Related
Hurrah! this has been fixed WOO!.
see here.
well done guys, you have made me a happy g2 owner again!!
Hi Everyone,
i figured we might need to clean up the
http://forum.xda-developers.com/showthread.php?t=805024
conversation.
as i see it, there are 2 issues
1. people receive an unlock code, the phone accepts it but then it cannot find any network
2. people receive an unlock code, have troubles entering the code but eventually get it in ok.
please do not post anything "setting" related - apn's, bands etc as this has been tried and shown not to work (yet)
it might be helpful if people who have issue number 1 could post some answers to some questions.
as i am not at all smart enough to work out what we need to know from these people, id appreciate it if those in the know could pm me what they think could be useful, and ill make a template for people to follow
troubleshooting template
----
----
----
----
Current Theories: (please PM me if i have anything wrong here or if i need to add details.)
-------------
Theory #1
Ghul99: the code is accepted, but the phone is still locked?
http://forum.xda-developers.com/show...&postcount=121
------------
interesting information
this seems to support theory #1
1. i unlocked phone - code entered successfully, and i was no longer prompted to enter an unlock code
2. i perm-rooted my phone - all went to plan
3. i put the vision rom on my phone (http://forum.xda-developers.com/showthread.php?t=834450) loaded ok
4. i put a sim in my phone and now i am prompted for an unlock code.
5. i tried to re-enter my code but it would not accept it (it is the same code from step 1)
Nice idea for taking the initiative to clean up the thread which was getting excessilely long!
I'm hoping we can see some progress in a few days as I'm really missing being able to get any cell reception on a MOBILE PHONE!?
Regards.
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
That's really exciting.
Thanks for bring up the good news!
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
Just to help guhl and catch up with some unnecessary posts.
Common solutions like Reboot, different sims to try, Hard reset, flash stock ROM or trigger the unlock window to reenter the code doesn't work
Summary of my knowledge so far
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
Which information could help us:
1. The output of the following AT-Command sequence from successful and unsuccessful unlocks
Code:
ATE1
ATV1
[email protected]?
[email protected]?AA
[email protected]?40
[email protected]?80
I will try to write a HowTo later for Windows.
For linux see the following posting from the old thread (http://forum.xda-developers.com/showpost.php?p=8750299&postcount=121)
2. The next thing that would help is a logcat from the first unlock process itself.
Howto:
Start the first logcat using the USB-cable and adb before you boot the phone with the foreign SIM.
Code:
adb logcat -b radio > lc_unlock.txt
leave the logcat running and complete the unlock procedure till the phone reboots (the logcat will end automatically)
As soon as the first logcat exits start a new one using:
Code:
adb logcat -b radio > lc_after_unlock.txt
leave it running for 1 minute and then stop it using <Ctrl>-C
3. The next thing that really would help is that you do not post anything in this thread (use the old one instead) that has to do with:
- the APN
- trying another SIM (you would be very lucky if you had one that fits the arbitrary SIMlock)
- reboot, factory reset, use a stock or non stock firmware
- use the hw/sw-keyboard, wait for the right outside temperature or other esoteric procedures
Finally I would like to ask moodecow to edit his original posting and incorporate or link everything that he finds important or helpful in his posting so that it will stay an top.
That is some very exciting news, thank you for the update!
One quick question, when we achieve radio-s off it esssentially would mean everyone could unlock their phones for free?
Thanks.
Sent from my T-Mobile G2 using XDA App
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
ms93 said:
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
Click to expand...
Click to collapse
Your first idea sounds reasonable and I would support it.
Your second idea is something that is worked on, but you do not only need the correct file (which is actually called DMCID.dat) but there also has to be some "magic number" (like on a gold card) on the micro-sd card.
an important piece of info to carryover from other thread:
1- No APNs are listed
2- if you try to define one, it doesnt save
No APNs being listed is related to the rom more or less, not the issue we're having.
APN is software issue, correct me if I'm wrong so either way it shouldn't pose as an issue to us.
im saying its a symptom that seems to go along with the problem in the title of this thread, so, worth noting.
ie: i think everyone who has the post-unlock no-connection problem, cannot save APNs. all others can.
if you are a counterexample please say so. that would help.
guhl99 said:
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
.
Click to expand...
Click to collapse
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
kabir_del said:
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
Click to expand...
Click to collapse
Posting any further details and/or pictures would be much appreciated!
So if megasim has failed due to corruption I think that the only way to solve our issue is to write directly to emmc partition holding locking information. And I don't now how easy and plausible this is...
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
andrewklau said:
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
Click to expand...
Click to collapse
I am a little bit worried about writing this information directly because the partition will be encrypted.
And also copying the complete partition from a working phone or one that is still unlocked will not be an option because the IMEI will also be there and we would not want to overwrite that.
So my hopes are more that there is some kind of a restore procedure from a secure area (I know that Nokia phones can do this, but HTC ?) or that we can lock the phone again with the SIMLOCK option in hboot.
Sent from my T-Mobile G2 using XDA App
well I guess time will tell, does tmobile or htc do replacements (or has anyone tried) for phones no longer on a contract or that are now unlocked?
Sent from my T-Mobile G2 using XDA App
andrewklau said:
Posting any further details and/or pictures would be much appreciated!
Click to expand...
Click to collapse
here we go Pictures first Video coming soon
First Red colour is the error we get on when we try the command
1=clear s58 data
2ND IMAGE is the one when we press the DEVICE INFO
today is sunday not much time will upload the full clear video tommorow and still i have not tried to the all options of the diag maybe it can repair it but sure i will do some more things tomm.
88
I have tried to use my HTC vision G2 as I unlocked it but after that I am unable use as I am unable to find anything which would be hlpful for me as I have the first case problem. I just want to know that would it help me that if someone would flash my HTC Vision G2. I just want to know about that as now I am in Pakistan
Sent from my T-Mobile G2 using XDA App
**UPDATE**
This method causes your serial number to change to 00000000 (which isn't a problem as such as this isn't currently used for anything) but there is a new method which involves directly hex editing the nv_data.bin file, which may be faster and does not change your serial number. You can find the details here: http://forum.xda-developers.com/showthread.php?t=843323.
**UPDATE**
First up I'll say that I'm not incredibly familiar with Galaxy S firmware changes/modding, and this mostly builds on work done in these areas, so not all these steps may be necessary but they worked for me. If someone can suggest a faster way to do this/unnecessary steps then please go ahead and reply with them!
This unlocked my Network Locked Australian Galaxy Tab and so I assume should work for others.
You should back up your /efs/ folder before you proceed as you may need this to undo if something goes wrong.
*I take no responsibility if something goes wrong!*
Requirements:
Root access
repair_nv_data.zip (from http://forum.xda-developers.com/showpost.php?p=8942669&postcount=94)
Java
Busybox
The Android SDK for ADB, Root Explorer or some similar file system explorer/editor
(If you have US firmware with no Phone software, you may need to flash European firmware as described here: http://forum.xda-developers.com/showthread.php?t=838250 ).
Firstly, on your phone dial *#7465625# and check if the Network Lock is set to [ON], if so then your phone is locked (duh), so continue.
1. Use Superoneclick (http://forum.xda-developers.com/showthread.php?t=812367) to root your phone (the other z4root method may work as well, but this isn't what I used).
