Database Info

[REF] How to unlock SGS 4G or Vibrant 4G (IMEI Problems fixed)[Updated 11-19-11]

PLEASE KEEP POSTS ON TOPIC.
This method works on my Vibrant 4G. Please email me if it doesn't work on your Vibrant 4G or SGS 4G.
PRO App also works on Vibrant 4G/SGS 4G for anyone who doesn't feel comfortable with a hex editor
Please note the same information used to develop the app is in the guide for free... the app just makes it easier
ALL METHODS FOR NEWER PHONES REQUIRE ROOT... PLEASE GO GET ROOT ON YOUR PHONE AND THEN COME BACK.
Oh and BTW... I cannot be held responsible for anything that happens to your phone.... EVER!
Before you start... if you don't have root you WILL need it.
tooter1 reports an alternate method. Please tell me if this works for you.
BTW please note the importance of a BACKUP!!!!
tooter1 said:
My UPDATE:
I did just like the OP stated and, it messed up my IMEI number. Glad I had a backup of the file.
So I went back into the HEX editor (I used HxD editor) and looked where I did the the change and noticed to the right side there were a series of numbers that started at row 41460 and ended on row 41470.
It was an 8 digit series started with 75 ending in 13, something like this 75382313. I was sure it had something to do with the unlock code but, didn't have a different SIM to check.
I sold the phone and, the guy said he had to get it unlocked so he could use it with O2 network (I think).
I text him later that day to ask if he got the phone unlocked, he said no, the place wanted $45 to SIM unlock it.
I told him to try the number listed above and it "SIM UNLOCKED" the phone. He called me back and thanked me many times for saving him $45.
Hope this helps someone else and not mess with the IMEI number!!!!
Click to expand...
Click to collapse
IMEI Restore Method
All you need to do is restore your backup nv_data.bin and delete the md5. Even the unlocked file will work as long as you delete the .md5
Code:
su
cp /sdcard/nv_data.bin /efs/root/afs/settings/nv_data.bin
rm /efs/root/afs/settings/nv_data.bin.md5
Step 1. - Retrieve nv_data.bin file
Check locks... go to phone and enter *#7465625#
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/root/afs/settings/nv_data.bin >> /sdcard/nv_data.bin
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x1469
you should see a string like this
ff ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF bytes should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
save and close file
unmount SD Card
Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR NV_DATA.BIN FILE BEFORE YOU CONTINUE!!!!!
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/root/afs/settings/nv_data.bin
cat /sdcard/nv_data.bin >> /efs/root/afs/settings/nv_data.bin
rm /efs/root/afs/settings/nv_data.bin.md5
chmod 755 /efs/root/afs/settings/nv_data.bin
chown radio.radio /efs/root/afs/settings/nv_data.bin || chown 1001.1001 /efs/root/afs/settings/nv_data.bin
reboot
your phone is now unlocked... enjoy
[OPTIONAL] Use the PRO app [OPTIONAL]
Please note that this step is ONLY here for people that are not comfortable using a Hex editor.
Search "Vibrant unlock" in the market or scan the QR code:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Install and run app
press menu
press Unlock Phone
Select phone
allow root
at this point if you get an error code make SURE you mount your internal SD card on your computer and backup the nv_data.bin.orig file that is there.
press unlock
restart and your phone is now unlocked
to lock your phone for warranty
press lock instead of unlock
restart your phone, remove root, and take your phone in for warranty
To restore your IMEI try this.....
Code:
su
rm /efs/root/afs/settings/nv_data.bin
busybox cp /sdcard/nv_data.bin.orig /efs/root/afs/settings/
rm /efs/root/afs/settings/nv_data.bin.md5
chmod 755 /efs/root/afs/settings/nv_data.bin
chown radio.radio /efs/root/afs/settings/nv_data.bin || chown 1001.1001 /efs/root/afs/settings/nv_data.bin
reboot
LEGAL NOTES (because information should be free for all):
YOU MAY NOT, BY ANY MEANS, USE THIS SOLUTION/CODE OR PART OF IT FOR COMMERCIAL PURPOSES.
DO NOT USE THIS EXTRACTION METHOD COMMERCIALLY
PLEASE give credit (and donations if you can) to everyone listed on the original thread here
For those of you that have donated THANKS! (You know who you are...)

dagentooboy said:
This method works on my Vibrant 4G. Please email me if it doesn't work on your Vibrant 4G or SGS 4G.
NEW - PRO app should unlock any version of SGS for $5
Please note the same information used to develop the app is in the guide for free... the app just makes it easier
ALL METHODS FOR NEWER PHONES REQUIRE ROOT... PLEASE GO GET ROOT ON YOUR PHONE AND THEN COME BACK.
Oh and BTW... I cannot be held responsible for anything that happens to your phone.... EVER!
Before you start... if you don't have root you WILL need it.
Step 1. – Download PRO app (optional)
Check locks... go to phone and enter *#7465625#
Search "Vibrant unlock pro" in the market or scan the QR code:
Install and run app
press menu
press Unlock Phone
Select Phone
allow root
at this point if you get an error code make SURE you mount your internal SD card on your computer and backup the nv_data.bin.orig file that is there.
press unlock
restart and your phone is now unlocked
to lock your phone for warranty
press lock instead of unlock
restart your phone, remove root, and take your phone in for warranty
Step 2. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/root/afs/settings/nv_data.bin >> /sdcard/nv_data.bin
Step 3. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x1469
you should see a string like this
ff ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF bytes should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
save and close file
unmount SD Card
Step 4. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR NV_DATA.BIN FILE BEFORE YOU CONTINUE!!!!!
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/root/afs/settings/nv_data.bin
cat /sdcard/nv_data.bin >> /efs/root/afs/settings/nv_data.bin
chmod 755 /efs/root/afs/settings/nv_data.bin
chown radio.radio /efs/root/afs/settings/nv_data.bin || chown 1001.1001 /efs/root/afs/settings/nv_data.bin
reboot
your phone is now unlocked... enjoy
LEGAL NOTES (because information should be free for all):
YOU MAY NOT, BY ANY MEANS, USE THIS SOLUTION/CODE OR PART OF IT FOR COMMERCIAL PURPOSES.
DO NOT USE THIS EXTRACTION METHOD COMMERCIALLY
PLEASE give credit (and donations if you can) to everyone listed on the original thread here
For those of you that have donated THANKS! (You know who you are... you paid for my developer account so I could post the app)
Click to expand...
Click to collapse
It said it worked when I ran the program but I have no way of knowing because I don't have a ATT sim to check. I thought unlock required to enter in a 8 digit number? Never mind. It works. Just put in a chip and it recognized the number in about phone. It was boost mobile though so i could not call. Should work fine ATT takes over Tmobile.

