Related
Introduction:
This post is a guide to show how to perform the NV edit required to unlock US GSM carriers(AT&T and T-Mobile etc.) on the VZW XT907/926 RAZR M/HD stock modem using a Motorola serviceware tool called RadioComm.
This is simply a different method to perform the same hack that was discovered by Arnold Snarb in the main thread about ATT/T-Mobile here.
http://forum.xda-developers.com/showpost.php?p=37123644&postcount=158
Despite the fact that he thanked me for leading the way in that post, he did some really brilliant analysis of the logs in QXDM to isolate this NV Item and saw something in the them that I had missed as well as guessing correctly about it's significance, and deserves all of the credit for this hack.
Everyone should please go and thank him in that post for the outstanding work.
He used a tool called DFS to access and edit NV Item 8322 and change the value of the first byte from 01 to 00 which disables the checking of the MCC/MNC against a list of banned networks and flags MCC 310 as Invalid Country Code.
That method requires booting into BP Tools mode from the boot menu and loading the Qualcomm diagnostic device interfaces.
The problem is that there are no signed 64bit drivers available and you must force load the drivers on Win7/8 64 bit for the diagnostic port in order to see the device properly and have NV read/write access.
This has been a stumbling block for many users and makes the NV editing unnecessarily difficult.
This method uses Factory boot mode and allows RadioComm to have full diagnostic mode access via the Motorola USB Networking driver that loads normally with the standard USB driver set. I will demonstrate 2 different ways to perform the edit, one manual and one using a preconfigured SEEM table file that writes the value in a single operation.
Neither of these methods is as easy as an update.zip install from custom recovery would be, but we don't have a binary that supports the motorola.update_nv function that we used for prior MDM6600 based devices available to us for the MSM8960 devices.
Given that some form of diagnostic mode software and a PC is required, I feel that RadioComm is probably an easier option for most users as it avoids the driver problems and has a clearer and simpler interface for NV read/write access than DFS.
Once you have the latest Motorola drivers installed and RadioComm loaded, this guide should make it very easy and safe to perform what is generally a complicated and potentially dangerous task of editing the radio NVM(Non Volatile Memory).
RadioComm itself is a terrifyingly complex piece of software with a GUI that can bring even the most seasoned and experienced phone hacker to their knees wondering what all the various windows, modules and buttons do.
It is the premier Motorola serviceware application and is designed by and intended for use by top level radio engineers and technicians.
It is an extremely powerful application that can access all models and chipsets of Motorola devices and perform a vast array of diagnostic testing and configuration operations and can be fully automated via multiple scripting languages.
It's just plain scary and confusing and very dangerous if not taken seriously.
Warning and disclaimer:
DO NOT PLAY AROUND WITH ANY FEATURES OR RANDOMLY HIT ANY BUTTONS IN RADIOCOMM!!!
YOU CAN RENDER YOUR PHONE DYSFUNCTIONAL OR UNBOOTABLE IN SECONDS!!!
This cannot be emphasized strongly enough!
Follow the instructions exactly as they are written and shown in the screenshots and you will find it very simple to use have no trouble doing the edit with either method.
You, the user, are the only person responsible for your actions and performing this hack will absolutely void your warranty the same way rooting or any other modifications to your device's software does!
That said, this hack will be undetectable and have no outward visible signs of having been performed other than the fact that any GSM SIM should work afterward.
Root is NOT required and this can be safely done and undone at will without making any other changes on the device and all normal services function properly on VZW's network with the edit in place. It appears to only affect the US GSM network block and nothing else.
Prerequisites:
You need to have a recent set of Motorola USB drivers v. 5.9.0 or greater installed on your PC with a full USB 2.0 compatible port.
You need a standard Motorola micro USB cable.
RadioComm 11.12.xx I have included a link to 11.12.2 below.
https://dl.dropbox.com/u/7632904/RadioComm_v11.12.2_Install.zip
This has been tested on Win7 64bit and WinXP SP3 32bit with .NET Framework 4.0 installed.
Method:
This guide assumes you already have RadioComm and the drivers properly installed and have rebooted both PC and the phone afterward.
The first instructions and screenshots describe the initial setup and manual method using the FTM Common 1 tab and the NV Access window in RadioComm.
When you first open RadioComm you will get a popup stating that the version is more than 2 months old. Just close it and continue.
Now go to the top left corner and hit the Main button and select the MA: Common/MDM6x00 as shown in the first screenshot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Next, go to Settings/USB and select PST USB Driver as shown in the second screenshot.
Test Command Format should default to P2K05 lower in Setings menu.
Leave all other options default.
Now we are ready to connect the phone and perform the edit.
Make sure you have Connect as Media Device in USB settings and USB Debugging enabled in Developer Options.
Power off the phone and then hold both Vol Up and Down + Power to enter the boot menu.
Use the Vol Down key to scroll down in the menu to Factory and then Vol Up key to select and the phone will boot.
Connect the USB cable and RadioComm will enumerate the phone and the radio button in the top right will change colors.
It will cycle sever times red to yellow and eventually go green when the device is fully enumerated and shows as XT907 in the status bar
at the bottom of the screen. You can read the Software Version and MEID/ESN/pESN buttons to make sure everything is working properly.
Each successful read the GUI will flash green and the Command buffer will turn green and any selected button will be green.
Any unsuccessful attempt will turn red.
If not, then restart everything and check over all settings again before proceeding.
Now go to the tabs bar across the top middle of the GUI and select FTM Common 1 tab and go to the NV access window in the center right of that tab and select the top menu Item "FFFF Manual Entry" as shown in the third screenshot.
Now hit the Read button and you will get 2 popup windows.
In the first window you will enter the Decimal NV Item ID 8322 and in the second you will enter the byte length to be read 1 as shown in the fourth screenshot.
When you hit ok it will read the NV Item and flash green and display the data in the hex output buffer below and you will see 01 for the value as shown in the fifth screen shot.
Now highlight the 01 and change it to 00 and hit the write button and this time it will only popup once asking for the Decimal NV Item ID 8322. When you hit OK the item will be written and the GUI will again flash green for a successful write as shown in the sixth screenshot.
You are now finished and can either use the restart button at top right of RadioComm to reboot or manually restart the phone.
The last screen shot is edited to show the steps to use the NV/SEEM feature with a SEEM table file I have provided below to do all of the steps as a single operation. Some users may find this easier than manually editing in the NV Access window but it's really almost the same number of steps.
Go to the top left and hit Features and select NV/SEEM and another window will open and the radio button will cycle again a couple time as it re enumerates the device again it will go green finally. Follow the instructions in the seventh screenshot and be sure to use the Restart button in the main window after you close NV/SEEM because its suspends the phone and it will be black screen and unresponsive and require holding Vol keys and Power for 10 secs to reset it otherwise.
Congrats! All done now and the rest is just putting in a SIM and selecting GSM/UMTS in Network Settings and everything should just work!
Below is the link for the .NVM SEEM table file.
https://dl.dropbox.com/u/7632904/TBH_RAZR_M_GSM_Unlock.NVM
Please use this thread to discuss issues relating to this method and RadioComm and keep general discussion of the phone on US carriers in the other thread, thank you!
<Reserved>
Thanks man.. gonna try this when I get home tonight. I was actually just thinking about switching vendors from VZW to someone else and didn't really want to buy a new phone.
Maybe now I don't have to. Proof is in the pudding though, maybe I'll by a cheap month of Straight Talk to see if it works?
Yehudah said:
Thanks man.. gonna try this when I get home tonight. I was actually just thinking about switching vendors from VZW to someone else and didn't really want to buy a new phone.
Maybe now I don't have to. Proof is in the pudding though, maybe I'll by a cheap month of Straight Talk to see if it works?
Click to expand...
Click to collapse
Running RAZR M in US on straight talk now. Works wonderful!!!
Thanks a lot! im a total noob when it comes to most of this, but it worked perfect for me!!
Hmm, MDM6x00? Won't that work on the OG RAZR XT912 / Droid 4 as well?
Skrilax_CZ said:
Hmm, MDM6x00? Won't that work on the OG RAZR XT912 / Droid 4 as well?
Click to expand...
Click to collapse
The MA used in RadioComm is the same chip set base as the RAZR/D4 because it's the closest to the MSM8960 available in this version, which is more than 18 months old now.
What we really need is an updated version of RadioComm with full support for the newer chip sets.
This specific NV Item 8322 does not exist on the MDM6600 chip set devices and I have not been able to find a similar boolean switch item for those phones, unfortunately.
I have been logging with QXDM extensively searching for a way to disable the MCC/MNC block on MDM6600 without success so far.
I have dumps of all of the readable NV items from 0000-12000 from many devices running various builds and even a dump from Chinese engineering build on P3Droid's Dev model where everything is working as it should with open GSM on US carriers.
I would love some help from someone with a better understanding of the radio and diagnostic mode access than myself.
Very few people know how to use the software to even start analyzing the problem.
Remember to install the latest Motorola drivers and *especially* highlight the entire 01 and type 00. I was backspacing only the 1 and it did not "stick" when writing. So HIGHLIGHT, don't backspace. Works perfectly.
is it possible to write the NV item to the Droid 4 then edit ? ?
cellzealot said:
The MA used in RadioComm is the same chip set base as the RAZR/D4 because it's the closest to the MSM8960 available in this version, which is more than 18 months old now.
What we really need is an updated version of RadioComm with full support for the newer chip sets.
This specific NV Item 8322 does not exist on the MDM6600 chip set devices and I have not been able to find a similar boolean switch item for those phones, unfortunately.
I have been logging with QXDM extensively searching for a way to disable the MCC/MNC block on MDM6600 without success so far.
I have dumps of all of the readable NV items from 0000-12000 from many devices running various builds and even a dump from Chinese engineering build on P3Droid's Dev model where everything is working as it should with open GSM on US carriers.
I would love some help from someone with a better understanding of the radio and diagnostic mode access than myself.
Very few people know how to use the software to even start analyzing the problem.
Click to expand...
Click to collapse
Can I use a similar way to unlock XT902(Japanese Razr M)? I can't find 8322 in XT902.......
Followed instructions and worked perfectly. The key for me was the latest Motorola drivers AND the Motorola USB cable that came with the phone. I tried other cables that both charged and synced but the only that worked for this was the Moto cable. Using Win XP SP3 ( 12 year old OS on brand new work laptop. WTF!)
i was wondering if this works on other networks such as boost mobile,net10, criket etc...? i honestly dont have enough money to buy a new phone and whatnot. the whole reason why i did this is because i lost my job and now i cant pay my phone bill and it keeps getting higher and higher.
AKG0214 said:
i was wondering if this works on other networks such as boost mobile,net10, criket etc...? i honestly dont have enough money to buy a new phone and whatnot. the whole reason why i did this is because i lost my job and now i cant pay my phone bill and it keeps getting higher and higher.
Click to expand...
Click to collapse
Boost - No
Cricket - No
They're both cdma. This is to allow the GSM side (SIM CARD based) of the phone to work on other carriers. With that said, your best options are
Net10, Straight Talk, ATT, T-Mobile, Simple Mobile, H20, Orange, and there's a plethora of others out there. Post paid and pre-paid.
@DSDD
I beleive your XT902 is GSM by default. So if what your asking is will this bypass the network lock, no, the device needs to be unlocked by code. Then you can use it outside of the current carrier/country.
after boot, it is set back to 01 again @ address 8322
my phone version is Bsmq_vzw-user 4.1.1 9.8.1Q_27-2 4 release-keysSM_BP_1139.000.32.62P
after write to 8322 with zeros, I read it again the confirm it is written, but after rebooting the phone, the value is back to 01 again.
I guess the verizon driver may override this value during rebooting?
any help?
should I root the phone?
==
thanks
cellzealot said:
Introduction:
This post is a guide to show how to perform the NV edit required to unlock US GSM carriers(AT&T and T-Mobile etc.) on the VZW XT907/926 RAZR M/HD stock modem using a Motorola serviceware tool called RadioComm.
