Develop Bugs

[HOWTO] Software Unlock; How to unlock Bell Galaxy S Vibrant i9000M

Now that we have enough people with the new version on hand already.
It's time to setup this topic.
The aim obviously is to unlock this the Bell Galaxy S Vibrant i9000M
There are possibly 3 ways to go about this:
1. Software
2. Hardware
3. Pay $75 the carrier and get the unlock code after 60 days of purchase, or until some online unlockers gets the code, which ever first.
4. Pay $35 to rhcp0112345 for the hack unlock method
5. Self Hex Hack unlock method
Past experiences in the PalmOS world leads me to believe it should be possible to be unlocked via software/firmware, so rooting the phone will be the first thing to do
For hardware unlocking we'll be able to confirm once the iSim I've ordered arrives next week more or less
Bell will not provide the unlock code until their "exclusivity" expires which is roughly November, that's when Fido/Rogers will get their own locked version for sure.
So, I'm inviting any Android/Mobiles developers to pitch in with any ideas or if they know more or what to look for, change edit, hack replace, flash, etc.
That's why i bough this device, it'll be a guineapig to possibly find the software unlocking method (flashing a ROM count as software)
Stock Bell firmware:
PDA/Phone: i9000ugjg9
CSC: i9000bmcjg9
WARNING: for anyone reading this DO NOT use the firmwares for the USA Vibrant / Captive, the Bell Vibrant is closer to the i9000 than to the USA variants
- Update 1 -
Adding unlock bounty! it actually started on the SGS Captivate subforum http://forum.xda-developers.com/showthread.php?t=739201
Condition to hit the jackpot, it must be unlocked via software ROM flash, SPL, or something along the line.
Lets all pitch in to make it work for all the SGS phones.
List of members pledge & donation:
AllGamer paid "unlocked" via ismartsim then by SGUX
MKVFTW withdrawn he paid $75 to Bell way to get it unlocked
SS2006 $25 payment pending
decepticon paid unlocked by rhcp0112345
BA_Flash_GOD paid unlocked by rhcp0112345
- Update 2 -
rhcp0112345 found out how to hex hack unlock the phone, it requires a file dump and a $35 fee.
The bounty would still apply for anyone Developer able to release a ease to use software unlock for all XDA member at no charge, but if you can't wait you can go with rhcp0112345 solution or the self hack solution.
- update 3 - [BOUNTY] goes to
rhcp0112345 for finding the hack, and allowing rbnet.it and marcopon to create the SGUX tool for all of us.
Please donate to our XDA members that made it all possible for you.
AllGamer for jump-starting this project and providing the initial bounty, and for his regular contribution in the SGS forum
rhcp0112345 for finding the hack
rbnet.it & marcopon for the SGUX tool
DaGentooBoy for keeping the Unlock Guide updated with the latest changes

Step 1. root your phone
Bell's I9000M is slightly different than the regular I9000
most of the root methods mentioned on other topics will not work.
Even the 3 button recovery mode has been disabled
After some experimentation this is the working method
download the update.zip from this topic (Thanks to jentech)
http://ip208-100-42-21.static.xda-developers.com/showpost.php?p=7536130&postcount=11
then you need to run adb devices to make sure your phone is listed
(ADB is part of Android SDK, download it from the source http://developer.android.com/sdk/index.html )
if you get something like
Code:
adb.exe devices
List of devices attached
900098c722a9 device
(if you run adb.exe devices and comes back with an empty list, then make sure you have set the phone into debugging mode Application > Settings > Development > USB Debugging)
then you are can execute
adb.exe reboot recovery
this will take you to the recovery screen
now if your device works with the Power + Volume Up + Home button, then you can skip that, however in my case the 3 button mode didn't work
select the update.zip with the volume up/down button, then hit home screen, it should say installing in yellow, then you are done, it reboots back to normal, and now you can install Busy Box
Step 2. Self Hex Hack unlock method
Once you are done Rooting the phone
1. Run ADB Devices on your PC
open CMD
change to your Android SDK folder
type ADB devices
hit Enter
it should show your phone listed
if not then check to make sure you have Enabled the USB debugging in Applications < Settings in your phone
2. Once successful with the above step
type ADB Shell
hit Enter
type SU
hit Enter
back on your phone screen you should see a pop up for "Superuser Permission" (try to keep your screen on, the timer automatically turns the screen off, you might miss the pop up message)
"grant it permission" to allow, else you will get a "permission denied"
3. back on the ADB shell
type cd /dev/block
hit Enter
type dd if=/dev/block/bml3 of=/sdcard/bml3.bak
hit Enter
you should get something like
Code:
20480+0 records in
20480+0 records out
10485760 bytes transferred in 0.826 secs (12694624 bytes/sec)
the bml3.bak file should now be at the root of your internal SD card
4. Unplug the USB cable from the phone
Disable the USB debugging in Applications < Settings
5. Plug the USB cable back to the phone
Use either Samsung Kies mode, or Mass Storage mode
6. Copy the bml3.bak file from the internal SD card to your working folder where you have downloaded SGUX2
7. Run CMD
CD (change directory ) to the folder where you have the files
execute/run sgux2.exe bml3.bak (assuming both files are in the same folder)
then you should get something like this
Code:
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <bml3.bak>...
Searching code block...
Found.
Searching codes...
Freeze code : 98765432
Network Control Key: 12345678
8. power off your phone
9. power the phone back on
10. now enter the NCK (Network Control Key) code you found on step 2 part 7
It should say "Requesting network unlock"
followed by "Network unlock successful"
Done, enjoy your phone with your favorite network.
*** Alternative Unlock Methods ***
Hardware unlock method
Get an imartsim from ebay or deal extreme
Software unlock method
easier than ever please see guide for details
http://forum.xda-developers.com/showthread.php?t=761045
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Bell unlock method
Call Bell convince them to unlock you, and Pay $75
Paid Hack unlock method
rhcp0112345 said:
Guys.
If you cannot wait. I found an easier way for me to get the codes for you. And the file is 10MB. and if you zip prob smaller as hell.
Code:
adb shell
cd /dev/block
# dd if=/dev/block/bml3 of=/sdcard/bml3.bak
copy to computer / upload
Send me $35 USD to [email protected]
Click to expand...
Click to collapse
original topic link http://forum.xda-developers.com/showpost.php?p=7772955&postcount=588

Well first thing is have you tried flashing a different MODEM file onto the phone using Odin?

I tired flashing Asian EU version of radio but no luck.
I believe simlock is something totally different,
I ended up using a sim adapter that was lying around for last 2 years.
Put the sim adapter along with my fido sim
settings, APN typein APN setting (internet.fido.ca)
3G is now active,
I can make calls and recieve calls.
EDIT:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://www.dealextreme.com/
you can order any sim adapter, they all do the same thing.
+++++++++++++++++++++++++++++++
When you FLASH to JP3
don't flash the RADIO, (just flash PDA with 512)
I find RADIO FW on Stock BELL ROM works better than the one included in the JP3.
=======================================================================
BTW you don't have Vibrant,
you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
=======================================================================
Another weird thing I noticed,
the "download mode" for Odin (press vol down home pwr)
works on one of the phones only.
for the other phone, I had to plug in debugging mode and use "ADB reboot in recovery command.
======================================================================
I ended up exchanging my 2nd galaxy S, If you can't put your phone into ""download mode"
there's something wrong with your phone.
as far as the unlock sim goes, yes it's like a turbo sim, any adapter will do.
but the problem I noticed, 3G works great, I can make outgoing calls, BUT 1 out of 2 times, incoming call goes directly to my voicemail.
it's probably because of my sim not seen as fido sim on the network.
neways, I am going to try.
http://unlockgenie.com/ for factory unlock code.
they have the lowest price for bell unlock so far 26$
====================================================
I assembled one click solution for ADB , no need for command line,
double click the bat file while connected in DEBUG mode.
it's for those people who are having trouble getting into the download mode by pressing keys.
http://www.megaupload.com/?d=3H9UZNI4

you can also unlock it using SAMSUNG factory code.
you can get one code for around 25~30$ US
seeing that EU version of the froyo rom JP3
works fine with i9000m 3G
I'm guessing I am on NAM network. (despite the radio rom being EU version)

Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.

