Maybe its just dumb luck, but I doubt it. I've had a whole crapload of HTCs come into the shop lately that need their MEIDs repaired due to clueless people attempting nefarious things. And well, there is a wealth of info here and elsewhere on how people go about doing these repairs; More often than not, it involves scanning memory locations - etc. From my experience, just using the "open sesame door" trick works just fine, and bypasses all this memory scanning\zero'ing\etc. The question I pose is this: does this only work with a unlocked bootloader\s-off? For those that have no clue what I am talking about, and you have a zero'ed meid Evo phone you'd like to repair, do this:
Install the proper diag drivers of course
In QPST, add the diag port, then run EFS Explorer
Check and see if your NV items folder is locked
If it is, create a directory named "open sesame door" right off of the EFS root
Reboot phone, then go back to the EFS Explorer. Your NV NUM dir containing all the NV item files should now be unlocked. Now you can
just edit the 0 (pesn file..), 1 (pesn checksum file..) and 1943 (meid file..) files directly instead of scanning for mem locations. I've done countless repairs like this, but always seem to forget to check if its possible prior to unlocking. Just a thought\rant, input is very welcomed.
The phone doesn't even have to be rooted.
It can be completely stock.
Hey I was trying to get my esn fixed but in qpst it does not save. I copied the 0 and 1946 then hex edit copy back. After rebooting they are the same. Any help you could offer me would be great.
payohtea said:
Maybe its just dumb luck, but I doubt it. I've had a whole crapload of HTCs come into the shop lately that need their MEIDs repaired due to clueless people attempting nefarious things. And well, there is a wealth of info here and elsewhere on how people go about doing these repairs; More often than not, it involves scanning memory locations - etc. From my experience, just using the "open sesame door" trick works just fine, and bypasses all this memory scanning\zero'ing\etc. The question I pose is this: does this only work with a unlocked bootloader\s-off? For those that have no clue what I am talking about, and you have a zero'ed meid Evo phone you'd like to repair, do this:
Install the proper diag drivers of course
In QPST, add the diag port, then run EFS Explorer
Check and see if your NV items folder is locked
If it is, create a directory named "open sesame door" right off of the EFS root
Reboot phone, then go back to the EFS Explorer. Your NV NUM dir containing all the NV item files should now be unlocked. Now you can
just edit the 0 (pesn file..), 1 (pesn checksum file..) and 1943 (meid file..) files directly instead of scanning for mem locations. I've done countless repairs like this, but always seem to forget to check if its possible prior to unlocking. Just a thought\rant, input is very welcomed.
Click to expand...
Click to collapse
blah blah
I had done this successfully in the past on my Evo 3d.
Now when I try to overwrite the 0 and 1943 nvitems, I keep getting "Runtime Error" and EFSExplorer.exe quits.
I had lost my Flash after trying to gain S-off.
in EFSexplorer, the nvnum folder is not readonly, after doing open sesame door.
But does anybody know or have seen the Runtime Error, and how you fixed it.
I downgraded my hboot to 1.4, and still s-off, downgraded to Gingerbread stock, still no go
==
edit:
nevermind, problem solved
baalho said:
I had done this successfully in the past on my Evo 3d.
Now when I try to overwrite the 0 and 1943 nvitems, I keep getting "Runtime Error" and EFSExplorer.exe quits.
I had lost my Flash after trying to gain S-off.
in EFSexplorer, the nvnum folder is not readonly, after doing open sesame door.
But does anybody know or have seen the Runtime Error, and how you fixed it.
I downgraded my hboot to 1.4, and still s-off, downgraded to Gingerbread stock, still no go
==
edit:
nevermind, problem solved
Click to expand...
Click to collapse
i did not have a runtime error. my issue was that the changes never stuck. i would change 0 and 1943 write them back to the phone then after a reboot i checked them and they were back to original.
jlmancuso said:
i did not have a runtime error. my issue was that the changes never stuck. i would change 0 and 1943 write them back to the phone then after a reboot i checked them and they were back to original.
Click to expand...
Click to collapse
I had similar issues using Open Sesame. I could not successfully overwrite the existing 0 & 1943 files from NV folder after unlocking.
After several retries & reboots, I had success (luck?) using the following:
I rebooted my pc
First opened DFS demo version & sent SPC (MSL) and also HTC password 01F2030F5F678FF9 in password field
I then closed out of DFS & opened QPST / EFS Explorer
NVM was available. It finally worked when I just deleted 0 & 1943 files
THEN copied the 0 & 1943 files from my pc using File Menu
I did not experiment with drag & drop.
Both files stuck after reboot & 3G calls & text are working fine after OTA
Hope this helps someone else
Related
Hello, I have a Glide manufactured in Nov 2011. I tried to unlocked by many companies, but all failed to get the unlock code, saying that it is unavailable. I see that it is no software unlock tool (as for the Galaxy S). I have it rooted but locked...
Any idea when the code can become available or another solution to have it unlocked?
Thanks
Sorry, forgot to mention: it is locked on Rogers, Canada
After ~90 days after the purchase, if you call AT&T and say that you're 'going overseas' they'll give you an unlock code.
I have successfully unlocked mine using a code from this site - www.cellunlocker.net.
I hope it fine to post the name in this forum.
nickexel said:
I have successfully unlocked mine using a code from this site - www.cellunlocker.net.
I hope it fine to post the name in this forum.
Click to expand...
Click to collapse
I already tried it. Also tried RogersCodes.ca, Theunlock.ca, OttawaPC.ca, MobileInCanada.com, cellunlock.net...
Think that I will have to pay 40$ to Samsung directly. I understood from OttawaPC.ca that it is a chance they can get it from them.