^ Did you unlock this will running CM7? Can you do me a favor and check to see if your IMEI changed at all?
Menu->Settings->About Phone->Status->IMEI
Thanks.

matt310 said:
^ Did you unlock this will running CM7? Can you do me a favor and check to see if your IMEI changed at all?
Menu->Settings->About Phone->Status->IMEI
Thanks.
Click to expand...
Click to collapse
I haven't seen anything about CM7 on the Vibrant 4G..... I will search and see if I can test it.

Can anyone confirm if this device supports At&t 3g after being unlocked like the vibrant does? I know out didn't list the bands but neither did the vibrant...
That would future proof this device for tmo customers as far as hspa is concerned.

I love how all the orig credits were removed. Gotta love open source thieves

There is another thread about unlocking the sgs4g. It was free just get hex editor trial. Thats what I did. My phone is unlocked.

There is a thread where you can offer a paid software . Please post there.
http://forum.xda-developers.com/forumdisplay.php?f=993.
Thread closed.

Thread re-open since the OP will release a free version for xda members.

Thread has been re-written to conform to forum rules. All credits are still listed in the linked thread.
I want to make sure it is clear. ALL the information used to make the app is in the guide. If you are comfortable with a hex editor please use the guide. Let's keep this thread for questions about unlocking the Vibrant/SGS 4G.

The code doesn't work. Says invalid mmi code.

Serious_Beans said:
The code doesn't work. Says invalid mmi code.
Click to expand...
Click to collapse
What code? I am not sure what you are talking about.

I got the pro version from the market. Works
Sent from my SGH-T959V using XDA Premium App

I followed the guide about two weeks ago to unlock my father in law's SGS4G which he had just bought used. He was able to put his AT&T SIM in and it recognized it and worked flawlessly on AT&T 3G.
Only issue he had was with the GPS, he wasn't happen with how long it took to lock via GPS only, and location based services helped but he said the dot moved off the make... TL;DR but he was happen with it being unlocked and working great on AT&T.

joedeveloper said:
I followed the guide about two weeks ago to unlock my father in law's SGS4G which he had just bought used. He was able to put his AT&T SIM in and it recognized it and worked flawlessly on AT&T 3G.
Only issue he had was with the GPS, he wasn't happen with how long it took to lock via GPS only, and location based services helped but he said the dot moved off the make... TL;DR but he was happen with it being unlocked and working great on AT&T.
Click to expand...
Click to collapse
I am not sure what could cause GPS problems. Except that Samsung Galaxy S phones have been plagued with GPS problems since day one. Let me know if you figure out a fix.

I unlocked mine just yesterday anf gps actually locked pretty fast playing with maps and nav
Sent from my SGH-T959V using XDA Premium App

elry567 said:
I unlocked mine just yesterday anf gps actually locked pretty fast playing with maps and nav
Sent from my SGH-T959V using XDA Premium App
Click to expand...
Click to collapse
Maybe KD1 has some GPS fixes in it? Mine seems to work fine too.

I remember with my old Vibrant, I had an issue trying to unlock where the IMEI number changed and it messed up the available apps in the market. Will the unlock app jack with that?

chris071404 said:
I remember with my old Vibrant, I had an issue trying to unlock where the IMEI number changed and it messed up the available apps in the market. Will the unlock app jack with that?
Click to expand...
Click to collapse
So far I haven't heard of anyone having that problem... if something does happen... well that's why we make backups

awesomeness...
so simple...
just followed every step closely and now i have network lock off phone...
thanks alot...

