Now that the unlock is out I would like to do it for users without charging like other members.
From a terminal shell on your PC type the commands in the image. Sorry but the forum reads it as a link and since I am a "new" user I am unable to post it. Maybe someone below me can?
PM me and I will give you my email address to send the file to. Again, new user no links
If you wish to make a donation for this service be my guest but it's not necessary.
Thanks to rhcp0112345 for discovering this method but this community is about sharing not profiteering.
anyone wanna give this man a hand? : D
How to Unlock Your Samsung Captivate (AT&T) for FREE
Someone test this:
Code:
cd /dev/block <enter>
su <enter> <at this point your phone will ask for superuser access ALLOW it
dd if=/dev/block/bml3 of=/sdcard/bml3.bak <enter>
do that to your rooted phone in ADB
Then just open the file with a hex editor, and SHAZAM! your code is there,
Around line 515040
http://www.howardforums.com/showthr...t-Vibrant-quot-NAM-3G?p=13984529#post13984529
I have the file but cant find my code at the area he said it would be. Anyone have a search term that will make it easier to find?
Edit:
Actually, I think I have it. How many digits should the code be?
I posted some detailed instructions here
Got it. Thanks. Now I need a different sim card to try this out on, unless anyone has another suggestion.
Here is another guide. Credit goes to r34p3rex on Howard forums.
You must be rooted Here's how to grab your unlock code off your own phone, for free!
Connect your phone via USB and open an adb shell (you need the SDK installed)
My SDK is installed in C:\Android
cd c:\android\tools
adb shell
Now that you're in shell type in the following
su
dd if=/dev/block/bml3 of=/sdcard/bml3.bak
Mount your SD card on your computer and open bml3.bak in a hex editor. Search for the string SSNV (it's in caps). You'll see something like this
SSNV.±Ì.ž.Ì.å....`Få•1Š>...OÊÄÏñ..ý“œÌ5..ÇõÎ_.coõã Ò@×`^ãQ.ÚR=€[¥×‡ùáâß-P.5370859753708597.51531930.00000000100100101#3101503101703111803104103109809 9999#
In my case, the 51531930 is the unlock code! So basically, it's the second set of numbers (separated by periods).
Pop in a foreign SIM and it'll ask you for an unlock code. Punch this baby in and you're unlocked!
Click to expand...
Click to collapse
That's great news
Sent from my SAMSUNG-SGH-I897 using XDA App
Confirmed working on my Captivate tried a Claro sim card and code worked fine.
Hey guys, I just bought a Captivate from eBay that said it was already unlocked (it was a sub $400 purchase too), how can I verify that it really is?
Hydrocharged said:
Hey guys, I just bought a Captivate from eBay that said it was already unlocked (it was a sub $400 purchase too), how can I verify that it really is?
Click to expand...
Click to collapse
Put in a different SIM then an AT&T one...
Confirmed here too. Copied the BML3 to computer and used Hex Fiend (Mac), searched for SSVN (in caps). Code is right there between the dots.
Put in a T-Mo SIM and made and received a call.
THANKS!
I don't have any other sim cards, nor do I know any one that uses another SIM-based network (only ATT, Sprint, and Verizon people around here). Is there any other way?
I was thinking about grabbing a pay as you go sim card from walmart or a t-mobile store and trying that route.
Some of the links indicated this works with some firmwares and not others - I wonder if this is the same code AT&T would hand out - if so, it should work regardless of firmware.
Can any unlock expert weigh in?
Actually, I'm gonna use my gophone SIM in the Captivate. I've found someone online that did it and it's now his daily phone.
dweebs0r said:
Here is another guide. Credit goes to r34p3rex on Howard forums.
Click to expand...
Click to collapse
that method worked great for me. Used HexWorkshop and did a text string search.
It works....So I guess my question is if and when custom ROM's start coming out will flashing a custom ROM undo the unlock?
Works perfect - I used an old T-mo prepaid sim that is not even active (no $$$) - all the SIM has to do is connect to a network.
At one time I bought this T-Mo prepaid kit online for $5 and they mail you a SIM card with 10 minutes on it. Put my AT&T card in and all is well.
I wonder if there is anywhere on the phone to see an unlock status (with the AT&T SIM installed). Does anyone know if Android has a setting to show if a phone is carrier unlocked?