Unlocking!!
I have imported a phone for use in India. Bought it on eBay. Recieved the phone last week.
Still exploring for ways to unlock the phone freely.
Any Developers can help us out ??
Ready for any experiment.
Thanks!!
VinayS said:
I have imported a phone for use in India. Bought it on eBay. Recieved the phone last week.
Still exploring for ways to unlock the phone freely.
Any Developers can help us out ??
Ready for any experiment.
Thanks!!
Click to expand...
Click to collapse
Hi, is this phone available in india sorry to ask here but really i need the phone!!!!Also what is the price u purchased for? And how is the phone for use in india?? pls reply... Thanks a lot Vinay....
shoz_on4u said:
Hi, is this phone available in india sorry to ask here but really i need the phone!!!!Also what is the price u purchased for? And how is the phone for use in india?? pls reply... Thanks a lot Vinay....
Click to expand...
Click to collapse
No the phone will not be released outside US & Canada. I bought it on eBay (.com - US) and got it to India through Borederlinx (Postal Forwarding). Approx 27k including shipping and duty charges.
Phone is very good especially for QWERTY lovers..
Just curious, but does this work? https://market.android.com/details?id=com.helroz.galaxysunlock&hl=en
Or could it be modded to work?
Edit...maybe this would work. http://forum.xda-developers.com/showthread.php?t=761045
bobbylx said:
Just curious, but does this work? https://market.android.com/details?id=com.helroz.galaxysunlock&hl=en
Or could it be modded to work?
Edit...maybe this would work. http://forum.xda-developers.com/showthread.php?t=761045
Click to expand...
Click to collapse
First tried - it doesn't work. I used it on another Galaxy S i9000 without problem, but it doesn't work on Glide (i927R)
Second: tried, doesn't work as it stated in the first page, the file nv_data.bin is re-created at each boot. I have to take a look deeper for hidden files (starting with .). I will do a try probably later
After many tests, deleted files (starting with dot or not) at each re-boot it will recreate the files.
In the file nv.log I see something like "restoring from secondary backup"... Where it stores that secondary backup it I have no idea...
catalinu said:
Sorry, forgot to mention: it is locked on Rogers, Canada
Click to expand...
Click to collapse
Found one for 13 USD in eBay
http://www.ebay.com/itm/unlock-code-ROGERS-Samsung-Galaxy-S2-LTE-Galaxy-S-Glide-/120833869898
Vendor is "unlockgsm4u"
VinayS said:
Found one for 13 USD in eBay
http://www.ebay.com/itm/unlock-code-ROGERS-Samsung-Galaxy-S2-LTE-Galaxy-S-Glide-/120833869898
Vendor is "unlockgsm4u"
Click to expand...
Click to collapse
Yes, thanks, I tried, but it was unable to get it. Waiting to refunf from him...
Meantime I did an unlock (deleting file systems), but I got my original IMEI replaced by a generic one. But at least my phone works now (with that generic IMEI), so I have something until a code will be available...
Hey guys, I just won one of these phones but I am on t-mobile. Will this phone function correctly on their network, in terms of data functionality?
Sent from my HTC Vision using xda premium
eioous said:
Hey guys, I just won one of these phones but I am on t-mobile. Will this phone function correctly on their network, in terms of data functionality?
Sent from my HTC Vision using xda premium
Click to expand...
Click to collapse
2g only most likely
Sent from my SAMSUNG-SGH-I927R using Tapatalk
catalinu said:
Yes, thanks, I tried, but it was unable to get it. Waiting to refunf from him...
Meantime I did an unlock (deleting file systems), but I got my original IMEI replaced by a generic one. But at least my phone works now (with that generic IMEI), so I have something until a code will be available...
Click to expand...
Click to collapse
Can you please guide me how to do it ?? (brief Description)
Can you go back to the original later ??
Thanks!!
VinayS said:
Can you please guide me how to do it ?? (brief Description)
Can you go back to the original later ??
Thanks!!
Click to expand...
Click to collapse
I suppose that yours is rooted. If not, you will have to root it first. See here: http://forum.xda-developers.com/showthread.php?t=1378082.
After root, use a file explorer.
I use the ES File Explorer downloaded from the market:
- Launch it
- Goto "Settings> File Settings". Be sure that Show hidden files is checked
- Also be sure is checked "Settings > Root Explorer"
- In "Settings > Home directory" write "/" (without the quotes)
explore the "efs" folder in the root
- move the following files in a backup folder somewhere to your internal SD card (you will need them if you want to restore later to original phone setup) : .nv_core.bak, .nv_core.bak.md5, .nv_data.bak, .nv_data.bak.md5, nv_data.bin, nv_data.bin.md5. Moving them they will be deleted from the efs folder (that's ok).
Reboot.
Now you will have it unlocked but with the generic IMEI.
It worked for me, hope it will work for you. Do it on your own risk. Don't blame me...
Later, if you want to return to the original (locked): copy all mentioned files from the backup folder to the "efs" folder and reboot.
followed above steps.
After the reboot -- there is no default screen asking for Unlock Code.
Instead my phone reboots just to homescreen.
When the sim attempts to Register to Network i get an error message.
"Phone not allowed MM#6" which i believe is because of the Generic IMEI.
When i attempt an call, i get the error message "Not Registered on Network"
Generic IMEI is 004999010640000/02
PS: Files /efs/nv_data.bin & nv.data.bin.md5 is getting created after every boot
---------- Post added at 11:01 PM ---------- Previous post was at 10:51 PM ----------
replaced the backed up files to its original folder.
