• work with a telephone through SKEY, BOOTKEY or testpoint
• reading and writing flash memory of the phone
• backup and restore of fullflash or its parts (filesystem, firmware, EEPROM)
• quick restore: only changed blocks are restored
• calculation of phone service codes (SKEY and BOOTKEY) with midlet or testpoint
• entering SKEY into phone and removing it
• flash memory map
• works at speed from 57600 to 1600000 baud
• generation of loaders for V_Klay
• working with fullflash image instead of the real phone
• additional features: FFS format, change name of the phone

• Siemens C65, CX65, M65, CX70, C72, C75, CX75, CF75, M75, ME75, S65, SL65, S75, SL75, SK65, SP65
• Benq-Siemens S68, C81, M81
• Benq-Siemens* EL71, E71

Probably this list is incomplete. If your phone is SGold-based, probably flasher will work with it. Phones on Benq platform are not supported, and their support is not planned.
With phones of old series (45,55,60) and A-series, use Freia and V_Klay. If you have some new phone don't know whether it's on SGold platform, look at its keyboard - in SGold-based phones a space character is on the button 1 (although this, certainly, not 100% sign)

* EL71 with fw 37 and higher and E71 use new key algorithm. For this time you can work with these phones only through testpoint.

Flasher can work with a phone only through a COM-cable or USB-cable with the USB-to-COM converter. A cable that goes in the package - DCA-540, it is clean USB-cable, flasher doesn't work with it. Most Chinese USB-cables work without problems. A simple test: cable must be recognized by a computer, even if a phone is not connected. Also in USB-to-COM cables you can see a small box in the middle of a cable. In the case of COM-cable, the power must go from the COM-port (you cannot check this by look).
Original cables DCA-510, DCA-512 does work; DCA-500, DCA-540 doesn't.
You cannot work with flasher via IRDA or bluetooth.

Flash - a chip of non-volatile memory. It contains firmware, bootcore, phone settings, filesystem.

Fullflash - a complete copy of flash memory. It has 32, 64 or 96 Mbytes size depending on the phone model. If you have fullflash backup, you can always recover your phone after bad patches or failures during flashing. Therefore fullflash backup is the first thing you should do before changing  anything in the phone.

Bootcore - initial loader, the most critical part of the flash. If bootcore is broken, you have to make testpoint to recover the phone. For this reason, write to bootcore is disabled by default; to override this, start flasher with /B switch.

Firmware - the phone's program code.

EEPROM - the individual settings of the phone (IMEI, boot key, GSM/GPRS settings, battery parameters...) Consists of two parts - EEFULL and EELITE. It's extremely undesirable to lose your own EEPROM, although it is possible to recover partially with PapuaUtils tool.

FFS - phone's file system that is accessible through MPM and other programs. Consists of three disks: 0: - user FFS, 1: - cache, 2: - system FFS. Disks 1: and 2: are visible only when SKEY is entered to phone.

Bootloader - the small program that is sent to phone by flasher when you're pressing the red button. It implements reading/writing of flash memory. To get your bootloader working, you need either BOOTKEY or SKEY of this phone.

SKEY - service key of  the phone, 8-digit number. After entering the SKEY to the phone, it is possible to use any bootloader; it also opens developer manu, access to disks 1: and 2:, access to protected blocks of EEPROM.

BOOTKEY - bootloadet authentication key, used for loading arbitrary bootloader into the phone. Unlike SKEY, it is not kept in the phone, but sent with bootloader.

HASH - unique 16-byte number. It is used for verification of the keys. Recorded in the bootcore.

ESN - unique serial number. It is kept in the one-time programmable region of the flash chip; it's impossible to change it.

Testpoint - a place on the PCB of the phone. Shorting it to the ground, one will be able to send any bootloader, without knowing the keys. You have to disassemble your phone to do this, of course this voids the warranty.