BTW, I used HxD: http://mh-nexus.de/en/downloads.php?product=HxD
Related
Been trying to unlock this phone for days now, bought in japan(ntt docomo)
Have the unlock code and all, but unable to get to the point where i enter the code. Also read that I had to flash the sd card or something, but just keep getting the message "not allow" at some point. If anyone have some tips it would be highly appreciated.
edit; and ive tried rebooting it with new sim
Any help for a guy who has basically no clue of programming?
Yours,
Stefan!
oh, and its one of those 0006 models ^_^
1.5 or 1.6?
Are you running 1.5 or 1.6? If you are running 1.6, you are in for a bit of fun.
Some Japanese guys have used this site to unlock BEFORE the 1.6 OTA because the generated code only works on Docomo's 1.5 firmware.
NOTE: Remote unlock by IMEI is not supported on the newest DoCoMo firmware update. User must downgrade the ROM to the old version or flash a custom ROM without DoCoMo branding on the device prior to unlock it. We do not provide instructions on how to flash a different ROM.
Click to expand...
Click to collapse
The OTA to 1.6 hit me on 10/27/2009 and rolled out over the course of a week. If you phone was in use in Japan after this time, then it's probably running 1.6.
Apparently can unlock ht-03a v 1.6... for about $100US
Just ran into a site that seems quite shady but nonetheless claims to be able to unlock 1.6 in 3 days for 10,000 yen eek. Their regular price is 8,000 yen (which is still too expensive) if you are still running 1.5. This could just be classic bad web design still common in Japan that makes the site look shady.
Basically, they are saying no functions will change by unlocking and not to upgrade beyond 1.6 after unlocking (assuming 2.x ever is pushed by docomo). And that if your phone is version 1.5, they will return it to you unlocked and running version 1.6.
Purely for my amusement, I paste the machine translation of their site (provided by them "hear")
Release charge;VERSION 1.6 of \8,000 and HT-03A is \2,000UP.
- Details of release
There is no change in a portable function etc. after it releases it.
Release days
- HT-03A is SOFTWEAR [bajon] 1.5 is the first.
It takes VERSION 1.6 about three days. (\2,000UP)
- It takes HT1100 about three days.
Request trivia; After it releases it when VERSION of HT-03A is 1.5, VERSION UP is done to 1.6.
I will pass it. (When networking if you do not do The demand of VERSION UP is usual [deru]. )
The problem is not in VERSION UP after it releases it.
Without doing VERSION UP when VERSION of VERSION 1.6 or more (1.6 is OK) goes out
Please give to me.
Click to expand...
Click to collapse
PS - "release" = unlock
its 1.6 yes, and thats just too expensive
thx though!
Agreed - stupidly expensive, so your only other option is to root and flash a ROM other than Docomo's 1.6
Mind telling me how to do that? been trying for ages. Does it mean doing something to an sd card? is there a guide i should follow? tried yesterday, but just got the "not allow" message
Haha, sorry but I can't be cause I don't know how - which is why I originally said something about your going to be in for some fun if you have 1.6. The information is here. There are wikis, but I haven't had a need to do it, so I am not up on what needs to be done. I know that it was much easier with 1.5 (one click) but not impossible with 1.6. Dig around this board and hopefully you'll get tossed in the correct direction.
If you are using this phone in Japan on docomo's network and you do succeed in flashing a new ROM, be careful with the APN setting for data transmissions because you can end up with a very high data bill if you connect to the wrong one.
Good luck and hopefully someone might chime in with links appropriate to the ht-03a.
if u trying to unlock the phone to use any sim card in it and u already have the code, u need to put the sim card of the new network u r trying to use, when the magic boots up, it will ask for the code, u enter it and thats it, u r unlocked
Doesnt work, already tried that :F
achillies400 said:
if u trying to unlock the phone to use any sim card in it and u already have the code, u need to put the sim card of the new network u r trying to use, when the magic boots up, it will ask for the code, u enter it and thats it, u r unlocked
Click to expand...
Click to collapse
That does not work with the firmware provided by Docomo.
stefan2612 said:
Mind telling me how to do that? been trying for ages. Does it mean doing something to an sd card? is there a guide i should follow? tried yesterday, but just got the "not allow" message
Click to expand...