Phone back to normal.
i,e -- Locked and asking for Network unlock key
Maybe you can Unlock by finding the unlock code in the bml3.bak file. Here are some steps forgot where i got from. HAVE TO BE rooted and used adb. Download a hex editior. I used 010 Editor. simple
(Place phone in debugging mode)
CMD program on computer
(mount to your folder where adb files located vie 'Cd ........'
(next are commands and just put them all in but make sure you read it through first!!)
adb shell
su
Cd
cd /dev/block
(then press enter)
---------------------------
TYPE THE FOLLOWING:
su
(then press enter, now your phone might ask for superuser permission, ALLOW it or say YES. You may not have to do this step, if it asked you before)
----------------------------
Now you will do one of the following below. Pay attention.
----------------------------
IF YOU HAVE AN EXTERNAL SD CARD TYPE THE FOLLOWING:
dd if=/dev/block/bml3 of=/sdcard/external_sd/bml3.bak
(then press enter)
IF YOU DON'T HAVE AN EXTERNAL SD CARD TYPE THE FOLLOWING:
dd if=/dev/block/bml3 of=/sdcard/bml3.bak
(then press enter)
Step 5) Now, find the file on your External SD card or Internal Storage depending on your situation and transfer it to your computer. If you don't know how to find the file. Plug your phone up and enable Mass Storage or Connect USB Storage. I won't baby you on how to find it. It should be somewhere on your phone or external SD card if you did step 4 correctly. Transfer that bml3.bak file to your computer. I recommend the desktop so will always know where it's at. You can delete it later if you want. So transfer it to somewhere on your computer.
Step 6) On your computer, open up 010 Hex Editor
Step 7) IMPORTANT: In 010 Hex Editor go to the Menus at the top and select VIEW then LINEFEEDS then SELECT CUSTOM, now SET YOUR BYTES TO "32" Nothing Less. If you don't do this, you won't find your unlock code. Do it.
Step 8) While you're in 010 Hex Editor, click Open and locate the bml3.bak file you created and open it. There will be a bunch of letters, numbers or whatever, ignore them for now.
(CREDIT TO FR0Z3N FOR CLARIFYING THE FOLLOWING 2 STEPS)
Step 9) Now press CTRL+F on your keyboard to search for a hex string. Now a box that says Find should pop up and when the search window pops up select "Hex bytes (h)" in the Type field by pushing the down arrow and then search for the following string below:
"FFFFFFFFFF0100000000" ALL TOGETHER WITH NO SPACES, Then Hit the FIND ALL button to the right, some of you will get many results and others up to 10 results on your screen below (not mine, someone else's computer)
tried above method
and also the original method mentioned at
http://forum.xda-developers.com/showthread.php?t=1176886
However no result.
I am not able to locate bml3 file.
Also when i explore through ES File Explorer there is no such file in the directory
I second what Vinay said. Using root browser I found that the dev/block directory on my phone contains files that are 2012 loop0 through2012 loop7, 2012 mmcblk1 and 2012 mmcblkOp1 through 11. It also has the subfolders platform and vold. Also all the files in the folder are listed as 0.00 bytes. Any suggestions on the usefulness of any of these files or other places to look for the bml3 file? I don't think the search function in root browser is comprehensive.
This theory now seems to be confirmed by number of successful applications & my additional research. It should be generally safe to try both experiments. However, it still requires you know basics of shell. Above all, backup. And as allways, I am not responsible for anything, I don't even exist, etc...
And if you test this, please provide feedback.
This post will be updated as needed. For update list see the end.
What you need
Rooted GNEX with perm unlock & generic IMEI by ****Docomo app from this thread: http://forum.xda-developers.com/showthread.php?t=1548210. If you bought Docomo device from Negri, you already have this "patch" applied & just need root.
4.0.4 based ROM, yakju and takju builds are tested. Feel free to try different versions but we know that 4.0.3 is different.
Some form of shell access to your device
Busybox helps, but is not really needed.
The basic theory of permanently unlocking gnex w/ IMEI intact
Theorems
lock status and your IMEI are contained in nv_data.bin files on gnex.
there are usually three nv_data.bin file: /factory/.nv_data.bak, /factory/nv_data.bin, /data/radio/nv_data.bin. The one in /data/radio is the one really used under normal operation, but the least important one. In some way, it gets updated during every boot (boot counter?) and if you destroy it, it will get replaced from /factory ones (I am not sure which one is preferred).
all of these files are signed and signature is in accompanying files with .md5 sum.
unfortunately, it's not clean md5, there is some seed added to it, so nobody knows how to generate them correctly.
From these follows
It would appear that on Galaxy S 2 and other phones you could get around SIM lock simply by editing nv_data.bin files. There are well known locations where one can find unlock status and some additional data and basically unlocking consists of resetting byte at 0x181469 with 0 (contains 1) and replacing about 30 bytes before that with 0xff. If you did this for /data/radio/, you'd get temp unlock, if you replaced files in /factory, you'd get permanently unlocked phone. Easy.
This also (partially) worked on 4.0.3 ICS for files in /data/radio, however /factory files are now protected by md5 checksum with unknown seed. Since 4.0.4 this md5 protection was extended to /data files. THIS IS UNCONFIRMED AS OF NOW.
md5 protection makes it impossible to tamper with those files unless one has a way to generate correct checksum. When system encounters files that have incorrect checksum, it will simply ignore them.
****DocomoV2 perm unlock correctly replaces nv_data.bin files with their unlocked versions (hex manipulation above) but where it fails is generating correct md5 files. Hence all the nv_data.bin files get ignored outright and gnex falls back to some nv_data.bin with generic IMEI that is obviously last resort and probably meant for developers. So unlock only works as side effect. On further reboots, /data/radio/nv_data.bin is correctly checksumed, so it's used, but it contains generic IMEI. On wipe, it's regenerated from fallback again.
