Database Users

Cricket / MetroPCS Web/MMS Flash 8/9

This is for people using Eris on Alternate Carriers i.e NOT FOR PEOPLE USING VERIZON
This Flash will Setup Web/MMS for people on Cricket or MetroPCS. If there are other carriers that use a proxy that the U2NL solution works on, i can modify this approach for them as well.
Requirements:
1. Rooted Rom that supports IPTABLES and has been flashed and booted once
2. Download the file for your carrier from below
3. Flash the file you dowloaded for your carrier from your recovery console (i.e. Amon Ra, Clockwork etc.)
4. Download and install "Autostart (root)" from blank-online.eu in the Marketplace
5. After the phone reboots choose "Always Allow" to the SU prompt
6. Reboot 2x (some froyo roms take 2 reboots)
7. Done
Download:
Flashes For Clockwork Mod Recovery 3 (Edify Scripts)
Cricket v10 (For CWR3) Credit goes to hydrosity for converting to Edify Scripting
Cricket v9 (For CWR3) Credit goes to hydrosity for converting to Edify Scripting
Click to expand...
Click to collapse
Flashes For Clockwork Mod Recovery 2.5 or AmonRA (Amend Scripts)
Cricket v10:
Cricket v9 is currently lost until i can find an archive
Click to expand...
Click to collapse
Notes:
MMS is sent anonymously via this flash, if you need your MMS to show you as the sender before the message has been downloaded you can change your APN to this:
Code:
http://mms.mycricket.com/servlets/mms?X-Cricket-MDN=[COLOR="Red"]xxxxxxxxxx[/COLOR]
Replace the x's with your telephone number.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
MetroPCS no longer requires a proxy.
Please seen Endoki's thread here
He has built a flash that should correct MMS for MetroPCS users.
Click to expand...
Click to collapse
Revol v1:
(Need verification this works for you Revol folks)
i was unable to find the MNC for Revol so MMS may fail on cyanogen based roms, and i did not include U2NL as i could not find that Revol was running through a proxy.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Known Issues:
mms seems to be hit or miss for some people, please post according to the Reporting Bugs section if MMS is not working for you.
Reporting Bugs:
Please specify your:
1. Carrier (i.e. Cricket / MetroPCS etc.)
2. Phone Type (i.e. Eris/Hero/Evo/Droid/Droid X etc.)
3. Current Rom (i.e. DamageControl/EvilEris/Smoked Glass/Toast etc.)
4. Current Flash you are using from me (i.e. Cricket v9 / MetroPCS v3 etc)
5. What is not working
Known Good Roms:
Eris:
Ivan 1.0 Alpha (HTC Eclair)
ErisLightningBolt 2.8 (Eclair)
CELB Froyo 2.8 (Froyo)
Hero:
DamageControl v1.0 / v1.1
Evo:
Jiminy ** FULLY CUSTOM Cricket ROM **
Ava-FroyoV2RC3 ROM
Droid:
Bugless Beast 0.4
Incredible:
Cricket Incredible Rom (Built by me)
Virtuous v2.7
Custom rom for MetroPCS users (Based off CM6) ** CUSTOM MetroPCS ROM **
Click to expand...
Click to collapse
What this flash does:(You don't need to do any of this, it is just outlining what the flash file does)
1. Remove any instances of:
/system/bin/u2nl
/system/xbin/sqlite3
/data/opt/autostart.sh
/data/eri.xml
2. Push and set appropriate Permissions on:
/system/bin/u2nl (the program that makes routing traffic through the proxy possible)
/system/xbin/sqlite3 (some roms include this, but the permissions may not be set correctly)
/data/eri.xml (used to change the Carrier Display name on the lock screen and notification bar)
/data/opt/autostart.sh (used set the iptables and u2nl settings at boot)
3. Drop database tables and replace them with appropriate Carrier Settings in:
/data/data/com.android.providers.telephony/databases/telephony.db (the database that the MMS program looks at for carrier settings)
4. Updates to proper MNC and Carrier name in build.prop and eri.xml
Click to expand...
Click to collapse
Let me know if anything pops up and ill do my best to fix it. Feel free to repost and modify this but please give due credit to the folks on XDA and HoFo.
All of this work derives from The community on XDA and Howard Forums. Original solution was found on Howard Forums for the Moto Droid and i modified their approach into a flash for ease of access.

I just ordered cricket, and would like to have my Eris work on it, Should I follow this?