Benjamin Dobell said:
Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.
Click to expand...
Click to collapse
that's my plan, in the worse case scenario then we can de-brick and reload the original firmware that came with Bell
i'll be trying more stuff later today, still at work

Im looking into getting this phone as well... problem im not sure if the deving for the tmobile vibrant will transfer directly over to the bell galaxy s...
Anyone try rooting the bell one with the root out for that phone??
Edit: Nvm just saw that the root is for the i9000 :|
But still would the root for the tmobile version work on this and vice versa?

Subscribed. Going to follow this thread til DEATH. Now i need solution to buy one. Someone please find a vendor that ships to US.

leegoon84 said:
you can also unlock it using SAMSUNG factory code.
you can get one code for around 25~30$ US
seeing that EU version of the froyo rom JP3
works fine with i9000m 3G
I'm guessing I am on NAM network. (despite the radio rom being EU version)
Click to expand...
Click to collapse
Which site can I pay & sim unlock it please?

Yea same, subscribed.
Im on the same boat as some of u : Want to trade up my magic for bell i9000
But first i must wait for unlock. Root is already done. Then for a vibrant cm6 to be out and see if someone can flash and see how well it works out. Considering its identical hardware except for a few soft buttons + front facing camera, i wouldn't be surprised if its the same deal as with g1 / 32a magic.

leegoon84 said:
BTW you don't have Vibrant,
you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
Click to expand...
Click to collapse
True for anyone reading this DO NOT use the firmwares for the USA Vibrant / Captive, the Bell Vibrant is closer to the i9000 than to the USA variants

AllGamer said:
Now that we have enough people with the new version on hand already.
It's time to setup this topic.
The aim obviously is to unlock this the Bell Galaxy S Vibrant i9000M
There are possibly 3 ways to go about this:
1. Software
2. Hardware
3. Pay $75 the carrier and get the unlock code after 60 days of purchase, or until some online unlockers gets the code, which ever first.
Past experiences in the PalmOS world leads me to believe it should be possible to be unlocked via software/firmware, so rooting the phone will be the first thing to do
For hardware unlocking we'll be able to confirm once the iSim I've ordered arrives next week more or less
Bell will not provide the unlock code until their "exclusivity" expires which is roughly November, that's when Fido/Rogers will get their own locked version for sure.
So, I'm inviting any Android/Mobiles developers to pitch in with any ideas or if they know more or what to look for, change edit, hack replace, flash, etc.
That's why i bough this device, it'll be a guineapig to possibly find the software unlocking method (flashing a ROM count as software)
Stock Bell firmware:
PDA/Phone: i9000ugjg9
CSC: i9000bmcjg9
Click to expand...
Click to collapse
Guys,
I just called "Bell" again & I was transfered to a "level 2" technical support informing me that these are the conditions to sim unlock it:
1- Have to be on an Active account even a prepaid is ok.
2- Have to be after 30 days of activating the account.
3- Unlocking will be instant right on the phone for $75.
Seems like we can't do it that way, anyone knows a paid way of sim unlocking it rightaway from any site?

Has anyone managed to root the phone yet? If yes, can you point to where? I've tried a few to no avail. Thanks.

I'm looking for the modem.bin from the Bell Vibrant. If anyone has it could they please send me a PM.

Yay
Hah glad to see it, and glad there will be quick dev on this device. I'm with the other USA folks in here like stated before, we just need to wait a bit to see it around online or know one of our fine neighbors to the north to hook a bro up hah. Thanks guys will be checking this out.
** at least it's not so bad having to wait for us US folk then if it's currently unlockable. Heck i'll thrown down a couple bucks to whomever pulls it off as well

leegoon84 said:
I tired flashing Asian EU version of radio but no luck.
I believe simlock is something totally different,
I ended up using a sim adapter that was lying around for last 2 years.
Put the sim adapter along with my fido sim
settings, APN typein APN setting (internet.fido.ca)
3G is now active,
I can make calls and recieve calls.
EDIT:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://www.dealextreme.com/
you can order any sim adapter, they all do the same thing.
+++++++++++++++++++++++++++++++
When you FLASH to JP3
don't flash the RADIO, (just flash PDA with 512)
I find RADIO FW on Stock BELL ROM works better than the one included in the JP3.
=======================================================================
BTW you don't have Vibrant,
you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
=======================================================================
Another weird thing I noticed,
the "download mode" for Odin (press vol down home pwr)
works on one of the phones only.
for the other phone, I had to plug in debugging mode and use "ADB reboot in recovery command.
Click to expand...
Click to collapse
what adapter are you using? kind of turbo sim? what is called to use it while waiting for unlock code?
i have old iphone turbo sim, i have no clue if this can be used , as i tried it still no network

I'll donate 20$ to any dev who cracks this
im anxously awaiting a solution my galaxy is just sitting on the table right now collecting dust

Guys, just get a code from unlockallcellular.com. I got my European I9000 unlock code from there.
Sent from my GT-I9000 using XDA App

