Develop Bugs

[HOW-TO] Bit-flip (nv_data.bin) unlock for the SGH-I927(R), keeps the IMEI valid!

Update: To work with the AT&T ICS ROM, this method requires installing a modified libsec-ril file. You do not need to bother with the MD5 checksums since they aren't output by this ROM and are bypassed altogether thanks to Phoenix84188's work.
Update 2: I made an update zip to easily apply Phoenix84188's modified libsec-ril file. It may also be worth mentioning that spocky12's GalaxSim Unlock works on this phone too.
Hello,
I was trying to figure out a way to unlock the phone while keeping my IMEI.
I tried tinkering with the CSC files and factory resets on stock recovery to reapply same. No luck, although I might have been able to relock it to another network, didn't bother testing. (Fixing these files also eliminates any re-locking possibilities on factory reset.)
After some research on other methods and programs for the SGS I, II and III, I managed to pull it off. There are some slight variations across models, but I got the right mix for this one. I've since called, texted and used cellular data with my Virgin Mobile Canada SIM, and it also took my T-Mobile USA SIM without complaint and roamed on Rogers. My ex girlfriend's now using it on Telus. Multiple confirmed unlocks from various parts of the world in this thread as well.
Requirements
Working ADB installation
Hex editor
Root (could also be done with CWM on an unrooted ROM.)
Instructions
Backup the /efs partition (ideally with a tar archive as it preserves ownership and permissions information)
Open nv_data.bin in a hex editor. (Frhed is one open-source option.)
In the hex editor, go to offset 0x181469. An offset is a byte's position in a file, it can be given in either decimal or hexadecimal format. (The 0x notation is for hexadecimal values)
On the hex side, change that value from 01 to 00 (To be technical I could have written 0x01 to 0x00)
Using the hex editor's search capabilities, look for the string "302720" (Rogers) or an appropriate AT&T MNC/MCC combination (try "310410" or "310380") as applicable.
This should bring you to a series of MNC/MCC pairs. (Which should match those found in your original CSC customer.xml file.) For information, the strings in my file started from offset 0x180069 and read: 30272030237030272#30237#00101#99999#999990001010001012
Overwrite the strings by changing them to xFF (ASCII non-breaking space.)
From the command prompt, push the modified nv_data.bin into place. On the stock, secure kernel:
Code:
C:\(Whatever your path is)>adb push nv_data.bin /sdcard/
C:\(...)>adb shell
$ su [I](check for a possible superuser prompt on the phone itself)[/I]
# cp /sdcard/nv_data.bin /efs/nv_data.bin
# chown radio.radio /efs/nv_data.bin
# reboot
Once the phone has done rebooting, from the command prompt:
Code:
C:\>adb shell
$ su
# cat /efs/nv.log
The log should spit out a pair of error messages like this:
Code:
Wed Aug 29 10:45:04 2012: MD5 fail. orignal md5 '9e1e52346ec8bc3ea07988c967dab04c' computed md5 'd931816e4be7d60a3e41f6fddc27e2e4' (rild)
Wed Aug 29 10:45:05 2012: backup NV restored.
Copy the freshly computed, lightly salted (i.e. not reproducible otherwise), md5 hash from the command prompt window. (Remember that you can use the mouse to select and copy)
Open nv_data.bin.md5 in a hex (or text) editor and paste it over the old one.
ADB push both the previously modified nv_data.bin and nv_data.bin.md5 back to /efs/ and don't forget to chown them both again.
Code:
C:\(...)>adb push nv_data.bin /sdcard/
C:\(...)>adb push nv_data.bin.md5 /sdcard/
C:\(...)>adb shell
$ su
# cp /sdcard/nv_data.bin /efs/nv_data.bin
# cp /sdcard/nv_data.bin.md5 /efs/nv_data.bin.md5
# chown radio.radio /efs/nv_data.bin
# chown radio.radio /efs/nv_data.bin.md5
Reboot (although on second thought, shutting down, inserting a foreign SIM and turning the phone back on should work)
Done! Confirm the unlock works with a "foreign" SIM, and for bonus points edit the CSC customer.xml file, setting the <NbNetworkLock> property to 0 and deleting the networks listed immediately below. You could also remove the leftover modified files on the SD card, from ADB shell:
Code:
$ rm /sdcard/nv_data.bin
$ rm /sdcard/nv_data.bin.md5
If you're having a hard time with this guide, please stick to public threads where more people can help you instead of PM-ing me. Thanks.
Goodbye,
Darkshado