Click to collapse
Did you see this?
http://wiki.xda-developers.com/index.php?pagename=HTC_Sapphire_Hacking
Also, here seems to be full instructions on how to move down to 1.5. I have no idea how, if at all, these instructions would be different for Docomo's ROM on the HT-03a.
http://theunlockr.com/2009/10/15/how-to-root-a-donut-phone-android-1-6/
Good luck. If you learn anything, let me know
Thanks, ill see if i can get this to work! If not i guess ill be forced to check out some cable guy, or someone with a clue
Didnt work, thought id try the htc sync one aswell, but it never recognized my phone, even if i installed drivers, reinstalled them, updated, everything. And yes, i did fix the debug settings etc on phone.
I guess you are using windows, not something unix-like (linux or mac), right?
Towards the end of this thread, the discussion moves towards getting Win 7 to recognize phones for using ADB. Maybe something here could help.
http://forum.xda-developers.com/showthread.php?t=502010
have mac and windows, but htc sync wasnt for mac so ^^
Wait a minute... Like I said, I've never tried this, but I don't believe you need to use HTC sync. I could be wrong. I think you need to use ADB, which is part of the SDK. ADB allows you push files to handset, as well as get an interactive shell. Basically, it gives you command line access to your phone from your computer.
If you have ever used the terminal app on a mac, that is where you would use ADB.
Once you have ADB up and working, you can type stuff like ADB devices to get a list of connected phones or ADB shell to get an interactive shell.
yeah ive tried that too, only got msgs saying not allow
stefan2612 said:
yeah ive tried that too, only got msgs saying not allow
Click to expand...
Click to collapse
If you give me more information, then I may (or may not) be able to help.
What exactly was not allowed? Does ADB work at all?
What step in what howto did you make it to?
Are you able to get ADB to detect your device?
Are you using ADB on win or mac? win 7? mac os 10.6?
Did you get a permission denied (or something that) error when you tried to push a file with ADB?
For the docomo HT-03A sim unlock, you need to have a rooted phone first...No way around it that i have found... hell its a twofer... basic rom isn't any fun anyway...
I have gotten 7 Sim unlock codes from swiftunlocks at gmail.com, email him and ask...
I first found him on ebay... so he is probly still there...
My bigger question is how to get around the IMEI filitering done by Docomo's bizhodai APN... I WANT A NEXUS, but if I can't have unlimted Data it could be the death of my bank account...
thisoneguy said:
For the docomo HT-03A sim unlock, you need to have a rooted phone first...No way around it that i have found... hell its a twofer... basic rom isn't any fun anyway...
I have gotten 7 Sim unlock codes from swiftunlocks at gmail.com, email him and ask...
I first found him on ebay... so he is probly still there...
My bigger question is how to get around the IMEI filitering done by Docomo's bizhodai APN... I WANT A NEXUS, but if I can't have unlimted Data it could be the death of my bank account...
Click to expand...
Click to collapse
Only if you are running Docomo's 1.6 ROM, which he is (which is why his unlock code doesn't work). The 1.5 ROM would accept IMEI-generated unlock codes and was rootable in one click.
But I can't really help this guy as I have not tried to root my HT-03a, which is also on 1.6.
Quick question: So it is NOT rumor that docomo is filtering the biz-hodai APN by IMEI number? People commenting on my blog say that docomo refuses to register the IMEI of a phone if it is not from docomo.
Sucks.
Can you point this guy in the right direction for rooting specific to the HT-03a?
Also, check the link to a Japanese site I posted at the beginning of this thread. If it is worth 10,000 yen, sounds like they can do it. 10,000 yen is too much, though.
Hurrah! this has been fixed WOO!.
see here.
well done guys, you have made me a happy g2 owner again!!
Hi Everyone,
i figured we might need to clean up the
http://forum.xda-developers.com/showthread.php?t=805024
conversation.
as i see it, there are 2 issues
1. people receive an unlock code, the phone accepts it but then it cannot find any network
2. people receive an unlock code, have troubles entering the code but eventually get it in ok.
please do not post anything "setting" related - apn's, bands etc as this has been tried and shown not to work (yet)
it might be helpful if people who have issue number 1 could post some answers to some questions.
as i am not at all smart enough to work out what we need to know from these people, id appreciate it if those in the know could pm me what they think could be useful, and ill make a template for people to follow
troubleshooting template
----
----
----
----
Current Theories: (please PM me if i have anything wrong here or if i need to add details.)
-------------
Theory #1
Ghul99: the code is accepted, but the phone is still locked?
http://forum.xda-developers.com/show...&postcount=121
------------
interesting information
this seems to support theory #1
1. i unlocked phone - code entered successfully, and i was no longer prompted to enter an unlock code
2. i perm-rooted my phone - all went to plan
3. i put the vision rom on my phone (http://forum.xda-developers.com/showthread.php?t=834450) loaded ok
4. i put a sim in my phone and now i am prompted for an unlock code.