post removed

[n00b Guide] Your USA T-Mobile Defy: Rooting, Roms, and fixing 3G

Disclaimer: I make no warranties expressed or implied. This information is provided for research and educational purposes only. By reading this post, you agree not to hold me, my estate, my heirs, or my dog responsible for anything ever and waive all of your rights to legal action against said parties forever in perpetuity. Amen.
Note: this guide covers Android 2.1 (Eclair). Various builds of Android 2.2 (Froyo) are available in the forum. You should NOT use my guide if you are installing a build of Android 2.2 (Froyo). Currently I am running the Jboogie Froyo Rom, Orange DeBlur v4, which is great and (in my opinion) the best Froyo Rom out there for USA T-Mobile. Froyo is not much faster than Eclair in terms of benchmarks, but the apps are better, especially if you need the Android email app for connecting to an exchange server.
Now, on to the guide:
Goal: starting with a fresh-out-of-the-box Defy from T-Mobile USA, root the phone, install a non-US (or other) Rom, and recover your 3G capabilities.
Why: non-US Roms have much less bloatware from T-mo and Motorola, and allow you to install JIT/Deodex if you want
0) Oh noes! You've got to sign up for a Motoblur account just to use your phone! Create a throwaway email address at any of the webmail providers (gmail, yahoo etc.) and then go through the motions on the phone to set it up and get to the main home screen. Editorial note: wtf!!!
1) Get root access to your phone. Following Sorensiim's excellent guide, download the Z4Root app, which allows you to root (and unroot) your Defy. (thanks to Sorensiim for hosting!)
>> n00b notes:
First, go to Settings -> Applications and check "Unknown Sources" so you can run the Z4Root app.
Also go to Settings -> Applications -> Development and check "USB Debugging" so you can connect to your phone from your computer later.
Then open your phone's browser, navigate to this page, and download the app directly to your phone.
Install the app from your "Downloads" folder (accessible inside your Browser)
Run the Z4Root app on your phone, hit the "root" button and wait for it to work its magic.
This is what you will see if you run Z4Root after you reboot from rooting:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2) Install recovery so that you can make a backup of your operating system to your SD card before you do anything else - that way you can go back to the stock T-mobile OS if you need to.
Following Sorensiim's excellent guide, and many thanks to tenfar who put it together for us, just go here to download the Recovery App. (thanks to Sorensiim for hosting!)
>> n00b notes:
Just like before, visit this page on your phone's browser. Click the link to download the recover app, and once it's done, install it.
Allow the app to have root access, and check the box to always allow.
Once you are in the System Recovery program, click "Install Recovery System"; it will let you know when it's successfully installed (see image below):
3) Make a backup by opening the System Recovery app, and then press the "Recovery Boot" button. Back it up! Once again, details here, big thanks to tenfar!
>> n00b notes:
Once you have booted into recovery, you'll see the black/green screen shown below.
Use the volume buttons to navigate the menu and the power button to select an option.
Go to "Backup and Restore", and then "Backup".
If you need to restore later, just do the same thing except hit "Restore" and then select the one you want.
4) Flash a different ROM! Now here's where it get's a little more tricky. First, you'll want to follow Higgsy's Debranding Guide closely. I won't repeat his excellent guide, but here are my comments on the steps in the guide:
>> n00b notes:
Technically this step is optional - you can still weed out the bloatware and overclock while keeping your stock USA ROM. However, you will miss out on being able to install JIT/Deodex and having other features of non-USA roms, such as tethering.
Step 1: I used the consumer drivers package - Motorola 4.8.0 Driver with MotoConnect - since I am using 64 bit Windows 7. You can also use the developer drivers that Higgsy links to in his guide (available here).
Step 2: I used the JRDNEM_U3_2.34.1 firmware from central Europe, since you don't have to deal with Motoblur that way. You don't have to use this Rom of course, there are a bunch of different options, but I wanted to stick with a "real" Rom from Motorola as a starting point. Note that a firmware version is not the same as an Android version - i.e. v2.34.1 is NOT android 2.3, it is still anroid 2.1. Confusing, I know. Other Rom options include custom Roms that people put together and list in the XDA Developers forum. If you want to use one of those, you would follow their instructions for installing that particular custom Rom.
Step 3: In case the RSD Lite download link in the guide doesn't work, you can also get it from Megaupload the password for the site and the rar file is 'alabama'.
Step 7: Before booting the phone into the bootloader, you may want to clear out your data manually (aka "wipe your phone"). Go back into the System Recovery app, go to "Recovery Boot", and then when you're back on the black screen, select "Wipe DATA/Factory reset", "Wipe CACHE Partition" and then also go to "Advanced" and then select "Wipe Dalvik Cache". Then hold down the power button to turn off your phone. You won't be able to boot your phone after this, except by holding down the volume up + power on buttons together to get into the bootloader, so I would make 100% sure you have the drivers and RSD Lite installed and working!
Step 8: I would recommend waiting until it says "PASS" on the right side of the RSD Lite window before closing the program (this is after the "PLEASE START PHONE MANUALLY" phase is completed).
You should now have a working phone, with EDGE connectivity (little "E" in your status bar at the top) but no 3G or H icons. What, no 3G? We'll fix that next.
5) Re-root your phone and reinstall System Recovery following steps 1 and 2 above.
6) Install JIT/Deodexed: Optional step if you flashed either the 2.21 or 2.34 ROM. If you want to make your phone a bit faster, this is for you. Higgsy's guide is here if you want to do this!
>> n00b notes:
Update: on my third time flashing the phone, I was able to get JIT/Deodexed working fine. I think my failure the first time may have been due to my old SIM card, which I replaced because I was having problems reading the card and sending text messages (couldn't update the SMSC number).
Originally, I couldn't get the JIT/Deodexed package to work on my USA phone after installing the 2.34.1 firmware (too many 'untoward things happening' like Higgsy warned about), so I just skipped it the second time I flashed the 2.34.1 firmware.
The process of installing the packages is super easy, although you may want to make a backup before you start just in case. You can never have too many backups, because you can always transfer them to your computer if your SD card gets full. They are stored on your SD card under /goapkrev/backup/
The performance improvements are substantial - see graphs below.
Obviously you must get the package that matches the version of the ROM you installed. If you didn't flash a new ROM and still have the stock USA one, you are out of luck.
7) Make another backup! Now you want to backup your freshly-installed (and possibly JIT/Deodexed) Non-US Rom. Your first backup was the USA T-mobile Rom. You'll want to make this backup in case you eff something up in one of the next couple steps and want to go back to a fresh Non-US install and try-again.
Following the instructions in Step 3 above, load the System Recovery app, Recovery Reboot, and make a backup. Then reboot your phone!
8) Install ADB and/or Android SDK on your computer - there is a great guide on the Cyanogen Mod Wiki here. Just go slow, and follow the instructions. Once you can do "adb devices" and see your phone, you're good to proceed onward.
>> n00b notes:
To open a Command Prompt in Windows, go to "start" -> "run" and type "cmd" in the box or just go to "start" -> "all programs" -> "accessories" -> "command prompt").
Note that if you have 64-bit windows, you'll still need to install the regular 32-bit Java Development Kit (JDK), not the 64-bit version.
When you're editing your "path" environment variables in windows, note that you can't have spaces before or after semicolons. This is what my full path looks like (and iTunes works now - it didn't when I accidentally left a space after QTSystem\;
Code:
C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;[B]%SystemRoot%;C:\Program Files (x86)\Android\android-sdk-windows\platform-tools;C:\Program Files (x86)\Android\android-sdk-windows\tools[/B]
9) Fix 3G
*** NOTE: This step only applies to USA phones. If you're not in the USA, your 3G probably works fine.
Download HandlerExploit's 3G fix from the 2.21 UK ROM or my 3G fix from the 6.19 US ROM. Thanks to HandlerExploit for figuring this out for us.
>> n00b notes:
There's not much difference between the two 3G fixes, except that each one will display different info in the "About Phone" section (either v2.21 or v6.19). For example, if you use my fix, "About Phone" will tell you that you have "Build number: JORDN_U3_6.19.0" installed - this is a side affect of the patch. For HandlerExploit's fix, "About Phone" will report v.2.21 GB
You may want to write down what Rom you actually installed if you think you might forget (for example, my phone actually has "JRDNEM_U3_2.34.1" even though it reports 6.19.0 in "About Phone")
If you downloaded HandlerExploit's 3gFix, you can choose to follow his instructions or the ones below, which are basically the same as what is in his, except you enter the commands line-by-line instead of running them through a script. I prefer line by line because I like to know what I'm doing. Both methods should work fine.
If you are unfamiliar with basic command prompt commands (cd dir ls etc.) please see my reply later in this thread
Once you download the zip file, extract it somewhere, like your desktop.
Alright, time to get some ADB skills. Plug your phone in via USB and open a command prompt. First we connect to the phone by typing this, each command followed by the "Enter" key:
Code:
adb shell
Then you want to run some commands as a super user so type:
Code:
su
Quick! Look at your phone, and tell it to always allow superuser access. You only have to do this once.
You should have a "#" command prompt now (instead of a "$" like before) indicating that you are working as a superuser (#=superuser). Now some more commands to enter. (n00b tip: you can copy and paste each line into the command prompt by copying the line from this guide and right clicking "paste" on the command prompt window)
Code:
mount -o remount,rw -t ext3 /dev/block/mmsblk1p21 /system
chmod 0777 /system/etc/motorola/bp_nvm_default
chmod 0777 /system/etc/motorola
chmod 0777 /system/etc
chmod 0777 /system/app
chmod 0777 /system/lib
chmod 0777 /system/lib/modules
chmod 0777 /system
exit
exit
So now we have set CHMOD Permissions for some folders on your phone, and then quit the adb shell. Now we've got to push some files to the phone:
Navigate to the folder where you extracted the files from the 3g fix you downloaded above, for example, type:
Code:
cd c:\users\administrator\desktop\3gfix\
then enter:
Code:
adb push system /system
This will copy all the files in the subfolder "system" to your phone's "/system" folder, overwriting them (which is why we made a backup earlier). Then enter:
Code:
adb reboot
to reboot your phone. You should have 3G connectivity now - note that it may take up to a minute or so for it to appear the first time, and you may not see the icon at all if you have WiFi enabled (so disable it in your settings to test it out).
If it still doesn't work, try going to "Settings" -> "Wireless & Networks" -> "Mobile Networks" -> "Access Point Names" -> (settings button of four squares) -> "Reset to default". Also make sure the APN name is highlighted with a green dot. You may also have to go to "Settings" -> "Wireless & Networks" -> "Mobile Networks" -> "Operator Selection" -> "Select Automatically"
This is what the 3G icon looks like of course:
10) The phone is yours. You can:
Install some apps: Titanium Backup & Launcher Pro for example.
Weed out the bloatware, overclock, and scale: see Sorensiim's awesome guide here. I highly recommend doing this, just bumping up to 1000mhz overclock makes the phone's performance much more snappy. If you overclock, you should definitely use Sorensiim's scaling method and his scaling files -- it makes a very noticeable improvement in battery life.
Benchmark your phone: with Quadrant Standard Edition, available in the app market
Play Angry Birds all day: :-D
Here is my phone benchmarked, with no overclocking, no bloatware removal, no JIT/Deodex packages, just the stock JRDNEM_U3_2.34.1 firmware (note that the phone with the US Rom straight out of the box benchmarks a little higher at 987. I'm not sure why this is.):
Here it is after overclocking to 1000mhz and my own customized bloat removal (not as much as most people, i use some of the default apps), also still no JIT/Deodex. Obviously you can get it to go faster if you want to overclock more, install JIT/Deodex, and remove more bloat:
Edit: These are the apps I disabled for the second benchmark (renaming them using Sorensiim's guide )
AdService.apk
ArcPhotoworkshop.apk
ArcVideoEditorLite.apk
esmusica_2_0_0012_embed_Signed_2010-04-13_11-05-17.apk
FBAndroid-1.3.2.apk
Fota.apk
hiphopofficial_2_0_0012_embed_Signed_2010-04-13_11-08-31.apk
Kindle-1.0.2-OEM-SingleSign.apk
LiveWallpapers.apk
LiveWallpapersPicker.apk
MagicSmokeWallpapers.apk
MySpace.apk
Protips.apk
Quickoffice_BasicViewer_2.0.52.apk
revolver_2_0_0012_embed_Signed_2010-04-13_11-07-08.apk
truecountry_2_0_0012_embed_Signed_2010-04-13_11-06-12.apk
WeatherWidget.apk
Here is what I got to after JIT/Deodexed was installed on 2.34 - same apps removed, same overclock at 1000mhz. Removing VisualizationWallpapers.apk and YouTube.apk got me to 1308.

