modemst1/2 - Galaxy S 4 Mini Q&A, Help & Troubleshooting

Hi,
does anyone have an idea where I could find modemst1.bin and modemst2.bin files for GT-I9195 (they're not included in the stock firmware on sammobile ). I'm experiencing loss of signal while on 3G/4G networks (stock firmware) after flashing different ROMs. I've tried flashing new QCN, but it didn't help. If someone would be willing to share his/hers, that would be greatly appreciated.

Hi uploaded the file to my gdrive account:
https://drive.google.com/drive/folders/0B8MKV7A-HwoiWHhZZlluWDJyY1k?usp=sharing
Its from an european samsung gt-i9195. Viewed your profile but you have not left from who you are.
I dont know if you can it use for a us model as example.
Hope it helps.
Regards
hrodeberht

gt9195 said:
Hi,
does anyone have an idea where I could find modemst1.bin and modemst2.bin files for GT-I9195 (they're not included in the stock firmware on sammobile ). I'm experiencing loss of signal while on 3G/4G networks (stock firmware) after flashing different ROMs. I've tried flashing new QCN, but it didn't help. If someone would be willing to share his/hers, that would be greatly appreciated.
Click to expand...
Click to collapse
Or see this
https://forum.xda-developers.com/ga...odem-samsung-galaxy-s4-mini-gt-i9195-t3390780
Though if you are on stock you might want to see the other modem thread which has older modems which may work better with the older ROM, you will just have to try them out.
You might also want to check the connections on the transmitter and or tighten the screws on the motherboard so it's properly grounded (possible even clean connectors if tarnished, though normally just disconnect and reconnect a few times will "clean" the tarnish off)

Many thanks!
hrodeberht said:
Hi uploaded the file to my gdrive account:
Its from an european samsung gt-i9195. Viewed your profile but you have not left from who you are.
I dont know if you can it use for a us model as example.
Hope it helps.
Regards
hrodeberht
Click to expand...
Click to collapse
Thank you very much for the files! I also have a european version (SIM). I've tried replacing the files, however It didn't work. Do you perhaps know, if replacing QCN file would do the trick? So far, I've tried several QCNs, however I have no idea which versions are they from. Would it be too much to ask you for your QCN? You could zero out the IMEI, which is the number immediately after the value 88 00 01 00 26 02 00 00 (hex), starting with 08 xA (x being the first number of your IMEI). It's written in three different places in the file.
Best regards

gt9195 said:
Thank you very much for the files! I also have a european version (SIM). I've tried replacing the files, however It didn't work. Do you perhaps know, if replacing QCN file would do the trick? So far, I've tried several QCNs, however I have no idea which versions are they from. Would it be too much to ask you for your QCN? You could zero out the IMEI, which is the number immediately after the value 88 00 01 00 26 02 00 00 (hex), starting with 08 xA (x being the first number of your IMEI). It's written in three different places in the file.
Best regards
Click to expand...
Click to collapse
Hi,
I don't know that, if it helps, but I can share you mine. Could you please post the (adb shell) command which partition? I have to save to a file. Thank you.
Regards
hrodeberht

hrodeberht said:
Hi,
I don't know that, if it helps, but I can share you mine. Could you please post the (adb shell) command which partition? I have to save to a file. Thank you.
Regards
hrodeberht
Click to expand...
Click to collapse
I'm not sure if it can be done with adb, however it can be with QPST (if you don't have it/can't find it, I can upload it somewhere - be careful as there are some malware infested versions available online). Be sure to delete (replace with X) the IMEI. Once you have the QCN file, you can search for it with a hex editor. For example, if IMEI is 1 23 45 67 89 01 02 03 it can be found in a QCN file by searching for a string 08 1(first digit of your IMEI)A 32 54 76 98 10 20 30 (or by searching for a string 88 00 01 00 26 02 00 00 - IMEI is the hexadecimal string of length 18 immediately after the value 88 00 01 00 26 02 00 00 starting with 08). There are 3 locations in the file where it is written.
Thank you very much, best regards!

gt9195 said:
I'm not sure if it can be done with adb, however it can be with QPST ...
Click to expand...
Click to collapse
I think I cannot help anymore. I installed qpst but with the german explanation for the galaxy i9195 I followed I have to type *#0808# on the phone to change the usb connection type. But with lineage os this service code does not work.
Sorry.
Regards
hrodeberht

hrodeberht said:
I think I cannot help anymore. I installed qpst but with the german explanation for the galaxy i9195 I followed I have to type *#0808# on the phone to change the usb connection type. But with lineage os this service code does not work.
Sorry.
Regards
hrodeberht
Click to expand...
Click to collapse
No problem, thank you for the effort. I have one last option, to change the EFS partition. I've tried flashing a bin file I found online, however I'm not sure from which carrier it was (I had mixed results, some improvement but I lost the IMEI so I had to flash my QCN and signal was lost again). Would it you mind sending me your EFS.bin (via PM as I'm not sure it is allowed). I think it contains the serial number, so if you're not comfortable with sharing yours, I understand.

Related

Teacher needed - PAYMENT/DONATION CAN/WILL BE MADE!!!