This is simply a different method to perform the same hack that was discovered by Arnold Snarb in the main thread about ATT/T-Mobile here.
http://forum.xda-developers.com/showpost.php?p=37123644&postcount=158
Despite the fact that he thanked me for leading the way in that post, he did some really brilliant analysis of the logs in QXDM to isolate this NV Item and saw something in the them that I had missed as well as guessing correctly about it's significance, and deserves all of the credit for this hack.
Everyone should please go and thank him in that post for the outstanding work.
He used a tool called DFS to access and edit NV Item 8322 and change the value of the first byte from 01 to 00 which disables the checking of the MCC/MNC against a list of banned networks and flags MCC 310 as Invalid Country Code.
That method requires booting into BP Tools mode from the boot menu and loading the Qualcomm diagnostic device interfaces.
The problem is that there are no signed 64bit drivers available and you must force load the drivers on Win7/8 64 bit for the diagnostic port in order to see the device properly and have NV read/write access.
This has been a stumbling block for many users and makes the NV editing unnecessarily difficult.
This method uses Factory boot mode and allows RadioComm to have full diagnostic mode access via the Motorola USB Networking driver that loads normally with the standard USB driver set. I will demonstrate 2 different ways to perform the edit, one manual and one using a preconfigured SEEM table file that writes the value in a single operation.
Neither of these methods is as easy as an update.zip install from custom recovery would be, but we don't have a binary that supports the motorola.update_nv function that we used for prior MDM6600 based devices available to us for the MSM8960 devices.
Given that some form of diagnostic mode software and a PC is required, I feel that RadioComm is probably an easier option for most users as it avoids the driver problems and has a clearer and simpler interface for NV read/write access than DFS.
Once you have the latest Motorola drivers installed and RadioComm loaded, this guide should make it very easy and safe to perform what is generally a complicated and potentially dangerous task of editing the radio NVM(Non Volatile Memory).
RadioComm itself is a terrifyingly complex piece of software with a GUI that can bring even the most seasoned and experienced phone hacker to their knees wondering what all the various windows, modules and buttons do.
It is the premier Motorola serviceware application and is designed by and intended for use by top level radio engineers and technicians.
It is an extremely powerful application that can access all models and chipsets of Motorola devices and perform a vast array of diagnostic testing and configuration operations and can be fully automated via multiple scripting languages.
It's just plain scary and confusing and very dangerous if not taken seriously.
Warning and disclaimer:
DO NOT PLAY AROUND WITH ANY FEATURES OR RANDOMLY HIT ANY BUTTONS IN RADIOCOMM!!!
YOU CAN RENDER YOUR PHONE DYSFUNCTIONAL OR UNBOOTABLE IN SECONDS!!!
This cannot be emphasized strongly enough!
Follow the instructions exactly as they are written and shown in the screenshots and you will find it very simple to use have no trouble doing the edit with either method.
You, the user, are the only person responsible for your actions and performing this hack will absolutely void your warranty the same way rooting or any other modifications to your device's software does!
That said, this hack will be undetectable and have no outward visible signs of having been performed other than the fact that any GSM SIM should work afterward.
Root is NOT required and this can be safely done and undone at will without making any other changes on the device and all normal services function properly on VZW's network with the edit in place. It appears to only affect the US GSM network block and nothing else.
Prerequisites:
You need to have a recent set of Motorola USB drivers v. 5.9.0 or greater installed on your PC with a full USB 2.0 compatible port.
You need a standard Motorola micro USB cable.
RadioComm 11.12.xx I have included a link to 11.12.2 below.
https://dl.dropbox.com/u/7632904/RadioComm_v11.12.2_Install.zip
This has been tested on Win7 64bit and WinXP SP3 32bit with .NET Framework 4.0 installed.
Method:
This guide assumes you already have RadioComm and the drivers properly installed and have rebooted both PC and the phone afterward.
The first instructions and screenshots describe the initial setup and manual method using the FTM Common 1 tab and the NV Access window in RadioComm.
When you first open RadioComm you will get a popup stating that the version is more than 2 months old. Just close it and continue.
Now go to the top left corner and hit the Main button and select the MA: Common/MDM6x00 as shown in the first screenshot.
Next, go to Settings/USB and select PST USB Driver as shown in the second screenshot.
Test Command Format should default to P2K05 lower in Setings menu.
Leave all other options default.
Now we are ready to connect the phone and perform the edit.
Make sure you have Connect as Media Device in USB settings and USB Debugging enabled in Developer Options.
Power off the phone and then hold both Vol Up and Down + Power to enter the boot menu.
Use the Vol Down key to scroll down in the menu to Factory and then Vol Up key to select and the phone will boot.
Connect the USB cable and RadioComm will enumerate the phone and the radio button in the top right will change colors.
It will cycle sever times red to yellow and eventually go green when the device is fully enumerated and shows as XT907 in the status bar
at the bottom of the screen. You can read the Software Version and MEID/ESN/pESN buttons to make sure everything is working properly.
Each successful read the GUI will flash green and the Command buffer will turn green and any selected button will be green.
Any unsuccessful attempt will turn red.
If not, then restart everything and check over all settings again before proceeding.
Now go to the tabs bar across the top middle of the GUI and select FTM Common 1 tab and go to the NV access window in the center right of that tab and select the top menu Item "FFFF Manual Entry" as shown in the third screenshot.
Now hit the Read button and you will get 2 popup windows.
In the first window you will enter the Decimal NV Item ID 8322 and in the second you will enter the byte length to be read 1 as shown in the fourth screenshot.
When you hit ok it will read the NV Item and flash green and display the data in the hex output buffer below and you will see 01 for the value as shown in the fifth screen shot.
Now highlight the 01 and change it to 00 and hit the write button and this time it will only popup once asking for the Decimal NV Item ID 8322. When you hit OK the item will be written and the GUI will again flash green for a successful write as shown in the sixth screenshot.
You are now finished and can either use the restart button at top right of RadioComm to reboot or manually restart the phone.
The last screen shot is edited to show the steps to use the NV/SEEM feature with a SEEM table file I have provided below to do all of the steps as a single operation. Some users may find this easier than manually editing in the NV Access window but it's really almost the same number of steps.
Go to the top left and hit Features and select NV/SEEM and another window will open and the radio button will cycle again a couple time as it re enumerates the device again it will go green finally. Follow the instructions in the seventh screenshot and be sure to use the Restart button in the main window after you close NV/SEEM because its suspends the phone and it will be black screen and unresponsive and require holding Vol keys and Power for 10 secs to reset it otherwise.
Congrats! All done now and the rest is just putting in a SIM and selecting GSM/UMTS in Network Settings and everything should just work!
Below is the link for the .NVM SEEM table file.
https://dl.dropbox.com/u/7632904/TBH_RAZR_M_GSM_Unlock.NVM
Please use this thread to discuss issues relating to this method and RadioComm and keep general discussion of the phone on US carriers in the other thread, thank you!
Click to expand...
Click to collapse
---------- Post added at 11:14 PM ---------- Previous post was at 10:48 PM ----------
tried again for couple of times, this time it actually works.
maybe last time I reboot the phone too early?
sipida said:
my phone version is Bsmq_vzw-user 4.1.1 9.8.1Q_27-2 4 release-keysSM_BP_1139.000.32.62P
after write to 8322 with zeros, I read it again the confirm it is written, but after rebooting the phone, the value is back to 01 again.
I guess the verizon driver may override this value during rebooting?
any help?
should I root the phone?
==
thanks
Click to expand...
Click to collapse
Glad you got it working. There is no VZW software on the phone capable of writing to the radio NV, so it's not being reverted by anything.
If anyone else has similar issues I would suggest trying the NV/SEEM method as that will definitely write the item properly.
queberican351 said:
@DSDD
I beleive your XT902 is GSM by default. So if what your asking is will this bypass the network lock, no, the device needs to be unlocked by code. Then you can use it outside of the current carrier/country.
Click to expand...
Click to collapse
XT902 has sim lock, and there is no way to key in unlock code. So I think it maybe unlocked by modifying another NV item.
Does this tutorial unlock mobile data usage on other carriers. I cannot seem to get data working on my XT907 in Australia. GSM and MMS work fine, so why doesnt Data?
I don't know for certain because I only have experience with domestic US GSM carriers, but I tend to doubt it.
You can try it and see and revert it easily if it doesn't work. You can also try flashing the Telstra XT905 NON-HLOS.bin(modem) and fsg.mbn(carrierEFS/NVM config).
This was the method used to get US GSM service on XT907 before the method shown here was discovered.
It works but is limited to GSM/EDGE data services here in the US.
I am inclined to think it is some other problem with the device because it should work as a global capable phone by default.
dsdd said:
XT902 has sim lock, and there is no way to key in unlock code. So I think it maybe unlocked by modifying another NV item.
Click to expand...
Click to collapse
If it has a sim lock and you can acquire the code open your dialer and press #073887* (#0SETUP*) and it'll prompt you for the code.
Several people have PMd me questions about this method and I would much prefer that they be posted here in the thread so that everyone may benefit from the information.
Please include as much information about your PC and driver versions and be as thorough as possible in explaining your problems.
DISCLAIMER: You will be flashing your phone at your own risk. You are solely responsible for anything you do to your phone, so make sure you are well informed and well prepared before deciding to flash or install anything on your device.
The purpose of this thread is to provide a 'reference site' for anything related to ROMs and kernels, be it original stock, modified stock or custom images for the Samsung Galaxy S III Japanese versions, starting with model SC-03E.
All comments and feedback are welcome and appreciated.
Reminders:
After flashing a new ROM image, it is highly recommended to perform a cache wipe and factory reset. Please avoid posting about problems repeatedly which can be easily solved by this procedure.
If you find that someone has been helpful in assisting you, then please do not shy away from hitting the THANKS button below their post; this is the preferred action instead of creating a new post just to show your gratitude
BEFORE ASKING HOW TO DO SOMETHING, READ THIS GUIDE
Some questions are being asked over and over again in this thread without bothering to read through it or looking for the answer here in the OP. Especially for the 'lazy' ones among us, we'll attempt to make a new and fresh, additional, reference pointer right here at the top of the very first post. Please consider taking a look at @lparryU's guide BEFORE posting your next question.
"How-to: Root, Unlock, Enable Osaifu Keitai/Felica, CWM, cook & flash custom ROM for SC-03E"
PIT File
Use this PIT file when flashing with Odin, and ONLY if you have scr*wed up your default partitioning scheme due to specifying an incorrect one during a previous flash. Normally there is NO NEED to specify a PIT file when flashing with Odin!
m3.pit (SC-03E)
Factory Firmware (stock)
samsung-updates.com and www.sammobile.com host some of the stock images.
Due to hotfile.com's demise, and my limited storage and bandwidth resources in my mediafire subscription, stock images will be available on demand only. Sorry for the inconvenience.
Pre Rooted stock ROMs
(Flashing the following ROM components will trigger the custom binary counter)
All the rooters contain a sample debloat script as well. it is located in the file /preload/Proxyme/debloat.sample. If your /sdcard already has an older debloat script in /sdcard/Proxyme/debloat.sh, it will not be overwritten by the rooter (in case you made changes to it for an older rom). So to be sure of using the most recent script for the targeted version of the firmware check the version in the /preload/Proxyme location. As a reminder, you can execute the debloat script (or any other one) from within Proxyme WITHOUT enabling SU, because it will always run in an environment with elevated privileges.