2. Either use ADB or some other method to rename or delete (backup first):
/efs/nv_data.bin.md5
/efs/.nv_data.bak
/efs/.nv_data.bak.md5
(I just used Root Explorer to rename them to something else).
3. Restart your phone and then go into the /efs/ directory and see if the 'nv_data.bin.md5' file has been re-created by your phone, as long as it has been created then you can proceed.
4. Go to http://forum.xda-developers.com/showpost.php?p=8942669&postcount=94 and download the repair_nv_data.zip file (the credit for all of this mostly goes to that thread and helroz).
5. Install 'busybox' from the Market. Once you install it, you actually have to run it and properly install it (the Market app is basically an installer) - the files in the above zip have a dependency on this.
6. Extract the above zip to your PC, plug in your Tab in USB debugging mode. Run the Step 2.bat from the extracted file. You may need to allow the script super user access several times. This should copy the /efs/ and a bunch of files into a directory with a french name.
7. Run the Reparation_nv_data.jar file. (You will need Java for this step.) It will prompt you to enter two numbers, which are your pseudo-unlock codes. I entered '11111111' and '11111111' (eight 1's) both times. This rewrites the nv_data.bin file to be simunlocked with these details.
8. Run the Step 4.bat. Your superuser app (the one installed when you rooted using SuperOneClick) will need you to allow each command to have root access so keep an eye on your Tab. You may need to press y/n a few times if you encounter errors. This is uploading the edited nv_data.bin onto your Tab.
This batch file will stop several times and need you to hit a key when it pauses. My Tab rebooted halfway through this batch file - when it did this I waited for it to fully reboot back to the lock screen before pressing a key to make the script continued while the Tab was actually able to respond to its commands.
9. Towards the end of its execution it rebooted a second time. It paused during loading up and had some yellow writing on the screen saying it was updating media (I assume it was rebuilding the nv_data.bin). Leave it for a minute and it will prompt you to reboot/some other options. Just press whatever it wants (home I think) to reboot the phone - you don't want any of the other recovery options.
10. Go into your dialer and put in *#7465625# again and (hopefully) voila! Your phone should no longer be network locked. Try a SIM from a different provider to make sure.
Enjoy!
Edit: I had to go out and actually buy a prepaid SIM to confirm that all was working with a different provider. Attached are screen caps of my Tab on two different networks, as well as the network status screen, making/receiving calls etc. all works on both.
Awesome man, thanks.
This is much better than the 2 month wait we had for Galaxy S unlocking.
Hello, I'm french and i use your post to unlock my Galaxy TAB SFR ''réunion island'' and she is unlock thanks for your AMAZING post for unlock TAB
Ps: For unlock my TAB by SFR REUNION, he tell me 150 Euros.... Vive smithdc & helroz
Works well! I had little trouble running java on windows7. But changing compatibility mode to windowsxp sp3 and check run this program as an administrator solved the problem.
Thanks for easy guide!
tacoda, you mean for running the .jar file? or for installing Java itself? (I assume the former).
Sweeet thx , curious if unlocking the AT&T version has hardware only set to AT&Ts 3G frequencies, so 3g wont work on tmobile or is it capable of running 3g on tmobile with a unlocked AT&T tab?
smithdc said:
tacoda, you mean for running the .jar file? or for installing Java itself? (I assume the former).
Click to expand...
Click to collapse
Running the jar file. I didnt know how to run it.
Sent from my SGH-T959 using XDA App
Does the sim card and/or sd card should or should not be plugged in during the unlocking progress?
It shouldn't make a difference Zeron.Wong.
jay_jay_n said:
Sweeet thx , curious if unlocking the AT&T version has hardware only set to AT&Ts 3G frequencies, so 3g wont work on tmobile or is it capable of running 3g on tmobile with a unlocked AT&T tab?
Click to expand...
Click to collapse
Traditionally, AT&T and T-Mobile hardware used different radios, it was more than just firmware. That's also true on the little brother Galaxy S series, the Vibrant has a different radio than the Captivate (though the Vibrant radio DOES have 1900 band in the hardware, for some reason).
Kudos to smithdc for this awesome guide! I saved a lot of money thanks to him. Congrats again.
Bump, is there any way to sticky/pin this for people?
So your saying if I use this method and install my tmous unlimited sim I can get calls and 3g or do I need a prepaid sim
I'm not sure on how T-Mobile are blocking, but if it IS my IMEI then you would have to use a SIM from a different network.
If they are blocking your IMEI on their network, then you would have to use a SIM from a different network (as a different network, wouldn't be blocking this IMEI number). Changing it to a different SIM on the same network won't help as your IMEI is for the device itself.
I just want to clarify something..
I have a T Mobile Tab and want to use a SIM I have for ATT.
Will I have to flash my device with the EU firmware first in order to get the phone software on it..then do the rest of the unlocking steps?
Assuming thats correct..after unlocking it I then can put my ATT sim card in and it should work for calls and data (Edge only) with not having to tweak any setting at all? Or do I have to set up my wap.cingular connections for the data like on a WM phone on ATT?
And if I want to get back to original out-of-the-box firmware from T Mobile (like if I had to send it in for repair) I just have to flash stock T Mobile firmware and its back completely to original?
Thanks..and wow am I loving this TAB !!!
You'll need to set up your APN data for AT&T, yes.
Thanks for the fast reply. As for the flashing of the EU rom..is that the only/best way so far in order for me T Mobile Tab to get the radio software on it. I was thinking I saw an APK for the radio software someplace but did not know what way was better.
I just want to be 100% sure bfr I take the jump to unlocking and playing with the phone part
thanks
I got a quick couple of questions:
1. If I restore original firmware (Canadian), does it relock my phone?
2. Where can I get the Canadian firmware release? I see EURO and US, but no Canadian.
I read on one of the other threads that sim unlock method also changes your imei number. Is this really case?
clubtech said:
I read on one of the other threads that sim unlock method also changes your imei number. Is this really case?
Click to expand...
Click to collapse
Yes, it will set your IMEI to a bogus one that will get your T-Mobile internet access disabled after 1/2 hour.
Greetings fellow XDAers,
It's finally happened: SIM-Unlock for the Sprint Moto X (XT1056)
(International-use Only. Anyone in the U.S. - Don't bother at the moment. Myself and some others are looking into the possibility of extending the SIM-CRACK to U.S. users, but RIGHT NOW, not possible. Sorry.) NOW EXTENDED TO DOMESTIC U.S. USERS AS WELL! - I have discovered the domestic-unlock solution!!!!
First, a little background:
Since its debut in August, 2013 many people have been trying to crack the SIM-LOCK on the XT1056. Many have tried and long since given up. I officially became involved in the project in May, 2014, and since then, had taken over the project. After much research, I determined that a Chinese hacker had found the solution and was offering a SIM-Unlock service on Taobao.com. This individual was extremely secretive about his methods - and told no one the solution. In order to use the service, you had to SEND your XT1056 to China to be unlocked (for fear of someone discovering his method). Then, a short time afterwards, the listing completely disappeared from Taobao, never to be seen again. Afterwards, sellers only offered PRE-SIM-CRACKED XT1056's on Taobao. Fortunately, I had already discovered (by reading his prior listing), that the SIM-Unlock required that you NEVER erase the modemst1 and/or modemst2 partitions (the equivalent of EFS/baseband cache on the Moto X).