Wow, great guide! I might try this later.. I do have a question though, if we've already set up our phones on a stock rom, can Titanum Backup or the recovery backup our apps and settings and then restore them to our new deblured ROM?
Sent from my MB525 using XDA App

Passa91 said:
Wow, great guide! I might try this later.. I do have a question though, if we've already set up our phones on a stock rom, can Titanum Backup or the recovery backup our apps and settings and then restore them to our new deblured ROM?
Click to expand...
Click to collapse
Yes, you would do that with Titanium Backup. System Recovery is for making entire images. It's easier to replace things piece-by-piece with Titanium Backup.

Thanks for this...along with handler's tips on SA I got it working.

Although I´m not an US user (hence got working 3G) I´m still on the 2.34.1 ROM, and I still use som of the default apps.
Just wondering though: which ones did you remove? I´m not going to get into ADB, but I was thinking of removing some of ´em with TB.
Slightly OT - can you safely remove Swype? There´s no swedish language support for that, and I´ve gotten used to TouchPal anyway...

heglen said:
Although I´m not an US user (hence got working 3G) I´m still on the 2.34.1 ROM, and I still use som of the default apps.
Just wondering though: which ones did you remove? I´m not going to get into ADB, but I was thinking of removing some of ´em with TB.
Slightly OT - can you safely remove Swype? There´s no swedish language support for that, and I´ve gotten used to TouchPal anyway...
Click to expand...
Click to collapse
Sure you can remove Swype, theres still the standard android keyboard installed as well. Check out scandinavian keyboard from the market too

I had a big problem in step #8, installing ADB. No matter what I tried, the command "adb devices" would not work. But I was able to solve it by following this:
http://theunlockr.com/2009/10/06/how-to-set-up-adb-usb-drivers-for-android-devices/
You have to download the ADB files from
http://www.megaupload.com/?d=RTEY0Q97
and put them into your
Android\android-sdk-windows\tools
directory. Word is, they were taken out by Google for whatever reason in the R08 version, and must be restored in order for ADB to work.
After I extracted the files into the Tools folder, and used the 'adb devices' command, it worked like a charm!

Quick noob question.
If I install a custom ROM on my Defy following this guide and then restore the T-mo US 3G connectivity - will I be able to use the "Web2 go" unlimited plan without being detected and blocked by T-mo? Currently as I have the stock firmware/ROM it does not let me connect to neither 3G nor Edge. I've tried my SIM with Nokia N900 and 3G works fine, since the T-mo network doesn't recognize it as a smart phone. Please let me know if de-bluring/debranding my Defy will solve this problem for me.
Thanks in advance.

nvvass said:
If I install a custom ROM on my Defy following this guide and then restore the T-mo US 3G connectivity - will I be able to use the "Web2 go" unlimited plan without being detected and blocked by T-mo?
Click to expand...
Click to collapse
Why did you buy an android smartphone if you don't have a plan for it? Can't help ya.

rob-t said:
Why did you buy an android smartphone if you don't have a plan for it? Can't help ya.
Click to expand...
Click to collapse
I do have a plan. Many friends' Nexuses work fine with the same plan. I know a guy with a Nokia N900 and it works in 3G even with his grandfathered T-zone for $4.99. Why pay more? You didn't answer my question though - can you give a specific answer? As in "will work" or "won't work".
Thanks.

nvvass said:
You didn't answer my question though - can you give a specific answer? As in "will work" or "won't work".
Click to expand...
Click to collapse
Seeing as how I never had even heard of web2go before your post, I really have no idea. I'm not entirely sure I know what T-zone and web2go even /are/.
If you follow the instructions above and you still can't use your web2go thing, you can always roll back to your first backup and then use Z4root to unroot your phone, effectively returning it to 'stock' condition.