Hi,
I am having a problem and, to be honest I know there is going to be someone out there that is going to moan about this thread, frankly I don’t care, I have done so much reading into this question I am getting really f*****g annoyed/frustrated with my seeming inability to find a straight answer.
Is there someone out there that fancies donating a little time to help me learn, I say learn because that is what I want to do not read through pages and pages of
STRG handles: 834d5e62
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(968.50M) 03958bce
0 partitions, 0 binary partitions None of the above means anything to me, it is an extract from something in the wiki about dumping ROMs. I have found various tools to do the things I want but when following instructions given I never get a result.
Basically what I want to do is, dump a ROM, remove software I don’t want, add in my own software (some OEM, some CAB – think I need to know more about the ExtROM?!?), recompile and flash.
While I think that the guides provided are accurate and all credit should be given to the writers, for a beginner they are too complex, there should be one idiots guide!! is there someone who could tell me, indicating what software needs used and how to use it, the steps needed to do this.
Thanks in advance for help!
totally agree!!!
Hi bennec83,
y friends call me muteman, i love to help but jus like u am in the same shoe, most of the commands and digits means nothing to me, i work with t-mobile and have a vario II, tested a window mobile vi & love the roms out there, but can't find anything on downgrading back to window 5 or even how to downgrade back to window 5, every1 out there thinks when you ask for favour your being lazy that you should read everything on the wiki and figure out everything. I've been into PPC since 2004, or should i isay window pocket pc, i can only say that if i no of anything that i can use to assist you then i be happy to.
bennec83 said:
Hi,
I am having a problem and, to be honest I know there is going to be someone out there that is going to moan about this thread, frankly I don’t care, I have done so much reading into this question I am getting really f*****g annoyed/frustrated with my seeming inability to find a straight answer.
Is there someone out there that fancies donating a little time to help me learn, I say learn because that is what I want to do not read through pages and pages of
STRG handles: 834d5e62
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(968.50M) 03958bce
0 partitions, 0 binary partitions None of the above means anything to me, it is an extract from something in the wiki about dumping ROMs. I have found various tools to do the things I want but when following instructions given I never get a result.
Basically what I want to do is, dump a ROM, remove software I don’t want, add in my own software (some OEM, some CAB – think I need to know more about the ExtROM?!?), recompile and flash.
While I think that the guides provided are accurate and all credit should be given to the writers, for a beginner they are too complex, there should be one idiots guide!! is there someone who could tell me, indicating what software needs used and how to use it, the steps needed to do this.
Thanks in advance for help!
Click to expand...
Click to collapse
manmute98 said:
can't find anything on downgrading back to window 5 or even how to downgrade back to window 5, every1 out there thinks when you ask for favour your being lazy that you should read everything on the wiki and figure out everything. I've been into PPC since 2004, or should i isay window pocket pc, i can only say that if i no of anything that i can use to assist you then i be happy to.
Click to expand...
Click to collapse
It is nice to know someone agrees with me, ive read pages of stuff, even read a 14 page instruction book for "Molski.Biz DEVPACK" while this seems to be the most straight forward yet, i still cant find where/how to add/remove applications etcto the decompressed rom!! ive been trying since 10:30am its now 17:00 and still nothing!!
in answer toyour question about downgrading to WM5 see this link and follow the guide:
http://www.mrvanx.org/cms/index.php?option=com_content&task=view&id=41&Itemid=27
hope this helps
You know sometimes i feel like im talking to myself!!
Any Help would be appreciated!! i am getting to the point where i am willing to pay someone to help me!!
well the easy way is to use whats called the "Core Pro" ROM kitchen... its released on this forum and has great instructions on how to use it even for new cooks. Take a look I think you will learn a lot from it.
austinsnyc said:
well the easy way is to use whats called the "Core Pro" ROM kitchen... its released on this forum and has great instructions on how to use it even for new cooks. Take a look I think you will learn a lot from it.
Click to expand...
Click to collapse
Has bugs...
CUSTEL said:
Has bugs...
Click to expand...
Click to collapse
so do you.. ha ha ha j/k man
lets start with a few questions to get this thread rolling (and hint for the future, if no one responds, do make a post about it, someone will either get to it eventually (we do have real lives, well some of us ) or no one knows)
1. What rom(s) are you trying this with?
2. what tools have you tried on these rom(s)?
3. do you get the same type of output every time?
shogunmark said:
so do you.. ha ha ha j/k man
Click to expand...
Click to collapse
haha... I was going to pm him but his pm's are disabled, oh well...
CUSTEL said:
haha... I was going to pm him but his pm's are disabled, oh well...
Click to expand...
Click to collapse
i can do that but wont, i would rather keep this thread public unless there are some unseen issues that none of the chefs have seen before... which i doubt.. but hey, ya never know.
shogunmark said:
i can do that but wont, i would rather keep this thread public unless there are some unseen issues that none of the chefs have seen before... which i doubt.. but hey, ya never know.
Click to expand...
Click to collapse
I was just going to tell him someone asked the same question in my forum and I was going to address it tomorrow so he could take a look but didn't want to post it in the thread