At this point, I knew without a doubt that the key was in the modemst partitions. The breakthrough, however, didn't come until Mid-July, when another XDA Member: @yefonme posted to the thread that they had obtained a China-SIM-Cracked XT1056. This user confirmed the information I already knew by telling me that the seller advised that they must never erase the modemst partitions or the SIM-Unlock would be lost. This user generously offered to assist in helping find the solution, just for sheer curiosity - they wanted to know HOW the SIM-Unlock was achieved.
At this point, I thought we had everything we needed. Knowing that the key lies in the baseband cache, I requested various users to use a tool to backup their modemst1/modemst2 partitions, and send them to me for comparison with a HEX-Editor. Several users obliged, but unfortunately, we hit another roadblock -- the EFS partitions turned out to be ENCRYPTED TO HELL! That method was going nowhere. Then I realized that upon erasing the baseband cache (modemst1/modemst2 partitions), that all NV-ITEMS were reset to their factory defaults. BINGO! This means that the baseband cache partitions MUST store the encrypted contents of NVRAM!
This meant we had another option! Using standard CDMA tools, we could do a "DUMP" of the values stored in NVRAM. Another user, @ezeuba, suggested a simple tool, and provided instructions for the other's involved to DUMP the contents of their NVRAM, for comparison. Another big issue: Since many NVITEMS are inactive / restricted, even between 2 Sprint SIM-Locked devices, it made it completely impossible to use a utility to run a differential comparison between these NV-DUMPS. This meant that the NV-ITEMS had to be compared manually, by-hand.
I spent countless hours scouring through the data, comparing the THOUSANDS of NV-ITEMS from the China-Cracked XT1056 with the dumps provided by the Sprint SIM-Locked users. It was taking forever! I knew that the key to comparing the NVITEMS was finding values that were the SAME on all the Locked XT1056s, but DIFFERENT, only on the SIM-CRACKED XT1056. If a particular NVITEM differs between 2 or more LOCKED XT1056s, it is likely not the value we are looking for.
Then, finally, I came across an NVITEM that struck me as unique. It was the SAME on all the LOCKED XT1056's I analyzed, but different ONLY on the CRACKED XT1056. I was hesitantly optimistic, and posted about it here: http://forum.xda-developers.com/showpost.php?p=54334931&postcount=250
Well, my intuition was Spot-On, and this DID turn out to be the proverbial "smoking gun". Another user (ignoring my suggestions to WAIT and let another user who had offered to donate an XT1056 mainboard try it first) went ahead and wrote the new value as I had suggested. BAM!!! And the rest is HISTORY.
OK, so enough about the history, and on to the solution!!!!!
So the key lies in NVITEM # 8378
On the China-Cracked XT1056, the value was "01"
On all the SIM-LOCKED XT1056's, the value was "00"
That's all there is to it. You can use the CDMA Tool of your choice to write "01" to NVITEM 8378 to achieve SIM-Unlock!
You will also need to change the RUIM config to "RUIM-Only" in order to prevent the phone from reverting to CDMA-mode upon reboot. This is controlled by NVITEM 855 (see instructions in post # 2)
This method is KNOWN to unlock for all international GSM carriers, but DOES NOT unlock for Domestic U.S. carriers. Something else is in place, it appears, that BLOCKS the United States MCCs. NOW EXTENDED TO U.S. USERS AS WELL!!!
POST # 2 in this thread will be reserved for complete instructions for those of you who aren't familiar with how to write NV-ITEMS. These instructions are courtesy of @ezeuba.
POST # 3 will be reserved for detailed instructions on how to install the necessary DIAG Drivers, and how to manually FORCE driver installation, if necessary.
I believe in giving credit where it is due, so I want to personally thank:
* @hsngt and @jaaa1976 - who provided me with the NVDUMPS I used to find the SIM-Unlock method. @jaaa1976 was the FIRST person to be unlocked by my method
* @ezeuba for providing these users with step-by-step instructions on how to READ and SAVE said NVITEM dumps.
* @Vivjen for support and generous offer to donate a XT1056 mainboard (which turned out to be unnecessary)
* @crabbyone for encouraging me to take a 2nd look at NVITEM # 8322 (which turned out to be the Domestic Unlock solution)
* @Arnold Snarb for originally discovering the property of NVITEM # 8322 (which unlocked the Razr M for domestic use)
* All the others who submitted EFS and/or NVDUMPS (even though I didn't use them to find the solution)
* Everyone who believed in me and provided encouragement and moral support ( that includes YOU, @KJ )
* Everyone who makes good on their bounty pledges and everyone who DONATES (paypal: [email protected] )
* Everyone who is appreciative and gracious for the ENORMOUS amount of time I've spent making this SIM-Unlock possible for everyone
* The China-man who found the solution FIRST, even though he didn't share it with anyone and intended to only use it for Profit (I bet he is PISSED at me -- he was charging $80 U.S. for EACH unlock )
*** and ESPECIALLY @yefonme --- without YOU, NONE of this would be possible.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: [email protected]
DO NOT email me asking for help with this. I won't answer you. *Post in the Thread* - this is the only way you will get support. I'm sure that you understand...
Additional info:
This works for all Republic Wireless XT1049's also, but ONLY if you can unlock the bootloader (only possible through the "China Middleman" - use search). You MUST flash the Sprint XT1056 ROM to your RW XT1049 device for this to work for you.
DISCLAIMER:
If you use my SIM-CRACK, I'm not responsible for ANYTHING that goes wrong. USE CAUTION! If you hit the wrong button, or write the wrong NVITEM, you could end up in BIG TROUBLE (possible BRICK). You have been warned.
And lastly, YOU MAY ---NOT--- COPY ANY PART OF MY SIM-UNLOCK METHODS. YOU MAY NOT SHARE/RE-DISTRIBUTE MY FILES, OR POST THEM TO OTHER SITES. THE ONLY ACCEPTABLE THING IS TO ---LINK--- THIS THREAD TO OTHER SITES. IT IS UNACCEPTABLE TO STEAL MY (OR ANYONE ELSE'S) WORK!!!!! I will be extremely offended if I find that someone stole my work and posted it elsewhere. ONLY Link this thread. Don't copy any or all of its contents elsewhere. PERIOD.
^This is NOT an unreasonable request....
FULL INSTRUCTIONS
!!!!! A WORD OF WARNING:
Once you complete this method, it is possible that you will NEVER be able to use your phone on Sprint / CDMA again! I -stupidly- flashed my Republic Wireless XT1049 (I should have known better -- I am using their service, and had no intentions of switching to GSM) in attempt to get better results / instructions for you guys. Now my phone is STUCK in GSM mode, the roaming indicator will not go away, I can't make calls on CELL, and no matter what I've tried, I cannot revert back. Not flashing my EFS backup, nor flashing back to stock, nor erasing the modemst partitions has been able to get me back on CDMA. PRL is STUCK on "1", and no matter how many times I write a new PRL, it won't stick. I'll be lucky if I can get my phone back in working order.....