This is for people using Eris on Alternate Carriers i.e NOT FOR PEOPLE USING VERIZON
This Flash will Setup Web/MMS for people on Cricket or MetroPCS. If there are other carriers that use a proxy that the U2NL solution works on, i can modify this approach for them as well.
Requirements:
1. Rooted Rom that supports IPTABLES and has been flashed and booted once
2. Download the file for your carrier from below
3. Flash the file you dowloaded for your carrier from your recovery console (i.e. Amon Ra, Clockwork etc.)
4. Download and install "Autostart (root)" from blank-online.eu in the Marketplace
5. After the phone reboots choose "Always Allow" to the SU prompt
6. Reboot 2x (some froyo roms take 2 reboots)
7. Done
Download:
Cricket v10:
Cricket v9:
MMS is sent anonymously via this flash, if you need your MMS to show you as the sender before the message has been downloaded you can change your APN to this:
Code:
http://mms.mycricket.com/servlets/mms?X-Cricket-MDN=[COLOR="Red"]xxxxxxxxxx[/COLOR]
Replace the x's with your telephone number.
Click to expand...
Click to collapse
MetroPCS v3:
MetroPCS v3.5 Beta
Please specify you are using this beta if reporting bugs
(im specifically looking to see if you had MMS working prior, and now it stopped working)
Click to expand...
Click to collapse
Revol v1:
(Need verification this works for you Revol folks)
i was unable to find the MNC for Revol so MMS may fail on cyanogen based roms, and i did not include U2NL as i could not find that Revol was running through a proxy.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Known Issues:
mms seems to be hit or miss for some people, please post according to the Reporting Bugs section if MMS is not working for you.
Reporting Bugs:
Please specify your:
1. Carrier (i.e. Cricket / MetroPCS etc.)
2. Phone Type (i.e. Eris/Hero/Evo/Droid/Droid X etc.)
3. Current Rom (i.e. DamageControl/EvilEris/Smoked Glass/Toast etc.)
4. Current Flash you are using from me (i.e. Cricket v9 / MetroPCS v3 etc)
5. What is not working
Known Good Roms:
Eris:
Ivan 1.0 Alpha (HTC Eclair)
ErisLightningBolt 2.8 (Eclair)
CELB Froyo 2.8 (Froyo)
Hero:
DamageControl v1.0 / v1.1
Evo:
Jiminy ** FULLY CUSTOM Cricket ROM **
Ava-FroyoV2RC3 ROM
Droid:
Bugless Beast 0.4
Incredible:
Cricket Incredible Rom (Built by me)
Virtuous v2.7
Custom rom for MetroPCS users (Based off CM6) ** CUSTOM MetroPCS ROM **
Click to expand...
Click to collapse
What this flash does:(You don't need to do any of this, it is just outlining what the flash file does)
1. Remove any instances of:
/system/bin/u2nl
/system/xbin/sqlite3
/data/opt/autostart.sh
/data/eri.xml
2. Push and set appropriate Permissions on:
/system/bin/u2nl (the program that makes routing traffic through the proxy possible)
/system/xbin/sqlite3 (some roms include this, but the permissions may not be set correctly)
/data/eri.xml (used to change the Carrier Display name on the lock screen and notification bar)
/data/opt/autostart.sh (used set the iptables and u2nl settings at boot)
3. Drop database tables and replace them with appropriate Carrier Settings in:
/data/data/com.android.providers.telephony/databases/telephony.db (the database that the MMS program looks at for carrier settings)
4. Updates to proper MNC and Carrier name in build.prop and eri.xml
Click to expand...
Click to collapse
Let me know if anything pops up and ill do my best to fix it. Feel free to repost and modify this but please give due credit to the folks on XDA and HoFo.
All of this work derives from The community on XDA and Howard Forums. Original solution was found on Howard Forums for the Moto Droid and i modified their approach into a flash for ease of access.

oh okay, So This needs to be done first and right after I can do this?

Thanks for trying to give us a solution!
I tried flashing the Metro one, and got this in RA:
E:Syntax error in update script
Installation aborted.

Will this work with revol wireless?
Sent from my FroyoEris using XDA App

jessebwallace said:
Thanks for trying to give us a solution!
I tried flashing the Metro one, and got this in RA:
E:Syntax error in update script
Installation aborted.
Click to expand...
Click to collapse
Ill get this corrected and updated, thanks for trying.
** EDIT **
both scripts initially had an error in my syntax, i have corrected and updated, should be working 100% now. Let me know if it doesnt work

frenize said:
Will this work with revol wireless?
Sent from my FroyoEris using XDA App
Click to expand...
Click to collapse
Ill look to see if i can get one working for your carrier.
EDIT:
posted Revol Flash, did not see any indication that Revol goes through a proxy so there were no U2NL or iptables set, let me know how it works out.

Apologies in advance if this is an inane question. Will these procedures also work to get the HTC Hero onto Cricket? Or does this only work for HTC Eris?
Thank you kindly,
Mike

Realm said:
oh okay, So This needs to be done first and right after I can do this?
Click to expand...
Click to collapse
3. PST (dial ##778 on your phone, pw 000000) settings already entered correctly and showing 3G or EV icon >> see guide here: http://www.howardforums.com/showthread.php?t=1630517
Exactly

nofunsally said:
Apologies in advance if this is an inane question. Will these procedures also work to get the HTC Hero onto Cricket? Or does this only work for HTC Eris?
Thank you kindly,
Mike
Click to expand...
Click to collapse
Should work fine for the Hero/Evo/Incredible/Eris As far as i know, let me know if it doesnt work and ill see what i can do.

hello,
thanks for the update. my question it says in the first post that you must remove all the other u2nl, autostart and a few others??? how would i go about removing those in order to put this on my HTC HERO? and How would i put this onto my HTC HERO? i mean would i push it or what? and i forgot the commands if you could list it PLEASE. Thanks in advance man!

t12icky0 said:
hello,
thanks for the update. my question it says in the first post that you must remove all the other u2nl, autostart and a few others??? how would i go about removing those in order to put this on my HTC HERO? and How would i put this onto my HTC HERO? i mean would i push it or what? and i forgot the commands if you could list it PLEASE. Thanks in advance man!
Click to expand...
Click to collapse
This is a flash that you flash from your recovery console in your phone, once you flash this it takes care of the u2nl and autostart and whatnot.
The part you are reading is just me stating what the flash automates.

token419 said:
This is a flash that you flash from your recovery console in your phone, once you flash this it takes care of the u2nl and autostart and whatnot.
The part you are reading is just me stating what the flash automates.
Click to expand...
Click to collapse
ohh...ok cool..so i just need to do the update on the recovery then flash this? BTW thanks for all your help and work on this.
***edit*** from the recovery menu shouldnt i just choose flash zip from sd card? i choose that then it says this
E:failure at line 7:
Copy_dir PACKASGE:system SYSTEM:
Installation Aborted.
WHAT SHOULD I DO?

t12icky0 said:
ohh...ok cool..so i just need to do the update on the recovery then flash this? BTW thanks for all your help and work on this.
***edit*** from the recovery menu shouldnt i just choose flash zip from sd card? i choose that then it says this
E:failure at line 7:
Copy_dir PACKASGE:system SYSTEM:
Installation Aborted.
WHAT SHOULD I DO?
Click to expand...
Click to collapse
I have verified all 3 files flash on my phone, my assumption is your download may have become corrupted, please redownload and try to flash again, also which carrier are you trying to flash to?
Let me know how it works out

token419 said:
I have verified all 3 files flash on my phone, my assumption is your download may have become corrupted, please redownload and try to flash again, also which carrier are you trying to flash to?
Let me know how it works out
Click to expand...
Click to collapse
im already on cricket and have the WEB, talk, text working but dont have MMS so i figured i would give this a try. i will redownload and try it again and let you know..THANKS!
EDIT....ok redownloaded..the file says 25.4kb size and 28kb size on disk. I just tried downloading it 3 times. transferred it over to my sd card so its on there 3 times and tried to flash each file and it still gives me the error i told you earlier. im on French Toast 2.1 if that matters?
AND I FORGOT to tell ya im on the HTC HERO!