5. i tried to re-enter my code but it would not accept it (it is the same code from step 1)
Nice idea for taking the initiative to clean up the thread which was getting excessilely long!
I'm hoping we can see some progress in a few days as I'm really missing being able to get any cell reception on a MOBILE PHONE!?
Regards.
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
That's really exciting.
Thanks for bring up the good news!
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
Just to help guhl and catch up with some unnecessary posts.
Common solutions like Reboot, different sims to try, Hard reset, flash stock ROM or trigger the unlock window to reenter the code doesn't work
Summary of my knowledge so far
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
Which information could help us:
1. The output of the following AT-Command sequence from successful and unsuccessful unlocks
Code:
ATE1
ATV1
[email protected]?
[email protected]?AA
[email protected]?40
[email protected]?80
I will try to write a HowTo later for Windows.
For linux see the following posting from the old thread (http://forum.xda-developers.com/showpost.php?p=8750299&postcount=121)
2. The next thing that would help is a logcat from the first unlock process itself.
Howto:
Start the first logcat using the USB-cable and adb before you boot the phone with the foreign SIM.
Code:
adb logcat -b radio > lc_unlock.txt
leave the logcat running and complete the unlock procedure till the phone reboots (the logcat will end automatically)
As soon as the first logcat exits start a new one using:
Code:
adb logcat -b radio > lc_after_unlock.txt
leave it running for 1 minute and then stop it using <Ctrl>-C
3. The next thing that really would help is that you do not post anything in this thread (use the old one instead) that has to do with:
- the APN
- trying another SIM (you would be very lucky if you had one that fits the arbitrary SIMlock)
- reboot, factory reset, use a stock or non stock firmware
- use the hw/sw-keyboard, wait for the right outside temperature or other esoteric procedures
Finally I would like to ask moodecow to edit his original posting and incorporate or link everything that he finds important or helpful in his posting so that it will stay an top.
That is some very exciting news, thank you for the update!
One quick question, when we achieve radio-s off it esssentially would mean everyone could unlock their phones for free?
Thanks.
Sent from my T-Mobile G2 using XDA App
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
ms93 said:
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
Click to expand...
Click to collapse
Your first idea sounds reasonable and I would support it.
Your second idea is something that is worked on, but you do not only need the correct file (which is actually called DMCID.dat) but there also has to be some "magic number" (like on a gold card) on the micro-sd card.
an important piece of info to carryover from other thread:
1- No APNs are listed
2- if you try to define one, it doesnt save
No APNs being listed is related to the rom more or less, not the issue we're having.
APN is software issue, correct me if I'm wrong so either way it shouldn't pose as an issue to us.
im saying its a symptom that seems to go along with the problem in the title of this thread, so, worth noting.
ie: i think everyone who has the post-unlock no-connection problem, cannot save APNs. all others can.
if you are a counterexample please say so. that would help.
guhl99 said:
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
.
Click to expand...
Click to collapse
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
kabir_del said:
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
Click to expand...
Click to collapse
Posting any further details and/or pictures would be much appreciated!
So if megasim has failed due to corruption I think that the only way to solve our issue is to write directly to emmc partition holding locking information. And I don't now how easy and plausible this is...
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
andrewklau said:
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
Click to expand...
Click to collapse
I am a little bit worried about writing this information directly because the partition will be encrypted.
And also copying the complete partition from a working phone or one that is still unlocked will not be an option because the IMEI will also be there and we would not want to overwrite that.
So my hopes are more that there is some kind of a restore procedure from a secure area (I know that Nokia phones can do this, but HTC ?) or that we can lock the phone again with the SIMLOCK option in hboot.
Sent from my T-Mobile G2 using XDA App
well I guess time will tell, does tmobile or htc do replacements (or has anyone tried) for phones no longer on a contract or that are now unlocked?
Sent from my T-Mobile G2 using XDA App
andrewklau said:
Posting any further details and/or pictures would be much appreciated!
Click to expand...
Click to collapse
here we go Pictures first Video coming soon
First Red colour is the error we get on when we try the command
1=clear s58 data
2ND IMAGE is the one when we press the DEVICE INFO
today is sunday not much time will upload the full clear video tommorow and still i have not tried to the all options of the diag maybe it can repair it but sure i will do some more things tomm.