Will try !!!
If this works, I can finally get rid of that piece of paper on my wallet with the Unlock Code for my phone XD

I purchased an "unlocked" glide from amazon and been using it no problem here in Mexico, do I have to worry about it locking at some point?
I flashed ICS / CWM and the backlight fix on it and so far so good

rovar said:
I purchased an "unlocked" glide from amazon and been using it no problem here in Mexico, do I have to worry about it locking at some point?
I flashed ICS / CWM and the backlight fix on it and so far so good
Click to expand...
Click to collapse
Going by my Ace and Gio experience, the following conditions have to be met for the phone to relock itself:
Native or no SIM card
Stock ROM with CSC files that contains network lock settings.
Stock Samsung recovery
Factory reset triggered, which makes the stock recovery reapply the CSC parameters.

Alright, thanks!. Guess I'll stick to reflashing the ROM instead of factory reset whenever there's a problem

is this method good for GB as well as ICS/JB ?

I've done it with the stock Rogers GB ROM.
With that said, if it doesn't work with the ICS leak, or with a custom ROM of some sort, you can always restore your original nv_data.bin and nv_data.bin.md5 files. You'll be back with a locked phone but no harm should be done.
IIRC, the RIL files are part of the proprietaries when used with a custom ROM anyway, so you should be good.

thanks for the reply,its seems a bit tricky for me but will try to get it working when i get my phone (in about a week or so), by the way backupin the /efs partition is with cwmr?

Either that or with a rooted phone. I suggest you make the backup as a tar archive, it'll keep the permissions.

Works like a charm. Running it unlocked since 24h on a foreign SIM without issues. Thank you so much!
(Running OsiMood 2.06.07 + Rogers kernel as posted on the rooting thread + SwissCom SIM card).

i used this method:
http://forum.xda-developers.com/showthread.php?t=859914
to backup my efs to an tar.gz file, is it good enough?
if i need to restore it then i use cwmr?

it's seem that my offset 0x181469 was already at value 00,
and i couldn't find 302720 any where in the file so i tries to go to the offset 0x180069
that you found the string at and saw its all 00
so maybe my phone is already sim free and didn't know it - as i didn't even tried putting my sim to check
cos i thought that its useless to do so.
one question if i will update to ICS, official at&t rom or custom one build upon that rom, will it change my nv_data.bin?
and if so can i put my, presumably sim free, nv_data.bin?

Taiber2000, you should have checked either with a "foreign" SIM or by dialing code *#7465625# which outputs lock status. It would have told you where you stood lock-wise.
Your phone might relock if you flash a stock ROM through Odin or otherwise trigger a factory reset with either no SIM card in the phone or an AT&T/Rogers (as applicable) one.
You could probably return to your unlocked nv_data.bin in that scenario, but in case the ICS update also applies other changes it may be better to unlock the nv_data.bin that's been relocked.

i see i will check it out and see, thanks for the help.

edit: scrach that i found out the problem is with my sim card on the phone, it works on my n97 but no on the glide, will change my sim at my mobile center.