Flashing using Amon-RA's recovery? Is Recovery a screen with a bunch of words on it, and it says RA-Recovery or Amon-RA Recovery at the bottom?
It *should* flash on Hero the same as Eris.
You could manually push those files where they're supposed to go.
FIRST do a nand backup from recovery. THEN...
Unzip that .zip file, take all the files out of folders in that .zip, and put them in your android SDK tools folder. So you want the following in your tools folder:
u2nl
sqlite3
autostart.sh
(eri.xml might not be the same for your Hero, that might be for Eris, but I could be wrong - but it's just the 'name' of the carrier anyway, not necessary for functionality)
Get Autostart from the market (from wifi, or find it on the internet, and download it, and put it on your phone from your computer)
Get APN Backup & Restore
Download some working Cricket APNs (see my link above, I should have a link to a working .xml file for that, put it on your SD card in the APNBackupRestore folder, or whatever the folder is called)
Open APN Backup & Restore
Backup APNs
Delete APNs
Restore APNs (select the Cricket APNs you downloaded and put in that folder on your sd card)
Then do the following from command line in your tools folder
adb remount
adb push u2nl /system/bin/u2nl
adb push sqlite3 /system/xbin/sqlite3
adb push autostart.sh /data/opt/autostart.sh
adb push eri.xml /data/eri.xml
adb reboot
Autostart should ask for root permissions, hit always allow
and you should be 100% fully functional on cricket.
Open that Proxy shortcut you have for your web to work, and make the server and port BLANK, you DON'T NEED the wap.mycricket.com port 8080 in there any more.

pkopalek said:
Flashing using Amon-RA's recovery? Is Recovery a screen with a bunch of words on it, and it says RA-Recovery or Amon-RA Recovery at the bottom?
It *should* flash on Hero the same as Eris.
You could manually push those files where they're supposed to go.
FIRST do a nand backup from recovery. THEN...
Unzip that .zip file, take all the files out of folders in that .zip, and put them in your android SDK tools folder. So you want the following in your tools folder:
u2nl
sqlite3
autostart.sh
(eri.xml might not be the same for your Hero, that might be for Eris, but I could be wrong - but it's just the 'name' of the carrier anyway, not necessary for functionality)
Get Autostart from the market (from wifi, or find it on the internet, and download it, and put it on your phone from your computer)
Get APN Backup & Restore
Download some working Cricket APNs (see my link above, I should have a link to a working .xml file for that, put it on your SD card in the APNBackupRestore folder, or whatever the folder is called)
Open APN Backup & Restore
Backup APNs
Delete APNs
Restore APNs (select the Cricket APNs you downloaded and put in that folder on your sd card)
Then do the following from command line in your tools folder
adb remount
adb push u2nl /system/bin/u2nl
adb push sqlite3 /system/xbin/sqlite3
adb push autostart.sh /data/opt/autostart.sh
adb push eri.xml /data/eri.xml
adb reboot
Autostart should ask for root permissions, hit always allow
and you should be 100% fully functional on cricket.
Open that Proxy shortcut you have for your web to work, and make the server and port BLANK, you DON'T NEED the wap.mycricket.com port 8080 in there any more.
Click to expand...
Click to collapse
Thanks for the suggestions.
We got him sorted out in PM's last night, it wasn't flashing due some user made customizations, once those were corrected it flashed fine.
MMS still was not working for him but i have him trying from a fresh flash which i assume should work fine.

yea man and you dont know how appreciated i am..doing your new method of clean install and will let you know in about 30 minutes whats goin on.
Thanks again guys for your help!

I originally used the v2 of this script some time ago, and it worked fine until last night for me, then abruptly web no longer works for my Eris on Cricket--and I didn't change a thing.
Today I tried the v8, and there is still no difference...has there possibly been any change in the proxy IP or something? Or could I possibly have some other problem, such as a hardware issue?
Regular voice and wifi work correctly. Any ideas?
-Ryan
P.S. I'm using Sense-able 3.1.

How to get the unlock codes if you have JPC rom

Download the normal unlock files before you do anything!!! You can find them in the forum.
KIES needs to be off...
1 - You need your phoned to be rooted
2 - Put your phone in usb debug mode
3 - Plug in the usb cable (don't use kies or storage mode)
4 - In the run window type CMD
5 - Go to the folder where you extracted the unlock files. Example c:\Generate Unlock Windows\Generate Unlock Windows
Type dir , you should see a file called adb.exe
6 - Type adb kill-server
Type adb shell
Type su (on your phone you should see the root explorer asking if you want to allow access, choose yes xD duh)
Type cp /efs/nv_data.bak /sdcard !!!IF this doesn't work type this!!!!----> cp /efs/.nv_data.bak /sdcard
Type cp /efs/nv_data.bak.md5 /sdcard !!!IF this doesn't work type this!!!!----> cp /efs/.nv_data.bak.md5 /sdcard
7 - Closed the window.
8 - The file with the code is now on your sdcard, start storage mode and copy the files to the c:\Generate Unlock Windows\Generate Unlock Windows folder (in windows xD)
Be sure that the nv_data.bak and nv_data.bak.md5 are in the same folder as sgux.exe
9 - Edit the Generate_Code.bat
Delete all the code and paste this:
@echo off
cls
echo ===============================================================
echo ===============================================================
echo Generate unlock code for any Samsung Galaxy S
echo ===============================================================
echo ===============================================================
echo Extract code
.\sgux .\.nv_data.bak
.\sgux .\nv_data.bak
echo ===============================================================
echo ===============================================================
echo Please donate to DagentooBoy for the script
echo Please donate to rbnet.it and marcopon for the SGUX utility used in the script
echo ===============================================================
echo ===============================================================
echo Script complete!
pause
10 - Your codes should appear! Save them and send them to you gmail account so you have them for life!
I TAKE NO CREDIT FOR THIS!!!! Just want to help!