88
I have tried to use my HTC vision G2 as I unlocked it but after that I am unable use as I am unable to find anything which would be hlpful for me as I have the first case problem. I just want to know that would it help me that if someone would flash my HTC Vision G2. I just want to know about that as now I am in Pakistan
Sent from my T-Mobile G2 using XDA App
**UPDATE**
This method causes your serial number to change to 00000000 (which isn't a problem as such as this isn't currently used for anything) but there is a new method which involves directly hex editing the nv_data.bin file, which may be faster and does not change your serial number. You can find the details here: http://forum.xda-developers.com/showthread.php?t=843323.
**UPDATE**
First up I'll say that I'm not incredibly familiar with Galaxy S firmware changes/modding, and this mostly builds on work done in these areas, so not all these steps may be necessary but they worked for me. If someone can suggest a faster way to do this/unnecessary steps then please go ahead and reply with them!
This unlocked my Network Locked Australian Galaxy Tab and so I assume should work for others.
You should back up your /efs/ folder before you proceed as you may need this to undo if something goes wrong.
*I take no responsibility if something goes wrong!*
Requirements:
Root access
repair_nv_data.zip (from http://forum.xda-developers.com/showpost.php?p=8942669&postcount=94)
Java
Busybox
The Android SDK for ADB, Root Explorer or some similar file system explorer/editor
(If you have US firmware with no Phone software, you may need to flash European firmware as described here: http://forum.xda-developers.com/showthread.php?t=838250 ).
Firstly, on your phone dial *#7465625# and check if the Network Lock is set to [ON], if so then your phone is locked (duh), so continue.
1. Use Superoneclick (http://forum.xda-developers.com/showthread.php?t=812367) to root your phone (the other z4root method may work as well, but this isn't what I used).
2. Either use ADB or some other method to rename or delete (backup first):
/efs/nv_data.bin.md5
/efs/.nv_data.bak
/efs/.nv_data.bak.md5
(I just used Root Explorer to rename them to something else).
3. Restart your phone and then go into the /efs/ directory and see if the 'nv_data.bin.md5' file has been re-created by your phone, as long as it has been created then you can proceed.
4. Go to http://forum.xda-developers.com/showpost.php?p=8942669&postcount=94 and download the repair_nv_data.zip file (the credit for all of this mostly goes to that thread and helroz).
5. Install 'busybox' from the Market. Once you install it, you actually have to run it and properly install it (the Market app is basically an installer) - the files in the above zip have a dependency on this.
6. Extract the above zip to your PC, plug in your Tab in USB debugging mode. Run the Step 2.bat from the extracted file. You may need to allow the script super user access several times. This should copy the /efs/ and a bunch of files into a directory with a french name.
7. Run the Reparation_nv_data.jar file. (You will need Java for this step.) It will prompt you to enter two numbers, which are your pseudo-unlock codes. I entered '11111111' and '11111111' (eight 1's) both times. This rewrites the nv_data.bin file to be simunlocked with these details.
8. Run the Step 4.bat. Your superuser app (the one installed when you rooted using SuperOneClick) will need you to allow each command to have root access so keep an eye on your Tab. You may need to press y/n a few times if you encounter errors. This is uploading the edited nv_data.bin onto your Tab.
This batch file will stop several times and need you to hit a key when it pauses. My Tab rebooted halfway through this batch file - when it did this I waited for it to fully reboot back to the lock screen before pressing a key to make the script continued while the Tab was actually able to respond to its commands.
9. Towards the end of its execution it rebooted a second time. It paused during loading up and had some yellow writing on the screen saying it was updating media (I assume it was rebuilding the nv_data.bin). Leave it for a minute and it will prompt you to reboot/some other options. Just press whatever it wants (home I think) to reboot the phone - you don't want any of the other recovery options.
10. Go into your dialer and put in *#7465625# again and (hopefully) voila! Your phone should no longer be network locked. Try a SIM from a different provider to make sure.
Enjoy!
Edit: I had to go out and actually buy a prepaid SIM to confirm that all was working with a different provider. Attached are screen caps of my Tab on two different networks, as well as the network status screen, making/receiving calls etc. all works on both.
Awesome man, thanks.
This is much better than the 2 month wait we had for Galaxy S unlocking.