shogunmark said:
lets start with a few questions to get this thread rolling (and hint for the future, if no one responds, do make a post about it, someone will either get to it eventually (we do have real lives, well some of us ) or no one knows)
1. What rom(s) are you trying this with?
2. what tools have you tried on these rom(s)?
3. do you get the same type of output every time?
Click to expand...
Click to collapse
hey mate,
im using core pro, ive done everything it states in the instructions and everything runs fine (removing nothing) however when i flash the rom (schaps 3.3c) it freezes on the 1st bootscreen from my old rom(shadow)
have tried with other roms....... same results what could i be doing wrong?
(im not superCID, i dont no if that helps or not-i use the ext rom patcher)
thanks
P_D_A_J_A_S
pdajas said:
hey mate,
im using core pro, ive done everything it states in the instructions and everything runs fine (removing nothing) however when i flash the rom (schaps 3.3c) it freezes on the 1st bootscreen from my old rom(shadow)
have tried with other roms....... same results what could i be doing wrong?
(im not superCID, i dont no if that helps or not-i use the ext rom patcher)
thanks
P_D_A_J_A_S
Click to expand...
Click to collapse
As I stated, the core kitchen has bugs...
pdajas said:
hey mate,
im using core pro, ive done everything it states in the instructions and everything runs fine (removing nothing) however when i flash the rom (schaps 3.3c) it freezes on the 1st bootscreen from my old rom(shadow)
have tried with other roms....... same results what could i be doing wrong?
(im not superCID, i dont no if that helps or not-i use the ext rom patcher)
thanks
P_D_A_J_A_S
Click to expand...
Click to collapse
have you tried anything other than the core pro kitchen? like maybe tried it manually?!?
shogunmark said:
have you tried anything other than the core pro kitchen? like maybe tried it manually?!?
Click to expand...
Click to collapse
I'd have same issue froze at 2nd splash with every rom i cooked, used bepes no problems same files same way just not automated.
CUSTEL said:
Has bugs...
Click to expand...
Click to collapse
Ive gotten pretty familiar with CORE kitchen, and successfully cooked a few roms with it. What kitchen do you suggest???
shogunmark said:
have you tried anything other than the core pro kitchen? like maybe tried it manually?!?
Click to expand...
Click to collapse
how do you do that (i havent read anything about manual cooking, thats what i thought core was!)
is bepes manual? im searching for it now
any tips you can offer a new cook?
thanks
P_D_A_J_A_S
shogunmark said:
lets start with a few questions to get this thread rolling ....
1. What rom(s) are you trying this with?
2. what tools have you tried on these rom(s)?
3. do you get the same type of output every time?
Click to expand...
Click to collapse
Sorry for late reply, i was awake so long trying to get something to work, i nearly over slept my fight!! lol
answers:
1) ROMS tryed: lvswCE5.2.1413_aku.3_Sleuth255Variant_v1.0
Shadow
20070616_LSVW_Hermes_WWE_3.30.3.3
Sleuth255_CE5.2.1413_Build_17913.0.3.0_v1.0
Schaps_WM6Pro_WWE_3.30c
(mainly been trying with 20070616_LSVW_Hermes_WWE_3.30.3.3 & Sleuth255_CE5.2.1413_Build_17913.0.3.0_v1.0)
2)Tools Tryed (on Vista and XP) and results:
Platform - Software - Result
Vista: - Molski Biz DevPack - seems to work cannot test as NBHExtract(DL from XDA-Developers) crashes out
Vista: - Olipro's Kitchen - All exe files crash out, cannot use
Vista: - Tadzios Kitchen - All exe files crash out, cannot use
Vista: - CorePRO Kitchen - Only one that works on vista but im not sure wat its doing, i can dump an nbh, moved OS.NB to ROM folder, can perform automatic convert of DUMP into SYS and OEM, then from here im fuzzy on what to do.
As far as XP goes, only thing i have tryed was running NBHExtract last night and it crashed out (VB error, not sure if right version is on system - Thanks [email protected]!!), i will be doing more on XP when i get back this afternoon (approx 2-3 hours).
i have read the instructions from all of these kitchens, they are all roughly the same, i got so far with CorePRO kitchen, by using the tools from it in conjunction with the instructions from Molski Biz DevPack as they seem to be the most logical!!
There should be a kitchen made for people like myself, who are clueless but fast learners, if i can get a First Class degree in Mathematics, i should be able to do this, if i am shown the light.
This N00b kitchen, in my opinion should be labeled in number fashon (i.e. 01ump, 02:convert dump2sys+OEM, 03:add/remove software, 04:themes/splash screens/today screen (although the today plugins prob would go in with 03)), 05:start menu customisation, 06:rebuild (It Could Be That Easy)
OEM folder should be sorted (if possable) into software files each file containing the files for the software, not dumped in a folder called OEM, if i want to remove a piece of software from the OEM folder i cant as i dont know how many/what files i should delete specific to the software i want to remove.
I have been trying to complete just one ROM for myself and i have been trying for weeks, i have privately contacted moderators and chiefs at different points and asked for help, i have read the wiki, i have learnt so much other stuff which is great, there has been numberous occations when i have felt able to help other people out which is what i like, i think with this ROM cooking i have readingto and not understood so much i am starting to go in circles without knowing.
thanks all for responses, XP testing will resume when i finish my thai match.
Spk soon thanks again, and i hope we can sort this.
Ill guide you, contact me on MSN or IRC or skype
can anybody tell me, my original bootscreen was telstra,
when i upgraded to black 3.5 it changed it to 4winmobile.
i have upgraded to most of the roms on this site since, and the 4winmobile bootscreen remains, ive made my own rom (varient of sleuths) and flashed it using duttys tool, in there i have entered my splash.nb into splash 1, however its not on the handset when ive completed flashing and its still the 4winmobile. can someone help please
how do i change it??
thanks in advance
pdajas