Can you please Help me?
I flash & reflash several times, and still can´t resolve this.
I don't have any file with *bak* at this moment.
the files that I have:
# find /efs
find /efs
/efs
/efs/.android
/efs/.android/testAndroid1.bin
/efs/.android/testAndroid2.bin
/efs/.android/testAndroid3.bin
/efs/nv_data.bin
/efs/.imei
/efs/imei
/efs/imei/mps_code.dat
/efs/imei/bt.txt
/efs/imei/.nvmac.info
/efs/nv_data.bin.md5
/efs/.nv_state
/efs/nv_data.jpc
/efs/nv_data.jpc.md5
and de result to nv_data.bin:
E:\Generate Unlock Windows>sgux2 nv_data.bin
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <nv_data.bin>...
Searching code block...
Found.
Searching codes...
Network Control Key: 00000000
E:\Generate Unlock Windows>sgux2 nv_data.jpc
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <nv_data.jpc>...
Searching code block...
Found.
Searching codes...
Network Control Key: 00000000

I've tried to get the code with : .nv_data.bak, nv_data.bin, nv_jpc and bml3.bak. In each case, I got the code 00000000.

I found this in a forum hope this will help

quiron said:
I flash & reflash several times, and still can´t resolve this.
I don't have any file with *bak* at this moment.
the files that I have:
# find /efs
find /efs
/efs
/efs/.android
/efs/.android/testAndroid1.bin
/efs/.android/testAndroid2.bin
/efs/.android/testAndroid3.bin
/efs/nv_data.bin
/efs/.imei
/efs/imei
/efs/imei/mps_code.dat
/efs/imei/bt.txt
/efs/imei/.nvmac.info
/efs/nv_data.bin.md5
/efs/.nv_state
/efs/nv_data.jpc
/efs/nv_data.jpc.md5
and de result to nv_data.bin:
E:\Generate Unlock Windows>sgux2 nv_data.bin
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <nv_data.bin>...
Searching code block...
Found.
Searching codes...
Network Control Key: 00000000
E:\Generate Unlock Windows>sgux2 nv_data.jpc
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <nv_data.jpc>...
Searching code block...
Found.
Searching codes...
Network Control Key: 00000000
Click to expand...
Click to collapse
same result here, followed the procedure, ended up with network code 00000000. any help?

If you need help on unlocking a 2.2 device. Please contact me.

can anybody post a link to which normal unlock files are needed, there are too many unlock files in the forum

rhcp0112345 said:
If you need help on unlocking a 2.2 device. Please contact me.
Click to expand...
Click to collapse
Yes I need it, and I am certainly not the only one.
Can you publish a guide how to proceed ?

I did manage to get rid of this bloody unlocking problem after 9 hours of struggle. I followed the advice here:
http://forum.xda-developers.com/showthread.php?p=7946031#post7946031
I don't know how it worked, I don't care how it worked, its just that now i have a full working sgs with jp3 froyo software installed.
Next rom will definitely be official froyo, no more flic-flacs for me till then.

Fallback after a KOR productcode modification by firmware JPC
I've found a solution to my KOR problem after a JPC firmware upgrade :
History:
I've upgraded my SGS to JPC firmware (2.2). My phone product code has been changed to GT-I9000HKDKOR. Since my phone is simlocked, my local SIM (SFR in France) is not the same model than the phone (KOR), so it asked me an unlock code. I found no code to remove the simlock protection (sgux computed a 00000000 unlock code).
Solution I found :
- Downgrade the SGS to the firmware JM6 (2.1).
- Downloade the file /efs/nv_data.bin to your PC/LINUX/MAC (your phone need to be rooted !).
- Open it in a hexeditor -in fact I've used Windows' notepad++- and search for the "KOR" sequence. This sequence appears 2 times in the bin file. These are nearby each others.
- Change back the KOR sequence to your original product code (this can be found in regedit CURRENT USER / Software / Samsung / Kies / DeviceDB / [a number] / ProductCode). For my personal case, it is a SFR (France) phone, my product code is GT-I9000HKDSFR and a few chars before change KOR by SFR (or whatever your op. code is).
- Then you have to compute a md5sum on the modified nv_data.bin and store the md5 in a file called nv_data.bin.md5. Make sure your md5 file is exactly 32 bytes long, there is no CR/LF at the end of the line. md5sum is available for any plateform, for myself I did it on my Linux box which is my SAN.
- Next step : push back these 2 files in your /efs/ directory and reboot.
To make sure nothing is altered during the reboot process, I've removed the battery to switch off the phone. At the next reboot, no more SIM unlock code request. I've been able to place a call, my phone is back to life !
Can someone takes some time to do this trick on a 2.2 froyo JPC firmware ?
Hope this will help others...

gouroufr2000 said:
I've found a solution to my KOR problem after a JPC firmware upgrade :
History:
I've upgraded my SGS to JPC firmware (2.2). My phone product code has been changed to GT-I9000HKDKOR. Since my phone is simlocked, my local SIM (SFR in France) is not the same model than the phone (KOR), so it asked me an unlock code. I found no code to remove the simlock protection (sgux computed a 00000000 unlock code).
Solution I found :
- Downgrade the SGS to the firmware JM6 (2.1).
- Downloade the file /efs/nv_data.bin to your PC/LINUX/MAC (your phone need to be rooted !).
- Open it in a hexeditor -in fact I've used Windows' notepad++- and search for the "KOR" sequence. This sequence appears 2 times in the bin file. These are nearby each others.
- Change back the KOR sequence to your original product code (this can be found in regedit CURRENT USER / Software / Samsung / Kies / DeviceDB / [a number] / ProductCode). For my personal case, it is a SFR (France) phone, my product code is GT-I9000HKDSFR and a few chars before change KOR by SFR (or whatever your op. code is).
- Then you have to compute a md5sum on the modified nv_data.bin and store the md5 in a file called nv_data.bin.md5. Make sure your md5 file is exactly 32 bytes long, there is no CR/LF at the end of the line. md5sum is available for any plateform, for myself I did it on my Linux box which is my SAN.
- Next step : push back these 2 files in your /efs/ directory and reboot.
To make sure nothing is altered during the reboot process, I've removed the battery to switch off the phone. At the next reboot, no more SIM unlock code request. I've been able to place a call, my phone is back to life !
Can someone takes some time to do this trick on a 2.2 froyo JPC firmware ?
Hope this will help others...
Click to expand...
Click to collapse
You sir are brilliant... back to O2U here! ) I only needed to change one key entry as could find only the one KOR in my nv_data.bin... but otherwise... perfect! )
Thank you SOOOO much... had started worrying that I'd not get my product code back!