Jelly Bean 4.3
SC03EOMUBNH2 (Proxyme) (Build Date 2014-08-19)
This zip archive contains an Odin flashable file. It is not the complete stock image, so you MUST have OMUBNH2 already running on your phone or you will need to download it from the above reference sites, which carry complete stock firmware images, and flash it before continuing with this file. Instructions are included.
mediafire
uploaded.net
torrent, mirror2
(Flashing these ROMs will NOT trigger the custom binary counter)
Jelly Bean 4.3
XXUENE4 GT-I9305 Based (Proxyme) (Build Date 2014-05-16)
This image will clear data/cache implicitly upon initial boot, so backup your stuff before flashing
This one includes the Samsung Chinese IME with support for full screen handwriting and the QUERTY layout with extra row of numerical keys at the top
torrent, mirror1, mirror2
mega.co.nz
uploaded.net
SC03EOMUBND2 (Proxyme) (Build Date 2014-04-02)
This image will not clear data, but please consider wiping data/cache manually before posting about issues not related to Proxyme
mega.co.nz
torrent, mirror1, mirror2
(Unpack the .tar.md5 file from any one of the following (multipart) zip archive and flash with Odin)
SC03EOMUBND2_PROXYME20140419.z01
SC03EOMUBND2_PROXYME20140419.zip
Jelly Bean 4.1.2
MI4 GT-I9305(TGY) Based (Build Date 2013-09-26)
Rooting instructions are displayed in RootInfo app
Wipe Data/Cache if you are experiencing problems.
Display Languages: English(UK/US), Chinese(Trad/Simpl) and Korean
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg;zh_CN)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
MR8 GT-I9305(TNL) Based (Build Date 2013-09-26)
Rooting instructions are displayed in RootInfo app
Wipe Data/Cache if you are experiencing problems.
Display Languages: (en_GB;en_US;en_AU;en_IE;en_NZ;en_ZA;ko_KR;de_AT;de_CH;de_DE;fr_FR;fr_CH;bg_BG;cs_CZ;da_DK;el_GR;es_ES;et_EE;fi_FI;ga_IE;hr_HR;hu_HU;is_IS;it_IT;lt_LT;lv_LV;mk_MK;nb_NO;nl_NL;nl_BE;pl_PL;pt_PT;ro_RO;sr_RS;sv_SE;tr_TR;ca_ES;eu_ES;gl_ES;kk_KZ;ru_RU;sk_SK; sl_SI; uk_UA; uz_UZ; az_AZ; hy_AM; ka_GE; es_US; pt_BR; ar_AE;zh_CN;zh_TW;ja_JP)
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
MG3 GT-I9305(SFR) Based (Build Date 2013-07-31)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
Data and cache are wiped, so backup your data prior to flashing with Odin.
Display Languages: (en_GB;en_US;en_AU;en_IE;en_NZ;en_ZA;ko_KR;de_AT;de_CH;de_DE;fr_FR;fr_CH;bg_BG;cs_CZ;da_DK;el_GR;es_ES;et_EE;fi_FI;ga_IE;hr_HR;hu_HU;is_IS;it_IT;lt_LT;lv_LV;mk_MK;nb_NO;nl_NL;nl_BE;pl_PL;pt_PT;ro_RO;sr_RS;sv_SE;tr_TR;ca_ES;eu_ES;gl_ES;kk_KZ;ru_RU;sk_SK; sl_SI; uk_UA; uz_UZ;az_AZ; hy_AM; ka_GE;es_US; pt_BR; ar_AE)
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
Jelly Bean 4.1.1
SC03EOMAMJ4 ( 2013-10-18 )
Depending on what's running on your phone currently, you may have to consider performing a manual factory reset and wipe the cache and data partitions.
Rooting Instructions:
Default state is - not rooted - Proxyme has been included in this rom,
Proxyme offers live su binary control, and without the need to 'root' the phone, you have...
- SSH server with virtually unlimited user accounts, configurable with specific UID, GID, home directory and shell,
- execution of scripts with elevated privileges (sample debloating script included),
- tag along scripts for root ON and root OFF actions,
- busybox switch
(Unpack the .tar.md5 file from any one of the following zip archive and flash with Odin)
torrent - full stock root ready (Proxyme)
Uploaded.net - full stock root ready (Proxyme)
MF1 (Build Date 2013-06-10)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
mediafire (unpack tar.md5 file from this multi-part zip archive and flash with Odin)
MC3 (Build Date 2013-03-18)
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
MB1 (Build Date 2013-02-08)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
Chainfire's SuperSU has been included for your convenience.
hotfile - link dead (unpack tar.md5 file from this zip archive and flash with Odin)
.
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
MA6 (Build Date 2013-01-24)
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
Custom ROMs
(Flashing these ROMs COULD (and usually will) trigger the custom counter)
Probam Rom
Go to this post... and this post... Courtesy @sasbudi
Slimbean 4.3 NTT Docomo SC-03E
Go to this post... Courtesy @majidkhan
Carbon 4.2.2 for NTT Docomo SC-03E
http://forum.xda-developers.com/showpost.php?p=45164630&postcount=550 Courtesy @majidkhan
PACman (Paranoid AOKP CyanogenMod) 4.2.2
http://forum.xda-developers.com/showpost.php?p=43996579&postcount=489 Courtesy @Edgrr000
CyanogenMod
Instructions for flashing CM10.1 Courtesy @lparryU
Getting CM10 to work on SC-03E with Osaifu-keitai... Courtesy @FlyingFlipFlop and @lparryU
http://forum.xda-developers.com/showpost.php?p=42076531&postcount=313
http://forum.xda-developers.com/showpost.php?p=42076531&postcount=302
http://forum.xda-developers.com/showpost.php?p=42094976&postcount=303
rXTREME.v10.0
Link to post Courtesy @Edgrr000
KBC Developers github wiki
Contains everything everyone in here needs, Samsung custom kernel, with visible hidden partition for using triangle away on stock rooted,
and having all Japanese things working too. And the cm10.1 links. Its in Japanese but easily translated. (courtesy of @Robobob1221)
https://github.com/kbc-developers/release/wiki
Paranoid Android (GT-I9305)
Link to post Courtesy @Edgrr000
Misc
How to Convert ROMs for the SC-03E By @DroidZombie
Japanized Rom Tool By @LeathSeraph
http://lt.imobile.com.cn/forum.php?mod=viewthread&tid=10282917
Hints & Tips
Follow this trail...
SC-03E Hints & Tips
Hints & Tips
Guides.. with several links and specifically for unlocking your phone with the proper ROM (has the LK5 modem which is the go to for unlocking and working with other carriers), and instructions to do just about everything you need to get done with this phone
How to Convert ROMs for the SC-03E (By @DroidZombie)
Instructions for flashing CyanogenMod ROMs (By @lparryU)
Unlocking
Unlocking Guide - Courtesy of XDA member @majin
Yet Another Unlocking Guide
Custom Binary Counter
.Reset Guide .By @majin
Tethering
Tethering Guide By @majin
How to change Tethering preset APN By @majin
Change Roaming Status
Reference post By @majin
Proxyme Rooting
Proxyme Guide
Fixing Lost IMEI
How to repair your SC-03E's IMEI number and restore its network connection
Miscellaneous
SC-03E Dial Pad Codes
SC-03E Docomo S3 LTE - Just Another Unlocking Guide
This (sim) unlocking guide has been primarily inspired by the very comprehensive guide initially written and posted by @majin in his post.
WARNING: This unlock procedure will automatically wipe the phone's cache and data partitions, effectively performing a factory reset; you are strongly advised to backup your data prior to executing this guide.
Prerequisites:
Windows PC running Odin3 in an administrator account (tested with Odin3 v3.07)
USB cable to connect phone to PC (preferably original cable for reliability)
Internet access to download firmware image(s)
Google account to access Play Store
The following list outlines the required steps in order to successfully unlock your SC-03E:
If you have data on the phone, which is of any importance to you, then I highly recommend that you make appropriate backups first
If present, remove the sim card and sdcard (there's no need to have a Docomo sim card for this procedure to work)
Download this stock firmware image, which is based on MB1 and includes the appropriate modem component to assist in wiping the NV stored network locking data structures. In addition, this firmware image is root-ready; meaning that you can toggle root mode by pressing VolumeUp/VolumeDown/Power button combination briefly to switch modes.
Initiate Odin Download mode on the SC-03E (Turn the phone off, then simultaneously press VolumeDown/Home/Power buttons until the Download Mode splash screen appears and requires you to press VolumeUp to continue or VolumeDown to cancel if you find yourself suddenly struck by an overwhelming feeling of stage-fright)
Unpack the SC03EOMAMB1_LK5MDM.tar.md5 firmware image from the above-mentioned/downloaded zip archive and flash the file with Odin3 (specify the image file in Odin's PDA section)
As soon as Odin completes the flashing process, it will instruct the phone to reset; be patient while the phone starts up, because it will require more time to setup and configure itself after a factory reset.
If you have reached this step, then we're assuming the phone has booted successfully and you are presented with the configuration wizard. You need to at least enter your Google account credentials in order to access the Play Store.
Install the (free) ServiceMode Shortcut app (author: KABASOFT) from the Play Store.
Another (paid) option is the ShowServiceMode For Galaxy LTE app (author: Jaken's Laboratory).
Start the service mode app and tap the ServiceMode option, which will in turn fire up the ServiceMode main menu
Select [1]UMTS->[1]DEBUG SCREEN->[8]PHONE CONTROL->[6]NETWORK LOCK->[3]PERSO SHA256 OFF
Now use the phone's android menu soft button to select Back in the popup menu to return to the NETWORK LOCK menu
Tap [4]NW LOCK NV DATA INITIALLIZ and wait for about a minute before returning to the NETWORK LOCK menu; when you tap this option again, it should state PERSO_NV_INIT is SUCCESSFUL
You may now power off the phone to insert a sim card from your favorite telco operator and restart the phone
From this point onward, it is possible to flash any other firmware image without affecting the unlocked state
Enjoy!
SC-03E Dial Pad Codes
This list is most probably not complete. Please post or send a PM if you know about codes not listed here, your input will be highly appreciated!
*#0*# ........................... Hardware Testing
*#06# .......................... Show IMEI number
*#0011# ....................... GSM Status Information
*#0228# ....................... Battery Status
*#0782# ....................... RTCTimeRead (Show Time)
*#1111# ....................... ServiceMode - READ FTA SW VERSION
*#1234# ....................... Show Software Version
*#2222# ....................... ServiceMode - READ FTA HW VERSION
*#2663# ....................... Touch Screen/Key Firmware Update
*#7284# ....................... PhoneUtil - UART & USB Configuration
*#7353# ....................... Quick Test
*#7594# ....................... Factory Mode - Shutdown Configuration
*#9090# ....................... ServiceMode - DIAG CONFIG
*#9900# ....................... SysDump
*#34971539# ................ Camera Firmware Check
IMEI Repair Procedure
How to repair your SC-03E's IMEI number and restore its network connection.
Keywords: IMEI: null/null Unknown + Baseband: Unknown + no connection with QPST + no IMEI backup + phone signal lost
Disclaimer
This procedure is intended to be applied in a last resort scenario only. You must check thoroughly what the actual cause is for your phone having lost its imei number. It may very well be merely due to an incompatibility issue between the baseband code and the efs version, and thus easily fixed by flashing a proper modem component. Writing to partitions in your phone's internal storage device, re-partitioning it, flashing with the Odin tool or operating the QPST Qualcomm engineering tool carries many risks, which include hard-bricking the phone. You are solely responsible for anything you do to your phone and by carrying out the steps detailed in this procedure, you are agreeing to accept all responsibility for any and all outcome of the procedure, even if you end up with an expensive door-stop.
Try This First
Before panicking and diving into this procedure to perform all of its steps, note that your specific problem/case might not require such an extensive procedure. There could very well be a much simpler solution for your case, so I strongly advise you to put some effort into diagnosing your problem properly (best as you can given the resources you have at your disposal) BEFORE continuing.
I will be adding topics to this section based on the feedback we get, which will hopefully help everyone to improve diagnostics and find out if there are quicker/better way to solve any specific case.
BASEBAND UNKNOWN (Courtesy of @majin)
About the devices with "BASEBAND UNKNOWN" not recognized by QSPT, for first users should try with one of these:
1) enter *#9090# and check if "[2] DM/DUN over HSIC (*)" is selected, then to try to use QSPT to fix/restore the IMEI/EFS-folder, (if users have some old working backup too).