Unlock Code Found Infuse 4G **Root Required**

***** IMPORTANT ROOT IS REQUIRED BEFORE PROCEEDING *****
TO ROOT YOUR INFUSE 4G GO THE FOLLOWING LINK AFTER ROOTING PROCEED BELOW
http://forum.xda-developers.com/showthread.php?t=803682
***** ALSO PLEASE READ CAREFULLY BEFORE ACTUALLY APPLYING STEPS *****
All right ladies and gentlemen, coders and non coders again I have personally found the unlock code NOT THE FREEZE CODE only the unlock code for your Samsung Infuse 4G by ATT hidden in the same files as previous Samsung phones.
This procedure is similar to finding the unlock code for the Vibrant 4G for those that have performed my steps in the past it should be a no brainer but if not please once again read everything carefully its not hard but just takes patience Of-course this all depends on your dedication and time but hopefully I have simplified it for you.
Steps:
1. Install "010 Hex editor" you can use trial does not have to be registered
2. Go to your Infuse 4G and open a terminal emulator (free on the Market) - (Root Required)
The following steps are credit to SS2006 on a different post
*** Dont forget the (su) command *** after the second line
_____
after opening a terminal emulator type the following
cd /dev/block <enter>
su <enter> <at this point your phone will ask for superuser access ALLOW it if you already haven't done so>
dd if=/dev/block/bml3 of=/sdcard/external_sd/bml3.bak <enter>
note: if you dont have an external SD CARD type the following
dd if=/dev/block/bml3 of=/sdcard/bml3.bak
Go find the file on your SD Card or Internal Storage depending on your situation and transfer it to your computer
3. Open 010 Hex Editor
4. In 010 Hex Editor go to the Menus above and select VIEW>LINEFEEDS>SELECT CUSTOM>SET YOUR BYTES TO "32" Nothing Less
5. Locate the bml3.bak file you created and transfered to your computer and open it using the editor
(CREDIT TO FR0Z3N FOR CLARIFYING THE FOLLOWING 2 STEPS)
6. Using your keyboard select CRTL+F to search for a hex string, when the search window pops up select "Hex byte" in the Type field and then search for the following string below:
"FFFFFFFFFF0100000000" ALL TOGETHER, Then Hit the FIND ALL button to the right, some of you will get many results and others up to 10 results on your screen below
7. If you look at your Hex editor there are 3 window panes on the selected line (See Image Below)
e.g 4CCC60h <-- Offset
01 01 01 01 < -- Hex Keys
yyyyyyyyy <- ASCII text where your code is
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
8. Go through each result from the above search and you will see on the 3rd window pane (as shown on pic above) after the hex keys there is an 8 DIGIT CODE (Write this code Down) this is your unlock code NCK for your phone
Sidenote: SCAN THROUGH EACH RESULT AND YOU WILL SEE THAT IN YOUR RESULTS SOME OF YOU MAY GET UP TO 3 DIFFERENT 8 DIGIT CODES WRITE THEM ALL DOWN NORMALLY THE 8 DIGIT CODE THAT APPEARS THE MOST WILL BE THE ONE THAT UNLOCKS YOUR PHONE THE OTHER CODES MAY BE YOUR FREEZE CODE BUT I HAVE NOT TESTED THIS YET THIS 8 DIG CODE SHOULD SHOW ON AT-LEAST ONE MORE RESULT CHECK ALL YOUR RESULTS FROM THE SEARCH ABOVE( SOME OF YOU WILL HAVE YOUR CODE SHOWN AT-LEAST 2 TIMES AND SOME OF YOU WILL HAVE THE CODE SHOW MORE THAN 4 TIMES) YOUR RESULTS MAY VARY EVEN UP TO 39 RESULTS AGAIN SCAN THROUGH ALL RESULTS
**** TO INPUT THE UNLOCK NETWORK CODE DO THE FOLLOWING ****
9. Turn off your phone
10. Insert a foreign SIM card not attached to your current provider (e.g if you have ATT use a TMOBILE SIM CARD) and turn on your phone
11. You will be prompted to enter a Network Unlock Control Key ( Use the code above that you wrote down and type it in your phone exactly)
12. After entering your NCK please hit Unlock or GO button and you should see a screen that says "network unlock successful" and your phone should go in the main screen after your phone has been unlocked.
THATS IT FOLKS HAVE FUN
PS> If you entered an incorrect code you must of entered the wrong code or wrote it down wrong please read carefully and verify the code matches the results from above in at-least more than one instance
SHOULD ANYONE NEED HELP PM ME AND I WILL BE GLAD TO HELP
personally my INFUSE 4G has been rooted from day 1 and wi-fi tethering enabled and now it has been Unlocked

10. Insert a foreign SIM card not attached to your current provider (e.g if you have
Where can I go to get this SIM card?
Regards,
Jim Jep

JimJep said:
Where can I go to get this SIM card?
Regards,
Jim Jep
Click to expand...
Click to collapse
You can go out and buy any SIM card not attached to your phone example buy a prepaid SIM like SIMPLE MOBILE / TMOBILE etc.. put in any sim card that is not your carriers basically it does not have to be an International SIM if that's what your thinking
Hope this helps

This one works and is much easier.
Also no root required (it does root the phone temporary but returns it to stock without you having to do anything).
Click me.

Papi4baby said:
This one works and is much easier.
Also no root required (it does root the phone temporary but returns it to stock without you having to do anything).
Click me.
Click to expand...
Click to collapse
If you read through the posts of the link you posted no all get the code some get NULL some get nothing in this instance you actually see the code you are risking in changing file on your phone and possibly bricking your phone. My method is a simple file where your code is hidden.
To each his own, various methods I tried that link before I did mine and did not work so I tried my own method and what would you know It worked
Thanks again though for showing the options
Note: Please post your results thanks

Thankz Sanfranx415, your unlock instruction worked perfect for me. One thing i have noticed, Terminal Emulator didnt like back space, so be accurate with those commands, other than that yours is perfect. Thankz again.

Hi there.
Thanks for such a great and helpful post.I have a couple questions...what is the freeze code and what is the difference between this code and the freeze.
Once again thank you.

sweet, this works on this model as well
going to be unlocking mine right now

The freeze code is the code you would use if you tried too many times to unlock your phone
Sent from my SAMSUNG-SGH-I997 using XDA Premium App

fr0z3n said:
sweet, this works on this model as well
going to be unlocking mine right now
Click to expand...
Click to collapse
Go for it, as always I credit where credit is due thank you
Sent from my SAMSUNG-SGH-I997 using XDA Premium App

NGOPHUSAI said:
Thankz Sanfranx415, your unlock instruction worked perfect for me. One thing i have noticed, Terminal Emulator didnt like back space, so be accurate with those commands, other than that yours is perfect. Thankz again.
Click to expand...
Click to collapse
Yes terminal emulator can be sensitive but i'm glad your unlock was sucessful
Sent from my SAMSUNG-SGH-I997 using XDA Premium App