It also means that a simlocked phone can be used with another SIM by modifying the same way the nv_data.bin...
Anyway I wont update this phone to JPC. I'll await the next one... JPD seems to be online but no infos yet on the status of this firmware.

in which line did you find the KOR?
i cant find it? >_<

Greg82uk said:
You sir are brilliant... back to O2U here! ) I only needed to change one key entry as could find only the one KOR in my nv_data.bin... but otherwise... perfect! )
Thank you SOOOO much... had started worrying that I'd not get my product code back!
Click to expand...
Click to collapse
I'm clueless here, would you mind posting a step by step including the software used?

gouroufr2000 said:
I've found a solution to my KOR problem after a JPC firmware upgrade :
History:
I've upgraded my SGS to JPC firmware (2.2). My phone product code has been changed to GT-I9000HKDKOR. Since my phone is simlocked, my local SIM (SFR in France) is not the same model than the phone (KOR), so it asked me an unlock code. I found no code to remove the simlock protection (sgux computed a 00000000 unlock code).
Solution I found :
- Downgrade the SGS to the firmware JM6 (2.1).
- Downloade the file /efs/nv_data.bin to your PC/LINUX/MAC (your phone need to be rooted !).
- Open it in a hexeditor -in fact I've used Windows' notepad++- and search for the "KOR" sequence. This sequence appears 2 times in the bin file. These are nearby each others.
- Change back the KOR sequence to your original product code (this can be found in regedit CURRENT USER / Software / Samsung / Kies / DeviceDB / [a number] / ProductCode). For my personal case, it is a SFR (France) phone, my product code is GT-I9000HKDSFR and a few chars before change KOR by SFR (or whatever your op. code is).
- Then you have to compute a md5sum on the modified nv_data.bin and store the md5 in a file called nv_data.bin.md5. Make sure your md5 file is exactly 32 bytes long, there is no CR/LF at the end of the line. md5sum is available for any plateform, for myself I did it on my Linux box which is my SAN.
- Next step : push back these 2 files in your /efs/ directory and reboot.
To make sure nothing is altered during the reboot process, I've removed the battery to switch off the phone. At the next reboot, no more SIM unlock code request. I've been able to place a call, my phone is back to life !
Can someone takes some time to do this trick on a 2.2 froyo JPC firmware ?
Hope this will help others...
Click to expand...
Click to collapse
Looks promising!
Does it have to be JM6 or can JM7 work as well ?
Can anyone with JPC and a locked phone try this and report if it works ?
If we go back to JM6 do the editing and fix the product code then back it up on the PC, update to JPC and push this back to the phone this should work right ?
Any news if its possible to restore the IMEI ?

Ok I'm stupid and I can't make a md5 file of 32 bytes with md5summer for windows, somebody can help me?

edit de file with notepad and delete the 1st 3 lines and the count 32 bytes and delete all the rest.

I tried with JM7 with CSC_I9000TMNJM1 and there is no KOR sequence in nv_data.bin FILE. instead was already TMN, but still asking me for de unlock code.
I tried with JPC and still don't work .

quiron said:
I tried with JM7 with CSC_I9000TMNJM1 and there is no KOR sequence in nv_data.bin FILE. instead was already TMN, but still asking me for de unlock code.
I tried with JPC and still don't work .
Click to expand...
Click to collapse
It means your phone is configured as TMN (dont know which country it is) but if it asks you for unlock code => your SIM is not TMN.
Change TMN to whatever your SIM is... Check in regedit for a history. Anyway downgrade to a previous firmware because JPC is suspected of breaking the nv_data.bin
I don't know if this trick works with another firmware, but theorically it should works the same way...
Nb: do not delete any line in your nv_data.bin ! This is a stupid remark, it can brick your phone.

the solution to 00000000 unlock code
finaly the solution to 00000000 unlock code
http://forum.xda-developers.com/showpost.php?p=7957950&postcount=10
or
http://forum.xda-developers.com/showthread.php?p=7957950&posted=1#post7957950
works to me.