BT-338 version3.1.1 bluetooth gps firmware

I have a BT338 bluetooth GPS adapter it will not get a lock on and I have been looking for a flash program for it to see if I can reflash it.
I followed a link from a site to this sites ftp server that used to have it but it looks like it has been taken down.
Does anyone know if flashing is possible and if so does anyone have a program to do so?
Thanks for any help.
Packrat,
I have had a BT-338 for two years and I love it. I don't recall that I was ever able to find a method to upgrade the firmware. I will watch this thread in case some one has an answer.
On the other hand, I did have problems when I first got this unit. If I played with changing setting between WAAS/normal and/or Sirf/NMEA modes, sometimes this thing was not get a lock. To fix it I would use a laptop tool to reset the unit to factor setting. I think it was GPSInfo connecting via a BT dongle.
Let me know if this might help and I will look into the exact detail if you need it.
whbell said:
Packrat,
I have had a BT-338 for two years and I love it. I don't recall that I was ever able to find a method to upgrade the firmware. I will watch this thread in case some one has an answer.
On the other hand, I did have problems when I first got this unit. If I played with changing setting between WAAS/normal and/or Sirf/NMEA modes, sometimes this thing was not get a lock. To fix it I would use a laptop tool to reset the unit to factor setting. I think it was GPSInfo connecting via a BT dongle.
Let me know if this might help and I will look into the exact detail if you need it.
Click to expand...
Click to collapse
Thanks for the reply, I tried to reset it to factory via the SirDemo program, but that didnt help. Hopefully I can find a way.
Yes reflash is possible...
You can use SirfDemo and SirfFlash
The procedure is almost the one described here....
http://web.mac.com/tomtastic/site/log/Entries/2007/6/18_Holux_GPSlim236_boot_mode.html
You can download the needed tools here...
http://www.falcom.de/support/software-tools/sirf/
To flash
- First you have to connect your bt-338 using SirfDemo.
- In Action/ Transmit Serial Message select NMEA and send this message
'PSRF100,0,38400,8,1,0' without quotes. This will put the GPS in SIRF Mode.
- After that choose Action / Transmit Serial Message select SIRF this time and send '94' without quotes. This will put the GPS in boot Mode.
- Disconnect now SirfDemo using the button and start SirfFlash without powering down the GPS.
- Choose the correct port and 38400 Baud and - very important -select 'external boot mode'. Browse for the new firmware .bin file and select 'program flash'.
- Execute and enjoy.
Cheers!
I have now (finally!) successfully read the firmware from my two BT338 and a TomTom Mk2 BT mouse. Also important to notice is the following:
- Address Range is 0x0 to 0x7ffff (4 times an "f") resulting in a 512kB bin file.
- Any other speed than 38400 will NOT work!
Did not dare yet to flash actually... I have now:
TomTom Mk-II
GSW3.0.2TomTom1.1_3.0.00.03-C3P1.02b
BT338 (NaviLock labled in Germany)
GSW3.0.2_3.0.00.03-C16P1.02a
GSW3.1.1LowV_3.1.00.07-C23B1.00
I know there must be newer one for BT338 as you can see from the FAQ at Globalsat USA at: http://www.usglobalsat.com/gpsfacts/bt338_gps_facts.html
The mention even different versions there (QA 38):
BT-338_GSW3V3.1.1LowV_F-GPS-03-0506222 and
BT-338_GSW3.1.1TO_F-GPS-03-0510032
I noticed that reading out the SW sometimes delivers different results after 7d008 when some time has passed. I suspect that some data is stored there which may vary over time (satelite positions, routes or whatever may be stored depending on the time).
bye
tobbbie
I can report success now in upgrading my BT338 from the old (3.0.2) FW to the later one (3.1.1) I have retrieved from my other BT338.
Main gain for me is the availability of geoid correction for the height.
Anynone has a later firmware for the BT338 or the TomTom MK2?
You can PM me if you don't want to post here.
bye
tobbbie
GSW3.0.2TomTom1.1_3.0.00.03-C3P1.02b
Hi tobbie,
have you managed to get some new firmwares , I am searching if there is a new one for the tomtom ( there is still some issues between the treo and the tomtom related to the bluetooth stack ). Is there a way to use the BT-338 or a part of the BT-338 firmware in the tomtom ?
thanks
Laurent
look here: http://www.gpspassion.com/forumsen/topic.asp?TOPIC_ID=27925&whichpage=11
please read all posts and follow the wohle story. My TomTom MkII currently runs the 3.2.2 of the latest BT338.
Thanks tobbie,
I have red the full thread, downloaded your dumps of the firmware, and dump my tomtom firmwarewith the sirf tools.
I have compared the dump from your tomtom and mine ( same version 302 ) and they are quite different beiginning in 6D008 :
your firmware :
6D008 : 06 3E 00 00 01 00 00 00 41 46 31 41 39 53 D8 19 ....
my dump :
6D008 : 20 C6 00 00 99 00 00 00 41 46 31 41 39 53 D8 19 ....
Is this part a variable part ( so may be a factory reset and a new dump will give a more comparable result ), or is there a real difference for two same version of the firmware ??
Can you tell me for upgrading the firmware of the tomtom have you used the full 3.11 firmware from 0 to 7FFFF or have you used a dump from 0 to 79999 ?
seeing the various problems some got after flashing their units I am a bit worried before flashing mine..
thanks
Laurent
Just do a system reset of your device and dump it again.
Depending how fast you are getting it into bootmode you have some data there (and not all default empty data). Doing the same after some time (e.g. after a fix was established) will again deliver different data there.
I think the main thing here is that the WHOLE data are dumped and then later flashed to another device. This may also be the rootcause of the failure to use the 0-79999 dump - where after 79999 data may confuse the device to get back online (very sad - it already cost 2 devices one BT338 and one TomTom MkII).
I have used my own dumps to crossupgrade from BT338 to TomTom and the 3.2.2 from antineutrino. After some back and forth I am on 3.2.2 again currently for all devices (living with the green-LED off until a fix).
BTW: I am quite sure that the bluetooth part is not touched by these updates.
The names of the devices as they are recognized on bluetooth are not changing after a FW update.
thanks tobbie ,
as I need this gps in the coming next weeks, I will not take the chance to do the upgrade just now. I will wait a quiter period of time to try it ( so if I brick it I will have time to make a replacement ).
thanks, I will come back for detailled instructions in some weeks.
Laurent
Hi Tobbbie,
I have a Globalsat BT 338, I would like to update the firmware. I downloaded your dumps from http://www.gpspassion.com/forumsen/t...5&whichpage=11, the 3.1.1 version.
Do I understand well that even exists a 3.2.2 version?
If yes where could I find it?
Thanks
patek
It's in the same forum a few post further down - it comes from another member there - just look it up.
Edit: just checked - it seems only the 3.2.4 of the BT368 is there.
I have edited my old post there with a new link that has all info - also for short here:
http://rapidshare.de/files/41287744/Firmware_Globalsat.zip.html
Please read the GPS passion forum entries very thoroughly - it MUST be complete dump that you insert - anything less than 512kB will kill your device (as a poor forum member there had to suuffer)..
Tobbbie,
Thank you for your prompt answer,
I checked my software version, Sirfdemo says: GSW3.1.1LowV_3.1.00.07-c23B1.00 - the same what yours was before upgraded.
I read your opinion about changing to 3.2.2 :
>As mentioned earlier I have yet to discover advantages of 3.2.2 or 3.2.4 over 3.1.1. I >think some trickle power options are more flexible and the DGPS could work - but so far I >could never get a DGPS fix.
So do you think is it worth enough to upgrade? (green lamp!)
Is the WAAS enabled in the 3.2.2 ? (maybe silly question)
Thanks
tobbbie said:
It's in the same forum a few post further down - it comes from another member there - just look it up.
Edit: just checked - it seems only the 3.2.4 of the BT368 is there.
I have edited my old post there with a new link that has all info - also for short here:
http://rapidshare.de/files/41287744/Firmware_Globalsat.zip.html
Please read the GPS passion forum entries very thoroughly - it MUST be complete dump that you insert - anything less than 512kB will kill your device (as a poor forum member there had to suuffer)..
Click to expand...
Click to collapse
hmm, i haven't used my trusty bt338 in quite some time, i might upgrade it just to see what happens..