Re unlock code
Many thanks excellent hack I got there in the end without to many problems, just a quick comment it did return 4 codes 3 all the same 1 different however it was the single code that worked not the 3 the same! however for the faint of heart you do get 10 attempts again many thanks to all who contributed to this hack

Please see my reply in thread thanks man a great job and a great hack

Worked like a charm
Thanks for your tutorial. This worked like a charm.
I had three entries come up and they all had the same code. Verified on a T-mobile Sim.
First time the codedid not work the second time it went in. I must of fat fingered the first try

paul1994 said:
Thanks for your tutorial. This worked like a charm.
I had three entries come up and they all had the same code. Verified on a T-mobile Sim.
First time the codedid not work the second time it went in. I must of fat fingered the first try
Click to expand...
Click to collapse
Your welcome glad to help
Sent from my LG-P999 using XDA Premium App

I had only one code come up, and it worked perfectly.
I used my old T-Mobile SIM.
Thanks for the tutorial.
GREAT HACK!

Confirmation, it works thanks as much as useful this unlock

sanfranx415 said:
***** IMPORTANT ROOT IS REQUIRED BEFORE PROCEEDING *****
TO ROOT YOUR INFUSE 4G GO THE FOLLOWING LINK AFTER ROOTING PROCEED BELOW
http://forum.xda-developers.com/showthread.php?t=803682
***** ALSO PLEASE READ CAREFULLY BEFORE ACTUALLY APPLYING STEPS *****
All right ladies and gentlemen, coders and non coders again I have personally found the unlock code NOT THE FREEZE CODE only the unlock code for your Samsung Infuse 4G by ATT hidden in the same files as previous Samsung phones.
This procedure is similar to finding the unlock code for the Vibrant 4G for those that have performed my steps in the past it should be a no brainer but if not please once again read everything carefully its not hard but just takes patience Of-course this all depends on your dedication and time but hopefully I have simplified it for you.
Steps:
1. Install "010 Hex editor" you can use trial does not have to be registered
2. Go to your Infuse 4G and open a terminal emulator (free on the Market) - (Root Required)
The following steps are credit to SS2006 on a different post
*** Dont forget the (su) command *** after the second line
_____
after opening a terminal emulator type the following
cd /dev/block <enter>
su <enter> <at this point your phone will ask for superuser access ALLOW it if you already haven't done so>
dd if=/dev/block/bml3 of=/sdcard/external_sd/bml3.bak <enter>
note: if you dont have an external SD CARD type the following
dd if=/dev/block/bml3 of=/sdcard/bml3.bak
Go find the file on your SD Card or Internal Storage depending on your situation and transfer it to your computer
3. Open 010 Hex Editor
4. In 010 Hex Editor go to the Menus above and select VIEW>LINEFEEDS>SELECT CUSTOM>SET YOUR BYTES TO "32" Nothing Less
5. Locate the bml3.bak file you created and transfered to your computer and open it using the editor
(CREDIT TO FR0Z3N FOR CLARIFYING THE FOLLOWING 2 STEPS)
6. Using your keyboard select CRTL+F to search for a hex string, when the search window pops up select "Hex byte" in the Type field and then search for the following string below:
"FFFFFFFFFF0100000000" ALL TOGETHER, Then Hit the FIND ALL button to the right, some of you will get many results and others up to 10 results on your screen below
7. If you look at your Hex editor there are 3 window panes on the selected line (See Image Below)
e.g 4CCC60h <-- Offset
01 01 01 01 < -- Hex Keys
yyyyyyyyy <- ASCII text where your code is
8. Go through each result from the above search and you will see on the 3rd window pane (as shown on pic above) after the hex keys there is an 8 DIGIT CODE (Write this code Down) this is your unlock code NCK for your phone
Sidenote: SCAN THROUGH EACH RESULT AND YOU WILL SEE THAT IN YOUR RESULTS SOME OF YOU MAY GET UP TO 3 DIFFERENT 8 DIGIT CODES WRITE THEM ALL DOWN NORMALLY THE 8 DIGIT CODE THAT APPEARS THE MOST WILL BE THE ONE THAT UNLOCKS YOUR PHONE THE OTHER CODES MAY BE YOUR FREEZE CODE BUT I HAVE NOT TESTED THIS YET THIS 8 DIG CODE SHOULD SHOW ON AT-LEAST ONE MORE RESULT CHECK ALL YOUR RESULTS FROM THE SEARCH ABOVE( SOME OF YOU WILL HAVE YOUR CODE SHOWN AT-LEAST 2 TIMES AND SOME OF YOU WILL HAVE THE CODE SHOW MORE THAN 4 TIMES) YOUR RESULTS MAY VARY EVEN UP TO 39 RESULTS AGAIN SCAN THROUGH ALL RESULTS
**** TO INPUT THE UNLOCK NETWORK CODE DO THE FOLLOWING ****
9. Turn off your phone
10. Insert a foreign SIM card not attached to your current provider (e.g if you have ATT use a TMOBILE SIM CARD) and turn on your phone
11. You will be prompted to enter a Network Unlock Control Key ( Use the code above that you wrote down and type it in your phone exactly)
12. After entering your NCK please hit Unlock or GO button and you should see a screen that says "network unlock successful" and your phone should go in the main screen after your phone has been unlocked.
THATS IT FOLKS HAVE FUN
PS> If you entered an incorrect code you must of entered the wrong code or wrote it down wrong please read carefully and verify the code matches the results from above in at-least more than one instance
SHOULD ANYONE NEED HELP PM ME AND I WILL BE GLAD TO HELP
personally my INFUSE 4G has been rooted from day 1 and wi-fi tethering enabled and now it has been Unlocked
Click to expand...
Click to collapse
Thanks. OMG. I did not think that this would work or that I could get 010 Hex Editor to work for me, but, all of you, just take a breath, read carefully, and it works. I just unlocked my Infuse and T-Mobile and Airtel (India) sim cards are both working. I turned off and on my phone multiple times, and low and behold, it still works. Amazing. Thanks for all your work. I will definately donate.