Wifi Calling?
Great tutorial for us noobs! Thanks! How does this affect wifi calling?

rob-t said:
Seeing as how I never had even heard of web2go before your post, I really have no idea. I'm not entirely sure I know what T-zone and web2go even /are/.
If you follow the instructions above and you still can't use your web2go thing, you can always roll back to your first backup and then use Z4root to unroot your phone, effectively returning it to 'stock' condition.
Click to expand...
Click to collapse
I'm sorry I assumed you're familiar with T-mo US, but thanks for responding anyway. Basically, web2go is an unlimited data plan for $10, that T-mo used to provide for "dumb" phones. T-zones was it's previous version (before 3G times) priced at $4.99 and was offered for all phones other than BBs. I remember getting a Dash (T-mo branded HTC Excalibur), witch was one of the first phones T-mo started to call "smart", and was able to get full Inet access with my T-zones just by tweaking some APN settings on the phone. In fact I (and many others) was able to get that without any data plan for awhile, before T-mo caught up with it and started blocking it. Of course it was too slow for browsing (EDGE/GPRS), but you could get your e-mails pretty easily and search stuff when in a pinch. Speaking of that - anybody remember when texting was free? Anywho, at some point in time T-mo started blocking smart phones from accessing data services on a "dumb" data plan - apparently by adding a piece of code to the FW of all T-mo branded phones, that allows their network to recognize the phone as "smart" and then block access if a "dumb" plan is used. Now, if you use a non-T-mo branded phone (even the same model that has a T-mo version) the network is not able to figure the type of phone and lets you access regardless of data plan. So, I hope this long explanation helps you understand where I was coming from with my original question. Obviously, when you flash the Defy with a non-T-mo ROM you get rid of the piece of code that makes the phone identifiable, but then when you copy part of the original ROM to restore 3G functionality, does that part contain the ID code also, I was wondering. At any rate, if you're not familiar/don't use T-mo you wouldn't know, I understand, I guess I'll have to go through the steps and figure it out for myself. Thanks anyway.

bcrawf68 said:
Great tutorial for us noobs! Thanks! How does this affect wifi calling?
Click to expand...
Click to collapse
WiFi calling seems to work fine for me.
nvvass said:
Now, if you use a non-T-mo branded phone (even the same model that has a T-mo version) the network is not able to figure the type of phone and lets you access regardless of data plan.
Click to expand...
Click to collapse
Ah OK thanks for the explanation. I currently use T-mobile but I don't really know much about their offerings. I would try the 2.21 or 2.34 firmware and then apply the UK 3G fix made by HandlerExploit, instead of the USA 3G fix I made from the US firmware.
Only one way to really find out though...

Excellent!
Steps 1-8 of your guide are also very helpful for non-US Defy users!
3G fixing, however, is probably not required on European Defys and I would not recommend following steps 9 et seq for those devices. Please correct me if I'm wrong here.

cloogshizer said:
3G fixing, however, is probably not required on European Defys and I would not recommend following steps 9 et seq for those devices. Please correct me if I'm wrong here.
Click to expand...
Click to collapse
Thanks, yes, I updated the guide accordingly. 3G fixing should only be necessary in the USA.

nvvass said:
I'm sorry I assumed you're familiar with T-mo US, but thanks for responding anyway. Basically, web2go is an unlimited data plan for $10, that T-mo used to provide for "dumb" phones. T-zones was it's previous version (before 3G times) priced at $4.99 and was offered for all phones other than BBs. I remember getting a Dash (T-mo branded HTC Excalibur), witch was one of the first phones T-mo started to call "smart", and was able to get full Inet access with my T-zones just by tweaking some APN settings on the phone. In fact I (and many others) was able to get that without any data plan for awhile, before T-mo caught up with it and started blocking it. Of course it was too slow for browsing (EDGE/GPRS), but you could get your e-mails pretty easily and search stuff when in a pinch. Speaking of that - anybody remember when texting was free? Anywho, at some point in time T-mo started blocking smart phones from accessing data services on a "dumb" data plan - apparently by adding a piece of code to the FW of all T-mo branded phones, that allows their network to recognize the phone as "smart" and then block access if a "dumb" plan is used. Now, if you use a non-T-mo branded phone (even the same model that has a T-mo version) the network is not able to figure the type of phone and lets you access regardless of data plan. So, I hope this long explanation helps you understand where I was coming from with my original question. Obviously, when you flash the Defy with a non-T-mo ROM you get rid of the piece of code that makes the phone identifiable, but then when you copy part of the original ROM to restore 3G functionality, does that part contain the ID code also, I was wondering. At any rate, if you're not familiar/don't use T-mo you wouldn't know, I understand, I guess I'll have to go through the steps and figure it out for myself. Thanks anyway.
Click to expand...
Click to collapse
cloogshizer said:
Steps 1-8 of your guide are also very helpful for non-US Defy users!
3G fixing, however, is probably not required on European Defys and I would not recommend following steps 9 et seq for those devices. Please correct me if I'm wrong here.
Click to expand...
Click to collapse
first of all.. thank's for the great tutorial man..!!
second of all, I got this T-mobile defy from my uncle and I used it in Indonesia.. It's true what nvvass said, that the T-mo firmware constantly tries to connect with the "smart phone" data plan.. which caused me to unable to connect to my local provider data connection.. after I flashed the defy with the central-europe de-blur firmware, Voila..!! I got 3G connection directly..!! without any settings at all..
hope this helps for anyone using US T-mobile defy outsite of US.. cheers mate..

if i have no reception (the signal bars have a red circle with a line through it on top) will this kind of 3g fix but relevant to australia fix the issue?

Jt612 said:
if i have no reception (the signal bars have a red circle with a line through it on top) will this kind of 3g fix but relevant to australia fix the issue?
Click to expand...
Click to collapse
where did you get the phone from? if it from US and still locked with T-mobile, than it would refuse to connect with local provider.. you need unlock code..

i bought it in australia its an australian phone... works fine when i restore my backup of australian software but i would like to use the 2.34.1

How to get into Qualcomm diagnostic mode?

Hello there.
I have been having the 'stupidly set baseband to USA and unable to change back' issue with my Nexus 5x, using a European version. I live in Croatia, so as you would imagine this has meant a complete loss of signal/mobile operator/3g etc.
As per my other thread in Nexus 5x help and troubleshooting,
http://forum.xda-developers.com/nexus-5x/help/usa-baseband-set-european-model-t3252879
I have exhausted other options and have come to the realisation that as per other users issues with other phones that the use of QPST tools and using a clean QCN file to inject into my phone is the only course of action left. However, I have no knowledge of such things (not to say that I am unable to inform myself).
I emailed a developer with regards to users issues with Nexus 5 phones (not 5x), and he said that I need to enter this mode on my phone.
Could anyone help me out with this, and in general with this issue? As some have tried to help but unfortunately my thread has more of my own replies than other users. (In elaborating on steps taken to resolve my misery).
I am not looking for a 'one button fix', I have educated myself far and beyond with regards to this issue, I just need some more expert help so that I can sort this out myself.
Please, anyone?
Marko

Thank God.
I can actually get a new phone. Help not needed in the end.
Thanks anyway.
Marko

was.once.dead said:
Thank God.
I can actually get a new phone. Help not needed in the end.
Thanks anyway.
Marko
Click to expand...
Click to collapse
glad you got your probelm fixed dont know if this will help you or others but if you press *#*#4636#*#* your phone will enter a radio diagnostics tool where you can set your preferred network type and also select your radio baseband by using the 3 dots at the top. For my 5X i can select USA BAnd or Band mode 6, Band mode 7.
sorry if this is OT and not related to your issue.