FLOCK - unlocking/unfreezing S8500/S8530 for free could not be any easier!

This is the solution for unlocking Wave phones.​Big thanks goes to mijoma.
All you do and enter into your phone you do at your own risk. Nobody else but you take whole responsibility for what happens to your phone!
Remember than flashing of phone is a little risky, however if performed properly, risk of damaging anything is very low.
If your phone locked-up all of the sudden - be sure to read this thread aswell: http://forum.xda-developers.com/showthread.php?t=1787648
Most of bada 1.2 and 2.0 final-release (not ones from beta releases) bootloaders should be supported.
You need some knowledge about flashing.
How to check what lock do you have?
Enter *#7465625# code, you will see list of active and inactive locks.
What do you need?
Wave 1 or 2 phone with bada 1.2 or 2.0
For Wave I with bada 1.2 - FLOCK_S8500_b1.2
For Wave I with bada 2.0 - FLOCK_S8500_b2x
For Wave II with bada 1.2 - FLOCK_S8530_b1.2
For Wave II with bada 2.0 - FLOCK_S8530_b2x
Flash the right FOTA file. Turn off the phone, wait few seconds, and then turn it on holding CALL (so you have to press CALL and ENDCALL, 2 keys) key until white screen with red texts shows up. Release keys.
Be patient, FOTA module is calculating 3 codes (Subset lock, Netlock, Unfreeze) for your phone, it can take up to 10 minutes. After you get the code you are interested in you can turn off the phone.
Write down the codes you need. Turn off the phone by holding power button for 15 seconds or taking off battery.
After obtaining code, do procedure below:
[Netlock], 2 ways:
1. Insert an unsupported SIM card, start phone and after being asked about "Network Lock" enter Unlock Code you had written down.
2. enter #7465625*638*Unlock code# <thanks to homelessghost for tip>
[Freeze]
1. Insert any SIM card, start phone and after being asked about "Freeze" make call and enter code you had written down.
[Subset]
Can anyone provide guide?
That's all - enjoy unlocked phone!
Troubleshooting:
Instead of white screen with red texts, usual booting logo appears and then Bada starts, what am I doing wrong?
Make sure you flashed right FLOCK without errors. If you did so, first - flash APPS from the same bada version, but from ROM that does contain .fota (certain APPS versions can have locked FOTA module), second - if it doesn't work - update your bootloader to some newer/another one and write post here containing information what version of bootloader (bootloader, not bada) you had before that was not working.
Important: Be very careful when writing down and entering unlock code.
If you got any other questions - please ask in this thread.
It is possible that some phones are not unlockable this method. Then the code wouldn't show up.
General method concept (if you are really interested in sources or way how it works - please PM me or mijoma) should work for most of "Samsung 3G" phones - like JET, Wave3, Monte. If you are owner of locked phone of this class and you are able to do dumps of memory - please contact with me.
Hi,
Thanks a lot for your job, you're my god
Here's my Hash: C7 2D C4 73 07 18 FA 2B 15 7E 29 07 3F BD 04 2E C7 4C 82 E6
Thanks
Thanks so much Rebellos! My phone has been network-locked since I got it and always unable to update with Kies, so I've been stuck on a May 2010 Bada 1.0 firmware forever. Looking forward to being able to flash it
Speaking of which, I've always read that you can't flash anything to a locked phone. Is flashing the bootloader and FOTA alright though? And will the bootloader be compatible with my firmware? It's S8500NEJE6/S8500H3GJ7.
If that is fine, then I'll send you my hash. Thanks so much for doing this!
Thanks a lot, Rebellos!
Here it is my hash code (I only have the network lock):
01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47
Thanks again!
Very interesting your project but there is a problem.
In Latin America can not change firmware and than through KIES .. we can not use the "Multiloader" because we have the code "SUBSET [ON]" and if we have the code that the [ON] and flash our phone freeze only makes our telephone and so we are unable to use your tutorial.
You know any way to change the code first "SUBSET" to [ON] [OFF] and by doing so Latin American users can use "Multiloader" how many times we want.
I hope your answer and relied heavily on his wisdom!
Already many thanks! Greetings from Argentina!
Phone can be flash-locked - then bootloader will deny any attempt of flashing, though I can't promise I haven't ommited some malicious procedure allowing something like bootloader upgrade but refusing firmware upgrade and refusing bootloader downgrade, causing kinda brick.
Is it a rule that phone flashing is locked always when its [ON] SUBSET Lock?
I will try to look into it.
HandzUp! said:
Hi,
Thanks a lot for your job, you're my god
Here's my Hash: C7 2D C4 73 07 18 FA 2B 15 7E 29 07 3F BD 04 2E C7 4C 82 E6
Thanks
Click to expand...
Click to collapse
25957353
Please let me know if it works.
homelessghost said:
Thanks a lot, Rebellos!
