗ ██████╗ ██╗
██╔════╝██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔═══██╗██║
███████╗█████╗ █████╗ ██║ ██║ ██║██║ ██║██║
╚════██║██╔══╝ ██╔══╝ ██║ ██║ ██║██║ ██║██║
███████║███████╗██║ ██║ ╚██████╔╝╚██████╔╝███████╗
╚══════╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝
A command-line utility for flashing, unlocking, and managing Sony Ericsson phones (A1 platform) over a serial connection.
Supports firmware flashing and patching, GDFS (phone data) backup/restore, flash reading, and basic unlock operations.
- Identify connected Sony Ericsson phone
- Flash main and filesystem firmware
- Read raw flash memory
- Backup and restore GDFS (phone settings/data)
- Unlock phone (usercode, simlock planned)
- Patch firmware
- Cross-platform (Linux/Windows, built with CMake + libserialport)
- CMake 3.10+
- C compiler:
- Linux/macOS: GCC or Clang
- Windows: MinGW (recommended)
Required runtime/build libraries:
- Debian / Ubuntu
sudo apt update
sudo apt install build-essential cmake pkg-config libserialport-dev zlib1g-dev libbz2-dev libminizip-dev- Fedora
sudo dnf install gcc make cmake pkg-config libserialport-devel zlib-devel bzip2-devel minizip-devel- Arch Linux
sudo pacman -S --needed base-devel cmake libserialport zlib bzip2 minizip- macOS (Homebrew)
brew install cmake pkg-config libserialport zlib bzip2 minizip- Windows (MSYS2 / MinGW64)
pacman -Syu
pacman -S --needed mingw-w64-x86_64-toolchain mingw-w64-x86_64-cmake \
mingw-w64-x86_64-libserialport \
mingw-w64-x86_64-zlib mingw-w64-x86_64-bzip2 mingw-w64-x86_64-minizipgit clone https://github.com/farid1991/seftool.git
cd seftool
mkdir build && cd build
cmake ..
cmake --build . --config Releasegit clone https://github.com/farid1991/seftool.git
cd seftool
mkdir build && cd build
/mingw64/bin/cmake -G "MinGW Makefiles" ..
mingw32-makeUsage: ./seftool -p <port> [-b <baudrate>] -a <action>Options:
-p, --port <name> Serial port name (e.g. COM2, /dev/ttyUSB0)
-b, --baud <rate> Baudrate (default: 115200)
-a, --action <action> Action:
identify
flash [main <file>] [fs <file>] [cda <file>]
read-flash start <addr> size <bytes> OR block <count>
[save-as-babe]
read-gdfs
write-gdfs <filename>
write-script <file1> [file2 ...]
unlock <usercode|simlock>
fsx-upload src <local path/file/zip> [dest <fs path>]
fsx-download src <fs path>/<file> [dest <local path>]
upload-anycid
convert babe2raw <filename>
convert raw2babe <filename> <addr>
Global options:
--anycid Ignore CID restrictions (DB2012/DB2020/PNX5230)
--break-rsa Break RSA on DB2000 & DB2010 RED49
-h, --help Show this help message
| Action | DB2000 | DB201x | DB2020 | PNX5230 |
|---|---|---|---|---|
| identify | OK | OK | OK | OK |
| flash | OK | OK | OK | OK |
| read-flash | CID29,36,49 | CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |
| read-gdfs | OK | OK | OK | OK |
| write-gdfs | OK | OK | OK | OK |
| write-script[gdfs] | OK |
OK | OK | OK |
| write-script[vkp] | CID36,49 | CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |
| unlock-usercode | OK | OK | OK | OK |
| unlock-simlock | TODO | TODO | TODO | TODO |
| upload-anycid | NOTHING | OK | OK | OK |
| fsx-upload | OK | OK | OK | OK |
| fsx-download | OK |
CID29,36,49 + ANYCID | BROWN49+ANYCID | ANYCID |
Backup security units on first operation.
$ .\seftool.exe -p COM2 -b 921600 -a identifyoutput
Port: COM2
Baudrate: 921600
Action: identify
Powering phone
Waiting for reply (30s timeout):
30 seconds remaining...
Connected
Detected Sony Ericsson
Chip ID: 9900, Platform: DB2020
EMP Protocol: 03.01
SPEED: 921600
LDR: 071130 1150 NPACXC1250330_DB2020_PRODUCTIONIDLOADER_P3M
FLASH ID: 0x897e (Intel)
OTP: LOCKED:1 CID:51 PAF:1 IMEI:35958401******
ACTIVE CID:53 COLOR:RED
Activating GDFS.. activated
Phone Info (from GDFS):
Model: W660i
Brand: Sony Ericsson
MAPP CXC article: R8BB001 prgCXC1250446_GENERIC_FY
MAPP CXC version: R8BB001
Language Package: C_ASIA
CDA article: CDA102568/7
CDA revision: R8A
Default article: cxc1250839
Default version: R6AD001
SIMLOCKS NOT DETECTED
Provider: 000-000
Shutdown phone
DoneSupport only firmware with BABE format. bin, ssw, mbn, fbn.