^EDIT to above: This turned out to be EASILY fixed by flashing the entire SPRINT SBF to my Republic Wireless device, then, subsequently flashing back the Republic Wireless ROM (I WANT to STAY on Republic Wireless). DO NOT ATTEMPT THIS SIM-Unlock on the Republic Wireless ROM. Something about the RW ROM prevents you from going back to CDMA once on GSM. Flash the SPRINT ROM, FIRST, if you want to GSM-Unlock your Republic Wireless XT1049. The SPRINT ROM does not seem to have this issue, so you are probably OK, but take caution, nonetheless. I'm finally back on Republic Wireless (CDMA) after hours of frustration and fear that I was permanently stuck on GSM.
I don't recommend this if you plan to ever go back to CDMA / Sprint Probably fine - But once again, use caution.
Still want to continue? ------> Don't blame me if you end up STUCK on GSM
If you want my support, you must be on the Stock XT1056 Sprint ROM. I will not support any other ROMS from any other variants, or any custom roms. If you change roms, good luck, but no support will be provided. Additionally, support will ONLY be provided by posting to this thread. Do not email me or PM me with questions. I'm sure you understand...
AND Don't forget: This DOES NOT unlock for Domestic use, in the United States. Blame Motorola/Sprint. Something else is in place, it seems, that BLOCKS the U.S. MCCs. If you live in the U.S., DON'T BOTHER, unless you plan to sell your device to someone overseas. Myself and others are looking into the possibility of extending the SIM-Unlock to those in the U.S., but hasn't happened YET. I've also discovered the DOMESTIC UNLOCK solution now, as well!!!
FIRST, you must be in DIAGNOSTIC MODE:
You MUST have "USB Debugging" DISABLED, or the DIAG Port will NOT activate!!!
ezeuba said:
There are 2 ways to get to DIAG mode on this device. If ##3424# doesn't work, you can try the default for most Motorola devices: Power off phone. Hold down BOTH Volume Buttons and press the Power Button (It's called the 3-finger salute). When the phone boots, it will display a diagnostic screen called Fastboot Mode with options to scroll to and select. Use the Volume Down Button to scroll and the Volume Up Button to select. Scroll to the bottom of that list and when BP TOOLS is highlighted, press the Volume Up Button. The phone will restart and if you have Motorola device drivers on your computer, it will install the correct port (something like BP DIAG port Motorola QC Diag Port - look for it in your computer's Device Manager to get the port number).[/B]
Click to expand...
Click to collapse
****If you are having driver issues, and you have an entry for "Motorola QC Diag Interface" (not "Port") under "Other Devices" (and not "Ports (COM & LPT)"), SEE POST # 3 for detailed instructions (WITH PICTURES) on how to FORCE the driver installation.
Next, download and install the attached "SPCUtility.apk" app on your phone. Run it -- it will give you YOUR SPC Code. Write it down / take note of it.
IF ANYONE CAN TELL ME WHO DEVELOPED THIS APP, I WILL GIVE THEM THE APPROPRIATE CREDIT. I have tried (without success) to find out who the author is.
Then, flash the attached nv-unlock.txt, nv-unlock2.txt, unlock-domestic.txt AND nv-ruim-only.txt files as per these instructions:
1. Open the attached "NV-Items Reader-Writer"
2. Enter YOUR COM PORT # as shown in DEVICE Manager
3. Enter YOUR SPC Code into the box, as shown.
4. Check the box immediately next to where you entered the SPC Code.
5. Click "Connect"!
Now, follow these instructions:
1. Click "READ" --AT THE TOP--
2. Make sure it says: "SPC is Correct. Phone Unlocked."
3. Click the "Write" button, and find the "nv-unlock.txt" file - make sure it confirms success
4. Click the "Write" button, and find the "nv-unlock2.txt" file - make sure this confirms success
5. Click the "Write" button, and find the "unlock-domestic.txt" file - make sure this also confirms success
6. Click the "Write" button, and find the "nv-ruim-only.txt" fine - and make sure it confirms success as well
7. Last, click MODE, then RESET
And lastly, once the phone reboots, go to Settings, More, Mobile Networks and select GSM/UMTS.
DONE! You are SIM-Unlocked!
KNOWN ISSUES: On domestic carriers, users are reporting that although it DOES work, the signal bars may show no service. (I am looking into this.) Additionally, if data isn't working, YOU NEED TO INPUT THE PROPER APN FOR YOUR CARRIER (as with all GSM phones).
^^^***THIS MAY BE SOLVED*** Apparently, it involves simply using fastboot to set your carrier! (THANKS, @ejlmd , and @leonardoafa !!!) You can see this post for more details: http://forum.xda-developers.com/showpost.php?p=54468353&postcount=126 (And hit the "THANKS" to @ejlmd, and @leonardoafa in the linked post). This **should** fix your signal bar issues, AND roaming indicator, and allow SMS without issue.
ALSO, you will NOT get LTE data...on any carrier except Sprint because the radio inside doesn't support any LTE bands except 25 (used by Sprint). You also won't get HSPA/HSPA+ (3G/4G) data for any carrier using frequencies not supported by the Sprint Moto X. For instance: If you are using T-Mobile, unless you are in an area that has been re-farmed to 1900mhz HSPA/HSPA+, you will only get EDGE data. This is because T-Mobile extensively uses HSPA/HSPA+ on the 1700mhz AWS band which is not supported by the Sprint Moto X. See the link below for a complete list of frequencies supported by the XT1056.
http://en.wikipedia.org/wiki/Moto_X
Keep in mind that once you write the "nv-ruim-only.txt" file, you will no longer be able to use CDMA without flashing the "revert" file listed below (puts you back on the default RUIM-CONFIG). The "revert" file is ONLY to be used if you want (for some reason) to switch back to CDMA. You do not need it if you intend to only use GSM. Also, the purpose of "nv-unlock2" is to unlock the MIP settings, and prevent the phone from reverting BACK to NV-Only upon reboot.
Additionally, keep in mind that if you ever "SBF" back to stock, using RSD Lite (or fastboot method), it will un-do the SIM-CRACK, and you will need to repeat these steps.
You ***SHOULD*** be able to accept Updates (OTAs) without losing the SIM-CRACK.
*****If you click any of the attached TXT files, and it OPENS in your browser, instead of downloading, RIGHT-CLICK on it, and click "Save Link As" -- it should download without issue.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: [email protected]
Driver Issues?
This post is for you.
In order to use the DIAG interface, you must first install the Motorola Drivers from here: https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/88481
REMEMBER: As stated in POST # 2, you MUST have "USB Debugging" DISABLED, or the DIAG port will NOT activate.
If you installed these drivers, and you still can't get it to work, and you have an entry under "Other Devices" (In Device Manager) called "Motorola QC Diag Interface" (SEE PIC1, attached below) follow the instructions in the attached pictures STEP-BY-STEP, IN ORDER, to FORCE driver installation.
We are ONLY concerned with the QC Diag Interface - don't worry about the rest of the entries under "Unknown Devices" -- these are not important.