3) Try to use EFS Professional Suite to restore the right permissions on the NV files.
4) Use "Qualcomm NV Tools" (included in "EFS Professional Suite") to write directly their IMEI and to do some other test.
If they can't anything of that, then they really need to make all the "Chinese steps".
Click to expand...
Click to collapse
Introduction
This procedure is based on the following two posts, which are identical content-wise, and may be from the same individual. Credit goes to user xt890612 of forum site bbs.shendu.com and user softbank_1001 of forum site bbs.91dongji.com. Special thanks to xda member @majin for the find/input/feedback and having tested the procedure on his SC-03E.
- bbs.91dongji.com
- bbs.shendu.com
The issues we will attempt to resolve are:
IMEI corrupt or 0
Baseband Unknown status
QPST does not recognize the phone
What to Expect
If the procedure has been followed correctly and applied successfully, then take note of the following points.
IMEI restored
Network connection restored
Device serial number not the same as your original one (we will try to resolve this in the future)
No SIM network lock (Do not apply this procedure if you only want to SIM unlock a device with no issues)
You should be feeling happy, so please lookup the sources mentioned above and thank them
Preparations & Prerequisites
You will need the following tools and files, so please check each item in the list below and make sure you have them ready before commencing with the first step of the procedure.
An SC-03E which can at the very least boot into Odin Download Mode (soft-bricked). If the bootloader is corrupt, you will need some kind of JTAG service to revive the phone, because this procedure will not help your case.
Windows PC
Odin v3 (preferably Odin3 v3.09 or v3.07) - Google is your best friend
Google QPST.2.7.378.zip and download this Qualcomm engineering tool. Install it on the PC.
ADB tool/program. ADB, Android Debug Bridge, is included with Google’s Android SDK.
Hex editor. Google 'Hex editor' and download your preferred or favourite variant. Try HexEdit.exe.
Download SC-03E_IMEI-REPAIR.ZIP (mirror, torrent) and unpack the files in this archive to a work directory
Download one of the pre-rooted or root ready rom images, which are still functional/bootable on your phone, from the OP/reference post (this item is only required if your phone does not boot into Android at all, even after resetting it, and is not rooted)
Step 1 - Flash a Bootable Rooted ROM Image
If your phone currently has firmware, which boots properly and can give you root access, then skip this step. If not, then use Odin to flash the rooted image you have downloaded earlier. Consider resetting the phone afterwards by entering recovery mode to clear data and cache.
Step 2 - Enable USB Debugging
Enable USB debugging by setting the checkmark in the following option in settings:
Settings->Developer options->USB Debugging
Step 3 - Connect the Phone
If necessary, wait for all PC drivers to install and initialize.
Step 4 - Prepare Phone Internal Storage
Copy all 15 mmcblk* files, which were unpacked from the SC-03E_IMEI-REPAIR.ZIP zip archive earlier, to the phone's internal sd card after connecting it to the PC. The files must be located in the root of folder /sdcard.
It is important that you consider verifying data integrity of the mmcblk* files you have copied to the phone. Root Browser is recommended and can assist in this process. The following list consists of the MD5 checksums generated for the files in the SC-03E_IMEI-REPAIR.ZIP zip archive.
b5cfa9d6c8febd618f91ac2843d50a1c *mmcblk0p1
30fd6dfc09a70c8bcf345dc8c9e2781a *mmcblk0p10
c71fb4dfba643299159b97c6065fdb54 *mmcblk0p11
95557d70252c9b0af3f95a2244cd93ab *mmcblk0p12
e35b35efb73dd8320bdae08ec463372c *mmcblk0p13
31bc9037b092df1abbcf7550938d553d *mmcblk0p14
96995b58d4cbf6aaa9041b4f00c7f6ae *mmcblk0p15
b5cfa9d6c8febd618f91ac2843d50a1c *mmcblk0p2
dbad1316e91f5dcf0b89ad3e456f3bf8 *mmcblk0p3
713a67b9605c02f6cdd0346dfa1cab1e *mmcblk0p4
130715b90924c2394e1acd758059dd90 *mmcblk0p5
4029a1de061c375547aa3096a14562dc *mmcblk0p6
67bb0d7fbec2e250c5e2bd75dd9816f3 *mmcblk0p7
9e4a4230f51545ffd352cb7988f4bc9f *mmcblk0p8
edc27dbf0cc8b29df3ba31e21b552a98 *mmcblk0p9
4459508535b3c064f6afc6d1c6119b9e *sc03e.qcn
Step 5 - ADB
Now open a cmd window and start the ADB tool by typing the following command at the cmd prompt, followed by the enter key. In many cases, you will first have to cd (change directory) to the directory where the adb.exe program is located (hint, if you've installed the Android SDK, look for the location where it was installed and search its subdirectories for adb.exe):
>adb shell
If the shell in the adb session starts successfully, the following prompt is presented:
[email protected]:/ $
Type su followed by the enter key to get root access. If the $ sign in the prompt does not change in a # sign, then you have no access to root and you should revert back to step 1 to make sure you have a rooted firmware image on the phone.
[email protected]:/ $su <enter>
[email protected]:/ #
Step 6 - Restore Partitions
This step must be taken with great caution. You will be directly writing to partitions in the internal storage device and a mistake can end in disaster. Copy the following lines, each terminated by the enter key to initiate the command. Note that the lines with mmcblk0p10 to p14 can take a long (5 minutes or more) time to complete, so be patient.
dd if=/sdcard/mmcblk0p1 of=/dev/block/mmcblk0p1 <enter>
dd if=/sdcard/mmcblk0p2 of=/dev/block/mmcblk0p2 <enter>
dd if=/sdcard/mmcblk0p3 of=/dev/block/mmcblk0p3 <enter>
dd if=/sdcard/mmcblk0p4 of=/dev/block/mmcblk0p4 <enter>
dd if=/sdcard/mmcblk0p5 of=/dev/block/mmcblk0p5 <enter>
dd if=/sdcard/mmcblk0p6 of=/dev/block/mmcblk0p6 <enter>
dd if=/sdcard/mmcblk0p7 of=/dev/block/mmcblk0p7 <enter>
dd if=/sdcard/mmcblk0p8 of=/dev/block/mmcblk0p8 <enter>
dd if=/sdcard/mmcblk0p9 of=/dev/block/mmcblk0p9 <enter>
dd if=/sdcard/mmcblk0p10 of=/dev/block/mmcblk0p10 <enter>
dd if=/sdcard/mmcblk0p11 of=/dev/block/mmcblk0p11 <enter>
dd if=/sdcard/mmcblk0p12 of=/dev/block/mmcblk0p12 <enter>
dd if=/sdcard/mmcblk0p13 of=/dev/block/mmcblk0p13 <enter>
dd if=/sdcard/mmcblk0p14 of=/dev/block/mmcblk0p14 <enter>
dd if=/sdcard/mmcblk0p15 of=/dev/block/mmcblk0p15 <enter>
Close the cmd window and restart the phone. If the phone does not boot into Android (could be bootlooping due to incompatible data elements), then perform a reset in recovery mode by wiping data and cache.
At this point you should confirm that the baseband has been restored in settings.
Step 7 - Restoring IMEI
Get ready to make changes to the sc03e.qcn file, which was unpacked from the
SC-03E_IMEI-REPAIR.ZIP zip archive earlier, using the hex editor.
Load the sc03e.qcn file in a hex editor and search for the following hexadecimal byte value sequence:
08 0A 21 43 65 87 09 21 43
The file contains two instances of the sequence as is shown above. Both sequences must be changed to your IMEI number and the way it is done is outlined below.
Note that when searching for the above sequence, in most hex editors you are supposed to also specify the search type, whether it be a text search or byte (binary search. You want the latter type.
Start with looking up your device's IMEI number. It is printed on the label in the battery compartment and on a label or sticker on the original box, if you still have it. The IMEI number consists of 15 digits, so please write it on a sheet of paper in order to help you visually 'construct' a hexadecimal sequence, which in turn can be used to update both instances of the abovementioned sequence in the file. This sequence has three fixed nibble values, which must remain unchanged in the final sequence. The following sample shows x's in the sequence which represent the part to be initialised to your IMEI number. The fixed (constant) parts are the 08 and the A in xA.
08 xA xx xx xx xx xx xx xx
In order to correctly fit your 15 digit IMEI number into the sequence, use the following guide to construct it. Here, we use the dummy IMEI number 012345678901234 for reference only.
...0..12.34.56.78.90.12.34 (IMEI number to convert)
08.0A.21.43.65.87.09.21.43 (byte sequence to be constructed)
As you can see, the first digit of the IMEI number is paired with the A of the second byte in the sequence; it is placed left of the A, thus becoming the most significant nibble of the byte. The remaining digits are paired to form 7 groups in order, where each pair's digits are swapped as is shown above.
When you have finished changing the two instances of the search sequence to reflect your IMEI number, save the sc03e.qcn file, exit from the hex editor and move on to the next step.
Step 8 - Restore Configuration From QCN File
Enter the following string in the stock phone dialpad:
*#7284#
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Immediately after entering the trailing # sign, as is shown in the above image, the service mode screen shown in the next image will appear.
Tap on the Qualcomm USB Settings button to display the list of USB options you can choose from. This is shown in the next image.
Select the RNDIS + DM + MODEM option followed by tapping the OK button to return to the previous screen. Now use the back button to return to the dialpad.
Next, enter the following string in the stock phone dialpad to enter the DIAG CONFIG service mode screen:
*#9090#
Immediately after entering the trailing # sign, as is shown in the above image, the service mode screen shown in the next image will appear.
Select the [2]DM/DUN over HSIC (*) option. Note that the phone will immediately reboot as soon as you tap on this option in order for it to take effect.
Let's start the QPST Configuration program in Windows and select the Ports tab to add the new port, which has been assigned to the phone's USB communication protocol. Make sure to select the port with label USB/QC Diagnostic before clicking on the OK button.
If the port has been correctly initialised and selected, SURF9615 (0) should be displayed in the Phone column of the Ports tab, as is shown in the image below.
Finally, select the Start Clients menu and navigate to the QPST Software Download item to start its corresponding program.
In the QPST Software Download program, select the Restore tab and then specify the path to the qcn file which you have edited earlier. Hit the Start button to start uploading the new configuration file to the phone. After the upload is done, reboot the phone and check the IMEI number to verify everything went ok.
Finalizing
Enter the following string in the stock phone dialpad:
*#7284#
The service mode screen appears, so again, tap on the Qualcomm USB Settings button to display the list of USB options you can choose from. To restore the default USB settings, select the RNDIS + DM + MODEM option followed by tapping the OK button to return to the previous screen. Now use the back button to return to the dialpad, or hit the home button to continue using the phone normally.
That's it...enjoy your phone!
Notes & Feedback
Serial Number (Courtesy of @majin)
About the wrong Serial Number, [between step 6 and 7] if users have still on board the Chinese Rooted ROM (or if they flashed any other correct Rooted ROM), they can easily edit the file "\efs\FactoryApp\serial_no" by the phone itself (status is 1000:0000 rwxr--r-- 744)
Then they can flash any other favorite ROM [anyway, to make all easier, I suggest some 4.1 ROM, same as the Chinese one.]
Click to expand...
Click to collapse
hey i cant posting outside url
error message
"To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for understanding!"
aki0306 said:
hey i cant posting outside url
error message
"To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for understanding!"
Click to expand...
Click to collapse
8 more posts to go and you're in. Why don't you head over to this thread and see if you can contribute or give feedback to any of the queries from other members. Once you get into a dialog or discussion, you'll hit that magic 10 easy.
Your message to davidcsv was also relayed to that thread, and it would help to introduce yourself to the group and gain some 'trust' wrt your firmware images.