Restore Product ID to AT&T Captivate nv_data.bin

********NOTE*********
i have included a few of the tools you will need as attachments to this post. I will not take any credit for these programs as i was not the developer for them... these people work too hard to have anyone steal their credit... please give credit where credit is due!​Your nv_data.bin file and its matching nv_data.bin.md5 files are located on your phone in /efs/
All references that i make to "sd card" or "/sdcard/" refer to your phone's internal SD Card, not an external SD card that you may have installed.
I have created a windows batch file that you can run and it will extract your entire /efs/ folder from your phone to your PC. I am currently working on the batch script to move the edited nv_data.bin files back to your/efs/ folder and do the other adb stuff.
attached is the EFS Extractor.zip file that contains the ADB files and the batch script.
The product code for your AT&T Captivate is: SGH-I897ZKAATT
WARNING… I AM NOT RESPONSIBLE IF YOU BREAK YOUR PHONE FOLLOWING ANY OF THESE INSTRUCTIONS
The Attached EFS Extractor.zip file contains the necessary adb file and a couple batch files. "retrieve efs.bat" copies your entire /efs/ folder to your PC in a folder called /efs_bkup/ in the directory where you unzipped the file and ran the batch program from. The file "update nv_data.bat" takes your edited nv_data.bin file from the root directory where you ran the .bat file from and places in in your phone's /efs/ folder and removes the old copies from your phone... when it is done, it will power cycle your phone.
To fix your nv_data.bin, you will have to have access to the following tools:
A hex editor (search google for hex editors, they have tons of them that are free… I use one called HexEdit and i have it attached)
GalaxyS_One-Click_Root_All_Models (available via XDA-Developers... attached)
ADB (Android Debugging Bridge) This is available by getting the Android SDK at the Android Developers Website (http://developer.android.com/sdk/index.html) or if you downloaded the Galaxy S One Click Root, it is in the directory where you unzipped the files.
BusyBox – Search the google market for “BusyBox”. It will appear and will be the free one from stericson (i have included the .apk as an attachement)
Odin One-Click Downloader (available from XDA)… make sure you get the correct one. There are 2 versions. If you batch number is 1008 then you need the one with the 3-button fix, if you batch number is greater than 1008 then you should need the regular one. Your batch number is written on the sticker on your phone under your battery on the left side right under the words “S/N” where your serial number is listed.
Samsung Kies Mini (gotten from Samsung website)
Download the attached EFS Extractor .zip file. It contains everything you need to copy your /efs/ folder to your PC
Now for what you need to do to get your phone’s nv_data.bin back to normal:
Flash back to stock and then do a master clear using Odin One Click
put phone into USB debugging mode and also check the setting to "stay awake"
connect phone to PC and root and install busybox
extract the attached EFS Extractor.zip file and run the "retrieve efs.bat" file. This will copy your entire /efs/ folder from your phone to your PC in a direcotry called ./efs_bkup/
Using the Hex Editor, edit the file ./efs_bkup/efs/nv_data.bin on your PC to have the correct product code SGH-I897ZKAATT. do an ASCII search for "SGH" to locate the line in the file that contains your product key. then save the edited file to ./nv_data.bin (the root directory where you extracted your ZIP file to on your PC)
run the file "update nv_data.bat" to copy your corrected nv_data.bin to your phone's efs folder and chown it and reboot your phone
change USB Settings on phone back to Kies then open Kies Mini and connect phone.
you should now be able to connect to Kies Mini and not have unregistered device... now would be a good time to back_up your /EFS/ folder... you can now either do Odin One-Click and a master clear, or flash a different rom. You should do Odin if you want to use Kies to get updates to be 100% stock to remove your root and busybox.
The general overview what what you need to do is this for those of you that want to know and/or use other tools to do this
Copy your /efs/nv_data.bin file from your phone to your PC
Use a hexeditor to modify the line in the nv_data.bin file that contains the productcode to contain your correct product code
delete any nv_data.* files from your /efs/ folder on your phone
copy the corrected nv_data.bin file from your PC to your /efs/ folder on your phone
busybox chown 1001:1001 /efs/nv_data.bin
reboot phone
Done!
Now, when you backup your /efs/ folder to your PC you may see files like nv_data.bak and nv_data.bak.md5. Using a hexeditor, open the nv_data.bak file and look at the line that has the product code (ASCII values starting wtih SGH)... if the product code in the .bak file is correct, then delete the nv_data.bin and nv_data.bin.md5 from your /efs/ folder on your phone and reboot your phone. Your phone should then create new .bin and .bin.md5 files from the .bak and .bak.md5 files that will have the proper productcode. You can also optionally rename the .bak and .bak.md5 files on your PC to be .bin and .bin.md5 and copy them to your /efs/ folder on your phone.
You can view what Kies is reading your productcode as by opening your windows registry editor Start>Run>regedit[enter]
Connect phone to PC in Kies(Firmware) mode
Navigate to HKEY_CURRENT_USER/Software/Samsung/KiesMini/FUS
Look at the key "PRODUCTKEY" and what it's value is... if it is correct, then you are good. If not, then something went wrong somewhere.
If you have issues please post the issues you are having and I will update as necessary.
Here is a link to a different thread that contains a program and instructions for restoring your unlock codes if that is what you are trying to do. The .jar (java program is written in frech, but it only asks for the codes you want to use for your unlock codes... i did not make this program so I cannot help you with it.
http://forum.xda-developers.com/showpost.php?p=8983897&postcount=103

Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle

Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103

mattbeau said:
Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
Click to expand...
Click to collapse
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get generated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to. I have never had the .bak files in my /efs/ folder so i haven't ever been that lucky.

devz3r0 said:
Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle
Click to expand...
Click to collapse
Yeah, looking at it quickly it looks like all the instructions are correct... maybe abbreviated too much... Thanks for that... i will update with instuctions similar.... i have to remember that there are those folks that have never used adb or know what it is. I will credit you in my update tomorrow. I am used to where i work we have people that use computers that don;t know how to power them on and off so they just leave them on all the time... i have to be very specific on my instructions that i tell them so they can understand... a two second task becomes an all-day event. Just something i am used to doing.
I will be working on a dos script (.bat) file that will do most of the adb stuff so then the users only need a few things to do and just let the scripts take care of the rest.

hansonmi said:
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get greated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to.
Click to expand...
Click to collapse
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help

mattbeau said:
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help
Click to expand...
Click to collapse
Yeah... the problem is that not everyone knew to do it before flashing as a lot of the ROM pages don't say it (I was one of them that never knew about it)... i knew what the java was saying but since i don't have an unlocked phone, i had no way of testing it to see if it worked for me or not... and on top of that it didn't work with restoring my productcode (i know that becuase i couldn't use Kies until i did things manually)... I tell people to rename the files, becuse i am assuming they copy the contents of their /efs/ folder to a PC or something... then they just have to delete the nv_data files from /efs/ on their phone, and rename the .bak files on their PC and copy them back to their phone's /efs/ so they still have a copy of their original files saved on their PC... plus i don't like relying on the phone doing the renaming because if it doesn't no one will know what went wrong...

Working on Windows Batch (.bat) script
I will be working on doing a windows .bat script that will do most of the dirty work for you... it may take a couple days because where i work the end of the year is the busiest time for me and i don't have a lot of time between work during the week.
I will make the script an attachment and will hopefully be able to zip with the abd files to make life a little easier for everyone.
Thanks for the input everyone.