To make your phone "visible" to the flasher, you need to know SKEY or BOOTKEY. There are three methods to find them:

1. Using midlet (bsReader or px75v1).
Copy the bsReader midlet to the Applications folder in the phone (for S75/SL75 and Benq-Siemens phones) or px75v1 to Java\Jam\Applications (for older models), then launch the midlet from "Applications" menu. After 5-15 minutes midlet will show HASH and ESN.
Start flasher, choose "Keys" -> "Calculate SKEY and BOOTKEY", enter description of the phone, HASH and ESN. The calculation of the key lasts usually up to 10 minutes. The program also generates loader for V_Klay, copy it to <path_to_VKlay>\data\loaders. Now choose COM-port, speed and description of your phone, and press "Connect".
If you wish, you can enter SKEY to the phone ("Keys" -> "Enter SKEY").

About bsReader and px75v1: they use a bug in java, due to which you can directly read phone's memory. Midlet works not always stable, sometimes hangs up, sometimes generates Exception, sometimes turns the phone off. If you had not success first time, try again. Some day the java bug will be fixed. So, if the midlet generated the same Exception all the times, probably it was happen. Use methods 2 and 3.

2. If you already know SKEY for your phone, choose "Keys" -> "Enter SKEY". After entering the key, flasher works with the phone without additional actions.

3. If you don't know the key, and midlet doesn't work, the only variant is testpoint. You can find pictures of the testpoints for many phone models at http://allsiemens.com/testpoints. The testpoint have to be shorten to the ground through a 10-50 ohm resistor. You can use some metal thing, but take a big care, because shorting of wrong point on the PCB can put the phone out of service. Choose the "Testpoint" boot method in the flasher, press "Connect", then short the testpoint, push the red button, then release testpoint in 3 seconds. Now you can choose "Keys" -> "Calculate SKEY and BOOTKEY" (HASH and ESN has been already read from the phone).

ALWAYS MAKE A FULL BACKUP OF YOUR FLASH BEFORE DOING ANY CHANGES!!! FULLY CHARGE THE BATTERY BEFORE WORKING WITH FLASHER.

To work with phone, choose COM port, speed, boot key of your phone. A serial port with standard drivers supports up to 115200 kbps, for some motherboards you can achieve higher speeds using HiSerial driver. USB cables support up to 1600000 kbps, the real speed depends on quality of the cable.
In the list of boot keys, choose a key calculated for your phone. If you have entered SKEY into the phone, flasher will work with any boot key.
You can select "File" instead of real COM-port, in this case flasher will ask you to open fullflash image, it will work with it as with the real phone (sometimes it might be useful).

Backup: save an image of the flash or its part into a file with fbk extension. Flasher asks what do you want to backup - fullflash, bootcore, firmware, filesystem or EEPROM. You don't have to calculate address and length or memory region, flasher will do it for you.

Restore: write saved image from fbk file back to the flash. If you have fullflash image, you can restore only its part (for example, filesystem). To restore bootcore, start flasher with /B switch.
By default, flasher writes only blocks that have been changed, this speeds up the restore process in the case of small changes. You can choose "force write of unchanged blocks" option to override this.

Memory map: show the map of flash blocks in graphical view. You can compare current map of flash with fullflash image, flasher will mark changed blocks on the map.

Format FFS: this command formats disk 0: of the phone. After formatting, turn the phone on and wait a few minutes - the phone initializes filesystem.

Change phone model: this option can be useful, if you want to try the firmware from different phone. Use this option with caution, because it changes bootcore area.

Read flash, write flash: low-level work with flash. You have to specify address and length of the block. Keep in mind that flash memory is split into blocks (64k, 128k, or 256k, depends on flash chip and not always equal to the size of the block that shown in the flash map). For writing, address and length should be multiply of  block size, reading can be done with any address and length.

/L - show communication log
/B - enable writing to the bootcore (use with caution!)

THE PROGRAM IS PROVIDED "AS IS", WITHOUT A WARRANTY OF ANY KIND. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DAMAGE CAUSED BY USE OF THIS PROGRAM. YOU MAY NOT USE THIS PROGRAM OR ITS PARTS FOR COMMERCIAL PURPOSES WITHOUT AUTHOR'S PERMISSION.