Worked like charm here. I just went into tmobile and they gave me a sim. just finished with an unlock successful. The reason I want it unlocked was to have free tethering (coming from an unlocked streak) but after the unlock when I go to settings it still says must have a plan or whatever at&t crap it says? Can anyone confirm that once unlocked you can tether and hotspots for free under at&t?
Thanks
Sent from my A500 using XDA Premium App

I just wanted to share if you unlocked and are on stock and try to tether or use hotspot and get the verifying crap or you need a plan message you need to disable the system apk tethering manager is the name I believe. To do so you need to be rooted.
1.be rooted
2. Use root explorer to navigate to /system/app and search for tether manager I can't remember exactly but if you go to the T's its the only .apk with tether in the name.
3. Make sure you mount as r/w
4.long press on the target .apk and select rename
5. Rename to "tether whatever.bak" so just replace the extension .apk to .bak. Select ok and your done
Now you can tether and hotspot for free, enjoy
Note: if unlocked on running infused rom the tethering.apk has already been removed
Sent from my infused machine

[tutorial] change your mid to wwe version

This is a short tutorial on how to change you mid on your htc one mini. Make sure your bootloader is unlocked you are rooted and have s-off with super cid! This is the config that is know working for the mod. After the change you can lock everything back up if you want.
1. Boot up your phone and connect to pc with usb debugging turned on.
2. Open up command prompt or terminal and "adb shell" and then type "su"
3. Dd if=/dev/block/mmcblk0p6 of=/sdcard/mid.img
4.exit shell
5.adb pull /sdcard/mid.img
6.open up mid.img in hex editor and search for this value 50 00 4f 00 35 00 38 you will see (in the text side of the editor) either p.o.5.8.2.2.0.0.0 or p.o.5.8.2.0.0.0.0 if it reads p.o.5.8.2.2.0.0.0 its an att model and you want to simply overwrite the last 2 with a 0. Use f3 or whatever button to find the value again and change that 2 to a 0 in all places in the file. 2 or 3 times if i remember correctly. (this does work and it is fully tested by me) make sure you have the editor overwriting not inserting!! And only change what ive told you!!
7.then save and push the file back to sdcard
8.run this command dd if=/sdcard/mid.img of=/dev/block/mmcblk0p6
9.adb reboot bootloader
10.finally fastboot getvar all....and youll see your mid has been successfully changed. Ota updates will now work on stock rom.

[Q&A] Running Ubuntu natively on the Shield Tablet

Q&A for Running Ubuntu natively on the Shield Tablet
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for Running Ubuntu natively on the Shield Tablet. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!

It's amazing
Wow, it is really great that we will be able to run Ubuntu on the Shield!!
As of now, how would you describe the performance of it? Is it laggy or running smoothly? Also, do I understand correctly from your fist post that wifi is not working? Is there other functions not working?

dual boot
Also, as someone managed to get an android /ubuntu dual boot?

Teve1982 said:
Wow, it is really great that we will be able to run Ubuntu on the Shield!!
As of now, how would you describe the performance of it? Is it laggy or running smoothly? Also, do I understand correctly from your fist post that wifi is not working? Is there other functions not working?
Click to expand...
Click to collapse
it works well enough, I don't have anything to compare it to but it's not slow or anything
WiFi and Bluetooth work now. Touchscreen doesn't work, and I don't know yet if it ever will on Linux. Touchscreen works too!
Teve1982 said:
Also, as someone managed to get an android /ubuntu dual boot?
Click to expand...
Click to collapse
it's already dual boot, Linux stays in its own directory on the userdata partition

miscellaneous info
Hi guys, I'm totally noob with linux and ubuntu so my question may be stupid:
How Can I dualboot lollipop and ubuntu on the shield tablet?
If I use the img linked here what is the command that I must use to flash on tablet? I need only that file or I need something else?
I saw that the image kernel file is updated frequently to implement new feature, how can I upgrade to a new version?
Thanks a lot and be patient with me
Polve72

Interest is peaked.
Sent from Bad Azz VZW LG G3 Cyan Tapatalk

Unable to complete boot
Hey guys,
so i followed the instructions to the letter, or at least i think so.
1. downloaded the latest boot image. new_boot(94)
2. downloaded , unpacked and repacked the files from nvidia as explained
3. transferred repacked bz2 file to device, unpacked in /data/linux/
4. booted using fastboot command with command extra command line arguement.
given that i add the extra command line argument, then ubuntu seems to boot fine, but it stops after a while with the last report being :
"enable autosuspend for nvidia bruce"
nothing seems to be happening after that...
i have tried the two previous boot images also, but the same thing happens... any ideas?