---------- Post added 5th March 2013 at 12:46 AM ---------- Previous post was 4th March 2013 at 11:58 PM ----------
MB1 Root Rom JB4.1.1
MA6 Root Rom JB4.1.1
MC3 Root Rom Android File Host JB4.1.1
★MC3 Rom no need rename but need flash stock MC3 Rom before flash root Rom
how to flash
flash from odin
1.flash stock rom
ex if u wanna flash MB1 root, u have to flash MB1 stock Rom before flash Root Rom
2.into recovery, wipe/factory reset
3.unzip Root Rom and rename file
★you guys have to rename file when unzip root Rom★
ex SC03E-ROOTED-system_MB1.tar.md5
↓
SC03E-ROOTED-system.tar.md5
4.Flash Root Rom from odin
5.boot
6.installe Supersu or Superuser on play store
cation MB1 & MA6 Root Rom is "same name of file"
thx for kbc-developers
hv fun guys!!!!
---------- Post added at 12:51 AM ---------- Previous post was at 12:46 AM ----------
Custom Rom Link
jump to china forum
this Rom on MA6 Rom
damn.. didn't know this thread existed.
I will link this to the first post in my thread and have it closed.
if you could close my thread so all the talk can go here, it would be much more beneficial/easy to keep track of things.
---------- Post added at 02:01 PM ---------- Previous post was at 01:46 PM ----------
I can confirm that the root method worked for MB1...
LETS GET THE PARTY STARTED! Seriously, I am having a drink afterwork!
lol,trying with my phone.
update result soon.
my phone is rooted now.
but still waiting for custom one that removed needless app.
"Get PIT for mapping" <-------is this dangerous?
Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?
skylinerxz said:
Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?
Click to expand...
Click to collapse
I was just going to ask this...
didoka_702 said:
lol,trying with my phone.
update result soon.
my phone is rooted now.
but still waiting for custom one that removed needless app.
"Get PIT for mapping" <-------is this dangerous?
Click to expand...
Click to collapse
Get PIT for mapping is harmless, because the flashing process with Odin is just getting the current partitioning configuration as is stored in the phone. Just stay away from the PIT options in Odin (PC).
Why don't you just remove unwanted system apps with Titanium Backup?
skylinerxz said:
Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?
Click to expand...
Click to collapse
Do you mean one of the CWM recovery flavors or the Android builds (like for example CM 10.x)?
davidcsv said:
Do you mean one of the CWM recovery flavors or the Android builds (like for example CM 10.x)?
Click to expand...
Click to collapse
i would like CM10.x ! + CWM recovery flavors!
you got a lab rat available for this!
davidcsv said:
Get PIT for mapping is harmless, because the flashing process with Odin is just getting the current partitioning configuration as is stored in the phone. Just stay away from the PIT options in Odin (PC).
Why don't you just remove unwanted system apps with Titanium Backup?
Click to expand...
Click to collapse
sorry.already did that with tianium backup but still not edit my post.
IparryU said:
i would like CM10.x ! + CWM recovery flavors!
you got a lab rat available for this!
Click to expand...
Click to collapse
Who wants to try CWM Touch recovery? It is embedded in the latest upload of the MB1 stock root ready firmware image. The links are available in the original post in the pre-rooted stock ROMs section.
The procedure is as usual, flash with Odin (PC). Then, when your phone has booted into Samsung's stock Android, at any moment press VolumeUp/VolumeDown/Power at the same time and only briefly. This should root the phone (install su binary) and install the CWM Touch recovery... I say 'should' because I have only been able to test this procedure on my Korean version of the S3; in this case, CWM's recovery has been adapted for the SC-03E. There's no visual or audio confirmation when you've pressed those three buttons, so check with your favorite root-requiring app or with the included SuperSU app.
IF rooting works with this image, then the difference with the one presented by aki0306/kbc-developers is that theirs will always root the phone during startup; meaning you have the convenience of always starting up in a rooted environment. This mechanism will only root it when you need it (three button press detailed above); I'm still assuming that when you reboot, each time su (root) is removed by Docomo's security measures in the boot environment... if you want no root then reboot. As soon as someone can confirm whether this new mechanism works, I can turn it into a toggle kind of switch, so you can root and unroot without having to restart the phone.
davidcsv said:
Who wants to try CWM Touch recovery? It is embedded in the latest upload of the MB1 stock root ready firmware image. The links are available in the original post in the pre-rooted stock ROMs section.
The procedure is as usual, flash with Odin (PC). Then, when your phone has booted into Samsung's stock Android, at any moment press VolumeUp/VolumeDown/Power at the same time and only briefly. This should root the phone (install su binary) and install the CWM Touch recovery... I say 'should' because I have only been able to test this procedure on my Korean version of the S3; in this case, CWM's recovery has been adapted for the SC-03E. There's no visual or audio confirmation when you've pressed those three buttons, so check with your favorite root-requiring app or with the included SuperSU app.
IF rooting works with this image, then the difference with the one presented by aki0306/kbc-developers is that theirs will always root the phone during startup; meaning you have the convenience of always starting up in a rooted environment. This mechanism will only root it when you need it (three button press detailed above); I'm still assuming that when you reboot, each time su (root) is removed by Docomo's security measures in the boot environment... if you want no root then reboot. As soon as someone can confirm whether this new mechanism works, I can turn it into a toggle kind of switch, so you can root and unroot without having to restart the phone.
Click to expand...
Click to collapse
just finish custom my phone today @@
ill try this one tomorrow
and i have already backed up my phone with
+back all user data and app with titanium back up
+back up efs folder using root explorer
+back up QCN file using EFS pro by this thread
any process i need to do after this?
didoka_702 said:
just finish custom my phone today @@
ill try this one tomorrow
and i have already backed up my phone with
+back all user data and app with titanium back up
+back up efs folder using root explorer
+back up QCN file using EFS pro by this thread
any process i need to do after this?
Click to expand...
Click to collapse
That should cover it
I use Whatsapp, so I always make a seperate backup of its database folder as well (folder /mnt/sdcard/WhatsApp)... it contains the message history and all the media that's been sent over.
so i test this one recently and here is MY result (i usually hold up down volume first and then press power button)
+first time:check with Supersu.it said cannot install SuperSU cause of SU binary is not installed.
+restart and try again,this time i installed Titanium back up.and its said that the phone isnt rooted
+restart and try again,no worked
+and at the 5th 6th time everytime i try to press volume up down power to install Su binary,the phone restart.
//so its my result.anyone esle?
//and couldnt get to recovery mode :| now i back to aki rom till the new one came out.
WORK IN PROGRESS.. UNTIL NOW NOT GETTING 100%
This was for CM11s, Don't try on CM12s
As soon as we found right procedure we'll Update here
This tutorial is not for newbies.. If you are not little advance user don't do this
After reboot Values reset to Orignal setting (Reset)
need to prevent NV recovery
1. Download Files Here containing all the necessary files and extract it on desktop.
2. Enable Android Debugging on your phone and connect it to your computer,
3. Open up ADB and type the following:
Code:
adb shell
su
setprop sys.usb.config diag,adb
4. Launch Device Manager go to & expand Other Devices,
Right click Android (or something related) listed under that menu
Choose Update Driver Software,
Browse my computer for driver software,
Let me pick from a list of device drivers on my computer,
Just Click Next,
Have Disk,
Browse to where you extracted YU Diagnostics Driver folder
Inside you will find 32bit and 64bit versions, pick one as per your OS
Select htcdiag.inf (for 32bit) or HtcUsbMdmV64.inf (for 64bit) file that you will Open.
Accept all warning messages and let the installation of the driver complete.
5. Once everything is done installing, under Modems or Ports (Com & LPT) in Device Manager you will find HTC USB Modem.
Right click and select Properties; in this you will see Port: COM<number>. Remember that COM<number> or write it down.
6. Open QPST v2.7 Build 4.11 > run as administrator setup.exe (Don’t run QPST.2.7.411.msi)
7. Open QPST Configuration from Start Menu,
Go to the Ports tab,
Click on Add New Port (right bottom corner);
In the Port field type in the COM<number> you wrote down/remembered from step 5 and in Port Label type YU and finally click OK (left bottom corner).
If you've followed all the steps correctly until here, you should be able to see something like this in the Active Phones tab:
View attachment 3258366
Keep QPST Configuration window open
8. Open QXDM-3.12.714 > run as administrator setup.exe (Don’t run QXDMInstaller.msi)
9. Open QXDM Professional (run as administrator),
go to Options menu,
Select Communications
Set Target port to your phone COM<number> you wrote down/remembered from step 5 from dropdown list, Press OK.
View attachment 3258367
10. Back to QXDM main window, in the "View" drop-down menu, selects NV Browser
View attachment 3258368
now the fun part begins
View attachment 3259381
Put check mark on Dual SIM (as shown above SS) for apply all setting to both SIMs (Thanks to @tirta.agung)
11. Inside the NV Browser window,
Scroll down and click on line 01877 (rf_bc_config)
Click the Read button save original value in notepad in case something goes wrong.
Replace Input value with 3460734838925427584
Click on Write button.
12. Inside the NV Browser window,
Scroll down and click on line 00946 (band_pref_16_31);
Click the Read button, save original value in notepad in case something goes wrong.
Replace Input value with 0x0FF8 (please don't be an idiot and don't edit the empty one with "nam" in the name)
Click on Write button.
13. Inside the NV Browser window,
scroll down and click on line 02954 (band_pref_32_63);
click the Read button, save original value in notepad in case something goes wrong.
replace Input value with 805765120 (please don't be an idiot and don't edit the empty one with "nam" in the name)
click on Write button.
14. Inside the NV Browser window,
scroll down and click on line 00441 (band_pref);
click the Read button, save original value in notepad in case something goes wrong.
replace Input value with 0x380 or 0xFFFF (please don't be an idiot and don't edit the empty one with "nam" in the name)
click on Write button.
If you have problem with selection, you can edit it directly from your phone: *#*#4636#*#* /Phone information /Menu /Select radio band > Automatic
15. Inside the NV Browser window,
scroll down and click on line 06828 (lte_bc_config);
click the Read button, save original value in notepad in case something goes wrong.
replace Input value with 1904863 (please don't be an idiot and don't edit the empty one with "ext" in the name)
click on Write button.
16. Now Close QXDM; Wait 30 seconds,
disable Android Debugging on your phone,
unplug it and reboot your device;
Once it comes back on, it might take a minute or two for it to acquire signal so don't panic.
DO this on your own risk.. No body is responcible for any lost
Conclusion:
The only real way to know if the whole thing got applied is to do steps 1 through 10 again (obviously skipping installations)
and reading all values or if you are in an area where you previously had bad or no reception.
You can see unlocked GSM/UMPTS bands from the *#*#4636#*#* /Phone information /Menu /Select radio band
For more features of QXDM i.e. recover lost IMEI or ESN go HERE (Thanks to @tirta.agung)
Credits:
Thanks to @BlackSoulxxx for his original work with the Qualcomm baseband software, for the modified Drivers and for the LTE NV values
Thanks to @olokos for his original tutorial
Thanks to @devilsshadow for his original tutorial
Thanks to @Albirew for his original tutorial
Thanks to @tirta.agung for bringing the original thread to my attention & Guide me in many ways
Thanks to @fards for finding the diagnostics command that made all this possible
Thanks to @hem12 who raised my will for finding these tutorials.
Thanks to @d3athwarrior for post this tutorial.
Reserved
Don't forget to put check marks on dual sims, and apply all settings to sim0 and sim1 (see attachment). By the way before u messed things up, back up your modemst1, modemst2, fsc, and fsg.
By the way we can also use qxdm to recover lost imei, just go to 0550, and insert your imei for SIM 1 (sim0 in qxdm) and SIM 2 (sim1 in qxdm), for example:
Code:
If your IMEI was: 954091051099226, then the boxes would look like so:
8
9a
45
90
1
15
90
29
62
or also recover lost esn (item no 0 and 5597) or meid (1943 and 5598).
Great guide, guys !:good::good::good:
---------- Post added at 04:02 AM ---------- Previous post was at 03:59 AM ----------
Some error down there: "OPO" and huge load of credited people that seem dont fit in here. Clearly copied from OPO thread?