nice unlock, but have some doubts
Darkshado said:
Hello,
I was trying to figure out a way to unlock the phone while keeping my IMEI.
I tried tinkering with the CSC files and factory resets on stock recovery to reapply same. No luck, although I might have been able to relock it to another network, didn't bother testing. (Fixing these files also eliminates any re-locking possibilities on factory reset.)
After some research on other methods and programs for the SGS I, II and III, I managed to pull it off. There are some slight variations across models, but I got the right mix for this one. I've since called, texted and used cellular data with my Virgin Mobile Canada SIM, and it also took my T-Mobile USA SIM without complaint and roamed on Rogers.
Requirements
Working ADB installation
Hex editor
Root (could also be done with CWM on an unrooted ROM.)
Instructions
Backup the /efs partition (ideally with a tar archive as it preserves ownership and permissions information)
Open nv_data.bin in a hex editor.
Go to offset 0x181469
Change the value from 01 to 00
Search for 302720 (Rogers) or an appropriate AT&T MNC/MCC combination (try 310410 or 310380) as applicable.
This should bring you to a series of MNC/MCC pairs. (Which should match those found in your original CSC customer.xml file.) For information, the strings in my file started from offset 0x180069 and read: 30272030237030272#30237#00101#99999#999990001010001012
Overwrite the strings by changing them to xFF
Push the modified nv_data.bin into place. On the stock kernel: push to /sdcard/ first, then adb shell, su, cp to /efs/ and chown radio.radio /efs/nv_data.bin
Reboot the phone
ADB shell, su, then cat /efs/nv.log
The log should spit out a pair of error messages like this:
Wed Aug 29 10:45:04 2012: MD5 fail. orignal md5 '9e1e52346ec8bc3ea07988c967dab04c' computed md5 'd931816e4be7d60a3e41f6fddc27e2e4' (rild)
Wed Aug 29 10:45:05 2012: backup NV restored.
Copy the freshly computed, lightly salted, md5 hash. Paste it over the old one in nv_data.bin.md5
Push both the previously modified nv_data.bin and nv_data.bin.md5 back to /efs/ and don't forget to chown them both again.
Reboot (although on second thought, shutting down, inserting a foreign SIM and turning the phone back on should work)
Done! Confirm the unlock works with a "foreign" SIM, and for bonus points edit the CSC customer.xml file, setting the <NbNetworkLock> property to 0 and deleting the networks listed immediately below.
Goodbye,
Darkshado
Click to expand...
Click to collapse
I tried this, but when looking at the nv.log it doesn't says the new md5 .
when changing the MNC/MCC I see there are 3 5-digit number which should be turned over to 0xFF as string or as hex value? Do I also have to substitute the large last number?

lol samsung accedently unlocked my phone

Luisrcastros: What ROM are you running? Does the nv.log report changes in the NV files and restoring the backup?
The last numbers in the MNC MCC codes are actually standard test MNC and MCCs that a carrier would want the phone to work with in addition to their network. You'll want to overwrite the whole set (54 bytes in the case of the Rogers lock) with 0xFF.

glide relocked ICS
Darkshado said:
Luisrcastros: What ROM are you running? Does the nv.log report changes in the NV files and restoring the backup?
The last numbers in the MNC MCC codes are actually standard test MNC and MCCs that a carrier would want the phone to work with in addition to their network. You'll want to overwrite the whole set (54 bytes in the case of the Rogers lock) with null characters (0xFF).
Click to expand...
Click to collapse
Darkshado: I got a Rogers unlocked glide, then updated to the ATT ICS, it locked the phone. So I´m trying to do the hack on ICS 4.0.4, yes the nv.log report says it´s restoring the nv file from the backup. When I open the nv_data.bin I found your exactly same data.
should I also put FF to the rogers data (302720)
Do you think this will work?
By the way, if anyone has Rogers 2.3 android unlocked, don't try the ATT firmware or you will get locked.
nv.log says:
date: cracking detected
date: NV backup has been rebuilt
date: NV restored

Done
After taking back to stock and root my Rogers captivate glide I was finally able to unlock my phone just by following the instructions from this thread. (hex edit and stuff)
Thanks a lot for the help. This works but you need the rogers kernel and root, you can't unlock with AT&T's kernel.
I'll try to upgrade again to AT&T ICS and let you know if it relocks .

[Q] Baseband: Unknown, Modem boot timeout, Couldn't find 'rild' socket.