Once you have successfully FORCED the driver installation, you should have an entry under Ports (COM & LPT), called "Motorola QC Diag Port (COMX)" (SEE PIC8, attached below). NOTE the value of "X" - this is the COM port you will use for our purposes. When you successfully have this entry, you can continue with the "FULL INSTRUCTIONS" in POST # 2.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: [email protected]
You're the man!!! I doff my hat for you, sir. I think the best option will be to create an nv-item txt file for that particular nv-item (8378). I will get to it now and see what gives. Cheers man...
ezeuba said:
You're the man!!! I doff my hat for you, sir. I think the best option will be to create an nv-item txt file for that particular nv-item (8378). I will get to it now and see what gives. Cheers man...
Click to expand...
Click to collapse
Excellent! Please get me the instructions & necessary tools to use ASAP so I can post it in Post # 2 for the users who need step-by-step instructions. Thanks for all your help as well - I have given you credit accordingly.
Excellent work,buddy!!!
Thanks to your efforts, I can imagine how difficult it is.
And I was very pleased to be able to help.:victory:
Done!!!
Just flash this attached file. Connect as usual to the NV-ITEMS Reader/Writer. Click Write and select the attached file which you must have downloaded. After writing, go to Mode and click reset. Phone will restart. Go to Settings, More, Mobile Networks and select GSM/UMTS. Phone unlocked. Special thanks again to @samwathegreat without whom this will not be possible.
I'm on GSM right now...
NB If you've been using this phone on CDMA, you need to change RUIM Config to RUIM Only, else whenever you restart it will revert back to CDMA mode.
ezeuba said:
Just flash this attached file. Connect as usual to the NV-ITEMS Reader/Writer. Click Write and select the attached file which you must have downloaded. After writing, go to Mode and click reset. Phone will restart. Go to Settings, More, Mobile Networks and select GSM/UMTS. Phone unlocked. Special thanks again to @samwathegreat without whom this will not be possible.
I'm on GSM right now...
Click to expand...
Click to collapse
POST # 2 Updated. Thanks!!!!!
hey man, amazing job on this! so many people will happy to see this!
You're the man!!!
Thanks again everyone.
I REALLY need someone in the United States to test this and advise whether or not it unlocks for Domestic (U.S.) GSM Carriers.
We know that the "official" Sprint OTA-Sim-Unlock (only offered if you are a current sprint customer, have had an account for a specified amount of time, and meet other criteria) does NOT unlock for domestic use (international only).
I'm anxious to find out if my SIM-CRACK unlocks for those of us in the U.S. -- I need to know ASAP so I can update my OP accordingly.
@samwathegreat
If it is possible that you could make a video or how to flash this to your phone I think it would be beneficial to some. Even if your phone is already unlocked if you can flash this way then I feel that it's going to stop the millions of questions that are going to come from the thread. Just my two cents, thanks again :good: :victory: :highfive:
Vekhez said:
@samwathegreat
If it is possible that you could make a video or how to flash this to your phone I think it would be beneficial to some. Even if your phone is already unlocked if you can flash this way then I feel that it's going to stop the millions of questions that are going to come from the thread. Just my two cents, thanks again :good: :victory: :highfive:
Click to expand...
Click to collapse
Good suggestion. Full, detailed, instructions are listed in POST # 2 already, but this could help some, and I could put it in POST # 3. I'll see if I can get another user to make a video.
Remember: I don't own an XT1056: I did all of this for YOU GUYS, and all without even owning a Sprint XT1056
You are welcome to create a video yourself! I think the instructions are concise enough that you should be able to manage making a video. If you do, I'll post it in #3 and give you appropriate credit for it.
samwathegreat said:
Good suggestion. Full, detailed, instructions are listed in POST # 2 already, but this could help some, and I could put it in POST # 3. I'll see if I can get another user to make a video.
Remember: I don't own an XT1056: I did all of this for YOU GUYS, and all without even owning a Sprint XT1056
You are welcome to create a video yourself! I think the instructions are concise enough that you should be able to manage making a video. If you do, I'll post it in #3 and give you appropriate credit for it.
Click to expand...
Click to collapse
I don't have the appropriate equipment or environment (living in a 'college dorm' (kinda like that) with 24 people, it's never quiet) otherwise I would make one ASAP.
You don't even have one?! OH MY GOD. Your amazing doing all of this without the device...
Also a few things, I can't download the .txt file... I can only view what it says... So how do I download that, and then from that where do I put it to flash, just in the text box?
Vekhez said:
I don't have the appropriate equipment or environment (living in a 'college dorm' (kinda like that) with 24 people, it's never quiet) otherwise I would make one ASAP.
You don't even have one?! OH MY GOD. Your amazing doing all of this without the device...
Also a few things, I can't download the .txt file... I can only view what it says... So how do I download that, and then from that where do I put it to flash, just in the text box?
Click to expand...
Click to collapse
Right-click the txt file. Then click "save link as". It will download perfectly. I will add this info to Post#2
XT1052
Nice job ! I followed the old thread.. I know how much work it was.
Just a question. This method will work on moto XT1052 version ?
Green78 said:
Nice job ! I followed the old thread.. I know how much work it was.
Just a question. This method will work on moto XT1052 version ?
Click to expand...
Click to collapse
No idea? Use the NV-ITEM reader/writer attached in POST # 2 to read NVITEM 8378
Under Range (Dec), type 8378 into both fields (type nothing into the HEX boxes) and click READ. If NV8378 is "00", there is a good chance it will. Try and let me know!!!! If it already reads "01", it won't work.
...can't you get a SIM-Unlock code from a regular GSM Sim-Unlock-Code seller for the XT1052?
actually I don't need sim unlock....but, some of french moto X owner bought their phone on US (XT1053 sorry, not XT1052).
But my question is the same: does it work on other moto X model ?
I'm gonna try you method to see what happen.
Green78 said:
actually I don't need sim unlock....but, some of french moto X owner bought their phone on US (XT1053 sorry, not XT1052).
But my question is the same: does it work on other moto X model ?
I'm gonna try you method to see what happen.
Click to expand...
Click to collapse
ALL XT1053s should already be sim-unlocked. In fact, all variants except the XT1056 and XT1049 (that aren't -already- unlocked) can be SIM-Unlocked using the normal methods...(online code-sellers, etc.)
My method definitely works on all XT1056s.
It *SHOULD* work on all XT1049s (Republic Wireless), but ONLY if you unlock the BL and flash the XT1056 ROM to it.
ezeuba said:
Just flash this attached file. Connect as usual to the NV-ITEMS Reader/Writer. Click Write and select the attached file which you must have downloaded. After writing, go to Mode and click reset. Phone will restart. Go to Settings, More, Mobile Networks and select GSM/UMTS. Phone unlocked. Special thanks again to @samwathegreat without whom this will not be possible.
I'm on GSM right now...
NB If you've been using this phone on CDMA, you need to change RUIM Config to RUIM Only, else whenever you restart it will revert back to CDMA mode.
Click to expand...
Click to collapse
Thanks for the update. Can you provide more detailed instructions on how to change to RUIM only? I know how to do this....with DFS anyways....but many won't. Which tool do you suggest?
Actually, I believe that RUIM config is also stored in a NV item!
I *believe* that it is NVITEM 855 --- can you check for me? If I'm right, "00" = RUIM only, and "01" = default setting. Can you confirm?!?!
We could just update the txt file with this one additional NV-Value, and the users would only have to flash the ONE file, and it will crack AND set the RUIM config to RUIM only.