BlackSoulxxx said:
Great guide, guys !:good::good::good:
---------- Post added at 04:02 AM ---------- Previous post was at 03:59 AM ----------
Some error down there: "OPO" and huge load of credited people that seem dont fit in here. Clearly copied from OPO thread?
Click to expand...
Click to collapse
Yes you'r right.. I don't want to leave anyone in credit for them work :good:
OPO removed :Hawkeye:
but that works for me..
Need help for prevent NV recovery from you all
If it's the same as the 1+1, replacing /system/bin/rmt_storage with a version not locked would prevent nv recovery (do you know if NV values were sticking in an older version? If so, take it's rmt_storage and try to replace current one with older one, I think it's worth trying)
Albirew said:
If it's the same as the 1+1, replacing /system/bin/rmt_storage with a version not locked would prevent nv recovery (do you know if NV values were sticking in an older version? If so, take it's rmt_storage and try to replace current one with older one, I think it's worth trying)
Click to expand...
Click to collapse
Hmmm, as far as I know, all NV settings, including IMEI, or MEID, ESN, etc, resides in your modemst1 and modemst2 partition. If you don't believe me and eager to try, first make a backup of those two partitions, then format or wipe the two partition inside your phone (use fastboot to do this), I'll bet for your YU, now your IMEI and NV settings are all gone.
To be honest, I just found out from this thread that there is an rmt_storage in CM phones, wkwkwkwkw, . If the rmt_storage function is trough, then CM is locking the phone NV settings from the HLOS side not Non-HLOS side. I'll do some research on this rmt_storage.
Need Help from your side
tirta.agung said:
Don't forget to put check marks on dual sims, and apply all settings to sim0 and sim1 (see attachment). By the way before u messed things up, back up your modemst1, modemst2, fsc, and fsg.
.....
or also recover lost esn (item no 0 and 5597) or meid (1943 and 5598).
Click to expand...
Click to collapse
BlackSoulxxx said:
Great guide, guys !:good::good::good:
Some error down there: "OPO" and huge load of credited people that seem dont fit in here. Clearly copied from OPO thread?
Click to expand...
Click to collapse
Albirew said:
If it's the same as the
.....
current one with older one, I think it's worth trying)
Click to expand...
Click to collapse
Now current status is
when I connect mobile
it shows me like that
Even I change USB config to diag,adb
thru ADB or manually
this time its present in default.prop
I try both
trying to disable MTP in mobile USB connection is not working
Window for Settings > Storage > 3dot > USB computer connection is working
but when I disable MTP.. its not working3
So need help from your side..
how I enter / install diag mode
@tirta.agung
I read your complete Guide regarding unbrick YU
but as that post has multipal guides ... I little confused ..
Sorry I am Xtreme noob for all that
Can you guide me an easy way to connect with QPST for enable LTE band
Can I try
Guide #3. REVIVING YOUR IMEIs (That for 32bit or 64bit)??
for connect QXDM
ekhasti said:
@tirta.agung
I read your complete Guide regarding unbrick YU
but as that post has multipal guides ... I little confused ..
Sorry I am Xtreme noob for all that
Can you guide me an easy way to connect with QPST for enable LTE band
Can I try
Guide #3. REVIVING YOUR IMEIs (That for 32bit or 64bit)??
for connect QXDM
Click to expand...
Click to collapse
Yes use guide number three, and download the necessary file there. By the way, to use the guide you have to be in stock CM kitkat.
How to use these tools for Xperia C6602
Long story short, did it work in the end for more than 1 person?
thanks for the post. but i have a Lollipop rom. I will wait for you to update the thread ....
Can we try this in lollipop??? Is there any update on this???
ekhasti said:
WORK IN PROGRESS.. UNTIL NOW NOT GETTING 100%
CM12s
As soon as we found right procedure we'll Update here
Click to expand...
Click to collapse
Hi there, attached is boot.img and a hack rmt_storage for CM 12.1. Just flash the boot.img to your phone and connect it with QXDM. Your phone will be recognized as qualcomm diagnostic port 903A. Copy and paste (you can use TWRP's file manager to do this) the rmt_storage to "/system/bin" and change its permission (chmod) to 0755. This will make your changes stick upon reboot.
By the way, to use all these files, you need to be on stock CM 12.1. I haven't tried it on any other ROM.
Bro...im on cm12.1 ...rooted...I didn't understand the procedure... Pls can u explain step by step ..pls....wats that qxad ..? Is a software...? Wer I get that..,pls reply bro
Sent from my AO5510 using XDA Free mobile app
tirta.agung said:
Hi there, attached is boot.img and a hack rmt_storage for CM 12.1. Just flash the boot.img to your phone and connect it with QXDM. Your phone will be recognized as qualcomm diagnostic port 903A. Copy and paste (you can use TWRP's file manager to do this) the rmt_storage to "/system/bin" and change its permission (chmod) to 0755. This will make your changes stick upon reboot.
By the way, to use all these files, you need to be on stock CM 12.1. I haven't tried it on any other ROM.
Click to expand...
Click to collapse
Now i upgraded to cm13.....can these two files work for me....pls reply
Sent from my AO5510 using XDA Forums
@ekhasti
I have tried doing this on Yureka - CM11 XNPH05Q. Installed all the drivers & softwares successfully. When I startup the QPST config to add a new port,
1. I have to uncheck the "Show serial and USB/QC diag ports only" to make the HTCUSBModem port visible.
2. Although I am able to add the port successfully I am unable to see the phone number, it says "No Phone".
Since it is unable to get the phone details I am unable to proceed further. Nothing is visible/editable QXDM. either.
I have manually edited the build.prop file to make sure USB debugging is enabled but to no avail. Please check the attached files, what is it that I am missing?
P.S - I am able to get my IMEI number using *#06#
Any suggestion Guys???
bluebl0od said:
Any suggestion Guys???
Click to expand...
Click to collapse
Guys, I am eagerly waiting for your updates
Main thread: http://forum.xda-developers.com/z3-compact/general/unlock-bands-regions-z3c-root-required-t2940959
Originial thread here: http://forum.xda-developers.com/cro...ad-progress-please-leave-im-updating-t2871269
This thread server as a step-by-step guide for the unlocking process, but please takecare of all your personal/important information before modding your phone.
It is your own responsibility to backup all your data, including online and offline backup. I take no responsibility for any broken devices/sdcards/your house going down on fire and everything else.
This mod in fact does NOT unlock any sim lock, don't ask such a question.
And I do NOT think it will unlock [email protected], [email protected] (TBC, no such environment)
What you need:
Sony Xperia Z3 Compact (can be D5803/5833/SO-02G...)
Firmware rooted
Win7 PC with z3c ADB driver installed (I use the one come with flashtool)
QPST / QXDM / mzTool / z3c diag driver (http://goo.gl/pyN5fo, password: [email protected])
terminal emulator installed on z3c (can be optional, but will be easier when switching engineer mode on usb)
Give thanks to @BlackSoulxxx
Optional: FlashTool
Optional: Firmware stock FTF, the version must match your z3c running build (in case of recovery) you can get using XperiFirm
The following Guide assume you have: gain root access, installed SuperSU on phone, installed QPST/QXDM on PC.
I only tested on my D5833 and SO-02F, using Windows 7 Pro x64 SP1.
My originial plan is modding my SO-04E, to enable LTE in my area.
But I pass it to my girlfriend few days before I found this mod.
(her F-07E always boot to safe-mode, should be hardware failure)
Part 1: Connect to the phone's diagnostics mode
1. Enable superuser access in SuperSU if you have disabled it.
2. Go to: Setting -> Developer Option, make sure you turn on "Developer Option" on the top and turn OFF "USB Debugging"
3. Open terminal emulator, type the following command one by one:
Code:
su
setprop persist.usb.eng 1
4. Turn on "USB Debugging" under "Developer Option"
5. Connect your phone to PC via USB. Windows should found a few new hardware, wait until all driver installation fail.
6. Open "Device Manager" in "Computer Management", you should see some device named same as your device model, icons with yelow exclaimation mark.
7. Right-Click the first one, select Properties. Go to Detials tab, and under "Property" label, find the item called "Hardware Ids".
8. There should be some lines under the label Value. Notice the longest one, which should end with something like MI_01/MI_02 etc.
9. Your job is to find the correct device, which should end with MI_04. If you cannot find such device, either you have done something wrong, or your PC's usb fail to operate correctly. In later case, please switch to another PC. (My first trial end with this situation)
10. Once you find the correct device, go to Driver tab and press "Update Driver". Install the usb diag driver from the package, when asked about driver signature, just force insall it. Please make sure driver build match your window build, and do NOT use x86 driver on x64 windows.
Part 2: Unlock GSM/CDMA band(s)
11. Go to Start -> All Programs -> QPST, open "QPST Configuration". In the "Ports" tab, click the "Add New Port..." button in lower right corner.
12. In the Add New Port window, untick the option called "Show Serial and USB/QC Diagnostic ports only".
13. You should find an entry with the name saying z3c USB Modem. Select it and press OK.
14. Make sure the newly added port is "Enabled", under "Phone" block is MSM8974, Link is "USB".
15. Keep the configuration application running in background. Close the application will loose your connection to the phone.
16. Navigate to the installation path of QPST, in the /bin folder, find and execute "RF_NV_Manager.exe".
17. Go to "Setting" -> Comport, select the correct port you created in step 14.
18. In the top menu, "File" -> "Read from Phone". It should start reading your phone but take times.
19. After reading operation finished, in the lower left panel find the item with number 1877 (NV_RF_BC_CONFIG_I).
20. In the right panel, take a note on the originial value in case of recovery need.
21. Open mzTool, under "Band Preference (Bit info)", select "Decimal" under "Input Radax". In the "RF BC Config", enter the number you noted at step 20. It will list out all your current band supported by your headset, in the bit information box.
22. Still in mzTool, go to next tab named "Band Preference (NV Value)", select the band(s) you need. You can select all, but I personally recommand what you really need plus "[60] Reserved for BC10-1700", at lest those originally come with your phone.
23. After selecting band(s) you need, Copy the decimal value in the "RF BC Config" box below the selection area, and remove all space in between.
24. Go back to QPST again, find item #1877 (NV_RF_BC_CONFIG_I), paste the new value you calculated in step 23 into the right panel, and press the "Write NV"Button.
25. Go to "File" -> "Write Changes NV Items To Phone".
26. Close and reopen "RF_NV_Manager.exe", repeat step 17-19. If #1877 show you the value same as the one you calculated in step 23, then you are OK to proceed. If it revert back to the originial value (you should noted down at atep 20), sorry this mod is NOT for your headset and proceed to last part for quitting diagnositc mode.
27. Close RF NV Manager, unplug your headset and reboot it. If you got reception after reboot, then you are good. Please give thanks to @BlackSoulxxx
27a. Open dialer, type *#*#7378423#*#* (*#*#SERVICE#*#*), goto "Service info" -> "Configuration", you should see your unlocked band. If not, that means your phone reset it while reboot. You can do nothing unless you know how to disable the reset.
27b. If your phone cannot get signal after the mod, flash your phone with the stock FTF, do NOT select anyone under "Wipe:", select all under "Exclude:" but keep "BASEBAND" selected. This should flash the originial baseband firmware, hence remove this mod.
27c. If you still cannot get any reception, flash the whole stock FTF. This will wipe all your data, but reset it to factory installed status.
28. You are done for this section, you may continue for LTE band(s) unlock, or jump to last part for quitting diagnositc mode.
Part 3: Unlock LTE band(s)
29. Make sure you have unlocked "[60] Reserved for BC10-1700" in previous part.
30. Go to Start -> All Programs -> QXDM Professional, open "QXDM Professional". In the top menu select "Option" -> "Communication".
31. Under "All Ports in System:" select your port (should me same port as you use in QPST) and press "OK. QXDM should load all data automatically once you press ok.
32. In top menu, select "View" -> "New" -> "Common" -> "NV Browser". In the newly opened window, select "LTE" next to the "Category Filter".