Here it is my hash code (I only have the network lock):
01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47
Thanks again!
Click to expand...
Click to collapse
code not found
Sorry, I'm looking for other ways of unlocking too.
Works Perfectly, my Wave S8500 is now Unlocked, THANKS A LOT !
Rebellos said:
Phone can be flash-locked - then bootloader will deny any attempt of flashing, though I can't promise I haven't ommited some malicious procedure allowing something like bootloader upgrade but refusing firmware upgrade and refusing bootloader downgrade, causing kinda brick.
Is it a rule that phone flashing is locked always when its [ON] SUBSET Lock?
I will try to look into it.
Click to expand...
Click to collapse
Does that mean it's safe for me to flash bootloader and FOTA if my phone is only network-locked?
dixter said:
Does that mean it's safe for me to flash bootloader and FOTA if my phone is only network-locked?
Click to expand...
Click to collapse
I won't bet my hand for that it is in all cases. But I'm pretty certain it is.
Rebellos said:
I won't bet my hand for that it is in all cases. But I'm pretty certain it is.
Click to expand...
Click to collapse
OK, thanks. Presumably there is no way to obtain the hash without flashing? I suppose it should be fine since those who have already given you hashes must have flashed their network locked phones with no problems.
In "theory" there AT Commands and/or Dev Commands... in combination with WinComm to see result.
Theory because not my business and I have no locked device for tests.
Anyway.
It is ever interesting, how many ways exists to disable Security.
@ Rebellos
Maybe you can teach me how to copy/find "SIMSecure" area in JTAG dump.
Then I could check if my theory is bull.shi.t.
Thanx.
My hints NOT for public... only for my little brain.
Best Regards
Ok, thanks anyway
If we who possess a Wave in Latin America we have all the [ON]. The only problem is the SUBSET flash. If we have the SUBSET in [ON] the phone freezes (unnfreeze mode) after using Multiloader.
It would be good to try to change the way SUBSET to pass it to [OFF] and so test any firmware.
Thank you very much for your response. I hope you find some solution for us because we feel like slaves and prisoners of samsung and has forgotten us regarding updates and all you have to do with the Wave.
Thank you very much! Greetings from Argentina!
dixter said:
OK, thanks. Presumably there is no way to obtain the hash without flashing? I suppose it should be fine since those who have already given you hashes must have flashed their network locked phones with no problems.
Click to expand...
Click to collapse
The hash is generated from IMEI somehow. But I don't know how yet. I flashed my networklocked wave like hundreds of times with no problems. Even updated it from 1.2 to 2.0 while it was still netlocked.
@adfree:
These data are encrypted with SEED algorithm using key generated from oneNAND serial number. Are you able to obtain it?
@elkpojlb
It needs some work but can be done. Though I'm out of time for next few weeks.
Well no problem friend .. long time and we hope some solution so that we do not do anything but wait a bit! Thank you very much and I hope they can do!
Greetings friend!
Rebellos said:
The hash is generated from IMEI somehow. But I don't know how yet. I flashed my networklocked wave like hundreds of times with no problems. Even updated it from 1.2 to 2.0 while it was still netlocked.
@adfree:
These data are encrypted with SEED algorithm using key generated from oneNAND serial number. Are you able to obtain it?
@elkpojlb
It needs some work but can be done. Though I'm out of time for next few weeks.
Click to expand...
Click to collapse
Wow, that's news to me, I've never flashed because I heard it'd brick a locked phone. Now the noob question, which checkboxes should I tick in Multiloader for just flashing bootfiles and FOTA? Boot Change, Full Download or nothing at all? Or does it require one flash for bootfiles and another flash for FOTA? Sorry - the next post from me should contain a hash!
homelessghost said:
Thanks a lot, Rebellos!
Here it is my hash code (I only have the network lock):
01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47
Thanks again!
Click to expand...
Click to collapse
03935173 - say kudos to mijoma, he found my mistake in code founder.
dixter said:
Wow, that's news to me, I've never flashed because I heard it'd brick a locked phone. Now the noob question, which checkboxes should I tick in Multiloader for just flashing bootfiles and FOTA? Boot Change, Full Download or nothing at all? Or does it require one flash for bootfiles and another flash for FOTA? Sorry - the next post from me should contain a hash!
Click to expand...
Click to collapse
Boot Change, then select directory with bootfiles and file with FOTA. Try to find some tutorial before you do it.
Czesc to mój Hash
A9 67 68 7D DC DB 43 BD 77 18 97 CA FD 09 A4 2E 33 17 44 5E
marcin205 said:
Czesc to mój Hash
A9 67 68 7D DC DB 43 BD 77 18 97 CA FD 09 A4 2E 33 17 44 5E
Click to expand...
Click to collapse
93819157
Cheers