Thank you for your input. However my phone does not have those options. Only USA band, which led to this week long stress for me. Im going to be able to get a replacement device in the end, so im happy about that, but this issue is unfortunately somewhat of a one way street wherin the usual simple solutions or even more complex adb, fastboot, etc etc things do not bring about any resolutions.
Again, thanks for trying to help but its a phone to phone kind of thing.
Marko

Best advice I can give. Don't mess with the basebands

zelendel said:
Best advice I can give. Don't mess with the basebands
Click to expand...
Click to collapse
Best advice ever...
But.... If you are really hot on getting the 5x into diagnostic mode to run QPST, QXDM, etc., do this. (I did this on my 5x to obtain the QCN file to check out the NV and EFS items, grab QXDM logs, etc.)
1. Use Heisenberg's most excellent step-by-step tutorial on unlocking the boot loader, rooting the phone, and installing super user apk.
2. Once rooted, connect the phone to a PC and open up adb, then issue the adb shell command.
3. Once in adb shell, type: su -c 'setprop sys.usb.config diag,adb'
4. At this point, you should see a pop up on the phone to authorize super user access. Click to allow access.
5. Now you will probably have to load a driver on the computer for diag access. I got lucky (since I have a mess of drivers on my computer) and the driver loaded automatically. As I recall, my computer selected qcusbser.sys. Seems to be a pretty generic QCOM driver vs. an LG specific driver.
6. You now have diag access. You will have to run steps 2 - 3 after each phone reboot. In other words, these steps aren't "sticky" between reboots.
7. ????
8. Profit
I did this and it worked for me.

clivemckracken said:
Best advice ever...
But.... If you are really hot on getting the 5x into diagnostic mode to run QPST, QXDM, etc., do this. (I did this on my 5x to obtain the QCN file to check out the NV and EFS items, grab QXDM logs, etc.)
1. Use Heisenberg's most excellent step-by-step tutorial on unlocking the boot loader, rooting the phone, and installing super user apk.
2. Once rooted, connect the phone to a PC and open up adb, then issue the adb shell command.
3. Once in adb shell, type: su -c 'setprop sys.usb.config diag,adb'
4. At this point, you should see a pop up on the phone to authorize super user access. Click to allow access.
5. Now you will probably have to load a driver on the computer for diag access. I got lucky (since I have a mess of drivers on my computer) and the driver loaded automatically. As I recall, my computer selected qcusbser.sys. Seems to be a pretty generic QCOM driver vs. an LG specific driver.
6. You now have diag access. You will have to run steps 2 - 3 after each phone reboot. In other words, these steps aren't "sticky" between reboots.
7. ????
8. Profit
I did this and it worked for me.
Click to expand...
Click to collapse
Please give me the global version of rfnv files:good:

Please give me the global version of rfnv files
Sorry, bro. I only have the values from my US version.

Pixel XL - USB diag mode

Has anyone already found out how to access or enable the USB diag mode for connecting to QXDM?
Thanks!

just curious, for what reason?

noidea24 said:
just curious, for what reason?
Click to expand...
Click to collapse
Well, I work as an engineer in the IMS core environment

noidea24 said:
just curious, for what reason?
Click to expand...
Click to collapse
I would like diag mode to use the DFS Tool to enable/disable LTE bands.

hate to bump an old thread, but did anyone ever figure this out?

Madscotsman said:
hate to bump an old thread, but did anyone ever figure this out?
Click to expand...
Click to collapse
I think maybe google disabled this,I also want this

For Generic HTC devices,such command with root shell may could open the DIAG PORYT
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/func_en
But Google AOSP HTC devices....................
Someone has already solved this Problem but due to the negative attitude of the USERs of PIXEL,so.....................

Looking for the answer to this as well. It's needed for DFS and QPST (QXDM).
Every phone has some particular way to do this and so far I haven't found it on this phone. The Nexus 6 was super easy and I was hoping this one would be too. (On the Nexus 6 all you had to do was select BP Tools from the boot menu. Then it booted like normal but with the diag port enabled. Other phones you have to write to or create a particular file, or there's a dialer code but the usual tricks aren't working here.)

KlokWerk said:
Looking for the answer to this as well. It's needed for DFS and QPST (QXDM).
Every phone has some particular way to do this and so far I haven't found it on this phone. The Nexus 6 was super easy and I was hoping this one would be too. (On the Nexus 6 all you had to do was select BP Tools from the boot menu. Then it booted like normal but with the diag port enabled. Other phones you have to write to or create a particular file, or there's a dialer code but the usual tricks aren't working here.)
Click to expand...
Click to collapse
Have you tried using these commands with terminal emulator?
su
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/on

xdadevnube said:
Have you tried using these commands with terminal emulator?
su
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/on
Click to expand...
Click to collapse
Oh crud, I just noticed I was replying to a Pixel XL thread rather than a Pixel thread. You'd think they'd be similar.... does your method work on the Pixel XL, though? If you've tried that and say it works I may actually switch, if I can't figure out how to connect this Pixel.
When I try this on the Pixel (sku G2PW4100 running 7.1.1) I just get "Permission denied", even as superuser, even after changing the f_diag folder permissions to allow writes.
You're getting it to work on the G2PW2100, I guess? 7.1.1?

KlokWerk said:
Oh crud, I just noticed I was replying to a Pixel XL thread rather than a Pixel thread. You'd think they'd be similar.... does your method work on the Pixel XL, though? If you've tried that and say it works I may actually switch, if I can't figure out how to connect this Pixel.
When I try this on the Pixel (sku G2PW4100 running 7.1.1) I just get "Permission denied", even as superuser, even after changing the f_diag folder permissions to allow writes.
You're getting it to work on the G2PW2100, I guess? 7.1.1?
Click to expand...
Click to collapse
I apologize for not specifying that I don't have a Pixel or Pixel XL yet.
I know the command I posted above works on the HTC m8. I had almost given up on diag mode on that device until I tried that command.
It sounds like you're on the right track, but unfortunately my understanding is fairly limited. Hopefully somebody with more knowledge can chime in.

I've never messed with this, but I'm looking through the history here to see if there's a clue.
https://github.com/CallMeAldy/devic...f587b26156180b3/init.common.diag.rc.userdebug

...

PaulPizz said:
I believe I have found a way to enter DM Mode on the Pixel XL..
==Instructions==
- Makes sure you are rooted. <-- *If you are not and do not know how, Please do your research*
- Download and install the GalaxyTools3.1.2 app
- Tap the GalaxyTools3.1.2 App, grant it Super User permissions
- Once you are in the GalaxyTools3.1.2 app scroll down and tap "GTUSBItil" Button
- This will open up the "UART" Menu which you should be able to use to select DM+Modem+ADB
==Downloads==
- GalaxyTools3.1.2
** I have not figured out how to get the device to work with DFS.. If anyone figures it out please report back. Id like to know..**
Click to expand...
Click to collapse
Have you tried the "hacked" HTC Modem driver? If you get a list of Unknown devices in Windows Device Manager, you may be able to get install the modem driver and get QXDM or DFS working.
Let me know if you need any of those files.

xdadevnube said:
Have you tried the "hacked" HTC Modem driver? If you get a list of Unknown devices in Windows Device Manager, you may be able to get install the modem driver and get QXDM or DFS working.
Let me know if you need any of those files.
Click to expand...
Click to collapse
I think it just shows up as adb. Im not in front of my computer right now. But send it. I'll check it out. Thanks
Sent from my Pixel XL using Tapatalk

PaulPizz said:
I think it just shows up as adb. Im not in front of my computer right now. But send it. I'll check it out. Thanks
Sent from my Pixel XL using Tapatalk
Click to expand...
Click to collapse
Awesome! I'll send it when I get to a computer tonight.
I don't have a Pixel yet, so I'm not able to try it myself.
EDIT: Here is the modem driver.
View attachment 4081431

The recommended solution does not work, no com port is added in the device manager.