Ubuntu issues
Hey,
I tried following the directions on the post. I got the device rooted and unlocked the bootloader, cwm is installed, busybox is installed, and root checker says I am rooted. I also followed the directions and have the root file system moved across into /data. When I use fastboot to load the image, I get a kernel panic. Things are scrolling pretty quickly but it looks like the busybox operations that are trying to mount certain areas keep failing saying no such file or directory. It almost seems like from the bootloader, it can't see /data, however I am able to mount it via cwm and see the files are there via adb. One of the error messages I got on the boot was that "mount /dev/mmcblk0p24 on /data failed invalid argument". Would you have any idea what I might be missing here. One thing I did notice while following the directions was that sudo ./apply_binaries.sh did not seem to do anything, it just displays the usage info like it was expecting different arguments.
Any suggestions you have for me would be much appreciated.
Thanks.

polve72 said:
Hi guys, I'm totally noob with linux and ubuntu so my question may be stupid:
How Can I dualboot lollipop and ubuntu on the shield tablet?
If I use the img linked here what is the command that I must use to flash on tablet? I need only that file or I need something else?
I saw that the image kernel file is updated frequently to implement new feature, how can I upgrade to a new version?
Thanks a lot and be patient with me
Polve72
Click to expand...
Click to collapse
At the moment, I honestly can't recommend trying this if you have no Linux experience, it's still WIP (for example, the touchscreen and Bluetooth won't work without additional configuration), and this is still ARM so most closed-source software (such as most games) still won't work (at least not at acceptable performance levels). But, if you still want to try, you need to follow the instructions from the post that contains the boot.img downloads (mainly the rootfs part). At the moment there's no real solution for dual-booting, but it's possible to flash the boot.img to the recovery partition (after which, booting the recovery will go to Linux instead). Good luck!
dud3rin0 said:
Hey guys,
so i followed the instructions to the letter, or at least i think so.
1. downloaded the latest boot image. new_boot(94)
2. downloaded , unpacked and repacked the files from nvidia as explained
3. transferred repacked bz2 file to device, unpacked in /data/linux/
4. booted using fastboot command with command extra command line arguement.
given that i add the extra command line argument, then ubuntu seems to boot fine, but it stops after a while with the last report being :
"enable autosuspend for nvidia bruce"
nothing seems to be happening after that...
i have tried the two previous boot images also, but the same thing happens... any ideas?
Click to expand...
Click to collapse
Can you please post a picture of the screen when it gets stuck? (the bruce message usually appears after the rootfs is mounted, so since it doesn't continue, that probably failed). apply-binaries.sh should work fine, if it didn't run I think it would still boot, but there will be no GPU acceleration for sure (and maybe no X11 at all).
jfsir said:
Hey,
I tried following the directions on the post. I got the device rooted and unlocked the bootloader, cwm is installed, busybox is installed, and root checker says I am rooted. I also followed the directions and have the root file system moved across into /data. When I use fastboot to load the image, I get a kernel panic. Things are scrolling pretty quickly but it looks like the busybox operations that are trying to mount certain areas keep failing saying no such file or directory. It almost seems like from the bootloader, it can't see /data, however I am able to mount it via cwm and see the files are there via adb. One of the error messages I got on the boot was that "mount /dev/mmcblk0p24 on /data failed invalid argument". Would you have any idea what I might be missing here. One thing I did notice while following the directions was that sudo ./apply_binaries.sh did not seem to do anything, it just displays the usage info like it was expecting different arguments.
Any suggestions you have for me would be much appreciated.
Thanks.
Click to expand...
Click to collapse
It's possible that your internal memory isn't recognized by the kernel. I'll send you a PM later today with a custom kernel so that we can start debugging this, I've had this issue before but I'm pretty sure I fixed it early on.

@Bogdacutu
I think you'll right. I'll wait a better and more user friendly approach.
Polve72

Thanks. Any help is much appreciated.

Thank you
@Bogdacutu Thank you very much for this!!!! buntu runs fairly smooth on my Tablet. But how will you get x86 software run on ARM? I thought there is no way.
Best Regards

aarr_ee said:
@Bogdacutu Thank you very much for this!!!! buntu runs fairly smooth on my Tablet. But how will you get x86 software run on ARM? I thought there is no way.
Best Regards
Click to expand...
Click to collapse
qemu can run in userspace (so it can run x86 software relatively seamlessly without a full VM), but x86 apps can't load ARM libraries, so x86 apps don't have direct rendering (which slows them down even more than they are already)

Portable
Is there any way to make this possible for the Shield Portable?

Great project,
Are you able to play any linux games with decent fps? I ask because ive found following video:
https://www.youtube.com/watch?v=hRBPeNzE558

thewolf16 said:
Great project,
Are you able to play any linux games with decent fps? I ask because ive found following video:
https://www.youtube.com/watch?v=hRBPeNzE558
Click to expand...
Click to collapse
Pretty much any game compiled for ARM will work, so Steam games won't work without QEMU (and so far I haven't been able to get Steam to actually start properly), which would mean some performance loss.

Thank you for your answer
Will this work with your build?:
https://www.youtube.com/watch?v=uVknjU7eGbI
https://www.youtube.com/watch?v=4GUP27TJ5w4
This would be much faster than qemu.
EDIT: And can you run the 2D adventure game "Edna & Harvey: The breakout". Its an windows game but because its made in java you can run it natively on linux with the java-installer:
java -jar ednaunpack.jar
Click to expand...
Click to collapse

thewolf16 said:
Thank you for your answer
Will this work with your build?:
https://www.youtube.com/watch?v=uVknjU7eGbI
https://www.youtube.com/watch?v=4GUP27TJ5w4
This would be much faster than qemu.
Click to expand...
Click to collapse
Probably. I'm not planning to pay for that anytime soon as I really dislike their licensing scheme, so I can't know for sure if it works or not.
EDIT: decided to buy it, apparently they don't give you the license automatically, so I might have to wait a day or so until I get it