[Q] HELP! IMEI 0, NO SERVICE. (Reinjecting IMEI)

Hey I need some help reinjecting the IMEI to my Phone. I have a samsung galaxy s3 SHG-1747M w/ BELL.
I am going through this thread posted on XDA-DEV. [FIX/TOOL] Backup/Restore/Fix IMEI & Data Restore Tool v3.0 - Updated 11/01/2012!!!
So in the post there is a part where you have to type in the IMEI to the program in reverse. So This is where I need help.
Lets say my IMEI is "354420050240347" (Not the Real IMEI)
I would like to know how I should write it down. For example
8
3a
44
.....
The first box will always be an 8.
Example if your IMEI was: 954091051099226then the boxes would look like so:
8
9a
45
90
1
15
90
29
62
Click to expand...
Click to collapse
DaveenJay said:
Hey I need some help reinjecting the IMEI to my Phone. I have a samsung galaxy s3 SHG-1747M w/ BELL.
I am going through this thread posted on XDA-DEV. [FIX/TOOL] Backup/Restore/Fix IMEI & Data Restore Tool v3.0 - Updated 11/01/2012!!!
So in the post there is a part where you have to type in the IMEI to the program in reverse. So This is where I need help.
Lets say my IMEI is "354420050240347" (Not the Real IMEI)
I would like to know how I should write it down. For example
8
3a
44
.....
Click to expand...
Click to collapse
Preface the IMEI with "80a", so 80a354420050240347.
Now write out pairs of digits in reverse:
08 -> 8
3a
45
24
00 -> 0
05 -> 5
42
30
74
Follow?
Thank You
Thanks so Much! I really appreciate it.
smelenchuk said:
Preface the IMEI with "80a", so 80a354420050240347.
Now write out pairs of digits in reverse:
08 -> 8
3a
45
24
00 -> 0
05 -> 5
42
30
74
Follow?
Click to expand...
Click to collapse