If you have phone from negri that has permanent lock applied, you don't even have backup of your original DOCOMO locked nv_data.bin files. This may not be
true for all versions, but it's true for recent shipments from negri with ICS
4.0.4 and can be confirmed by checking byte 0x181469 at all three nv_data.bin
files. It will be 0x00 == unlocked. However, except for unlocking them, ****Docomo didn't do any damage to them, it just rendered them invalid from samsung point of view - checksums don't match.
So if we have way how to generate correct md5 files matching these, we will get unlocked phone with real IMEI. And thanks to little oversight on Samsung part, we do. This oversight is called log files.
Following tests assume that you have phone with permanent unlock of ****Docomo applied. Ie you have phone from Negri with generic IMEI.
1. Theory test (reasonably SAFE)
It's probably better to have phone in airplane mode for these tests. I did for some, didn't for others. But it may overwrite /data/radio if you don't. Switch it off only after reboot.
Log into your phone. su to root. I use adb shell, but any shell will work as
long as you can get root privileges.
Code:
$ su
# cd /data/radio/log
# cat nv.log
Check that it contains lines like this example (2 different at least):
Code:
Tue Apr 17 11:33:47 2012: MD5 fail. orignal md5 '24989da14a3ad550546d2d23254c8f03' computed md5 'adaa0bf9506d939d18d57f96c0c330a3' (rild)
hashes will obviously differ for each gnex. If you can't see these, you could try wiping /data/radio/nv_* (2 files) and rebooting. This will attempt to regenerate files from factory files. If then you still don't see lines, then either your phone hasn't been tampered with or my theory is incorrect. Let me know.
Code:
# cat /factory/nv_data.bin.md5
this will output another md5 hash. Try to find it in above log in column original md5. It should be there. If it is, congratulations, you have correctly f*&^%ed device. The line tells us that md5sum in the aforementioned md5 file is invalid. It also tells us what valid md5 should be! How kind of Samsung. Let's correct this "glitch". Copy somewhere the part in apostrophes after computed md5 on the SAME line that contains hash from above md5 under original md5 (32 characters, for example, if cat outputs 24989da14a3ad550546d2d23254c8f03, it will be adaa0bf9506d939d18d57f96c0c330a3 for above line). I will call it COMPUTED.
Code:
# cd /data/radio
# rm nv_data.bin nv_data.bin.md5
# busybox cp /factory/nv_data.bin .
# echo COMPUTED > nv_data.bin.md5
# chown radio.radio nv_data.bin*
# chmod 700 nv_data.bin*
So we're copying original file from /factory to /data/radio and creating brand new md5 file that contains hash matching this nv_data.bin.
Code:
# reboot
If you did everything correctly, you end up with your original IMEI after reboot. If you destroyed something in /data/radio, don't worry. The files in /data/radio will be regenerated if md5 sum doesn't match or if you delete them, you'll just end up with generic IMEI. Check the log file and try to figure out what happend. If it says default NV restored at the end with current timestamp, well, default NV is the generic one. If you end up with completely wiped IMEI, that usually means permissions of the files in /data/radio are incorect. If above procedure worked, no lines should be added to it, because /data/radio/nv_data.bin was correct.
Mention that we're only touching /data/radio/. This is mostly to prove theory. This file WILL get wiped on factory reset and you'll end up with generic IMEI again. So we just recreated, painfully, temp unlock of ****Docomo app, except that this version works for 4.0.4. But this is side effect just to prove the theory. The real goodie comes now:
2. Theory application (do at your OWN RISK)
You know what's coming anyway. You're smart guys. But first:
BACKUP your /factory off the device
BACKUP your /factory to the cloud
the best thing is to use tar from busybox (preserves file permissions), you can probably use recovery ROMs etc. Just make the good backup. If you damage your /factory/, you may screw your device and never get GSM access again unless paying somebody with SPTBox. There's NO SAFEGUARD unlike when you modify /data/radio. NONE. I hope you got it.
Remount /factory rw. I used root explorer, you can use command line, but you need write access. Do not touch nv_data.bin or .nv_data.bak files. They've been already fixed by ****Docomo and you really NEED them, so please, don't delete them. Also, remember that files starting with dot are treated as hidden by linux, meaning if you want to see them in output of ls, you need to use -a argument.
Now we just need to fix md5 sums. So do as above for data. Find matching lines in nv.log by original md5 and correct md5 sum in computed md5 part and
Code:
$ su
# cd /factory
# echo COMPUTED > nv_data.bin.md5
# chown radio.radio nv_data.bin.md5
# chmod 700 nv_data.bin.md5
# echo COMPUTED2 > .nv_data.bak.md5
# chown radio.radio .nv_data.bak.md5
# chmod 700 .nv_data.bak.md5
So yes, COMPUTED is the same as for /data/radio (it matches nv_data.bin), COMPUTED2 is different (and matches .nv_data.bak).
Remount /factory R/O (probably not needed, but it should sync it so recommended).
Wipe /data/radio/nv_* (2 files):
Code:
# cd /data/radio
# rm nv_data.bin nv_data.bin.md5
This is strictly speaking redundant, if you did the theory test before, since you already have correct files there. However, it will verify that everything is fine and it simulates what happens during factory reset. So wipe them.
Code:
# reboot
... and hope for the best. If you have original IMEI after that, you're probably unlocked forever and may forget about terminals. Try factory reset if you want, flash roms, your gnex is liberated. Go get a beer, it's worth it. If something broke, chances are you're back on generic imei, in which case, nv.log is your friend. And let me know.