Hello all and a good day.
Device: Samsung Galaxy Note 8.0 GT-N5100 (3G) - XME (Malaysia)
What I did: Nothing unusual! Device mainly used for text reading and some writing. After updated to Android 4.2.2 (PDA: N5100XXCMI1, CSC: N5100OLBCMH2, MODEM: N5100XXCMI1) via ODIN, the symptom # 1 appeared. The firmware for Malaysia was downloaded from the sammobile.com.
Same time I came to know the importance of /efs backup, so rooted (1st time) the device, backed-up /efs via EFS Pro, used Triangle Away, unroot, and flashed the stock. Since the symptom # 1 continued, I did a factory reset, and then all other symptoms appeared.
Symptoms:
1) Tablet doesn’t vibrate.
2) Kies is unable to detect the tablet.
3) SIM Cards are not detected. A prohibition sign is shown at the cell signal (left to the battery indicator) (see image 1).
4) In “Settings > About device”, and in “Settings > About device > Status”, many fields are stated as “Unknown”, e.g.:
Baseband and IMEI (see image 1 and image 2). Incorrect Serial number (/efs has the correct one as in the back cover).
5) Camera view is upside down.
6) Proximity sensor doesn’t work. In the *#0*# Test mode, Proximity value is 1.0. If exit and check again value becomes 0.0.
7) Regardless of Flight mode or not Cell standby drains the battery a lot. Once activated, Flight mode turns grey (see image 3).
8) [SOLVED, see 5th post] Several times (not always), a white screen appeared at the boot screen (model name), and also when plugged to power source while the tablet switched off. I guess something to do with param partition.
9) [SOLVED, see 5th post] "No command" error message in the stock recovery (3e).
9) “Modem boot timeout” and “Couldn't find 'rild' socket” errors in logcat -b radio.
10) When tried to use the tablet as a modem from Windows 7, it gives an Error 692, and the diagnostics states, “Timed out waiting for response from modem”.
Solutions tried (no success): As many, I too tried various /efs based solutions mentioned in XDA, and flashed all the five firmwares available for the device, but the problem stays same. I tried to solve this without troubling others much, but now I am lost.
Help needed: Is this problem can be fixed by me with some guidance, which would be great since to claim warranty the tablet need to be send to another country. Or is it a hardware problem, therefore I should send it straight to Samsung service without wasting more time?
Attached files, if they help:
1) Outputs of the following commands
logcat -b radio
logcat *:E
dmesg
ls -la /efs
ls -la
mount
cbd -t xmm626x -o t
2)
- recovery log from - CivZ_rev1.1-PhilZ 5.1.1 (touch)
- build.prop file
Thank you for reading. Greatly appreciate any help and guidance. Sorry, if I violate any XDA rules in this post. Kind regards!

New Problem: "There is no PIT partition."
Last night managed to fix a part of the problem (customer.xml error in logcat) in the above post thanks to the guidance from civato. In an attempt to fix other problems, last night I had mistakenly executed the following cmd in ADB while in recovery.
Code:
dd if=/data/media/0/efs.img of=/dev/block/[B]mmcblk0[/B]
The correct one should have used is mmcblk0p3 (/efs partition in Note 8.0). At least I managed to do some damage, otherwise all the credit goes to Samsung.
Now I can go to download mode only. A white screen flashes if try recovery mode or normal boot or even connect to a power source to recharge. Since charging or not also unsure (before this happened battery was 100%), I have a limited time to use the device to get it to work properly. Other problem is, if fail, can’t claim warranty as there’s no way to use the Triangle Away in this situation.
Now when try to flash via ODIN:
1) normal way - it failed stating, "There is no PIT partition." (see image 1).
2) with kona3g.pit I have - it failed stating, "Re-partition operation failed." (see image 2).
Even when the device was working properly, 2nd option never worked for me.
My kona3g.pit read well by PIT Magic 1.3.10.
Can anyone provide me a working .pit for Note 8 GT-N5100. Thinking of trying Heimdall Suite 1.4.0 tonight, but need some reading as I never used it and limited battery time for flashing.
Any advice to recover my device is highly welcome.
King regards.

Here you go, unzip it and in Odin select repartition and then Odin a new stock rom. (PDA)
Or look here for the 5110 pit file it should alos work on the 5100 as the modem partition is also created.
reinstall your csc also after rom onstallation
PS try the included Odin

Working kona3g.pit for GT-N5100
civato said:
Here you go, unzip it and in Odin select repartition and then Odin a new stock rom. (PDA)
Or look here for the 5110 pit file it should alos work on the 5100 as the modem partition is also created.
reinstall your csc also after rom onstallation
PS try the included Odin
Click to expand...
Click to collapse
Brilliant and thank you! The Odin3_v3.07.exe you provided missing an Odin3.ini (see image). I used an Odin3.ini (see attached files) that I have (for the same version) together with your Odin3_v3.07.exe and kona3g.pit, and the flashing went perfectly without any errors. So your kona3g.pit is a genuine working one. Thank you
I’ll continue further tonight and post here. My friend share his laptop with me, therefore I have limited time.
EDIT: When looked from the PIT Magic 1.3.10, the GT-N5110.pit is same as the GT-N5100 one (kona3g.pit). But when looked from the HxD - Hexeditor 1.7.7.0, the signatures at the end of the files are different, so it might not work on the sister device. Also, your GT-N5110.pit has trailing zeros after the signature, somewhere I read that these zeros must be deleted from a hexeditor for it to work.
Kind regards!
Image:

Solutions for symptoms 8 & 9
Solution for symptom 8:
Googled for a param.bin for Note 8.0, but only found one for Galaxy S3. Anyway, being fed up with the white screen, I copied S3 param.bin to the mmcblk0p4 partition of Note 8.0, surprise it worked. But the boot screen became S3 . Later among my backups, I found a param backup of mmcblk0p4 that I took via EFS Pro. Unfortunately couldn't restore it via EFS Pro as I had renamed the tar.gz to keep things tidy. So I extracted it to get a file called param. Since this param didn't work after copying, I compared it in the hex editor with the working S3 param, and noticed EFS Pro add some data to the beginning of the file. I removed this begining data and also the trailing zeros, and renamed it to param.bin (to go along with the name in kona3g.pit, perhaps not necessary). Finally, copied it by "dd if=/sdcard/param.bin of=/dev/block/mmcblk0p4" command, after couple of reboots white screen disappeared.
Solution for symptom 9:
Difficult to say this is a solution but it disappeared after this. In order to send for warranty claim, I restored the device to clean stock. First used Triangle Away to reset the counter. Booted and fully unroot via SuperSU. Then flashed the stock rom with the pit file, and without restart option. Shut down the device and boot into the recovery to do a full wipe, and the "No command" error wasn't there.
I must say, since my modem not working, capslock66's Android Reverse Tethering 3.15 saved my day to download the required Triangle Away add-on via laptop's broadband connection.
Since all other symptoms couldn't be solved my me after much effort, I sent the tablet for Samsung service.

T999L, failed unlock - now no imei, baseband nor nv_data

My tail of woe. From what I have read there is nothing that can be done but I thought I would ask anyhow.
I was overseas with an SGH-T999L, and took it to a man in a market to be unlocked. 2 hours later it was useless. The man said it would be OK once it was back in the US, but it wasn't. Obviously he didn't keep backups.
Dialing *#06# gives me "null/null".
I cannot turn on wifi (I slie the switch and it slides right back) but can turn on bluetooth, gps and nfc.
Baseband version is "Unknown"
Build number is JSS15J.T999LUVUBNC1
It appears that he used vRoot to get root.
According to the "odin screen"
CUSTOM BINARY DOWNLOAD: No
CURENT BINARY: Samsung Official
SYSTEM: STATUS: Custom
QUALCOMM SECUREBOOT: ENABLE
Warranty Bit: 0
BOOTLOADER AP SWREV: 1
I used this article from techglobal101.wordpress.com 2013/05/02/how-to-solve-no-service-on-samsung-galaxy-s3/ following the imei already corrupt steps to generate
the text file with the imei in it. However the NV Reader/writer has problems. Firstly *#7284# only gives me a choice of "Modem" or "PDA". However *#0808# does give me more options including "RMNET + DM + MODEM". The bigger problem is that the SPC code of 000000 is not accepted, so NV reader/writer can not access anything.
Looking in the /efs filesystem (using "adb shell" and "su" and "busybox find /efs -size +1000k" ) does not find any files larger than 1MB (I believe the nv_data.bin should be at least 2MB) so no original ".nv_data" file, no "nv_data.bin" nor "nv_data.bak". There are smaller files, for example there is a file /efs/imei/mps_code.dat, 3 bytes long containing TMB. The /efs partition is 13716 blocks in size and is only 33% full (4556 blocks in use).
I can use adb to install and uninstall packages, and copy files.
Things which look interesting to me in the output of "getprop" are (with a valid sim card installed)
[DEVICE_PROVISIONED]: [1]
[gsm.operator.alpha]: []
[gsm.sim,state]: [NOT_READY]
[gsm.sim.unknownready]: [1]
So far I have not done anything else. In particular I have not tried using ODIN to download a stock image, nor have I tried removing the files which are in /efs.
I also have not tried creating a 2MB file of NUL characters called /efs/nv_data.bin in the hope that that would at least advance the solution.
I would be pleased to get any good advice on what to do next. Please assume I know my way around a unix command prompt, but this is my first venture into the world of Android.