[Q] SM-N7505 Help with Heimdall Root Ubuntu/Linux OS

Hello
I have a SIM unlocked Samsung Galaxy Note 3 Neo SM-N7505 here in Germany. I use Ubuntu OS and have installed Heimdall to do the root but unsure of how to repackage the data in the firmware .zip I got here
http://www.sammobile.com/firmwares/database/SM-N7505/DBT/
I extracted this but it seems that N7505XXUCNG5_N7505DBTCNG1_N7505XXUCNG2_HOME.tar.md5 is a Odin type of update.
Can someone point me to where I can find the Firmware below that I can use with Heimdall or help me convert the one I have?
UPDATE:
Read my reply below or above this one.
Firmware for GALAXY Note 3 Neo LTE SM-N7505
Model SM-N7505
Model name GALAXY Note 3 Neo LTE
Country Germany
Version Android 4.4.2
Product code DBT
PDA N7505XXUCNG5
CSC N7505DBTCNG1
Still await a helpful persons support...
I was able to Odin flash it , but I still am wanting a linux/unix way to admin my firmware or ROMs. Any help would be awsome.
Note 3 neo forum is here: https://forum.xda-developers.com/note-3-neo
Did you try flashing cfautoroot with Heimdall?
https://autoroot.chainfire.eu
Re: Still await a helpful persons support...
audit13 said:
Note 3 neo forum is here: https://forum.xda-developers.com/note-3-neo
Did you try flashing cfautoroot with Heimdall?
https://autoroot.chainfire.eu
Click to expand...
Click to collapse
I am not fully able to. Most of them will not work. I download it. I am able to hook up my phone all good ready to go. Can copy and make a PITT file of my phones drive layout. All systems go. As soon as I load the new ROM or Firmware to root the phone. I get a error that either the file is not compatable with Heimdall or I get this file is missing the Android Meta xml Heimdall needs for setting up the permissions and configurations.
It really gets me since I am pretty technical and write code i am at a loss why this file is always missing. Why fail to put a file in that is that important? Then you read on that and find 10,000 ways to write one. Alas not one are specific and if they are so easy to whip up one yourself why dont any of the 10,000 simply write one and spend their time teaching how to write hard scripts and code. Also not B*ching just really tired of the same old various types of info sprinkled with vauge and unclear steps or actual files to use as guides.
When I write a tutorial or a walkthrough its very clear. When I read most of the rooting or dealing with Heimdall and phones its like trying to locate that ring Frodo sought-after for so long.
I really appreciated that you responded. If you can maybe help me it would be great if I located a way to root my phone without a computer at all. I really think since everyone pretty much can root or unlock the damn things the phone would just have a option with a popup that you agree voids the warranty and poof its rooted...
lol
Thanks for taking time to message me!
:good:
Scott
Unfortunately, I do not use Linux so I am not sure what else to suggest other than possibly loading a temporary Windows installation onto your computer to flash cfautoroot via Odin.
Hi ScottsDesk
In the end, did you reach to root your phone from Ubuntu ? This is exactly what I want to do : when I've understood which will be the first way I'll choose to use a free'd phone, I want to walk this path with Linux. I can't understand why all the guys here being fans of free devices can even think to use Windows to gain control over their android : it is a shame (I must admit I'm a 0-skilled dev, so I can even allow myself to find strange there is so much Java therein Android ).
But ATM, I don't even know if I'll use CF-auto-root or if there exists a custom ROM that is running bug-free our device after days and days parsing this forum. The sad thing is I don't feel skilled enough to dig in the most serious solution (ChainFire's abandonned Unofficial CM12.1 for SN-M7505) to see if NFC is still really KO (ATM I have to remember some reported bugs have easy workarounds : lockscreen lag : disable Aquarell &/| wavelets effect and lowen swappiness from 130 to something around 50 (I'd try even far less, like on SSDs), and a delay in video recording sound : disable the "Google OK" thing).
I hope you'll read this
PS : it seem heimdall has what what we need (--no-reboot argument to follow what the guys say at some point to not reboot, instead remove battery).
I just gave try, just to see, but it fails and don't know what yet :
Code:
sudo heimdall print-pit --verbose
[sudo] password for me:
Heimdall v1.4.0
Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/
This software is provided free of charge. Copying and redistribution is
encouraged.
If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/
Initialising connection...
Detecting device...
length: 18
device class: 2
S/N: 0
VID:PID: 04E8:685D
bcdDevice: 021B
iMan:iProd:iSer: 1:2:0
nb confs: 1
interface[0].altsetting[0]: num endpoints = 1
Class.SubClass.Protocol: 02.02.01
endpoint[0].address: 83
max packet size: 0010
polling interval: 09
interface[1].altsetting[0]: num endpoints = 2
Class.SubClass.Protocol: 0A.00.00
endpoint[0].address: 81
max packet size: 0200
polling interval: 00
endpoint[1].address: 02
max packet size: 0200
polling interval: 00
Claiming interface...
Setting up interface...
libusbx: error [op_set_interface] setintf failed error -1 errno 71
ERROR: Setting up interface failed!
Releasing device interface...
Also, did you understand this strange advice ? : some advise to make a backup (boot.img above all) before we do anything else : but I booted the phone in recovery mode and I can't see nandroid backup option...

Categories

Resources