Hello, I'm french and i use your post to unlock my Galaxy TAB SFR ''réunion island'' and she is unlock thanks for your AMAZING post for unlock TAB
Ps: For unlock my TAB by SFR REUNION, he tell me 150 Euros.... Vive smithdc & helroz
Works well! I had little trouble running java on windows7. But changing compatibility mode to windowsxp sp3 and check run this program as an administrator solved the problem.
Thanks for easy guide!
tacoda, you mean for running the .jar file? or for installing Java itself? (I assume the former).
Sweeet thx , curious if unlocking the AT&T version has hardware only set to AT&Ts 3G frequencies, so 3g wont work on tmobile or is it capable of running 3g on tmobile with a unlocked AT&T tab?
smithdc said:
tacoda, you mean for running the .jar file? or for installing Java itself? (I assume the former).
Click to expand...
Click to collapse
Running the jar file. I didnt know how to run it.
Sent from my SGH-T959 using XDA App
Does the sim card and/or sd card should or should not be plugged in during the unlocking progress?
It shouldn't make a difference Zeron.Wong.
jay_jay_n said:
Sweeet thx , curious if unlocking the AT&T version has hardware only set to AT&Ts 3G frequencies, so 3g wont work on tmobile or is it capable of running 3g on tmobile with a unlocked AT&T tab?
Click to expand...
Click to collapse
Traditionally, AT&T and T-Mobile hardware used different radios, it was more than just firmware. That's also true on the little brother Galaxy S series, the Vibrant has a different radio than the Captivate (though the Vibrant radio DOES have 1900 band in the hardware, for some reason).
Kudos to smithdc for this awesome guide! I saved a lot of money thanks to him. Congrats again.
Bump, is there any way to sticky/pin this for people?
So your saying if I use this method and install my tmous unlimited sim I can get calls and 3g or do I need a prepaid sim
I'm not sure on how T-Mobile are blocking, but if it IS my IMEI then you would have to use a SIM from a different network.
If they are blocking your IMEI on their network, then you would have to use a SIM from a different network (as a different network, wouldn't be blocking this IMEI number). Changing it to a different SIM on the same network won't help as your IMEI is for the device itself.
I just want to clarify something..
I have a T Mobile Tab and want to use a SIM I have for ATT.
Will I have to flash my device with the EU firmware first in order to get the phone software on it..then do the rest of the unlocking steps?
Assuming thats correct..after unlocking it I then can put my ATT sim card in and it should work for calls and data (Edge only) with not having to tweak any setting at all? Or do I have to set up my wap.cingular connections for the data like on a WM phone on ATT?
And if I want to get back to original out-of-the-box firmware from T Mobile (like if I had to send it in for repair) I just have to flash stock T Mobile firmware and its back completely to original?
Thanks..and wow am I loving this TAB !!!
You'll need to set up your APN data for AT&T, yes.
Thanks for the fast reply. As for the flashing of the EU rom..is that the only/best way so far in order for me T Mobile Tab to get the radio software on it. I was thinking I saw an APK for the radio software someplace but did not know what way was better.
I just want to be 100% sure bfr I take the jump to unlocking and playing with the phone part
thanks
I got a quick couple of questions:
1. If I restore original firmware (Canadian), does it relock my phone?
2. Where can I get the Canadian firmware release? I see EURO and US, but no Canadian.
I read on one of the other threads that sim unlock method also changes your imei number. Is this really case?
clubtech said:
I read on one of the other threads that sim unlock method also changes your imei number. Is this really case?
Click to expand...
Click to collapse
Yes, it will set your IMEI to a bogus one that will get your T-Mobile internet access disabled after 1/2 hour.
Background: I unlocked my Tab first by hex editing my nv_data.bin file. It was perfect, my IMEI and device serial number were unharmed. Then I got my official unlock code from Tmobile. So I reverted to my original nv_data.bin, placed an AT&T SIM into the Tab and it rebooted, I entered the code, unlocked the Tab, then compared the original file to the newly unlocked file. Very minor changes. I wrote a program to do the modification and the resulting nv_data.bin file worked fine.
To clarify, I have a T-Mobile Tab and you must have rooted in order to do this.
I also have an AT&T tab and the same procedure works.
It also works on any GSM model.
Heres the edit points for those of you comfy with a hex editor:
Code:
0x181469 change this one byte from 01 to 00
0x18150e change this one byte to 00 if its not already
If you're going to do this, please back up your /efs folder! Do it twice even Save your backups for at least 11.5 years.
I just edit a copy of the nv_data.bin, then delete nv_data.bin and nv_data.bin.md5 in the phones /efs folder using Root Explorer, then copy my modified file back to the folder, then reboot. The nv_data.bin.md5 will be automatically regenerated for you.