33. Select the item with ID 06828 (Description = LTE BC Config, Full Path Name = LTE_BC_CONFIG). It should display "input" and "Value" of 0 under "Fields".
34. Press the "Read" button in the lower right corner, it should show a non-zero number under "Value". Please also write it down for recovery.
35. Convert the number, noted at step 34, to binary form. It will show which LTE bands your phone currently supported ...
35a. Start reading from right to left, the 1st digit from the right (right-most) will be corresponding to LTE Band 1, the 2nd digit will be for LTE Band 2, the 3rd digit will be for LTE Band 3. So the rule will be [ N-th digit will be for LTE Band N ].
35b. For each digit, 1 means the phone support that particular band while 0 means no support. For example in D5833, it should be 549890031829 = "1000000000001000000000000000000011010101" (LTE Band 1,3,5,7,8,28,40).
35c. So if you want to unlock some LTE band(s), filp such bit to 1. In case you have a gap like band 28-40, make sure you fill it with 0, or you will fail to unlock such channel.
36. Please work out our own value that suit your need. In my case I need LTE Band 1,3,5,7,8,9,19,21,28,38,39,40,41 so my value will be "11110000000001000000101000000000111010101" = 2061719830997
37. Go back to QXDM, double-click the 0 under "Input", replace it with the number you calculated at step 36 in decimal form.
38. Write the value to your phone by pressing the "Write" button next to "Read" button.
39. Close and reopen QXDM. Repeat step 31-35 and double check the number under "Value".
40. Close QXDM, unplug your phone and reboot it. If you got reception after reboot, then you are good. Please give thanks to @BlackSoulxxx
40a. Open dialer, type *#*#7378423#*#* (*#*#SERVICE#*#*), goto "Service info" -> "Configuration", you should see your unlocked band. If not, that means your phone reset it while reboot. You can do nothing unless you know how to disable the reset.
40b. If your phone cannot get signal after the mod, flash your phone with the stock FTF, do NOT select anyone under "Wipe:", select all under "Exclude:" but keep "BASEBAND" selected. This should flash the originial baseband firmware, hence remove this mod.
40c. If you still cannot get any reception, flash the whole stock FTF. This will wipe all your data, but reset it to factory installed status.
41. If you still cannot connect via LTE, open dialer and type *#*#4636#*#* (*#*#INFO#*#*), find "preferred network" and select "LTE".
41a. If it fail to connect, either is hardware restriction, or more software setting has to be done (some carrier has different APN for 3G/LTE)
42. You are done for this section, please continue for quitting diagnositc mode.
Part 4: Quit Diagnostics mode
43. Unplug your headset if you still connect it.
44. Turn off "USB Debugging" in "Developer Option".
45. Open terminal emulator, type the following command one by one:
Code:
su
setprop persist.usb.eng 0
46. You may either turn on "USB Dibugging", or just leave it as is.
46a. You can also turnoff superuser access in SuperSU, to enjoy Puzzle and Dragon (JP).
99. Don't forget to give thanks to @BlackSoulxxx
Thanks very much for this guide... before I attempt it, a dumb question;
Is this only of benefit for people that roam internationally often? Or can it improve the phone signal overall? (im in the UK)
Kind regards
Still Lte band 20 is not working in D5833, while it is listed in service menu((( I guess there are some hardware differences in radio module between D5833 and D5803
mamumba said:
Still Lte band 20 is not working in D5833, while it is listed in service menu((( I guess there are some hardware differences in radio module between D5833 and D5803
Click to expand...
Click to collapse
Thanks for the confirmation.
I own D5833, but live in Europe, and the available LTE bands in my country are 3 and 20.
I guess I won't be able to use the band 20, shame.
Can anyone, who own D5803 using this manual copy configuration of their phone in QXDM and PM me this file?
Wow, Much thanks. Very good. Great guide...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Excellent guide I will try it later, I had a D5833 and I need to get working the LTE 1700/2100 band
Noob question;
If you flash the FTF BASEBAND to revert de mod to it's original state, flashing the BASEBAND of a D5803 FTF to a D5833 model would not do the same trick?? (i suposse not but I'm asking anyway )
nmercy said:
Excellent guide I will try it later, I had a D5833 and I need to get working the LTE 1700/2100 band
Noob question;
If you flash the FTF BASEBAND to revert de mod to it's original state, flashing the BASEBAND of a D5803 FTF to a D5833 model would not do the same trick?? (i suposse not but I'm asking anyway )
Click to expand...
Click to collapse
You may try that, I won't take any production device on such risk anymore:angel:
Why do you flash d5803 Baseband to d5833 device ?
Quick note: someone reported Band4 AWS will not work even we modded the phone to support it ...
Every time I try this, I get a note that write protection on and read only? What am I doing wrong?
i want to try this with a xperia m2 model d2306 i need the band 3 for my lte please some help
Works great for me. Thanks heaps.
Has anyone successfully done this with a a D5803 to unlock TMobile's LTE Band 12 (700mHz)?
I have D5833 and tried to enable LTE band 4(AWS) and 2 to use it with T-Mobile.
Sadly, it doesn't work. The configuration page tells me that both 4 and 2 are enabled, but my phone can't get the signal.
I guess it's because of a hardware difference between D5833 and D5803
Quick note that worked for me on Windows 8 though I don't know if it's the limitation.
When I try to enter the new decimal for 3g bands, it doesn't seem to matter what I choose because as long as I select band 60 the software won't accept the number because its too long. If I change to selecting hex then there's fewer digits and it writes to the phone correctly without issue.
Anybody manage to unlock LTE band 20 ( 800 MHz ) on D6653 ( Z3 ) ???
Do you guys think it's possible or is it hardware limitation ( hope not ) ?
bofis said:
Has anyone successfully done this with a a D5803 to unlock TMobile's LTE Band 12 (700mHz)?
Click to expand...
Click to collapse
Bump. In the same boat (D5803 on T-Mobile) and wondering if it is worth performing all of the steps to unlock Band 12.
Do it at own risk.
Hello evreybody!!!
After 1 months of hard work,I found out how to solve “Service disabled” (‘Current version not available for user”phone model855RE) no network error.
I know,that a lot of people have this problem with his device,so I decided to share it with you.
I have bought D855 from alliexpress.It worked well with KitKat.When updated it with D85530 MM firmware,after booting the 2G\3G\LTE network is gone and in the screen appears a message “Service disabled”I have tried flash many D855 stock \custom firmwares,modems,restored several d855.qcn file but nothing.I was so disappointed,that the only solution is the motherboard replacement.But I talked with guy,and he said me,that my device can be a”Frankenstein”phone.(D855 body with D850 motherboard)It easily can be happened,if you buy a Refrubised phone from China)So that was my problem.When I flashed a D850 stock SW and restored a qcn from a working D850,my 2G\3G network worked like a charme.
My device has been through a lot of truble.(Soft and Hard brick,softwer version has become D855RE,Current version not available for user e.g)
So let’s start!
1.At first,make sure that in your D855 body,a D850 motherboard.
2.Download and install Lg Flashtools V1.8 and stock firmware for D850(LGD850AT-01-V10d-310-410-JUN-19-2014+0.tot).
from here:
http://forum.xda-developers.com/showthread.php?t=2785089
3.Download LGUP 8974.dll(not d850.dll,with this dll,the flashtool will not allow you to flash the d850tot,because your currently device model is D855RE\V).
from here:
http://forum.xda-developers.com/attachment.php?attachmentid=2473543&d=1387955530
4.Flash the LGD850AT SW and LGUP 8974.dll.After this step you will not have a network,but you will have a d850 model.
[If the flash procces isn't starting because of this error"ERROR CROSS DL (D855) to (D850) Sw Version",you must edit one Hex string on your downloaded LGD850 tot,
with the help of any hex editor. Then drag and drop your .D850TOT file into hex editor to modify it, Then click on search => Find. Type d850 or 850 and You will see this Hex string (not the same exact one but something similar),and modify xVLG-D850 to xVLG-D855\D855RE or D855V(Depending on your phone model)( https://yadi.sk/i/5ptKOYmQsaVZu ).Finally just click to the save butten,and flash the modified tot with lgup 8974 dll.]
5.After the success flashing,you must root your device and install the latest twrp on it.
6.Boot into recovery and restore efs partition backup from here :
https://yadi.sk/d/ZiKLY33jsZMSP
[After it you will have a 2G network but no 3G\4G network because of the imei of the device is 0.So you must restore it with QPST.
1. Make sure you LG G3 is running the stock LG firmware.(in our case LGD850AT-01-V10d). If your phone does not have official firmware installed on it, restore it to stock first. Install the latest LG USB drivers on your computer.
2. Now download the IMEI converter tool and unzip it.
3. Download QPST (Qualcomm Product Support Tools) and unzip it.
4. Open the QPST_2.7_378 and run the setup file to install it on your computer.
5. Enable USB debugging on your device. You can find this option under Settings> Developer options. Connect your device to the computer.
6. Run QPST configuration and click on Ports tab. Click on Add new port option.
7. Your current port should show as COM4/5.
8. Select the port and click OK. The port should come up on active phones.
9. Select the phone and click the Software Download option from Start clients menu.
10. Now click on Backup tab. You should see your phone’s port.
11. Click on Start to initiate backup.
12. Now navigate to C:/ Program Files/ qualcomm/ qpst/bin folder.
13. Run RF_NV_Manager.
14. Click File> Read from phone. Your phone’s IMEI number should appear on number 550; NV_IMEI_I
15. If you do not see item 550, do not panic.
16. Click on File> Read supported RF NV items.
17. Click on item 550. You would see 9 blank fields.
18. Now run IMEI Converter.exe.
19. Now type your phone’s IMEI in Enter IMEI field. You can find your IMEI on your phone’s bill or the box your device came in.
20. Then click on <Convert IMEI> button.
21. You should see 18 digits in groups of 9.
22. In RF_NV_Manager program, click on Hex by Write NV button.
23. In the 9 boxes, type in the numbers from IMEI converter starting from left. Type in first group of two numbers in the first field, then go to the next field and type in second 2 digits.
24. When you are done with doing this, click on Write NV option.
25. Then click File> Read from phone.
26. Item number 550 should appear now.
27. Disconnect the USB cable and reboot it.
28. Open phone’s dialer and dial *#06#. You should see your phone’s IMEI now.
That’s all!You are done!:good::good::good:
If I helped you,plz push to the thanks button .
Sorry for my bad English.
Robert LG said:
Do it at own risk.
Hello evreybody!!!
After 1 months of hard work,I found out how to solve “Service disabled” (‘Current version not available for user”phone model855RE) no network error.
I know,that a lot of people have this problem with his device,so I decided to share it with you.
I have bought D855 from alliexpress.It worked well with KitKat.When updated it with D85530 MM firmware,after booting the 2G\3G\LTE network is gone and in the screen appears a message “Service disabled”I have tried flash many D855 stock \custom firmwares,modems,restored several d855.qcn file but nothing.I was so disappointed,that the only solution is the motherboard replacement.But I talked with guy,and he said me,that my device can be a”Frankenstein”phone.(D855 body with D850 motherboard)It easily can be happened,if you buy a Refrubised phone from China)So that was my problem.When I flashed a D850 stock SW and restored a qcn from a working D850,my 2G\3G network worked like a charme.
My device has been through a lot of truble.(Soft and Hard brick,softwer version has become D855RE,Current version not available for user e.g)
So let’s start!
1.At first,make sure that in your D855 body,a D850 motherboard.
2.Download and install Lg Flashtools V1.8 and stock firmware for D850(LGD850AT-01-V10d-310-410-JUN-19-2014+0.tot).
from here:
http://forum.xda-developers.com/showthread.php?t=2785089
3.Download LGUP 8974.dll(not d850.dll,with this dll,the flashtool will not allow you to flash the d850tot,because your currently device model is D855RE\V).
from here:
http://forum.xda-developers.com/attachment.php?attachmentid=2473543&d=1387955530
4.Flash the LGD850AT SW and LGUP 8974.dll.After this step you will not have a network,but you will have a d850 model.