What do you think?
Update: so far, described method doesn't unlock other bands. Need to find other ways.
Disclamer: You are doing this at your own risk.
The key point: Allowed bands are written in /system/vendor/firmware/telephony/ze550ml_XX_726x.tlv where XX is your region TW, WW, US, CN, etc.. Don't confuse by ze550ml in the name. It's for ZE551ML! I don't know how it is in ZE550ML, but should be the same according to name.
Region is hardcoded in SFI table OEM1. SFI is similar to ACPI found in PC. Flashing of firmware doesn't change this part. You may change firmware region to whatever you want, but region of your phone will remain the same and 4G band will remain the same as you had out of the box.
Since bootloader is locked, we cannot spoof SFI tables in kernel. But we can replace /system files.
So, if you have rooted Zenfone 2, then you can copy ze550ml_WW_726x.tlv to ze550ml_TW_726x.tlv if you want to convert TW model to WW model. (Similar for CN->WW). You need to open /system partition for write access (R/W). You can do everything in Root Explorer.
It may be that ze550ml_XX_726x.tlv files are protected by check-summ and name, so replacing the file my brake radio functionality. In this case you have to return you original ze550ml_XX_726x.tlv file and try another method described below.
Open file /system/etc/catalog/V1_DSDA_ZE550ML_TW/telephony_config/V1_DSDA_ZE550ML_TW_726x.xml in any text editor and replace text inside ze550ml_TW_726x.tlv to ze550ml_WW_726x.tlv. Or you can copy file /system/etc/catalog/V1_DSDA_ZE550ML_WW/telephony_config/V1_DSDA_ZE550ML_WW_726x.xml to /system/etc/catalog/V1_DSDA_ZE550ML_TW/telephony_config/V1_DSDA_ZE550ML_TW_726x.xml.
Don't forget to reboot your phone before try 4G.
Unfortunately, i cannot test it by myself because my carrier work on 1800MHz which presents in all regions. So, i simply won't see any difference between regions.
Please report here about results.
Will hopefully be able to try it this weekend on my CN version (still need to root and update firmware first) and will report back!
So far, no go. Still trying to make sure I did it right but I believe I did. Still only seeing H+ and if I change it to LTE Only in the Device information menu I get no signal whereas I still had a LTE signal on my Nexus 4.
I did the following:
Copy file /system/etc/catalog/V1_DSDA_ZE550ML_US/telephony_config/V1_DSDA_ZE550ML_US_726x.xml to /system/etc/catalog/V1_DSDA_ZE550ML_CN/telephony_config/V1_DSDA_ZE550ML_CN_726x.xml
EDIT: I did get an LTE signal quickly after I set the preferred network type to LTE only, but once I set it back to LTE/GSM auto it went away. Still trying to get t back but so far nothing.
Need to wait for bootloader unlock. In this case, it's possible to compile custom kernel with spoofed region.
All this is based in theory that hardware in all region are the same. If hardware different, then change of region is impossible.
hkdmjack said:
EDIT: I did get an LTE signal quickly after I set the preferred network type to LTE only, but once I set it back to LTE/GSM auto it went away. Still trying to get t back but so far nothing.
Click to expand...
Click to collapse
But if you don't change files, setting LTE-only doesn't give you LTE signal?
update: check folder /local_cfg/telephony_config
check if your changes reflected there. If not, then change xml file there.
don't forget to reboot.
Ok lets see if i am reading this right.
IF this works does it mean i can buy a China . CN . Zenfone 2 and them make it into a WW version so all 4 bands work ?
I am in the UK and need all 4g bands to work.
jacko5 said:
Ok lets see if i am reading this right.
IF this works does it mean i can buy a China . CN . Zenfone 2 and them make it into a WW version so all 4 bands work ?
I am in the UK and need all 4g bands to work.
Click to expand...
Click to collapse
The key word is "IF". Still no confirmation. May be need more changes. There is region mention also in /factory partition.
sorg said:
But if you don't change files, setting LTE-only doesn't give you LTE signal?
Click to expand...
Click to collapse
As far as I could tell. I got a weak signal on band 4 after making the changes, but I guess not strong enough that it's not connecting or drops pretty much right away if I'm reading the results from my LTE Discovery app right.
sorg said:
update: check folder /local_cfg/telephony_config
check if your changes reflected there. If not, then change xml file there.
don't forget to reboot.
Click to expand...
Click to collapse
Yup, rebooted but will try this tonight if I can find the time.
Screenshot is what I see in LTE Discovery when I set preferred network to LTE. It shows band 12 and earlier I saw band 4. Only difference is I performed the first suggestion this time, but I didn't revert my earlier change. It looks like I'm getting these two bands now but if you look up too there is no network connection.
By first suggestion I mean this:
So, if you have rooted Zenfone 2, then you can copy ze550ml_WW_726x.tlv to ze550ml_TW_726x.tlv if you want to convert TW model to WW model. (Similar for CN->WW). You need to open /system partition for write access (R/W). You can do everything in Root Explorer.
It may be that ze550ml_XX_726x.tlv files are protected by check-summ and name, so replacing the file my brake radio functionality. In this case you have to return you original ze550ml_XX_726x.tlv file and try another method described below.
I basically copied everything from ze550ml_US_726x.tlv to ze550ml_CN_726x.tlv.
Strange.
Oh, and I did check that other file and my initial change appears there as well.
Quick update. This morning as I was driving to work I saw the data indicator change from H/H+ to 4G a few times. I tried to run speedtest while on 4G, and got up to ~ 32 Mbps down but it did not work when speedtest tried to test the upload speed. Unfortunately it was only in a small area so I had it for all of 15 minutes or so.
hkdmjack said:
Quick update. This morning as I was driving to work I saw the data indicator change from H/H+ to 4G a few times. I tried to run speedtest while on 4G, and got up to ~ 32 Mbps down but it did not work when speedtest tried to test the upload speed. Unfortunately it was only in a small area so I had it for all of 15 minutes or so.
Click to expand...
Click to collapse
In /factory partition, there is several mentions of region.
/factory/PhoneInfodisk/country_code
/factory/PhoneInfodisk/PhoneInfo_inf
These files are not text, but binary. So, you need HEX editor to modify (region is coded by letters as usual TW, WW, CN, etc.).
And don't forget to backup these files, because it's not part of a firmware. If you lost/tamper them, then only backup copy can save you.
I recommend to backup whole /factory folder to be safe.
sorg said:
In /factory partition, there is several mentions of region.
/factory/PhoneInfodisk/country_code
/factory/PhoneInfodisk/PhoneInfo_inf
These files are not text, but binary. So, you need HEX editor to modify (region is coded by letters as usual TW, WW, CN, etc.).
And don't forget to backup these files, because it's not part of a firmware. If you lost/tamper them, then only backup copy can save you.
I recommend to backup whole /factory folder to be safe.
Click to expand...
Click to collapse
Thanks for the recommendation. I've been making backups of each file that I edited, just in case. Anyway tonight going to try a hard reset tonight because I've been having some other issues, then reflash the pre-root image and go from there.
sorg said:
Disclamer: You are doing this at your own risk.