First thing, don't mess with the efs. It's not relevant to the issue at hand and sounds to be just fine. Most of the NV Data is stored on different partitions. Don't assume its the same as on other devices like many others seem to advise.
Second, download your stock firmware (NC1)(root66 firmware is ok), flash via Odin on your computer, and factory reset (will wipe internal sd). This often fixes these problems without having to touch the NV data.
Something tells me that whoever you took it to may have tried to flash the 4.1.1 modem to use our free unlock method. If so, that will cause the exact same thing you are experiencing now.
If after that it is still not fixed, PM me and I will try to help get your imei restored. We are not allowed to post information, tools, links or further discuss that here, so if it comes to that, I can only help you via PM.
Sent from my SAMSUNG-SGH-I747 using Tapatalk

[Q] Baseband OK, IMEI unknown, efs folder empty

hello everyone,
my device sm-n910a is currently working well with wifi connection, i'm using it in asia, so i need the IMEI to unlock the phone.
But unfortunately my IMEI went null, i don't know what caused it, but since the IMEI is still good, here's what happened :
1. I tried to unlock via *#9090#, i forgot what i've pressed, my phone immediately restarted itself, and it went in bootloop (switched on for about 1-3minutes and the phone restart itself again).
I've realized that the imei and baseband went null (*#06# shows "null")
2. Then i found an article in other forum to fix bootloop problem.
i followed the instructions there without realizing that it's supposed to be supported with a service box (octoplus)
The instructions are :
1. Downgrade to 4.4.4 via Odin. Extract OC4, extract Odin, open Odin, select four files into correct position (BL, AP, CP, CSC) 4.4.4 OC4 Odin 3.09 (Samsung Mobile drivers required)
2. Once on 4.4.4 or below, enable developer options by tapping "build version" several times, enable USB debugging & mock location, and install KingRoot 4.0.0.233 to phone. Caution, newer versions did not work for me.
3. Open "Command Prompt" and type "adb version" should reply with "Android Debug Bridge version x.x.x", if does not, change to the correct directory where adb is installed via "cd" command. Need ADB? Here
4. These next two steps can be a little tricky as the phone often reboots before completed, must work quickly, I suggest copying the long command, then paste when ready.
5. Connect to working WiFi. Turn off your phone, reboot, or wait for it to reboot itself. Soon as phone turns on, open KingRoot, soon as WiFi connected notification appears, touch button in center of KingRoot app, soon as KingRoot reaches 30%, began adb commands.
6. ADB commands: first command "adb shell", second command "su", third command "dd if=/dev/zero of=/dev/block/mmcblk0p10 | dd if=/dev/zero of=/dev/block/mmcblk0p13 | dd if=/dev/zero of=/dev/block/mmcblk0p14 | dd if=/dev/zero of=/dev/block/mmcblk0p15 | dd if=/dev/zero of=/dev/block/mmcblk0p16" phone will reboot or you can reboot and after reboot boot-loop and unknown baseband will be fixed! Can now write new IMEI via "Write Cert" and possibly "Write QCN" if any network troubles, then all good to go!
Click to expand...
Click to collapse
3. After finished all the instructions given, my phone's baseband got fixed, but the imei still unknown (*#06# shows "/01")
4. In the instructions said that it can be fixed by "write cert" from the box.
Unfortunately i can't find any box seller in my country.
And i've brought my phone to Samsung Service Centre, they said that they're going to TRY installing another ROM, and they said that the risk of the process failure is my phone will be dead, and if that happened, i have to bring back to US AT&T to fix the phone (which is very far from my current country).
I didn't want to take the risk, so i currently using my phone only with wifi.
I've checked via Root Explorer and ES Explorer while being rooted, the efs folder is empty.
Unfortunately, i don't have any backups from this phone.
Any solution for this condition?
Thanks before