[If the flash procces isn't starting because of this error"ERROR CROSS DL (D855) to (D850) Sw Version",you must edit one Hex string on your downloaded LGD850 tot,
with the help of any hex editor. Then drag and drop your .D850TOT file into hex editor to modify it, Then click on search => Find. Type d850 or 850 and You will see this Hex string (not the same exact one but something similar),and modify xVLG-D850 to xVLG-D855\D855RE or D855V(Depending on your phone model)( https://yadi.sk/i/5ptKOYmQsaVZu ).Finally just click to the save butten,and flash the modified tot with lgup 8974 dll.]
5.After the success flashing,you must root your device and install the latest twrp on it.
6.Boot into recovery and restore efs partition backup from here :
https://yadi.sk/d/ZiKLY33jsZMSP
[After it you will have a 2G network but no 3G\4G network because of the imei of the device is 0.So you must restore it with QPST.
1. Make sure you LG G3 is running the stock LG firmware.(in our case LGD850AT-01-V10d). If your phone does not have official firmware installed on it, restore it to stock first. Install the latest LG USB drivers on your computer.
2. Now download the IMEI converter tool and unzip it.
3. Download QPST (Qualcomm Product Support Tools) and unzip it.
4. Open the QPST_2.7_378 and run the setup file to install it on your computer.
5. Enable USB debugging on your device. You can find this option under Settings> Developer options. Connect your device to the computer.
6. Run QPST configuration and click on Ports tab. Click on Add new port option.
7. Your current port should show as COM4/5.
8. Select the port and click OK. The port should come up on active phones.
9. Select the phone and click the Software Download option from Start clients menu.
10. Now click on Backup tab. You should see your phone’s port.
11. Click on Start to initiate backup.
12. Now navigate to C:/ Program Files/ qualcomm/ qpst/bin folder.
13. Run RF_NV_Manager.
14. Click File> Read from phone. Your phone’s IMEI number should appear on number 550; NV_IMEI_I
15. If you do not see item 550, do not panic.
16. Click on File> Read supported RF NV items.
17. Click on item 550. You would see 9 blank fields.
18. Now run IMEI Converter.exe.
19. Now type your phone’s IMEI in Enter IMEI field. You can find your IMEI on your phone’s bill or the box your device came in.
20. Then click on <Convert IMEI> button.
21. You should see 18 digits in groups of 9.
22. In RF_NV_Manager program, click on Hex by Write NV button.
23. In the 9 boxes, type in the numbers from IMEI converter starting from left. Type in first group of two numbers in the first field, then go to the next field and type in second 2 digits.
24. When you are done with doing this, click on Write NV option.
25. Then click File> Read from phone.
26. Item number 550 should appear now.
27. Disconnect the USB cable and reboot it.
28. Open phone’s dialer and dial *#06#. You should see your phone’s IMEI now.
That’s all!You are done!:good::good::good:
If I helped you,plz push to the thanks button .
Sorry for my bad English.
Click to expand...
Click to collapse
Thanks man!!!My2G/3G network working now!
---------- Post added at 09:06 AM ---------- Previous post was at 08:53 AM ----------
Lupi0125 said:
Thanks man!!!My2G/3G network working now!
Click to expand...
Click to collapse
You're welcome bro!
Robert LG said:
Do it at own risk.
Hello evreybody!!!
After 1 months of hard work,I found out how to solve “Service disabled” (‘Current version not available for user”phone model855RE) no network error.
I know,that a lot of people have this problem with his device,so I decided to share it with you.
I have bought D855 from alliexpress.It worked well with KitKat.When updated it with D85530 MM firmware,after booting the 2G\3G\LTE network is gone and in the screen appears a message “Service disabled”I have tried flash many D855 stock \custom firmwares,modems,restored several d855.qcn file but nothing.I was so disappointed,that the only solution is the motherboard replacement.But I talked with guy,and he said me,that my device can be a”Frankenstein”phone.(D855 body with D850 motherboard)It easily can be happened,if you buy a Refrubised phone from China)So that was my problem.When I flashed a D850 stock SW and restored a qcn from a working D850,my 2G\3G network worked like a charme.
My device has been through a lot of truble.(Soft and Hard brick,softwer version has become D855RE,Current version not available for user e.g)
So let’s start!
1.At first,make sure that in your D855 body,a D850 motherboard.
2.Download and install Lg Flashtools V1.8 and stock firmware for D850(LGD850AT-01-V10d-310-410-JUN-19-2014+0.tot).
from here:
http://forum.xda-developers.com/showthread.php?t=2785089
3.Download LGUP 8974.dll(not d850.dll,with this dll,the flashtool will not allow you to flash the d850tot,because your currently device model is D855RE\V).
from here:
http://forum.xda-developers.com/attachment.php?attachmentid=2473543&d=1387955530
4.Flash the LGD850AT SW and LGUP 8974.dll.After this step you will not have a network,but you will have a d850 model.
[If the flash procces isn't starting because of this error"ERROR CROSS DL (D855) to (D850) Sw Version",you must edit one Hex string on your downloaded LGD850 tot,
with the help of any hex editor. Then drag and drop your .D850TOT file into hex editor to modify it, Then click on search => Find. Type d850 or 850 and You will see this Hex string (not the same exact one but something similar),and modify xVLG-D850 to xVLG-D855\D855RE or D855V(Depending on your phone model)( https://yadi.sk/i/5ptKOYmQsaVZu ).Finally just click to the save butten,and flash the modified tot with lgup 8974 dll.]
5.After the success flashing,you must root your device and install the latest twrp on it.
6.Boot into recovery and restore efs partition backup from here :
https://yadi.sk/d/ZiKLY33jsZMSP
[After it you will have a 2G network but no 3G\4G network because of the imei of the device is 0.So you must restore it with QPST.
1. Make sure you LG G3 is running the stock LG firmware.(in our case LGD850AT-01-V10d). If your phone does not have official firmware installed on it, restore it to stock first. Install the latest LG USB drivers on your computer.
2. Now download the IMEI converter tool and unzip it.
3. Download QPST (Qualcomm Product Support Tools) and unzip it.
4. Open the QPST_2.7_378 and run the setup file to install it on your computer.
5. Enable USB debugging on your device. You can find this option under Settings> Developer options. Connect your device to the computer.
6. Run QPST configuration and click on Ports tab. Click on Add new port option.
7. Your current port should show as COM4/5.
8. Select the port and click OK. The port should come up on active phones.
9. Select the phone and click the Software Download option from Start clients menu.
10. Now click on Backup tab. You should see your phone’s port.
11. Click on Start to initiate backup.
12. Now navigate to C:/ Program Files/ qualcomm/ qpst/bin folder.
13. Run RF_NV_Manager.
14. Click File> Read from phone. Your phone’s IMEI number should appear on number 550; NV_IMEI_I
15. If you do not see item 550, do not panic.
16. Click on File> Read supported RF NV items.
17. Click on item 550. You would see 9 blank fields.
18. Now run IMEI Converter.exe.
19. Now type your phone’s IMEI in Enter IMEI field. You can find your IMEI on your phone’s bill or the box your device came in.
20. Then click on <Convert IMEI> button.
21. You should see 18 digits in groups of 9.
22. In RF_NV_Manager program, click on Hex by Write NV button.
23. In the 9 boxes, type in the numbers from IMEI converter starting from left. Type in first group of two numbers in the first field, then go to the next field and type in second 2 digits.
24. When you are done with doing this, click on Write NV option.
25. Then click File> Read from phone.
26. Item number 550 should appear now.
27. Disconnect the USB cable and reboot it.
28. Open phone’s dialer and dial *#06#. You should see your phone’s IMEI now.
That’s all!You are done!:good::good::good:
If I helped you,plz push to the thanks button .
Sorry for my bad English.
Click to expand...
Click to collapse
Thanx man but this is so much complicated and am a noob could you pls help me with teamviwer my dad will kill me pls help ....!!!???
a bricked lg g2 said:
Thanx man but this is so much complicated and am a noob could you pls help me with teamviwer my dad will kill me pls help ....!!!???
Click to expand...
Click to collapse
Sorry bro but I'm extremaly busy.If I'll have a time I send you a p.m..
It's realy work!!!!!!!
It really works. I have spent a half of year to find this solution.:laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh: To the author very respect!!!!!!!!!!!!!!!!!!!!!!
Robert LG said:
Sorry bro but I'm extremaly busy.If I'll have a time I send you a p.m..
Click to expand...
Click to collapse
Thanx man its done and worked fine thanx a lot
Andrew082 said:
It really works. I have spent a half of year to find this solution.:laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh: To the author very respect!!!!!!!!!!!!!!!!!!!!!!
Click to expand...
Click to collapse
:good::good::good:
a bricked lg g2 said:
Thanx man its done and worked fine thanx a lot
Click to expand...
Click to collapse
:good::good::good:
Hi, my device is and d850, It works only in 2g. I´ve flashed a QCN who sahred in xda and with NV Manager could write my IMEI, after reboot phone, it connected 4g but only for a few moments... now only works in 2g again and it could not reconnect 4g/3g again.
Then I have flashed another QCN from google and now this works at least in H, but it doesn´t work 4g.
Do you know any solution ? Thank you very much
I will try this
gallego18 said:
Hi, my device is and d850, It works only in 2g. I´ve flashed a QCN who sahred in xda and with NV Manager could write my IMEI, after reboot phone, it connected 4g but only for a few moments... now only works in 2g again and it could not reconnect 4g/3g again.
Then I have flashed another QCN from google and now this works at least in H, but it doesn´t work 4g.
Do you know any solution ? Thank you very much
Click to expand...
Click to collapse
Hi.Sorry bro,i cant help you.But for me 3g works .
rabbit19 said:
I will try this
Click to expand...
Click to collapse
Hi.Your trien was succesfull?
Hi. what am I missing? LG Flash Tool won't let me flash the dll esited tot. I have followed your instruction to edit one string xvlg-d950 to d850V, but the file is D855AT instead ofD855v.
Hi Robert. Thanks a lot for sharing this fix. I've been searching for solution for my LG G3 for almost a year now. I got a signal now. Wow! I can use now my phone for calls and data. I bought this online as well, with the service disabled condition.
The error i got yesterday on flashing the D850 rom is that I have written D855v on the hex editor, but it should only be D855.
Once again, thanks a lot. Cheers!!!
I have d855 board, is it okay to use this solution? I've flashed all kind of roms still service disabled. Will it brick my device?
rabbit19 said:
Hi Robert. Thanks a lot for sharing this fix. I've been searching for solution for my LG G3 for almost a year now. I got a signal now. Wow! I can use now my phone for calls and data. I bought this online as well, with the service disabled condition.
The error i got yesterday on flashing the D850 rom is that I have written D855v on the hex editor, but it should only be D855.
Once again, thanks a lot. Cheers!!!
Click to expand...
Click to collapse
I'm glad to hear it.You're welcome!
jancanes said:
I have d855 board, is it okay to use this solution? I've flashed all kind of roms still service disabled. Will it brick my device?
Click to expand...
Click to collapse
I think,that you can't use this method.If you flash D850 tot file for your D855 board ,your device will boot only in fastboot mode or it will be bricked .Try to restore a "qcn"from a working D855.
Robert LG said:
I'm glad to hear it.You're welcome!
Click to expand...
Click to collapse
LTE is working! WOW! :highfive:
rabbit19 said:
LTE is working! WOW! :highfive:
Click to expand...
Click to collapse
Good to know.I could'nt test it because in my country there is no LTE.Thank's for the replay!:good::good::good:
Robert LG said:
I think,that you can't use this method.If you flash D850 tot file for your D855 board ,your device will boot only in fastboot mode or it will be bricked .Try to restore a "qcn"from a working D855.
Click to expand...
Click to collapse
I've already tried to restore qcn, still failed...service disabled...any ideas