The key point: Allowed bands are written in /system/vendor/firmware/telephony/ze550ml_XX_726x.tlv where XX is your region TW, WW, US, CN, etc.. Don't confuse by ze550ml in the name. It's for ZE551ML! I don't know how it is in ZE550ML, but should be the same according to name.
Region is hardcoded in SFI table OEM1. SFI is similar to ACPI found in PC. Flashing of firmware doesn't change this part. You may change firmware region to whatever you want, but region of your phone will remain the same and 4G band will remain the same as you had out of the box.
Since bootloader is locked, we cannot spoof SFI tables in kernel. But we can replace /system files.
So, if you have rooted Zenfone 2, then you can copy ze550ml_WW_726x.tlv to ze550ml_TW_726x.tlv if you want to convert TW model to WW model. (Similar for CN->WW). You need to open /system partition for write access (R/W). You can do everything in Root Explorer.
It may be that ze550ml_XX_726x.tlv files are protected by check-summ and name, so replacing the file my brake radio functionality. In this case you have to return you original ze550ml_XX_726x.tlv file and try another method described below.
Open file /system/etc/catalog/V1_DSDA_ZE550ML_TW/telephony_config/V1_DSDA_ZE550ML_TW_726x.xml in any text editor and replace text inside ze550ml_TW_726x.tlv to ze550ml_WW_726x.tlv. Or you can copy file /system/etc/catalog/V1_DSDA_ZE550ML_WW/telephony_config/V1_DSDA_ZE550ML_WW_726x.xml to /system/etc/catalog/V1_DSDA_ZE550ML_TW/telephony_config/V1_DSDA_ZE550ML_TW_726x.xml.
Don't forget to reboot your phone before try 4G.
Unfortunately, i cannot test it by myself because my carrier work on 1800MHz which presents in all regions. So, i simply won't see any difference between regions.
Please report here about results.
Click to expand...
Click to collapse
Thank you for this information. I do not have a rooted ze551ml is there a way to root the ze551ml yet? I may have to attempt this when I get the moment. For now I will be monitoring this thread.
Mine is WW, I am in the US and I only get H+
sorrow777 said:
Thank you for this information. I do not have a rooted ze551ml is there a way to root the ze551ml yet? I may have to attempt this when I get the moment. For now I will be monitoring this thread.
Mine is WW, I am in the US and I only get H+
Click to expand...
Click to collapse
http://forum.xda-developers.com/zenfone2/orig-development/rom-pre-root-img-t3079590
Another quick update. I did both the first and second method in the first post, and LTE pops up sporadically. After doing the first method I lost signal (I wasn't even prompted to enter in my SIM PIN) until I also applied the second method, both times copying over the WW text over to the CN file. I've seen both band 2 and band 4, but it cuts in and out and the speeds are slow where I currently am. H+ also cuts in and out so I'm starting to wonder if I possibly got a phone with a bad radio. Ugh.
hkdmjack said:
Another quick update. I did both the first and second method in the first post, and LTE pops up sporadically. After doing the first method I lost signal (I wasn't even prompted to enter in my SIM PIN) until I also applied the second method, both times copying over the WW text over to the CN file. I've seen both band 2 and band 4, but it cuts in and out and the speeds are slow where I currently am. H+ also cuts in and out so I'm starting to wonder if I possibly got a phone with a bad radio. Ugh.
Click to expand...
Click to collapse
At which frequency bands does your ISP transmit FDD-LTE data?
Does anyone know why I can make calls but not receive them on my zenfone2 ? I have a T-Mobile Sim but I can do everything else just not receive call I need some help
Sent from my ASUS_Z00AD using XDA Free mobile app
graphO said:
At which frequency bands does your ISP transmit FDD-LTE data?
Click to expand...
Click to collapse
I'm receiving LTE signal on bands 2 and 4, but more prevalently 4.
And how can you see which LTE band is working?
Hi,
follow the steps below to enable dual-SIM functionality on a single-SIM XT1562 device.
IMPORTANT: Read the following before performing any of the steps below!
This HowTo is only for XT1562 devices. This has been reported to not work on XT1563 devices.
The second SIM in your phone will have an IMEI of "0" (as there was none set during manufacturing). In some countries like the UK, many providers don't allow phones with such an IMEI, so you will not be able to use SIM cards from these providers as your second SIM.
Only one SIM (the one used for data connection) can use 3G/LTE bands. The other SIM card can only use 2G bands (this is a hardware limitation of the device). In some countries like Sweden, some providers sell cards that can only use 3G and not 2G, so you will not be able to use these cards as "secondary" (calls/messages only) SIM.
If you plan to do a Nandroid backup or use Titanium Backup for your data currently on your phone (because you don't want to copy your data by hand) or if you want to flash a custom ROM like CyanogenMod, you will need to unlock your Moto X Play (instructions below). Note that in this case your device warranty will be void.
Here are the steps to enable dual SIM functionality:
If you want, make a backup of all your data. You can copy your files by hand, to not lose your warranty.
If you don't copy your files by hand but with Nandroid backup or Titanium Backup (to restore app data as well), you will have to unlock your device, and therefore lose warranty (Refer to this guide for unlocking: http://www.gammerson.com/2015/08/steps-how-to-unlock-bootloader-of-moto-x-play.html. Note that all your data will be lost, and your device warranty will be void.). In this case, easiest way is to boot up a custom recovery (see this thread) and make a Nandroid backup to an external SD card. Alternatively backup the apps with Titanium Backup and copy the internal SD card files by hand.
Flash a dual-SIM stock firmware: Find a stock firmware that matches your region best on this site (search for "XT1562" and "DS" for dual-SIM). Follow this guide completely for flashing the firmware on your device.
If you are fine with the stock ROM and don't need a custom ROM like CyanogenMod, and you copied your files and data by hand without root, you are now finished and can use your dual SIM phone.
If you want to flash another ROM, or restore a Nandroid backup or Titanium Backup, please continue with the following steps.
Flash your favorite ROM (e.g. @squid2's CM 12.1, it's running great), or stay with the stock ROM.
Unlock your Moto X Play (if not done for the backup before yet): Refer to this guide for unlocking: http://www.gammerson.com/2015/08/steps-how-to-unlock-bootloader-of-moto-x-play.html. Note that all your data will be lost, and your device warranty will be void.
If you're on stock ROM, flash a custom recovery (see this thread again) and root your device by flashing SuperSU from the recovery.
Restore your Nandroid or Titanium backup.
If you're not on stock ROM, add the following lines (needs root) to a new file /data/local.prop or append it at the bottom of /system/build.prop:
Code:
ro.gsm.data_retry_config=default_randomization=2000,max_retries=infinite,1000,1000,80000,125000,485000,905000
persist.radio.plmn_name_cmp=1
persist.radio.force_get_pref=1
persist.radio.multisim.config=dsds
I'd prefer the /data/local.prop, as you do not need to make the change on every ROM update.
If you're on CM 13, you will have to add this line as well:
Code:
ro.telephony.ril.config=simactivation
Make sure that either file has read/write permissions 644 and is owned by root:root (with 'chown'). To ensure the r/w 644 permissions, go into the properties of the file (e.g. with ES File Explorer), and check that the file is readable and writable (rw, or 6) by the owner, and readable (r, or 4) for the group and others.