Notes
it would be probably better to use "echo -n" instead of "echo", somone could give it try, but I used "echo" myself and it works. However, md5 sums have redundant newline at the end.
I am quite sure this will stop working on future firmwares. This is a loophole that will be closed once people at Samsung mention it (and I am pretty sure they monitor these forums, uhm, hello there). However, I believe that once you have complete set (nv_data.bin & matching md5 files), you're basically not distinguishable from stock sim unlocked phone, so you should be safe there. There's no 100% guarantee though - they are the guys that know their hardware inside out.
Backup /factory if everything works. SEPARATELY from previous backup. This may come handy in future as it contains /factory files matching unlocked version of you phone, so if you loose it, you can use it again.
If you run ****Docomo yourself, you might also want to backup /sdcard/.unlock_backup (or where ****Docomo creates its backup) or better yet, backup /factory off device before running ****Docomo. We, with Negri phones, don't have this luxury.
DISCLAIMER: I don't think this method can be used to spoof IMEI and that's a good thing. Some people claim they know how to change IMEI in nv_data.bin, but I am quite sure there are other security measures to protect it. So this can only return you your old IMEI. Which is good thing in my books (and probably evil in Samsung's, although they're just playing by carrier's tune here)
If this theory is confirmed, someone should write an app. It can be automated with grep or sed.
Updates:
Changed slightly commands in theory test to make sure that nv_data.bin has correct permissons. If it doesn't, you'll end up with wiped up IMEI (which is not really problem, this can be fixed, but you won't be able to get GSM connection until then) -- thanks cpxchewy for this
4/20 - Added Docomo to title, changed intro to reflect successful tests
4/26 - Added info about takju test.
4/27 - mention that files with dot are hidden
The theory test that I tried erased my IMEI and baseband completely. I wonder if it's because I used echo instead of echo -n? I'll try again after I restore from Nandroid (I tried it twice, and both time same results)
EDIT: oh I know why, on your tutorial you left out a line to chown radio.radio nv_data.bin Just did that and now it works!
very exciting news!!!!!!!
Tested and verified. Good job figuring this out man.
If you had a donate button I'd buy you a beverage ;D
hi can anyone build a app
jup007 said:
BACKUP your /factory off the device
BACKUP your /factory to the cloud
Click to expand...
Click to collapse
Hi, sory I'm really new on this..
How can I make a TAR backup of this folder? (I'm not sure how to do this with busybox)
I was only able to copy the entire folder to my pc. I "need" to do this backup before starting flashing anything.
thanks
Till an app is built, I wish some good soul could make at least a bash script to run it from computer or from a mobile shell...I am not good at using "grep" or "sed" command.
That would complete the excellent JUP insight on this issue.
cpxchewy said:
The theory test that I tried erased my IMEI and baseband completely. I wonder if it's because I used echo instead of echo -n? I'll try again after I restore from Nandroid (I tried it twice, and both time same results)
EDIT: oh I know why, on your tutorial you left out a line to chown radio.radio nv_data.bin Just did that and now it works!
Click to expand...
Click to collapse
Good info, thanks. I'll update the initial post. I used busybox cp which preserves permissions but if you use other methods, yes, you need to make sure the file has correct permission. It seems logical that when radio process can't read or write to it, it doesn't know how to read/update the file and just ends up with all zeros/question marks IMEI. So that's another phone state explained.
albsat said:
Till an app is built, I wish some good should could make at least a bash script to run it from computer or from a mobile shell...I am not good at using "grep" or "sed" command.
That would complete the excellent JUP insight on this issue.
Click to expand...
Click to collapse
I know. If nobody picks this up, I may write some script in future, but don't expect it to happen this week. I already lost enough time on this plus I believe it's good to test on people who know their way around bash first before writing an app/script. If you break something by hand, you probably have general idea how to fix it. If script breaks something, I will have to go into hiding.
It's not like there wouldn't be too much hurry anyway. Generic IMEI mostly works just fine. And this thread so far seems to confirm that permanent unlock & unique IMEI is possible. And rest assured, if it's possible, there will be automated way in near future. So those who don't dare to play with it by hand, you can still sleep more lightly now and survive on generic IMEI few more days.
etche said:
Hi, sory I'm really new on this..
How can I make a TAR backup of this folder? (I'm not sure how to do this with busybox)
I was only able to copy the entire folder to my pc. I "need" to do this backup before starting flashing anything.
thanks
Click to expand...
Click to collapse
Code:
# busybox tar -cvf /sdcard/factory.tgz /factory
This assumes you have busybox installed. It's good idea to do it while /factory is still read only mounted.
Then just on computer do:
Code:
adb pull /sdcard/factory.tgz .
and save it somewhere.
jup007 said:
I know. If nobody picks this up, I may write some script in future, but don't expect it to happen this week. I already lost enough time on this plus I believe it's good to test on people who know their way around bash first before writing an app/script. If you break something by hand, you probably have general idea how to fix it. If script breaks something, I will have to go into hiding.
Click to expand...
Click to collapse
It would be great to have a script just for the what you called 1. Theory test (reasonably SAFE) at least.
---------- Post added at 10:06 AM ---------- Previous post was at 09:27 AM ----------
Question please.
When I issue the command
# cd /data/radio/log
# cat nv.log
Click to expand...
Click to collapse
I get two lines with two different correct MD5. So in total it mentions 4 md5 sums.
Which is the correct one?
albsat said:
I get two lines with two different correct MD5. So in total it mentions 4 md5 sums.
Which is the correct one?
Click to expand...