$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn fs fs.fbn$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn fs fs.fbn cda cda.zip$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main main.mbn$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash fs fs.fbn$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash cda cda.zipSome DB201x phones (e.g. K310) can be flashed with firmware from a different model (e.g. W200).
This requires enabling RSA-break, otherwise the flash is rejected due to CID mismatch.
$ ./seftool -p /dev/ttyUSB0 -b 921600 -a flash main w200_main.mbn fs w200_fs.fbn cda w200_cda.zip --break-rsa$ .\seftool.exe -p COM2 -b 921600 -a read-flash start 0x44000000 size 0x80000$ .\seftool.exe -p COM2 -b 921600 -a read-flash start 0x20100000 block 0x10 --anycidseftool -p COM2 -b 921600 -a read-flash start 0x20100000 size 0x40000 save-as-babe --anycid$ .\seftool.exe -p COM2 -b 921600 -a read-gdfs$ .\seftool.exe -p COM2 -b 921600 -a write-gdfs ./backup/gdfs.bin$ .\seftool.exe -p COM2 -b 921600 -a write-script secsunitbackup.txt$ .\seftool.exe -p COM2 -b 921600 -a disable_setup_wizard.vkp no_simcard.vkp$ .\seftool.exe -p COM2 -b 921600 -a disable_setup_wizard.vkp no_simcard.vkp --anycid# Linux
./seftool -p /dev/ttyUSB0 -b 921600 -a unlock usercode
# Windows:
.\seftool.exe -p COM2 -b 921600 -a unlock usercode- If
destis provided, files are placed under that phone directory. - If
destis/(default), the tool preserves the relative path inside the source directory. - You may pass a single directory or a single
.zipfile as the source.
# Upload local directory "./Z530" into /tpa/preset/system/language on the phone
.\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./Z530 dest /tpa/preset/system/language# Upload local file "./file1.txt" "../file2.txt" into /tpa/user/other on the phone
.\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./file1.txt ../file2.txt dest /tpa/user/other# Extract ZIP to ./tmp then upload files preserving internal paths (default dest is root '/')
.\seftool.exe -p COM2 -b 921600 -a fsx-upload src ./Z530i_CDA102462_75_R1A_Generic_Trade_Indonesia.zip# Put the contents of ./lang directly into /tpa/preset/system/language
./seftool -p /dev/ttyUSB0 -b 921600 -a fsx-upload src ./lang dest /tpa/preset/system/language./seftool -p /dev/ttyUSB0 -b 921600 -a upload-anycid.\seftool.exe -p COM2 -b 921600 -a fsx-download src /tpa/preset/system/language' dest ./lng.\seftool.exe -p COM2 -b 921600 -a fsx-download src /tpa/preset/system/settings/splash' dest ./startup$ ./seftool -a convert babe2raw Z310_R8BA024_prgCXC1250594_GENERIC_AL.PNX5230_CID53_RED.mbn$ ./seftool -a convert raw2babe prgCXC1250594_GENERIC_AL.bin 0x20100000This software is provided "as is", without any warranty of any kind.
Using seftool may permanently damage your device if used incorrectly.
- Always make backups before writing to flash or GDFS.
- The authors and contributors are not responsible for any data loss, malfunction, or device damage caused by this tool.
- Interruption during flashing or GDFS operations will not permanently brick the phone, but it may leave it in a corrupted state until reflashed.
- Use at your own risk.
- Do identify first before other operation
- Backups are automatically saved in a backup/ directory when using identify, read-gdfs, write-gdfs, or read-flash.
- Use a stable power supply(battery 50%++) and reliable serial connection when flashing to avoid bricking the phone.
- DB2000 has max 460800 baudrate.
- Restore firmware files are included in
./rest(packaged alongside the executable).
.restfiles are generated with mkrest2 by den_po. - Anycid package files are included in
./anycid(packaged alongside the executable).
CDA upload (flash customization).- Complete operation for phone with CID16 and
CID29(DB2000 & DB2010) VKP patchingBreak RSA RED49 DB2000 & DB2010- Patch DB2000 CID29
Read file(s) / directory from FS- Implement mkrest action
- SIM unlock by patch
- ...
Contributions are welcome!
You can help by:
- Reporting bugs or issues via GitHub Issues
- Adding support for new chipsets or features
- Improving documentation and usage examples
- Submitting pull requests with bug fixes or enhancements
To contribute:
- Fork the repository
- Create a new branch for your feature or fix
- Make your changes and add tests if applicable
- Submit a pull request for review
Please follow existing code style (C99, consistent formatting, warnings enabled).
- the_laser – setool creator
- den_po - jdflasher creator
- phoneXS team - xs++ creator
- fixeria - help with gdfs format structure
- B-Con – crypto-algorithms (SHA1 implementation)
MIT License – free to use and modify.