What line
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks

Worked great, followed steps exactly as outlined didn't have any problems. Thanks again for this, I've been wanting to have a proper backup of efs folder with correct product code, but could never change it back.

Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.

Big thanks for posting this.
I'll give this a shot prior to flashing Axura 2.5.

Thanks hansonmi! I got it updated with kies. I done it a lil diffent using root explorer to move files around and used hexeditor to edit files and root explorer to copy back.

great guide.
wish this would have been around the first time i ran into this problem as it was a headache when it happened and the threads and advice on fixing were so fragmented within the forum threads.
The only thing i did differently was that i didn't use ADB on a pc at all during the process (I completed the process using both Root Explorer and Terminal Emulator on my phone and copying files to pc via mounting the phone and its storage as disk drives).
(PS before doing any of this i backup up my efs folder first to my external SD using root explorer and then to my pc via mounting the phones storage)
1. I had already copied my nv_data.bin file to external SD when backing up EFS folder.
2. Connected to pc via usb and mounted for storage (with debugging on)
3. copid nv_data to pc
4. used PsPad to edit the nv_data file in accordance with previous instruction in this thread. (I highly recommend PSpad as a hex editor. Its nice that you can switch back and forth between hex and text editor views) See PS in the end for using PSpad hex editor to find the line you need to edit. That seemed to be the only thing that needed clarified.
5. copy nv_data.bin back to the root directory of external sd
6. use root explorer to move newly edited nv_data from external sd back to original EFS folder.
7. Delete the nv_data..bin.md5 file..i left the backup from efs folder
7. delete any nv_data.baks from efs folder
8. Now the use of Termainl Emulator (download from market). Busybox must be installed as well
9. Open terminal emulator execute following commands:
SU
busybox chown 1001:1001 /efs/nv_data.bin
reboot
(reference to step 4 using hex editor)
PS - These are the steps for editing the hex code and starting with step first step assuming you have copied the nv_data.bin to your PC
1. Open PsPad (or other hex editor)
2. Open nv_data.bin in hex editor mode
3. Go to line 188000 (using search modes you will likely have to enter $00188000 or 00188000) Using PsPad you would do the following:
Select SEARCH from top tool bar. Select GOTO LINE.......then enter $00188000
4. You will see yTMB....SGH_i897ZKATMB (or yTOR....SGH-ZKATOR).
5. Replace that first TMB or TOR with ATT then replace ZKATMB or ZKAATOR with KZAATT
6. Save
7. Now you should have a proper nv_data.bin

HBeezy said:
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.
Click to expand...
Click to collapse
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help

Slowazz28 said:
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help
Click to expand...
Click to collapse
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitive menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read TT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|TT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....

bames said:
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitative menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read AT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|AT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....
Click to expand...
Click to collapse
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG

File
I didn't back this up from my first flash to a custom ROM. Stated at the beginning it says this is likely unfixable. I have run Axura, Cog and Perception Roms (not in that order). Not sure if that makes a difference. Is this still fixable? The problem I have (using new market) is apps are either
A) Installed and not showing so on the market
B) I have them installed and they disappear & have to reinstall them from the market only to have them disappear from my phone again
C) Unable to download them (such as Pocket Legends)
Any feedback is appreciated.
Thanks

Slowazz28 said:
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG
Click to expand...
Click to collapse
my bad
the 188010 should start TT i will correct my original.
but you should be able to find lines 188008 an 18 though you wont need to do anything with 18. Did you try looking at it with the android hex editor app from market?
You won't see the 008 and 018 lines if your using a hex editor on PC you will only see the lines by by 10's.
The section you are referring to are for Using Android Hex Editor App on your phone.
-----------------------
if your using a hex editor on your PC you should see the following when corrected:
188000 | FFFF | FFFF | 5245 | 5630 | 2E34 | 0000 | 0000 | FF41 |
188010 | 5454 | 0000 | 0000 | 5347 | 482D | 4938 | 3937 | 5A4B |
188020 | 4141 | 5454 | 0000 | 0000 | 0000 | 0150 | 024E | 034E |

Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
It really depends on the editor you are using and you have to make sure you are searching for ASCII...
in the edit that i use, it is line 188010

[Q] Need help with Unlock

I am trying to use a StraightTalk SIM in a MyTouch4G. I have been doing research and trying everything under the sun to get this SIM to work. PLEASE HELP
I contacted T-Mobile to get an unlock code (which I have) but when I put the straighttalk SIM in the MyTouch did not ask me to enter in a pin (maybe because I have it rooted???). So now I have been trying this method
Now you can follow the following 11 Simple Steps:
Make sure you have visionary installed on your device and download this file:
mediafire.com/?gzaozcurazidh98
md5sum: 31560b0fc69958c2fbe444ce7a000a39
1. Now unzip the file into your SDK tools directory.
2. Plug your device into your computer.
3. Now open explorer and hold down shift at same time you right mouse click on your SDK tools directory. Select open command window here. If you are in linux (ubuntu) right mouse click on your SDK tools folder, choose actions, and choose open command window(or whatever it’s called). Otherwise, open a command prompt and cd your way to your SDK tools directory.
4. Type “adb push gfree /data/local” and hit enter.
Optionally, you could dl the file to your phone use androzip or something like it to unzip the file and then use root explorer to move all the files to /data/local. This would skip the first 4 steps.
5. Now unplug your device from the computer.
6. Run visionary to gain temp root.
7. Open terminal emulator on your device, type “su”, and hit enter to gain root privileges.
8. Type “cd /data/local” and hit enter.
9. Now type “chmod 777 gfree” and hit enter to make the program executable.
10. Type “./gfree” and hit enter.
11. Wait for the program to finish and then reboot into HBoot to see if S=Off. Also, check your bootloader version. If it says s=off and has bootloader version 0.86.0000 it worked. Congratulations!
So I got the S=OFF and 0.86.000 and I still could not use the ST SIM.
When I run ./gfree here is what I get on my screen.
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.35.14-cyanogenmod-g9e5cdf1
New .modinfo section size: 216
Attempting to power cycle eMMC... Failed.
Module failed to load: No such file or directory
Can someone please help me figure this out? I would GREATLY appreciate it!
Thank you,
Matt

I remember when I was first trying to root my mytouch 4g....man was that a pain lol....any ways, this should help you out man
androidandme.com/2011/12/news/htc-super-tool-unlocks-bootloader-roots-most-devices/
Don't forget to hit the thanks button
•Beastly Glacier Running 4.0.3•

This tool didn't seem to work for me.
Is there a way I can check to see if my phone is unlocked? I inserted my ST SIM into my mytouch but it does not work, it doesn't even recognize the SIM.
Is there a way I can get my phone to ask me for an unlock code (I have one)?