Click to collapse
There should be two, that's correct. You need to run the next command I wrote in that post, # cat /factory/nv_data.bin.md5 . This will only match one of the lines (it must match exactly the code in "orignal md5" section on one line). That's your line and computed md5 there is the one that needs to be in md5.
The other line belongs to /factory/.nv_data.bak .
if i used temp unlock in ****docomo (keep original imei)
is this method also work ? and get a perm unlock?
or i have get a forever unlock 1st(wrong imei)
Hi,
Just to confirm that the first method worked perfectly. I managed to do it just by phone using terminal application and a file manager like ES File.
I will try the second and permanent method when I get back home.
Great job JUP!!!!
---------- Post added at 02:58 PM ---------- Previous post was at 02:13 PM ----------
@Jup
Another idea. Following the first temporary unlock method, I have this idea.
If we unlock temporary the files, can a backup of correct files from /data/radio be used again in case of a factory reset or new rom install? In such case, we can make a CWM package of these files and install it through CM recovery or through a file manager.
What do you think?
@Admin
Please make this thread a sticky. There are so many Docomo users that will be happy with Jup's work.
Wow, this is pretty incredible. I didn't think your theory would actually work but since it's confirmed by others this is fantastic.
I hope this method transcends what it is now.
Update: I'll be trying this method and I'll be willing to test out things should you need me. I'm not too confident in my ability but know how to follow explicit details.
albsat said:
@Jup
Another idea. Following the first temporary unlock method, I have this idea.
If we unlock temporary the files, can a backup of correct files from /data/radio be used again in case of a factory reset or new rom install? In such case, we can make a CWM package of these files and install it through CM recovery or through a file manager.
What do you think?
Click to expand...
Click to collapse
I am pretty sure this will work. Once you have correct set of files from /data/radio, you can make backup of them and restore them after wipe. Heck, I am quite sure this is what "condom" functionality of current fdocomo.apk does - it keeps backup of these files somewhere and can just restore them after wipe. No need to touch /factory at all. The only thing here is, you still have to do this restore manually after wipe. If you modify /factory, you should not have to worry and it may increase resale value of your phone quite a bit - if you have, for the same price, device that keeps IMEI after wipe and device that needs to run some wierd app, which will you buy?
ygvuhb said:
if i used temp unlock in ****docomo (keep original imei)
is this method also work ? and get a perm unlock?
or i have get a forever unlock 1st(wrong imei)
Click to expand...
Click to collapse
I don't think it will work with temp unlock.
But honestly, I don't really know how temp unlock of fdocomo apk works because negri phone I got was already perm unlocked. I believe it uses some vulnerability in 4.0.3 and earlier versions to get correct md5 sum for files in data, so more or less it does similar thing to theory test by different means. However, I don't know how it modifies the files in /factory - according to author, it does modify one, not the other. And this method relies on the fact that you have both of files in /factory (nv_data.bin & .nv_data.bak) are in unlocked state. Which is done by perm unlock.
Strictly speaking, you don't need fdocomo for this method to work. You could achieve same results by using hexedit and unlocking factory nv_data files by hand. It's just much more convinient this way.
thanks i will try this later
Just to confirm that even the second method worked perfectly. You can do all the procedure by your phone alone using a terminal and Root Explorer.
Thanks again jup007. Please add Docomo or Negri at subject. I think there will be more people interested.
Sent from my Galaxy Nexus using Tapatalk
I 2nd the proposal to please add Negri or Docomo to the subject line.
also, i 2nd the proposal to make this thead a sticky. there are so many people concerned about this.
Could also maybe clean up the instructions a bit and slim it down?
So I'm gonna try this out, but basically. Do we have to do theory 1 in order to do theory 2? or can we just go straight to theory 2 if we already have perm unlock with generic IMEI?
The backing up thru busybox code you put would also be helpful if you just put it in at Theory 2
Hello, this is really weird. In fact, when I insert the SIM to my Note 2 N7100 and turn it on, it allows me to make emergency call, but I cannot use it to make any others and it doesn't show the carrier name (it shows Emergency call only). And when I try to use it to make normal phone calls, it says that I am not registered to a mobile network. I try to factory reset my phone, but the problem remains. I then try to remove the SIM card, and it says that I need to insert a SIM card (that means that it is not a hardware problem since it recognizes the card). I then try to go to the mobile network setting to try to connect to the network manually, it connects me but it shows me a warning which says that the mobile network service is not available (and the Emergency call only label remains). However, I am sure that this is not the problem of the card neither since when I insert the card to my Moto MB860, I can make calls as usual. So, what is the problem ??? It seems to me that the problem happens spontaneously since it works perfectly until yesterday. And all other wireless function works fine including wifi , Bluetooth and GPS and the only thing goes wrong is 3g and 2g.
Additional information:
ROM: Omega v.16
Carrier: Fido Canada (as you can see)
Thanks.
First of all, check whether you can see the IMEI of the device. If you can see.
1. Contact your network operator and check whether your IMEI is blacklisted or not.
If you cannot see the IMEI
1.Restore the efs and persist backups (if you have one)
2. flash the device again with the modem image (download the firmware of your device from samfirmwares.com, delete everything from the .tar file except modem.bin, and then flash this file to the phone with Odin (you can get Odin and instructions from that site or from here)
2. maybe your nv_data.bin file or /efs directory got corrupted, make a backup of the folder, then simply delete nv_data.bin, it will be recreated for you.
For this, you’ll need root. If you have a root-enabled kernel, you only have to install the Superuser app and Busybox on the phone, download the Android SDK to your PC, install platform-tools in the SDK manager, go to the platform-tools directory and start adb shell.