IMEI
jooo91 said:
hello everyone,
my device sm-n910a is currently working well with wifi connection, i'm using it in asia, so i need the IMEI to unlock the phone.
But unfortunately my IMEI went null, i don't know what caused it, but since the IMEI is still good, here's what happened :
1. I tried to unlock via *#9090#, i forgot what i've pressed, my phone immediately restarted itself, and it went in bootloop (switched on for about 1-3minutes and the phone restart itself again).
I've realized that the imei and baseband went null (*#06# shows "null")
2. Then i found an article in other forum to fix bootloop problem.
i followed the instructions there without realizing that it's supposed to be supported with a service box (octoplus)
The instructions are :
3. After finished all the instructions given, my phone's baseband got fixed, but the imei still unknown (*#06# shows "/01")
4. In the instructions said that it can be fixed by "write cert" from the box.
Unfortunately i can't find any box seller in my country.
And i've brought my phone to Samsung Service Centre, they said that they're going to TRY installing another ROM, and they said that the risk of the process failure is my phone will be dead, and if that happened, i have to bring back to US AT&T to fix the phone (which is very far from my current country).
I didn't want to take the risk, so i currently using my phone only with wifi.
I've checked via Root Explorer and ES Explorer while being rooted, the efs folder is empty.
Unfortunately, i don't have any backups from this phone.
Any solution for this condition?
Thanks before
Click to expand...
Click to collapse
My baseband is ok but my IMEI is "unknown " does this mean there is hope

I had this happen to my note 2 i gave up and it sat for 6 months i bought another device and fogot about it then one day i was bored and decided to try fixing it again. I did fix it by flashing the modem i believe in odin can't remember exactly but when i turned it on everything came back. I deleted a folder i wasn't suppose to google that problem and you should find something ill try and find what i did.

bonebeatz1234 said:
I had this happen to my note 2 i gave up and it sat for 6 months i bought another device and fogot about it then one day i was bored and decided to try fixing it again. I did fix it by flashing the modem i believe in odin can't remember exactly but when i turned it on everything came back. I deleted a folder i wasn't suppose to google that problem and you should find something ill try and find what i did.
Click to expand...
Click to collapse
is it the modem.bin which is extracted from the ROM (tar.md5 file which we put on odin's AP) ?
i've tried it, but no luck :crying:

Problem updating Huawei Mediapad M2-A01LV100R001C100B006 4G SIM Unlocked - NL

Hi,
Goal is to upgrade my M2, I believe it has a modem because it is able to receive SMS, 4G network, etc...
One thing is missing, calling functionality, dialer stuff ... is this hardware or firmware (or driver not installed)?
Can somebody please confirm or know how these things work?
So I want to upgrade because, I just want to be up to date, new android!
No updates are available if I try the official via EMUI Update way... online at Huawei nothing is available either (they refer to EMUI). It says most current version.
But then I read people from other European countries do have updates installed, 'same' model ... WTF?!?
Version / model : M2-A01L / 2GB
* Everything is still factory.
* EMUI : 3.1
* Android : 5.1.1
* Custom version : CUSTC100D002
* Bootloader version : V100R001C00B000_FASTBOOT
* Kernel version : M2-A01LV100R001C100B006_BOOT
* AP : M2-A01LV100R001C100B006_SYSTEM
* CP Version / baseband : 21.600.20.00.010(balong)
* Cust Version : Cversion:C100 DVersion002
So first things first reading different posts and tutorials about updating:
* https://forum.xda-developers.com/mediapad-m2/how-to/guide-official-updates-m2-tablet-root-t3589363
* https://forum.xda-developers.com/me...om-official-manual-updates-m2-tablet-t3595211
Im already stuck at the official steps:
1 - On tablet created folder : InternalStorage/HwOUC placed M2-A01LV100R001C100B007.zip and rename in update.zip
2 - Turn off , Reboot device (not connected to laptop) , should automatically install update above. Nothing happens.
So lets try bootloader maybe I can choose to update from folder or something. Nope, just 3 options, (reboot:wipe cache:factory)
Strange... Im wondering
1 - If they disabled something so updating is not possible at all?
2 - Other possibility in the forum, update.app in dload... people mention the process got stuck on 2%. Can you get back to original, it just fails or do you need to do a factory reset to get a working tablet again?
3 - What steps to take to make sure you can always... yes, always get back to your factory firmware when updating.
4 - Then I was reading about simply download to a full firmware (not an update)
HUAWEI_MediaPad+M2+10.0_M2-A01L_Firmware_Android+5.1.1_EMUI+3.1_V100R001C100B010CUSTC100D001_Germany_Spain_Belgium.zip
Not Netherlands... Im not 100% confident this is the way to go. Last part of the filename D001_German... mine is D002, so, aaargh
I hope you can guide me and help me updating. I dont know much about this, is it really chipset, hardware or just software (compilation) stuff...