I've even edited a copy of the file right on my Tab using the Hexeditor in the Market.
FYI, you can not swap nv_data.bin files from one phone to another, you get the bogus IMEI number as the file doesn't match the hardware IMEI number.
UPDATE: New easier way that doesn't involve learning how to hex edit
This requires you to be rooted and have busybox installed, which you should have but you can grab busybox installer from the market if not.
Backup the contents of the /efs folder on the phone first!!! Save your backups for at least 11.5 years.
From your computer, open an adb shell to your phone with the command:
Code:
adb shell
Then paste all the following commands into the shell window at once, in other words, one big cut n paste:
Code:
su
cd /sdcard
echo "this takes about 45 seconds"
if [ ! -f /sdcard/nv_data.bin.orig ]; then
echo "copying file to /sdcard"
cp /efs/nv_data.bin /sdcard/nv_data.bin.orig
fi
echo -en \\x00 > out0
dd if=nv_data.bin.orig of=out1 bs=1 count=1578089
dd if=nv_data.bin.orig of=out2 bs=1 skip=1578090 count=163
dd if=nv_data.bin.orig of=out3 bs=1 skip=1578254
cat out1 out0 out2 out0 out3 > nv_data.bin.unlocked
rm out0 out1 out2 out3
rm /efs/nv_data.bin
cp nv_data.bin.unlocked /efs/nv_data.bin
rm /efs/nv_data.bin.md5
reboot
.
Wait 45 seconds for the whole process to complete.
Thats It! your phone will reboot and its carrier unlocked!
If you can't get internet access with your new SIM its because you haven't set the APN for this carrier. For the settings you need, Google "APN setting your_carriers_name_here" and put those settings in
Settings->Wireless->Mobile Networks->Access Point Names and then select it. Done!
A little off topic here, in reference to your official unlock process....
did you have to put in AT&T's network settings before you entered your unlock code? I'm only asking because tech support had no solution for why my unlock codes doesn't work.
leftbrain said:
A little off topic here, in reference to your official unlock process....
did you have to put in AT&T's network settings before you entered your unlock code? I'm only asking because tech support had no solution for why my unlock codes doesn't work.
Click to expand...
Click to collapse
No, Its not related. Your code is compared to the data stored on the phone for a match. Nothing more. I really think they screwed up an IMEI digit when requesting your code.
You were right about the imei #, tmobile is resending the unlock code now... thanks so much!
Code:
0x18150e change this one byte from 01 to 00
On my pristine T-Mo US tab this one is already 00. Are you sure you haven't accidentally swapped the values?
Volker1 said:
Code:
0x18150e change this one byte from 01 to 00
On my pristine T-Mo US tab this one is already 00. Are you sure you haven't accidentally swapped the values?
Click to expand...
Click to collapse
I just double checked, and its correct for my files. So theres a good chance this may not work for you (or anyone else) until we can compare more files.
It works! I did make all changes except the one at 0x18150e, that is:
Code:
0x180069 to 0x1800ce: change all these bytes from the values they are to ff
0x181469: change this one byte from 01 to 00
0x18150e: left this byte at 00
This unlocked my tab, I just sent me a text message with a German SIM card.
Volker1 said:
It works! I did make all changes except the one at 0x18150e, that is:
Code:
0x180069 to 0x1800ce: change all these bytes from the values they are to ff
0x181469: change this one byte from 01 to 00
0x18150e: left this byte at 00
This unlocked my tab, I just sent me a text message with a German SIM card.
Click to expand...
Click to collapse
Sweet, I reverted BOTH those bytes to 01 and I got the unlock prompt on next boot. So you ended up with 00 in both those bytes too?
So if I follow these steps on my t-mobile tab, and then I insert my att sim, I'll be getting edge with it, right?
Sent from my SGH-T849 using XDA App
calin75 said:
So if I follow these steps on my t-mobile tab, and then I insert my att sim, I'll be getting edge with it, right?
Sent from my SGH-T849 using XDA App
Click to expand...
Click to collapse
Yes indeed.
A bit off topic... are we thinking that ATT's Tab will be euro-firmware flashable - giving us access to ATT's 3G network and the ability to make voice calls?
rotohammer said:
Sweet, I reverted BOTH those bytes to 01 and I got the unlock prompt on next boot. So you ended up with 00 in both those bytes too?