In the shell, type su, wait for the Superuser prompt to appear on the phone (if it does not appear, open the Superuser app and try executing su again), enable root access for the command. Now go to /efs, copy everything to for example /sdcard/efs, then rm nv_data.bin.
Reflashing the device with a kernel and checking “phone EFS clear” in Odin also works (make sure you made a backup of the EFS folder just in case).
3. you can try changing the CSC: enter *#272*imei# on the phone tab.
Try this . I'm not sure it works. Just give it a try on yourself.
Trying the above mentioned methods could be vulnerable to your phone if it not done properly. So do it carefully. If you have any doubts feel free to ask me or search elsewhere. But, don't blame me for a fully dead phone. I am not at all responsible for any...
Noob 1st post......have had similar problems with koodo CDN
Not gonna give such an in depth suggestion as above.....he's something simple to try.
I live in a dead zone and often my phone ( galaxyAce) will switch to no service. Even after refreshing and selecting network under settings, it says it's connected, but isn't. A simple apk that always fixes the problem for me is Network Signal Booster @ theplaystore
jabrif said:
First of all, check whether you can see the IMEI of the device. If you can see.
1. Contact your network operator and check whether your IMEI is blacklisted or not.
If you cannot see the IMEI
1.Restore the efs and persist backups (if you have one)
2. flash the device again with the modem image (download the firmware of your device from samfirmwares.com, delete everything from the .tar file except modem.bin, and then flash this file to the phone with Odin (you can get Odin and instructions from that site or from here)
2. maybe your nv_data.bin file or /efs directory got corrupted, make a backup of the folder, then simply delete nv_data.bin, it will be recreated for you.
For this, you’ll need root. If you have a root-enabled kernel, you only have to install the Superuser app and Busybox on the phone, download the Android SDK to your PC, install platform-tools in the SDK manager, go to the platform-tools directory and start adb shell.
In the shell, type su, wait for the Superuser prompt to appear on the phone (if it does not appear, open the Superuser app and try executing su again), enable root access for the command. Now go to /efs, copy everything to for example /sdcard/efs, then rm nv_data.bin.
Reflashing the device with a kernel and checking “phone EFS clear” in Odin also works (make sure you made a backup of the EFS folder just in case).
3. you can try changing the CSC: enter *#272*imei# on the phone tab.
Try this . I'm not sure it works. Just give it a try on yourself.
Trying the above mentioned methods could be vulnerable to your phone if it not done properly. So do it carefully. If you have any doubts feel free to ask me or search elsewhere. But, don't blame me for a fully dead phone. I am not at all responsible for any...
Click to expand...
Click to collapse
I tried a simple way which is format everything and flash another ROM but the problem remains.
TRS_80 said:
Noob 1st post......have had similar problems with koodo CDN
Not gonna give such an in depth suggestion as above.....he's something simple to try.
I live in a dead zone and often my phone ( galaxyAce) will switch to no service. Even after refreshing and selecting network under settings, it says it's connected, but isn't. A simple apk that always fixes the problem for me is Network Signal Booster @ theplaystore
Click to expand...
Click to collapse
I don't know that we are in the same situation since at home I often got a good signal and this happened to me only since yesterday.
jabrif said:
First of all, check whether you can see the IMEI of the device. If you can see.
1. Contact your network operator and check whether your IMEI is blacklisted or not.
If you cannot see the IMEI
1.Restore the efs and persist backups (if you have one)
2. flash the device again with the modem image (download the firmware of your device from samfirmwares.com, delete everything from the .tar file except modem.bin, and then flash this file to the phone with Odin (you can get Odin and instructions from that site or from here)
2. maybe your nv_data.bin file or /efs directory got corrupted, make a backup of the folder, then simply delete nv_data.bin, it will be recreated for you.
For this, you’ll need root. If you have a root-enabled kernel, you only have to install the Superuser app and Busybox on the phone, download the Android SDK to your PC, install platform-tools in the SDK manager, go to the platform-tools directory and start adb shell.
In the shell, type su, wait for the Superuser prompt to appear on the phone (if it does not appear, open the Superuser app and try executing su again), enable root access for the command. Now go to /efs, copy everything to for example /sdcard/efs, then rm nv_data.bin.
Reflashing the device with a kernel and checking “phone EFS clear” in Odin also works (make sure you made a backup of the EFS folder just in case).
3. you can try changing the CSC: enter *#272*imei# on the phone tab.
Try this . I'm not sure it works. Just give it a try on yourself.
Trying the above mentioned methods could be vulnerable to your phone if it not done properly. So do it carefully. If you have any doubts feel free to ask me or search elsewhere. But, don't blame me for a fully dead phone. I am not at all responsible for any...
Click to expand...
Click to collapse
Some updates;
- IMEI is checked.
- I do not have any efs backup
- nv_data.bin has been deleted and recreated
- trying to register for the firmware
- My phone is always rooted.
Dan Law 001 said:
Some updates;
- IMEI is checked.
- I do not have any efs backup
- nv_data.bin has been deleted and recreated
- trying to register for the firmware
- My phone is always rooted.
Click to expand...
Click to collapse
Results..??
Sent from my GT-I9001 using xda premium
jabrif said:
Results..??
Sent from my GT-I9001 using xda premium
Click to expand...
Click to collapse
I need to get the firmware first... since I already passed the download quota for today... need to wait until tomorrow...
Mmm... I heard that you mentioned clearing the EFS in your given procedure, but I do not think that I modified that folder... However, about few days ago, since I want to gain better control on the volume on my headphone remotes, I did modify the file called Generic.kl in system/usr/keylayout, but I restore it after since it didn't work. However, I don't think that this modification will trigger something in the efs folder since it has different directory. By the way, I did some research online and they say that the efs contains information about the carrier on the phone, so will there's a greater chance that the problem is caused by the possible modification on the efs than any other factor and will there also something else that possibly trigger the similar effects?