Finally, reboot one last time.
Disclaimer: I do not take responsability for any damage that may be caused to your device or for the warranty that will be void after following this HowTo. Please make sure you have an appropriate device (XT1562) before flashing the dual-SIM stock firmware.
Credits go to @ALD76 for originally posting the build.prop/local.prop modifications above, and to all the testers who risked their devices to try this out and encourage other users. And to @heisert, for mentioning that unlocking is not necessary for flashing official firmwares. And to @GtrCraft, for the local.prop modification line on CM 13.
Have fun and enjoy your dual-SIM phone.
jellysheep
What is your base model and rom? I have XT1562 on UK rom obviously it's only single sim so for me to get it to work im guessing I would need to flash a base rom that has a dual sim enabled modem such as the Asian rom.
Have you tried this?
Sent from my XT1562 using Tapatalk
Interested in this also - from the other thread, I think most were successful with the Asian variant (unsure of the EXACT rom name). IMEI will be blank, some have had it work anyway, others not.
I'm interested in this thread now, as the other one was messy, full of "it can't be done" and people discussing removing the plastic, etc... If someone can suggest the exact name of the stock ROM that works and what variant or ROM they had previously, maybe we can get a more definitive answer.
jellysheep said:
Hi,
many Moto X Play users like @Quasar have reported a working second SIM card after flashing a dual-SIM ROM and/or adding a few lines to build.prop/local.prop:
With the lines above in build.prop, I get the "SIM cards" menu in system settings, however it always reports SIM 2 as empty (though card is inserted that works as SIM 1).
Do you have any ideas how to fully enable the second SIM card?
Thanks, jellysheep
Click to expand...
Click to collapse
Did you flash the XT1562_LUX_RETASIA_DS_5.1.1_LPD23.118-12_cid7_subsidy-DEFAULT_CFC firmware first ?
ALD76 said:
Did you flash the XT1562_LUX_RETASIA_DS_5.1.1_LPD23.118-12_cid7_subsidy-DEFAULT_CFC firmware first ?
Click to expand...
Click to collapse
No, but I'll try that as soon as the download has finished. Thanks for the hint :thumbup:
@jellysheep
Done. CM with DS on a SingleSim Device RetEu.
It's just a question of the right Baserom. I tryed the french Firmware plus the trick from the initial post and it works.
You will lose data connection until you do the trick, so make sure you are in a wlan area to set uo your device.
here is a fast link to the base rom:
https://drive.google.com/file/d/0BxY75MbFAKsXcExRbnd3VXg1Mmc/view?usp=docslist_api
The trick I mentioned:
Add the following text to your build.prop (it's in the system folder). I didn't test the option with a local.prop .
ro.gsm.data_retry_config=default_randomization=200 0,max_retries=infinite,1000,1000,80000,125000,4850 00,905000
persist.radio.plmn_name_cmp=1
persist.radio.force_get_pref=1
persist.radio.multisim.config=dsds
@odysseus84: Thanks for the firmware link! :thumbup:
It worked on my german XT1562, and restoring the Nandroid backup (CM12.1) went fine as well. Now I have the same system as before, but with dual sim enabled.
jellysheep said:
@odysseus84: Thanks for the firmware link! :thumbup:
It worked on my german XT1562, and restoring the Nandroid backup (CM12.1) went fine as well. Now I have the same system as before, but with dual sim enabled.
Click to expand...
Click to collapse
You're welcome. It is just a bit annoying that we have to reenable DS after a flash. I wasn't able to do it with the local.prop
odysseus84 said:
You're welcome. It is just a bit annoying that we have to reenable DS after a flash. I wasn't able to do it with the local.prop
Click to expand...
Click to collapse
You mean after a CM upgrade, when just /system is flashed?
You just have to put the mentioned lines in /data/local.prop, and make sure it has user root:root and permissions 644 (just like build.prop).
Does this need to be done using CM or can it be done with stock rom?? Very intrigued
milestoneman said:
Does this need to be done using CM or can it be done with stock rom?? Very intrigued
Click to expand...
Click to collapse
Using the official dual-sim firmware that you flash anyway works fine. Just take care to select the right firmware version (model and region).
EDIT: But you will need root to add the needed lines to build.prop/local.prop.
I've got an XT1562 EU
just to be extra xautious, which firmware?
milestoneman said:
I've got an XT1562 EU
just to be extra xautious, which firmware?
Click to expand...
Click to collapse
Have a look here:
http://forum.xda-developers.com/mot...single-sim-t3194533/post62790748#post62790748
You most likely need something called XT1562_LUX_RETASIA_DS_5.1.1_LPD23.118-12_cid7_subsidy-DEFAULT_CFC
To further ad to the discussion:
You can just add the lines to a stock XT1563 (Canadian) and it will show you the 2nd SIM.
I know because I have done it.
BUT the problem is (I'll discuss further below) that it doesn't give you a 2nd IMEI for the 2nd SIM which in Canada and lot of other countries is a no go.
A lot of countries require 1 IMEI per SIM so dual SIM phones require 2 IMEI. This isn't iron clad - China doesn't have this requirement and some EU & South American countries don't either. However if you're Moto X Play is having issues with 2 SIM's (non stock units) it will be because your location requires the 2nd IMEI. It is possible to add a second IMEI number to the phone but you are going into dubious legal territory IMO. That's why I'm not going to spell it out for you here but rest assured that if you google it you will find the necessary information on how to add the IMEI for the second SIM slot.
IMO the IMEI number missing on the second SIM slot is the only thing different once you have added the lines to the build.prop from above posts.
Properly modded with the 2nd IMEI + build.prop a single SIM Moto X Play would be identical to it's dual SIM cousin IMO.
Tim3tripp3r said:
To further ad to the discussion:
You can just add the lines to a stock XT1563 (Canadian) and it will show you the 2nd SIM.
I know because I have done it.
Click to expand...
Click to collapse
I was seeing crashes while trying to modify settings for the second SIM.
Is everything working (other than not having the IMEI)?
Unlocked bootloader, got TWRP, rooted, downloaded firmware
Will try tomorrow as too late now
thanks for your help - hoping it works
---------- Post added at 01:19 AM ---------- Previous post was at 12:23 AM ----------
Curiosity got the better of me. I did the build prop changes, running Asian dual sim firmware but sim slot 2 always show no signal. It reads the sim as it shows the phone number.
@jellysheep Thank's for your Tipp for the local.prop. I had to add the file too the group 0000-Root. Now it works.
Maybe you could mark the thread as [How to] and put the Guide into the initial post, so people do not have to search the whole thread.
Tanks again
odysseus84 said:
@jellysheep Thank's for your Tipp for the local.prop. I had to add the file too the group 0000-Root. Now it works.
Maybe you could mark the thread as [How to] and put the Guide into the initial post, so people do not have to search the whole thread.
Tanks again
Click to expand...
Click to collapse
Yeah, I had planned to do exactly this, thanks for reminding me. [emoji106]
So anyone in the UK got this working?
I did this to my single-sim (which was supposed to be a dual-sim version, damn you retailer!)
I flashed the EU dual-sim firmware.
I get to put in my pin etc for the second sim, but the second simcard slot doesn't have an IMEI. So it can't register on a network.