Hi,
I am desperately looking for the solution for enabling diag mode of Pixel XL phones. Any update regarding this would be very helpful.
Thanks.

I tried to build a userdebug build from AOSP but I didn't get very far (first attempt at it, and it kept failing after 1-3 hours).
So cancelled that endeavor and installed the latest Lineage from InvisibleK which was built as userdebug.
>adb shell
>su
>setprop sys.usb.config diag,adb
PC tried to install new drivers (as expected since it has a different vendor/product id). Qualcomm HS-USB Diagnostics 903D (COM14) showed up under Ports. Unknown ADB Interface couldn't install drivers, though. All the tools seem to be working fine.
I have to quit for now, but hopefully that's a start for you.
I wanted to build the stock build as userdebug because that's how you get the diag USB modes enabled. They were stripped from the -user builds.
Edit 1: Phone shows up in QPST now.
Edit 2: Phone shows up in QXDM after setting Target port in Communication setting.
Edit 3: I am not sure if I had installed the drivers linked in this thread, already. The driver version I have is 2.1.04

If someone can install a non-T-Mobile SIM and let me know what their NV 65538 is, I'd appreciate it.
Edit: This value did not change with a Cricket Sim in versus a T-Mobile SIM.

{GUIDE} {MSL/SPC UNLOCK} -->>Diag Mode: Use QPST - QXDM to Backup & Restore NV Memory

{GUIDE} {MSL/SPC UNLOCK} -->>Diag Mode: Use QPST - QXDM to Backup & Restore NV Memory
I know everyone is eager to unlock the Verizon Boot-Loader.
We are not quite there yet however this is another step in the right direction.
We are getting deeper and deeper into this so be FOR-WARNED.
If you decide to play around with these tools you do so at your own risk :crying:
I will help anyone who kills there device But I TAKE NO RESPONSIBILITY.
------------------------------------------------------------------------------------------------------------------------------
Follow my instructions exactly and everything will be ok
------------------------------------------------------------------------------------------------------------------------------
Lets Get Started Shall We :highfive:
PREREQUISITES
The ability to follow each step in order :good:
ADB installed ( Android Studio )
Install HTC Sync from the link below. Then uninstall it. This will load and leave the drivers.
Make sure you uninstall it. HTC Sync will interfere.
http://www.htc.com/us/support/software/htc-sync-manager.aspx
STEP 1)
Set Windows 7 or 8 or 10 into TEST MODE ! ( I Am Running Windows 10 )
You can read up on this process here if you have trouble with my instructions.
http://www.drivethelife.com/windows...e-enforcement-on-windows-10-8-7-xp-vista.html
http://www.howtogeek.com/167723/how...8.1-so-that-you-can-install-unsigned-drivers/
You’ll need to run a command from an Administrator Command Prompt to do this. To launch one, right-click the Start button or press Windows+X and select “Command Prompt (Admin)”.
Execute This Command
Code:
bcdedit /set testsigning on
If you did it correct you should see the following.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Reboot your computer.
If you did it correct you should see the following.
STEP 2) Install the Diag Driver in Windows.
Download the DIAG.zip here. It contains all of the files we need to work with at this point.
Code:
http://www.mediafire.com/file/3ta2ua4tkibn3lb/DIAG%282%29.zip
Unzip the file and install the drivers.
There are 2 drivers. 1 for diagnostic mode and one for Emergency Download Mode.
HTC CDMA LTE DIAG Modem Driver v3.0.2.0 (Diagnostic Driver)
Qualcomm_Diag_QD_Loader_2016_driver (Emergency Download Driver)
When you install the Qualcomm_Diag_QD_Loader_2016_driver you will want your screen to look like this.
The Diagnostic Driver install is pretty self explanatory.
I,m going to leave this section for setup details. More could be added later.
In the next post we will install the tools we need and get the phone connected in diagnostic mode.
Also please see here
https://forum.xda-developers.com/desire-626/general/programming-modem-qpst-qxdm-boost-t3488993 @anthonykb deserves the credit for originally leading me to this idea.
We are using the process for different purpose but it all stems from the same idea.
REMEMBER THE DESIRE 526 AND THE DESIRE 626S AND THE DESIRE 530 ALL HAVE THE SAME CHIPSET.
What works for one of these devices should theoretically work on the others.

Checking Drivers + Setup Tools
I think it's time for us to set up some tools and see if our drivers are installed correctly.
There are 3 tools included in the zip.
QPST.2.7.438 ( Just install it. There is nothing special to do )
QXDM Pro 3.14.594 ( Read IMPORTANT text in the patch folder and follow the instructions )
RevSkills V 2.08.6 Pro Edition (Read the readme file)
Install all 3 and proceed to the next step
Set The device into DIAGNOSTIC MODE
My device is already s-off and unlocked. So this might take an extra step for you.
First try this.
Open up the phone dial-er on the phone.
Dial ##3424# and hit send.
I tested this on a fully locked 526 so you will get the DIAG Screen.
You should see this screen.
IF ##3424# isn't giving you that screen you will need the extra step
This might not be 100% necessary BUT I RECOMMEND IT
First you will have to get temp root.
Follow here. It will give you root in the shell only. Not root for apps.
https://forum.xda-developers.com/desire-526/general/temp-root100-how-to-temp-root-desire-t3498969
*********************************************************************************************************
ONCE YOU HAVE ROOT ACCESS
Open up a administrator command window.
Execute these commands in the shell.
Code:
adb devices
adb shell
su
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/func_en
*********************************************************************************************************
IF YOU CAN'T GET ROOT THIS SHOULD STILL WORK !!
*********************************************************************************************************
Verify the Diagnostic Port is Available (ALL DRIVERS WORKING)
Open up the phone dial-er on the phone.
Dial ##3424# and hit send.
Connect the device to the computer.
Open up windows device manager.
With all nessessary drivers installed this is what you should see. :highfive:
If you didn't install and uninstall HTC Sync it will look like this
Some things work but this isn't right. DONT DO IT
The HTC Drivers and Diag Drivers are missing. REALLY DONT DO THIS

Time to do some Work
Lets fire up some tools and get down to business.
Go to QPST and open QPST Configuration
If you are greeted with this screen you are good to go.
Now minimize QPST Configuration
Open RevSkills ( Run as Administrator )
Click on Hardware then Port-Utils then click QC + AT-Cmd
You should see the same port you saw in QPST Config
Now Click On HTC : Unlock SPC
Then Click Change SPC
Then Click Send SPC
Then Click Send SP
You Should be good to go. If you got no errors in revskills.
You will notice there are a lot of READ buttons in Revskills.
You can Explore these if you want. It's a way to read the device.
DO NOT EVER HIT A WRITE BUTTON.
Unless you know why your doing it.
You could kill your device beyond repair.
Anyway if you followed this correctly you now know what you MSL/SPC is.
SPC=000000
Since we know that we can now use the QPST Tools.
more to come.......to be continued..........:crying:

Backup the entire nv ram
Ok lets get too it. Here we will backup the entire NV Ram.
After it is dumped to a file I believe the file can be edited.
It is easy to restore the backup to the device.
Lets get started.
#1) Dial ##3424# then send to get to diagnostic mode.
#2) Open QPST Configuration
#3) You Should See This Screen
#4) In QPST Configuration Click START CLIENTS ( EFS EXPLORER)
Select your device under phone selection
#5)EFS EXPLORER Reads the device
#6)The NV Items Look Like This
Notice the red circle ( We cant access those )
But we can fix NVM to get access using open sesame door
#7)Click File Then NEW then Directory
#7)Add open sesame door
Now reboot the device.
Dial ##3424# again.
Then open QPST Configuration and EFS Explorer again.
Make sure you have the open sesame door folder
Notice NVM is no longe a red circle. ITS UNLOCKED.
After reboot and restart qpst it should look like this.
OK were all done with that part. ( OPEN SESAME DOOR )
Lets dump our Embedded File System now.
Close the EFS File Explorer.
Go to the QPST Configuration and Start Clients -->>> Software Download.
Notice the MPSS Version ---->>>> This tells us what version of Source to USE.
#8)Click The BackupTab
On the backup tab where it says xQCNFile select a a location and name for the file.
#9)Click Start To make the backup.
Pay attention to all the files it creates.
Look at the images below.
TO FLASH A BACKUP EFS FILE
#9)Now Go To the Restore Tab
Select the backup file you want to restore.
Make sure Allow phone/file ESN mismatch is NOT Checked.
The backup you flash has to be from the device you created it from.
Or the backup file will need the ESN Edited to match your device. (DANGEROUS)
I need to find a way to use the ESN mismatch but right now it gives error.
Anyway lets flash our backup.
Select the file.
Click Start.
Restoring NV Memory
Restoring NV ITEM FILES
Restoring BREW FILES
Restoring COMPLETE
So there you have it. We can indeed use the QPST / QXDM tools to communicate and flash the device.
THIS BACKUP IS IMPORTANT.
IF YOU BRICK YOUR PHONE. YOU COULD NEED THIS BACKUP TO RESTORE IT COMPLETELY.
WE CAN EDIT THE BACKUP FILE USING A HEX EDITOR OR THE TOOL I WILL TALK ABOUT NEXT.
In light of all this Someone Who Knows What to Changecould help reduce the device security and help us to further customize the device.
Unfortunately this is fairly new to me so I DONT Know the best things to change.
Best I can think of is to compare the backup from my fully unlocked device. ( S-Off / Super CID )
Against the backup from a factory LOCKED State.
Make any necessary changes to the Locked NV Backup.
Know that the wrong mistake here will brick your device for sure.
Feel free to explore the tools and things that can be accomplished with them.
I recommend highly....DONT CHANGE ANYTHING UNLESS YOU KNOW WHAT YOUR DOING.
Hitting some of the buttons in the tools can be dangerous.
Have Fun. The best thing is this device cost only $34.
So it's perfect for learning these tools and testing.
Then when you do this on your expensive device.
You won't brick it.

GREAT!!
Please make a rom to global GSMcard for connection data,

Wow, I am a newbie and when I seen all these instructions I almost gave up before I started. I can proudly say I successfully completed this tutorial. Does this mean my bootloader is now unlocked? What do I need to do next to root this thing. Once again, please forgive my ignorance, like I said this is all new to me.
I just went in to recovery mode and it still says locked. ???

@blahforme
I'm glad everything worked for you.
I try to write my guides so everyone can follow and get good results.
Unfortunately this is not a boot loader unlock.
So you can't root yet.
But you do have a backup of your NV Memory and you learned something.
Plus you have the drivers and whatnot installed.
So it was worth the effort.
I have build a device image that if it can be flashed will allow you to unlock the boot loader.
I'm working on the flashing part.
The rom build is here and you can learn a whole lot about htc devices in this thread.
Really it's not for a new bee so don't be surprised when you see the complexity of things.
https://forum.xda-developers.com/de...-rom-msm8909-service-rom-source-qpst-t3544178
As soon as i have a way to unlock the boot loader you will all know. Hopefully soon.

BigCountry907 said:
Lets fire up some tools and get down to business.
Go to QPST and open QPST Configuration
If you are greeted with this screen you are good to go.
Now minimize QPST Configuration
Open RevSkills ( Run as Administrator )
Click on Hardware then Port-Utils then click QC + AT-Cmd
You should see the same port you saw in QPST Config
Now Click On HTC : Unlock SPC
Then Click Change SPC
Then Click Send SPC
Then Click Send SP
You Should be good to go. If you got no errors in revskills.
You will notice there are a lot of READ buttons in Revskills.
You can Explore these if you want. It's a way to read the device.
DO NOT EVER HIT A WRITE BUTTON.
Unless you know why your doing it.
You could kill your device beyond repair.
Anyway if you followed this correctly you now know what you MSL/SPC is.
SPC=000000
Since we know that we can now use the QPST Tools.
more to come.......to be continued..........:crying:
Click to expand...
Click to collapse
Hi @BigCountry907,
First and foremost, thank you for all of your hard work on the MSM8909 chipset. I've found your many posts to be extremely enlightening! I plan to attempt building your AOSP kernel at some point soon on my Desire 626s; I just need to setup my Linux dev box. I realize this is now an older device, but I'm enjoying learning & getting close to the metal on this one.
Pertaining to these instructions, I am encountering an issue and wanted to see if you might have any ideas.
Have QXDM drivers properly installed; diag port enabled via adb; QPST recognizes the phone (although ESN is blank). As I attempt RevSkills, HTC Unlock SPC = success "Done sending SuperSPC." As I click "Change SPC", I receive "Error writing NV value". However, after several attempts at it, I finally get success. Send SPC = I get a return "41 01 ¶ A" and after "Send SP" get a return of "46 01 ¶ F". I'm going to assume these are successful.
The issue presents itself when I enter ##3424# (DM Command- after writing SPC). It prompts me to enter the MSL. I attempt 000000 and the phone will either: reboot or will say incorrect MSL (and will not allow me into the menu). I'm unable to access DM Command.
While I've already enabled the diag port, I am interested in sending AT commands and going further into using qcdiag to monitor gsm/3g/lte packets. As I understand it, I need to enable serial com in order to send AT commands to the modem. I'd like to get my KC and use rtl-sdr to sniff and decrypt my own traffic to better understand... Currently, as I attempt Putty on COM3 (valid diag port) unable to connect.
To give some supporting information, I am using a Cricket Wireless Desire 626s device unlocked on Marshmallow 2.27.651.6 T-Mobile network (Sprint debloated ROM as Cricket did not update to MM). However, I've attempted this after using the Cricket RUU as well as a few other custom ROMs w/o success.
I've also looked into QXDM - NV Browser - Item 0085 after a supposedly successful SPC write, and get the return "No DIAG Response Received". I've tried to pack as much pertinent info into these screenshots as possible.
Ultimately, I'm interested in getting to packet level data using qxdm, and am hoping you might help steer me a bit. Osmo-qcdiag has some really cool stuff they are working towards and I'd like to use this device. Also, if you happen to have an idea of the NV values to open up additional 3g & LTE bands- that would be super helpful! (I'm on T-Mobile network currently).
Thank you so very much for all of your hard work on this device.
FYI, unfortunately unable to post my image as I"m a "new" member. However,
imgur . com /a / ZiuXP