Sent from my GT-N7100 using xda premium
Still nothing
Ive found threads on here that says how its important to back up the IMEI number, but I havent been able to find how to actually do that. I am on a custom Rom right now. Do I need to be on stock to back it up? Can someone point me in the direction of how to backup my IMEI number?
itsLYNDZ said:
Ive found threads on here that says how its important to back up the IMEI number, but I havent been able to find how to actually do that. I am on a custom Rom right now. Do I need to be on stock to back it up? Can someone point me in the direction of how to backup my IMEI number?
Click to expand...
Click to collapse
You are on a custom ROM so I'll assume you are rooted (you need root).
Download a terminal emulator from the play store, like this one: https://play.google.com/store/apps/details?id=jackpal.androidterm
Open it, type:
su <enter>
<grant root access>
reboot nvbackup
The device will immediately reboot. You will see a couple blue lines of text at the top left corner of the screen. This is how you know it worked. There are a thousand ways to back up your IMEI, like Andromizer, and I even made a script that will do it. This way, though, is still the best, because it uses the device's built in functionality to do the backup, and if needed, the automatic restore. No other tool or script can do that.
Aerowinder said:
You are on a custom ROM so I'll assume you are rooted (you need root).
Download a terminal emulator from the play store, like this one: https://play.google.com/store/apps/details?id=jackpal.androidterm
Open it, type:
su <enter>
<grant root access>
reboot nvbackup
The device will immediately reboot. You will see a couple blue lines of text at the top left corner of the screen. This is how you know it worked. There are a thousand ways to back up your IMEI, like Andromizer, and I even made a script that will do it. This way, though, is still the best, because it uses the device's built in functionality to do the backup, and if needed, the automatic restore. No other tool or script can do that.
Click to expand...
Click to collapse
How can I pull it to back it up to my computer or my dropbox? Just to keep a copy of it safe somewhere.
itsLYNDZ said:
How can I pull it to back it up to my computer or my dropbox? Just to keep a copy of it safe somewhere.
Click to expand...
Click to collapse
With this method, you can't. The partitions that get backed up are copied to otherwise unused partitions on your device. They have no other purpose. It's been theorized that this was supposed to be done at the factory before shipping, and Samsung "forgot".
But backup is all about redundancy, so you can grab an app from the play store that can back them up to your sd card.
My tail of woe. From what I have read there is nothing that can be done but I thought I would ask anyhow.
I was overseas with an SGH-T999L, and took it to a man in a market to be unlocked. 2 hours later it was useless. The man said it would be OK once it was back in the US, but it wasn't. Obviously he didn't keep backups.
Dialing *#06# gives me "null/null".
I cannot turn on wifi (I slie the switch and it slides right back) but can turn on bluetooth, gps and nfc.
Baseband version is "Unknown"
Build number is JSS15J.T999LUVUBNC1
It appears that he used vRoot to get root.
According to the "odin screen"
CUSTOM BINARY DOWNLOAD: No
CURENT BINARY: Samsung Official
SYSTEM: STATUS: Custom
QUALCOMM SECUREBOOT: ENABLE
Warranty Bit: 0
BOOTLOADER AP SWREV: 1
I used this article from techglobal101.wordpress.com 2013/05/02/how-to-solve-no-service-on-samsung-galaxy-s3/ following the imei already corrupt steps to generate
the text file with the imei in it. However the NV Reader/writer has problems. Firstly *#7284# only gives me a choice of "Modem" or "PDA". However *#0808# does give me more options including "RMNET + DM + MODEM". The bigger problem is that the SPC code of 000000 is not accepted, so NV reader/writer can not access anything.
Looking in the /efs filesystem (using "adb shell" and "su" and "busybox find /efs -size +1000k" ) does not find any files larger than 1MB (I believe the nv_data.bin should be at least 2MB) so no original ".nv_data" file, no "nv_data.bin" nor "nv_data.bak". There are smaller files, for example there is a file /efs/imei/mps_code.dat, 3 bytes long containing TMB. The /efs partition is 13716 blocks in size and is only 33% full (4556 blocks in use).
I can use adb to install and uninstall packages, and copy files.
Things which look interesting to me in the output of "getprop" are (with a valid sim card installed)
[DEVICE_PROVISIONED]: [1]
[gsm.operator.alpha]: []
[gsm.sim,state]: [NOT_READY]
[gsm.sim.unknownready]: [1]
So far I have not done anything else. In particular I have not tried using ODIN to download a stock image, nor have I tried removing the files which are in /efs.
I also have not tried creating a 2MB file of NUL characters called /efs/nv_data.bin in the hope that that would at least advance the solution.
I would be pleased to get any good advice on what to do next. Please assume I know my way around a unix command prompt, but this is my first venture into the world of Android.
First thing, don't mess with the efs. It's not relevant to the issue at hand and sounds to be just fine. Most of the NV Data is stored on different partitions. Don't assume its the same as on other devices like many others seem to advise.
Second, download your stock firmware (NC1)(root66 firmware is ok), flash via Odin on your computer, and factory reset (will wipe internal sd). This often fixes these problems without having to touch the NV data.
Something tells me that whoever you took it to may have tried to flash the 4.1.1 modem to use our free unlock method. If so, that will cause the exact same thing you are experiencing now.
If after that it is still not fixed, PM me and I will try to help get your imei restored. We are not allowed to post information, tools, links or further discuss that here, so if it comes to that, I can only help you via PM.
Sent from my SAMSUNG-SGH-I747 using Tapatalk