Finally getting round to replying. I finished the key fob on Monday.
It turned out a bit of a faff, but ultimately it was more luck I think than anything. We purchased a "Volcano Box" (£116 ish) and using this it gave us a full extraction, but I think it was probably the same as the Chinex (I'm not 100% sure - it gave a difference hash value each time) but we tried Chinex again and it kept failing… maybe we got lucky the first time?
Anyway, one of the lads here wrote a little 7-Bit String reader a while back that runs in XACT and that found some plain text strings. They were text massages and after some digging we found a mobile number next to them. However it was guess work as we spotted what looked like a number starting with 44 (then the correct length of digits) but it was reverse nibble, so once we figured this it was clear to see it was 4475****etc. However, that is all we got, no names, dates, times etc. and they could even be service centre numbers, but its better than nothing.
We didn't find the IMEI number in the hex dump either and we knew the last 4/5 digits of this, so it was clearly encoded somewhere.
So all in all, not what we wanted, but better than nothing.
The volcano Box was quite good for its price and the latest firmware has a dropdown list of MTK phones and the BMW X6 key fob was there, but the function didn't work. Shame. Its defo something I will use again. I think there are numerous other boxes all probably similar as jaclaz posted on the thread.
Hope this helps. They are definitely an awful phone and I hope I don't see one again for a while! )
Thanks for the replies. I wish I had more time/money to try all the different boxes, but you know how these things are, they want the info ASAP. I probably could of spent a few more days in an ideal world playing/messing with it. Until the next time anyway. Hopefully the next BMW Key Fob will come from a more pleasant location )
Anyone had extract RLG handphone model R7 before?
There is a link to the model phone website
http//