Click to expand...
Click to collapse
Yes, I ended up with both 0x181469 and 0x18150e equal to 00.
Seems like both 00 = no SIM lock, both 01 = SIM lock.
Just as soon as I can track down a firmware backup for my Bell Canada (850/1900) unit, I'll be trying the Euro firmware.
But I bet ya money that AT&T is doing the same thing T-Mobile is doing, and locking out the IMEI numbers of their tabs from voice services. Which means you'll likely need to import a Bell or Rogers unit, or spoof your IMEI (not something I'd recommend).
Croak said:
Just as soon as I can track down a firmware backup for my Bell Canada (850/1900) unit, I'll be trying the Euro firmware.
But I bet ya money that AT&T is doing the same thing T-Mobile is doing, and locking out the IMEI numbers of their tabs from voice services. Which means you'll likely need to import a Bell or Rogers unit, or spoof your IMEI (not something I'd recommend).
Click to expand...
Click to collapse
Sadly, I think you are going to be right.
I am keeping my eyes open on the Bell version to see how it will work with the euro firmware .
How did you get T-mobile to send a code? They tell me they can't do it yet.
Also, will this be usable as a phone if unlocked? At least abroad? I'm off to egypt, probably to use vodafone service.
Thanks!
Kevin
bookmarking this for when i get my Tab!
kevinsneel said:
How did you get T-mobile to send a code? They tell me they can't do it yet.
Also, will this be usable as a phone if unlocked? At least abroad? I'm off to egypt, probably to use vodafone service.
Thanks!
Kevin
Click to expand...
Click to collapse
I paid full price, and then called then to explain I'm entitled to the unlock code. I had to fax my receipt to their Sim Unlock Team.
Unlocked means you can get internet via a different carriers SIM card. This doesnt give you phone capability, as they crippled the software, regardless of SIM inserted.
kevinsneel said:
How did you get T-mobile to send a code? They tell me they can't do it yet.
Also, will this be usable as a phone if unlocked? At least abroad? I'm off to egypt, probably to use vodafone service.
Thanks!
Kevin
Click to expand...
Click to collapse
So when are you going to Egypt Kevin , are you going to Cairo too.
@wawoox: Yes, we go to Cairo, Luxor, and Aswan. I'd rather not publicize the dates on the web, however .
@rotohammer: Funny, I talked to them on phone and via chat and had no luck (slightly different answers from both, but neither said they even saw a mechanism yet). I assume by full price you mean $600, not the $700 unlocked price we see elsewhere? I too paid the $600, but I didn't mention it, thinking they'd know that; I assumed they treated the $600 as itself a discount. I guess I'll have to mention it and ask them to talk to that group. Thanks!
kevinsneel said:
@rotohammer: Funny, I talked to them on phone and via chat and had no luck (slightly different answers from both, but neither said they even saw a mechanism yet).
Click to expand...
Click to collapse
When I talked to them, I made it clear, I paid the full unsubsidized price, then asked them, "so I am entitled to the unlock, right? All 4 customer service agents I spoke to said "yes". Now, the first two attempts by them failed, the third, where I was told to fax my receipt to them, worked. Its odd that I had to spend 3 days to do this, but I got what I was entitled to.
I paid $600.
Hi
I have a Sprint Galaxy S4 and I try desperately to put sim cards from other carriers and foreign (French) sim cards but nothing works. I always get a guy's voice saying something like "your account has not been authorized for this type of call"
I have done all the possible "unlocking" of the phone, but I'm not sure what it really means:
-I have made the procedure where you get to the hidden "service menu" type "debug screen>network lock>..." (btw my SHA256 was already off, whatever it means. No change here.) (I had to downgrade the radio)
-I have successfully done what was indicate in this thread http://forum.xda-developers.com/showthread.php?t=2415587 with the "unlock" software, at that point the phone was not saying "invalid sim card" anymore (thanks, Autoprime!)
-I have rooted my phone, clean installed a new rom (I put negalite, quite cool)
-I have obtained my unlock code from Sprint, but I've never been able to use it. If I type ##
Code:
# I get to a menu where I prefer not touch anything
I don't know how to make sure that my phone is able to support GSM. How can I be sure? It has a SIM card slot but I'm not sure what that means (and on Sprint the phone works without the sim card). I'm going to Singapore in one month and I would have liked to use local sim cards.
That's a lot of questions! But I'm really lost here, and I don't see any post that seem to help me...
Thanks
Raph