Not Enabled Bluetooth...
Hi,
I have the SHIELD TABLET 16GB Wi-Fi model and succeeded to run Ubuntu with new_boot(123).img!
Recently, I try to the bluetooth configuration to use bluetooth keyboard. However I cannot enable bluetooth.
To enable bluetooth, I do the following commands on terminal.
Code:
sudo aptitude install bluetooth bluez-hcidump bluewho bluez-tools blueman
git clone https://code.google.com/p/broadcom-bluetooth/
cd broadcom-bluetooth
make brcm_patchram_plus
sudo cp brcm_patchram_plus /usr/local/bin
sudo brcm_patchram_plus -d --patchram /system/etc/firmware/bcm43241.hcd --baudrate 3000000 --enable_lpm --enable_hci --use_baudrate_for_download --no2bytes --tosleep 1000 /dev/ttyTHS2
After brcm_patchram_plus, these message is shown.
Code:
option patchram with arg /system/etc/firmware/bcm43241.hcd
option baudrate with arg 3000000
option enable_lpm
option enable_hci
option use_baudrate_for_download
option no2bytes
option tosleep with arg 1000
/dev/ttyTHS2
writing
01 03 0c 00
writing
01 03 0c 00
(...looping)
The last 2 lines are looping until do Ctrl-C on terminal.
So I try to change the bluetooth setting from "OFF" to "ON" on the Unity's System Setting Panel.
After that, I retry the brcm_patchram_plus command and its output message is changed as bellow.
Code:
...
writing
01 18 fc 06 00 00 c0 c6 2d 00
received 7
04 0e 04 01 18 fc 00
Done setting baudrate
writing
01 27 fc 0c 01 01 01 01 01 01 01 00 00 00 00 00
received 7
04 0e 04 01 27 fc 00
Done setting line discpline
the brcm_patchram_plus doesn't finish until Ctrl-C. In this state, I can open the "Bluetooth New Device Setup" Panel.
However, I cannot find any bluetooth devices...(attatched picture) So I open the other terminal and type some commands.
Code:
$ hciconfig -a
hci0: Type: BR/EDR Bus: UART
BD Address: 43:24:1B:00:00:00 ACL MTU: 1021:8 SCO MTU: 64:1
DOWN
RX bytes:642 acl:0 sco:0 events:36 errors:0
TX bytes:983 acl:0 sco:0 commands:38 errors:0
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
Packet type: Dm1 DM3 Dm5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH SNIFF
Link mode: SLAVE ACCEPT
$ hcitool dev
Devices:
$ rfkill list
0: bluedroid_pm: Bluetooth
Soft blocked: yes
Hard blocked: no
1: phy0 Wreless LAN
Soft blocked: no
Hard blocked: no
2: brcmfmac-wifi: Wireless LAN
Soft blocked: no
Hard blocked: no
4: hci0: Bluetooth
Soft blocked: yes
Hard blocked: no
$ rfkill unblock all
$ rfkill list
0: bluedroid_pm: Bluetooth
Soft blocked: no
Hard blocked: no
1: phy0 Wreless LAN
Soft blocked: no
Hard blocked: no
2: brcmfmac-wifi: Wireless LAN
Soft blocked: no
Hard blocked: no
4: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
$ hcitool scan
Device si no available: No such device
Please give me any advices!
Thanks,

How to make a keyboard and mouse work on it?
Thanks

[GUIDE] Automatic dual sim switching on latest official OTA

TL;DR:
You need root.
Shell command with root privileges to toggle sim programatically:
Code:
service call phone 162 i32 x i32 y
Where x is 0 for SIM1 and 1 for SIM2, and y is 0 to disable and 1 to enable.
For example:
Code:
service call phone 162 i32 1 i32 0
will disable SIM2 and
Code:
service call phone 162 i32 1 i32 1
will enable it.
Longer version, and how to find the magic "162" number:
You need:
1. vdexExtractor
2. jadx
Step by step:
1. Pull /system/framework/arm64/boot-framework.vdex
2. extract it with vdexExtractor, you should get some dex classfiles.
3. Open them with jadx and find the one that contains com.android.internal.telephony.ITelephony
4. Navigate to the class with jadx and locate the value of TRANSACTION_setSimPowerStateForSlot, this is your magic number.
After you have the command you can use for example Tasker to enable and disable the SIM card.
The only downside of using this method is that major Android version bumps will most likely break this, as the numbers vary from android build to android build.

Spent a few hours trying to figure this out for Oreo only to find your post about 5s before I found the solution myself! Many thanks. I've linked your post here to go with my N-only guide.

Sweet, I've been looking for a solution for this on my Oneplus 5 and this works perfectly with Tasker.

I tried this op OP6T but it doesn't seem to work. Can someone confirm? Maybe the 'magicnumber' differs.
I pulled the vdex file, but I don't know how to extract it with that command line tool vdexExtractor. Can someone help me with this? Here's the file

Maybe a dumb question, but what is enabled by this feature?

ChemoNL said:
Maybe a dumb question, but what is enabled by this feature?
Click to expand...
Click to collapse
Well it gives you the opportunity to run a Tasker command to toggle SIM state. For example disable a SIM during a certain time-frame. Automation FTW!
BTW can someone tell if this function will still work in the light of https://www.androidpolice.com/2018/11/12/tasker-lose-sms-call-functionality-google-security-changes/

help
projection said:
TL;DR:
You need root.
Shell command with root privileges to toggle sim programatically:
Code:
service call phone 162 i32 x i32 y
Where x is 0 for SIM1 and 1 for SIM2, and y is 0 to disable and 1 to enable.
For example:
Code:
service call phone 162 i32 1 i32 0
will disable SIM2 and
Code:
service call phone 162 i32 1 i32 1
will enable it.
Longer version, and how to find the magic "162" number:
You need:
1. vdexExtractor
2. jadx
Step by step:
1. Pull /system/framework/arm64/boot-framework.vdex
2. extract it with vdexExtractor, you should get some dex classfiles.
3. Open them with jadx and find the one that contains com.android.internal.telephony.ITelephony
4. Navigate to the class with jadx and locate the value of TRANSACTION_setSimPowerStateForSlot, this is your magic number.
After you have the command you can use for example Tasker to enable and disable the SIM card.
The only downside of using this method is that major Android version bumps will most likely break this, as the numbers vary from android build to android build.
Click to expand...
Click to collapse
what if i cant find TRANSACTION_setSimPowerStateForSlot even in nougat?

for what reason someone need to do such thing?

more_than_hater said:
for what reason someone need to do such thing?
Click to expand...
Click to collapse
My reason is that I only want to be reached on my work number during work hours. So in my case I disable sim2 at 1600 when I go home from work, and then I enable it right before I start working again.
The apps available for this don't work on my phone (opo5) so this was the only way I could find.