jesperrekuh said:
Hi,
Im already stuck at the official steps:
1 - On tablet created folder : InternalStorage/HwOUC placed M2-A01LV100R001C100B007.zip and rename in update.zip
2 - Turn off , Reboot device (not connected to laptop) , should automatically install update above. Nothing happens.
So lets try bootloader maybe I can choose to update from folder or something. Nope, just 3 options, (reboot:wipe cache:factory)
Click to expand...
Click to collapse
Making progress ... step:
0 - Back to factory settings, yes wipe that thing and let's see... then:
1 -
a - Unpacked M2-A01LV100R001C100B007.zip placed in internal storage/dload. Settings > Update > menu > local update. Package found, rebooting, installing, SUCCESS, rebooting again.
b - Open Settings > About Tablet > look at buildnr... A01LV100R001C100B006 didn't change, huh. repeated steps above...
Lets's see what happens if go to OTA-M2-A01LV100R001C100B010.zip, same steps... and after updating process. nothing changed, still the same ... A01LV100R001C100B006 ...
So somehow the manual local update looks into dload folder > changes the boot procedure to update > then looks into a factory prepped setting > updates to its original and no version change.
Edit:
Placed file 007 in internal storage > dload , powered off , then I did :
Vol + UP and Vol - Down and PowerOn buttons, waited until I got the installing EMUI screen.
Nope, nothing changed.

YESSSSS , SUCCESS :good: read!!! (and above)
- Tablet (bought in the Netherlands) - Huawei M2 10" - A01L :
* Custom version : CUSTC100D002
* Bootloader version : V100R001C00B000_FASTBOOT
* Kernel version : M2-A01LV100R001C100B006_BOOT
* AP : M2-A01LV100R001C100B006_SYSTEM
This is what I did :
- Factory reset, tried to update B006 -> B007 -> B010, nothing seemed to be changed although it said success ...
- Not rooted, no TWRP, not Developer or Manufacturer mode... just basic.
Then downloaded rom in this topic :
https://forum.xda-developers.com/mediapad-m2/development/rom-m2-a01l-lte-premium-stock-t3624094
Huawei 10 - M2 A01L - B010 LTE file
- sdcard in tablet (not internal storage)
- create folder dload
- unzip file (above) and place the contents of the extracted file and its subfolder dload into this.
- the folder contained file UPDATE.APP and hw folder. Total size 3.3GB.
- Power down
- Unplug all cables
- Check if you have sufficient power >50%
- VolUp + and VolDown - and PowerOn, wait until EMUI Install screen, takes around 15-20seconds.
- Install starts until finished, 15minutes. Slow progress.
- Looks like it hangs on 99% but wait for success
Et voila, from B006 -> B010 and yes, including dialer... made a phonecall...
Next is rooting...

As I was saying... ROOTING, success again.. what ... a .... day !!!
My Steps :
0. Did above... don't forget
1. Follow these steps and pay 4 credits : Steps to Unlock, Recovery and Root
- Manufacturer mode to get the unlock code, back to hiSuite mode
- Command line tools for windows : ADB and fastboot
- Follow the exact procedure , step 18.
2. Troubles finding the files you need:
- TWRP for Android 5.1.1 More information can be found link here
- SuperSu

Enabling call on M2-801L
jesperrekuh said:
As I was saying... ROOTING, success again.. what ... a .... day !!!
My Steps :
0. Did above... don't forget
1. Follow these steps and pay 4 credits : Steps to Unlock, Recovery and Root
- Manufacturer mode to get the unlock code, back to hiSuite mode
- Command line tools for windows : ADB and fastboot
- Follow the exact procedure , step 18.
2. Troubles finding the files you need:
- TWRP for Android 5.1.1 More information can be found link here
- SuperSu
Click to expand...
Click to collapse
I read your post with interest. I was trying to do exactly the same thing i.e. enable the calling features on my M2-801L.
Eventually got my tablet fully working and your post helped a lot!!
So thanks for posting the info.