Read up-to-date rooting guide, found in abundance everywhere. If you can't find - Wiki in my signature. It should have explained a couple of things to you.
You're rooted and running Cyanogenmod Gingerbread, judging by your kernel. gfree only works in Froyo. You'll need to put stock 2.2.1 on first.
And judging by your bootloader info, you're rooted with gfree already, because there's no other way you would have 0.86 bootloader and S-OFF. So unless someone specifically avoided unlocking your phone (highly unlikely), you're already unlocked - and that's why the phone doesn't ask you for unlock code.

Hi Jack_R1 - Thank you for your reply and the info. I have been rooted for some time and that part was pretty easy. I also think I have unlocked my phone I just don't understand why when I put in a SIM from a different carrier nothing happens?
Are there settings to turn on/off on the OS when using another SIM? I was expecting more to happen when I insert the ST SIM.
Thanks

When the phone is SIM-unlocked, nothing special will happen when you insert a different SIM. The only thing that should happen, is that it'll ask you to re-sign in to Google account at the first time when it has data connection - as a built-in Android measure of personal data protection. For the rest it'll just work as usual - try to find the nearby towers and subscribe to them, if found, establishing cellular link. If nothing is found - you won't see the reception bars, just "x" on them. If something is found - you'll see the carrier name on the notification bar when you pull it down.

Change apns that are locked guide

Okay everyone I have come up with yet another method. This one is demonstrated for android PIE but you can modify it a little and make it work for any version of android I guess.
This guide is written for an audience that has ROOT ACCESS and allows you to configure any type of APN criteria. The need for this guide is VERY VERY VERY real because you have never in your life been more frustrated than not being able to use your device properly all because of Verizons discrimination against its MVNO users by locking down APN's on devices that use Verizons network.
I've written other guides on other forum sections of XDA to get APN's into a phone with this problem but you are never able to completely edit everything how you want it. This is due to the app called "carrier settings" stored in the device that has all the carrier info programed inside the APK that automatically turn off editing APN options when verizon is detected
The simple breakdown of this process is
1. Locate telephony.db
2. copy telephony.db to a backup folder that you create somewhere on your device for safe keeping.
3. Copy telephony.db to your computer
5. open telephony.db using "DB Browser for SQLite" on your PC (I know there are Playstore apps that can edit these databases as well but its a pretty big task to find one that does it right.)
6. Make changes
7. Copy back to phone
8. overwrite the old telephony.db with your new one
9. Reboot phone
Part 1 Steps
1. Use a file explorer on device and navigate to /data/user_de/0/com.android.providers.telephony/databases/
This is the new location of telephony.db
2. Copy "telephony.db" to a backup location for safekeeping and send a copy to your computer.
Part 2 Steps
Open SQLite browser on PC and open the telephony.db file
1. Click on "Browse Data"
2. From there click the drop down next to"table"
Now you will see all your APN's your phone is setup to use. You could just go ahead and change the values of the current apn you are using which is most likely "VZWINTERNET"
3.Double click the field value you want to change
4. type the values you want into the field
5. When done click on "apply"
repeat the editing steps until you get all the values like you want them
6. now click "Write Changes"
7. Now copy the database back to your phone and then place it back into the /data/user_de/0/com.android.providers.telephony/databases/ directory to overwrite the old one
If i helped then give me a like
Picture attached of buttons to click in sqlite pc browser program

This bricked my android install sadly. I wonder what I did wrong.

deskjet390 said:
How I accomplish this on my Pixel XL (and other phones that have locked apn settings)
This is what I have to do because my carriers apns are not in the Pixel XL's database and wrongly detect them as Verizon.
1. First off you need to have root.
2. After root, you need to hook phone into PC and access adb shell with root permissions.
3. After that.... issue this command
Code:
content query --uri content://telephony/carriers/preferapn
This will tell you which APN your phone is using at this current time. I have found it easiest to edit the APN your phone is using already. You then look where it says "_id=SOME NUMBER"
4. Once you know what number your phones APN settings is using then its time to issue the commands to edit that apn Number field
Replace SOME NUMBER with whatever apn number you are editing. Below is the syntax to edit the most usual apn fields. A good thing to do would be to obtain your APN settings and I may be able to help you find out what fields you need to edit
Code:
content update --uri content://telephony/carriers --where "_id=SOME NUMBER" --bind type:s:"default,dun,mms"
content update --uri content://telephony/carriers --where "_id=SOME NUMBER" --bind user:s:"[email protected]"
content update --uri content://telephony/carriers --where "_id=SOME NUMBER" --bind mmsc:s:"http://mms.whateverwirelss.com"
content update --uri content://telephony/carriers --where "_id=SOME NUMBER" --bind mmsport:s:"whateverport"
This is what works for me 100 percent to get the right APNS in a verizon MVNO or Verizon LRA carrier partners apns programmed into whatever device i want to.
Click to expand...
Click to collapse
Follow this instead. Less risky, as you aren't directly editing files ^^

I have a pixel 3a XL on Lineage OS 19.1 and first method worked great. Updated on computer and then transferred back to telephone.db back to phone. Rebooted and mms came right in. I would have preferred just to be able to add the other apns to the apn screen vs mashing the mms info into the one apn that is currently being seen. Not sure if that is possible.