Vledderos said:
I tried this op OP6T but it doesn't seem to work. Can someone confirm? Maybe the 'magicnumber' differs.
I pulled the vdex file, but I don't know how to extract it with that command line tool vdexExtractor. Can someone help me with this? Here's the file
Click to expand...
Click to collapse
same here. i have no idea how to extract the vdex file ........

projection said:
TL;DR:
You need root.
Shell command with root privileges to toggle sim programatically:
Code:
service call phone 162 i32 x i32 y
Where x is 0 for SIM1 and 1 for SIM2, and y is 0 to disable and 1 to enable.
For example:
Code:
service call phone 162 i32 1 i32 0
will disable SIM2 and
Code:
service call phone 162 i32 1 i32 1
will enable it.
Longer version, and how to find the magic "162" number:
You need:
1. vdexExtractor
2. jadx
Step by step:
1. Pull /system/framework/arm64/boot-framework.vdex
2. extract it with vdexExtractor, you should get some dex classfiles.
3. Open them with jadx and find the one that contains com.android.internal.telephony.ITelephony
4. Navigate to the class with jadx and locate the value of TRANSACTION_setSimPowerStateForSlot, this is your magic number.
After you have the command you can use for example Tasker to enable and disable the SIM card.
The only downside of using this method is that major Android version bumps will most likely break this, as the numbers vary from android build to android build.
Click to expand...
Click to collapse
i've succesfully extracted boot-framework.vdex and obtained 3 new files:
boot-framework_classes.cdex
boot-framework_classes2.cdex
boot-framework_classes3.cdex
but using jadx i don't get any result... just an empty window
btw: i'm on op5t running pie

alessandro_xda said:
TL;DR:
You need root.
Shell command with root privileges to toggle sim programatically:
Where x is 0 for SIM1 and 1 for SIM2, and y is 0 to disable and 1 to enable.
For example:
will disable SIM2 and
i've succesfully extracted boot-framework.vdex and obtained 3 new files:
boot-framework_classes.cdex
boot-framework_classes2.cdex
boot-framework_classes3.cdex
but using jadx i don't get any result... just an empty window
btw: i'm on op5t running pie
Click to expand...
Click to collapse
Any luck with this? I am on pie op5t also and want to be able to switch on and off

BigBrosMo said:
Any luck with this? I am on pie op5t also and want to be able to switch on and off
Click to expand...
Click to collapse
I gave up

I had success. Oneplus 5 with Pie
I discovered that with Pie it is necessary another step between 2 and 3, because the step 2 now gives .cdex files (compact dex) instead of the .dex files, and jadx (at least the versions I tried) can read only .dex files.
In the github page of vdexExtractor I found a section about the vdexExtractor#compact-dex-converter, that is necessary to convert .cdex to .dex.
I used the Linux x86-64 - Statically compiled binaries, the shared libraries version didn't work on my Virtual Machine with linux Mint (I have only windows 10 on my pc)
Using that converter I obtained the .dex files that jadx can read and follow step 3 and 4 of the guide.
I hope to be of some help

dragone17 said:
I had success. Oneplus 5 with Pie
...
In the github page of vdexExtractor I found a section about the vdexExtractor#compact-dex-converter, that is necessary to convert .cdex to .dex.
I used the Linux x86-64 - Statically compiled binaries, the shared libraries version didn't work on my Virtual Machine with linux Mint (I have only windows 10 on my pc)
Click to expand...
Click to collapse
That's great! I am on an island right now in Thailand and with only a win7 machine. I would live to get this working as I don't want both Sims on all the time to conserve battery, and would like to automatically check my home SIM once and awhile in the background. While I am quite comp savvy I dont have the time/bandwidth to compile a Linux distro or virtual machine just to run this converter... Or... Do I even need to? What's the quickest and dirtiest method for me to find my "magic number"?
And is that number unique to the install or my IMEI? Like if I reinstall/upgrade the os do I need to redo the process or would it remain the same?

I'm sorry but I don't know if you can run vdexExtractor on windows. If it is possible, I couldn't find how. But jadx have a version with gui compiled to run on windows.
I suppose that the "magic number" depends on the os version, and maybe the phone model.
It didn't change for me on the various minor upgrades on oreo (5.1.5, 5.1.6, 5.1.7), and now it didn't change on the minor pie upgrades (9.0.2, 9.0.3).
Not sure if the number is the same on the various oneplus devices.

alessandro_xda said:
I gave up
Click to expand...
Click to collapse
Had the same problem. Extracted .cdex files I couldn't read from jadx and anything else I tried. Was about to give up, then just guesstimated. Most of the numbers I found were between 150-180, so I just experimented within that range and hit the magic number.

vkrin said:
Had the same problem. Extracted .cdex files I couldn't read from jadx and anything else I tried. Was about to give up, then just guesstimated. Most of the numbers I found were between 150-180, so I just experimented within that range and hit the magic number.
Click to expand...
Click to collapse
is there a way to read the current value before changing it?

The ID on OnePlus 7 on Pie is 175.
No idea if it's the same on the OP6 though.

My phones magic number was "177"
Op6 beta 16
Havoc 2.6