Hello people I would like to open this post to share my experience with you to try to figure out how to sim unlock the pixel.
We all realized that it's impossibile to unlock it just changin rom or the modem or radio ecc... But still I'm pretty sure that is not an hardware lock.
I'm pretty sure that it's the IMEI the point, our lock. ( We are not thief, I'm just speaking as information, for example I need to stay two months in italy and I would like to be free, as most of the android's users. )
I realized that the menus from the diag menù in the telephone are locked. If you will try to digit some code they gonna be null.
So I tried to open my port to use " QPST "( a software for QUALCOMM chipset ) to make a backup of it.
To open the diag port I used this command on the terminal of my phone " su " and than "setprop sys.usb.config diag,adb".
After it I make the .qnc backup and I open it with an HEX editor to find my IMEI CODE. ( If you got lost google this procedure using QPST and an HEX editor to find you imei code and changing it ).
After getting my .qnc modified with my new IMEI CODE I just restore it into my phone. The software said that the restoring was complet but actually the IMEI still the same.
So I tried to just make NULL my IMEI in this way : ADB via computer digiting : "ADB SHELL" , " SU " , ls -al /dev/block/platform/soc/624000.ufshc/by-name ".
Than you'll have a list. You need to find " modemst1 " " modemst2 " " fsg" .
Zeroing those digint the command : "dd if=/dev/zero of=/dev/block/sd" Putting at the end the last two lecters/number that you find at the end of the string " modemst1-2 and fsg " .
Than what I realized. Was working for the modems but not for the "fsg" . Accessed denied.
So my last think is that the chipset of the pixel is very protected and it's going to be very difficult to change the IMEI code and I ( I repeat the I THINK ) unlocking the sim lock it will not going to be possibile without changing this code.
Let me know please what do you think about,
Regards,
An old nexus lover and pixel user.
Changing an IMEI is illegal and not allowed to be discussed in these forums.
The pixel is never SIM locked. Meaning your phone is either stolen or has been blacklisted by your carrier and other carriers. Discussion of workarounds are not tolerated on this site.
Sent from my Pixel using Tapatalk
Electroz said:
The pixel is never SIM locked.
Click to expand...
Click to collapse
Actually EE sells a sim-locked version.
https://support.google.com/pixelphone/answer/7107188?hl=en
Electroz said:
Changing an IMEI is illegal and not allowed to be discussed in these forums.
The pixel is never SIM locked. Meaning your phone is either stolen or has been blacklisted by your carrier and other carriers. Discussion of workarounds are not tolerated on this site.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
I certainly understand if XDA does not allow discussions on changing the IMEI, however, are you sure it's illegal? I can't find a written law that states it is. I believe they tried to pass a law but I don't think if ever made it through committee. I agree, if this is being done for nefarious reasons then discussions should be banned. But if I own 2 devices and one is broken, what would be illegal to use the one from the broken device on my new device? For instance, I bought 2 Pixel phones, one Verizon and one from Google. I dropped the Google version and it's unusable. The Verizon Pixel is bootloader locked due to the IMEI. Why couldn't I change the IMEI so that I could unlock the VZW Pixel? Would I do it? No, not on a bet. But illegal, I'm not so sure.
Bootloader lock is not a SIM Lock. If it's for sure illegal to change an IMEI, I'm not sure. Either way, it's against the XDA terms due to the legality of it.
Sent from my Pixel using Tapatalk
I figured it was against XDA rules.
Mate my phone is my one no problem I'm just speaking as information nothing else, just want to be free to know as every android user
And yes the pixel from EE carrier is sim locked and I would like to unlock it to use my own sim while i'm outside the U.K. to not spend bilions of pound with roaming data pack, that's my point.
By the way I realized one very important thing:
Modemst1 and modemst2 partition are readable and writable, but partiotion FSG is just readable that's why you cannot zero it or restore the .qnc file to change the code.
I realized that our EE pixel , or maybe every pixel , have the soc locked.
If you look at the same soc in some xiaomi they can zero the fsg partition because is writable aswell.
So my question is, anyone knows how to change permission of those partition?
Teket23 said:
To open the diag port I used this command on the terminal of my phone " su " and than "setprop sys.usb.config diag,adb".
Click to expand...
Click to collapse
Can you elaborate on this a bit more? What other steps are there, or is this all you needed to do and it popped up as a device?
I'm trying to get the Pixel diag port connected (for QPST/QXDM) and can't figure out how to turn it on. I tried the command above and nothing exciting happened. Typically, on other phones, it shows up in the device manager and I just have to manhandle the driver into place but the Pixel diag port isn't appearing for me still.
How to unlock your phone.
http://ee.co.uk/help/getting-started/joining-ee/unlocking-your-device
There you go, problem solved.
Sent from my Pixel using Tapatalk
hi,dude,I have opened the diag port on my pixel,and i can find the port on qpst,but after add port ,qpst show no phone,do you have any idea about this issue?
BHPTO said:
hi,dude,I have opened the diag port on my pixel,and i can find the port on qpst,but after add port ,qpst show no phone,do you have any idea about this issue?
Click to expand...
Click to collapse
Mate,may I ask u how to open the diag port on pixel?It confused me for a while.
Related
So I used to DesignGears method: http://forum.xda-developers.com/showthread.php?t=1672284 to successfully unlock my bootloader so I could install a custom ROM (CleanROM). Now I'm trying to unlock my SIM but after putting in my IMEI into CellUnlocker.net I got an e-mail saying that the first database returned a negative for my IMEI. Did unlocking the bootloader change my IMEI to something that would prevent me from unlocking my SIM and not change it back? Did I need to do them in a different order? Just concerned because I'm traveling out of the country tomorrow and need to get my SIM unlocked prior to leaving.
akates said:
So I used to DesignGears method: http://forum.xda-developers.com/showthread.php?t=1672284 to successfully unlock my bootloader so I could install a custom ROM (CleanROM). Now I'm trying to unlock my SIM but after putting in my IMEI into CellUnlocker.net I got an e-mail saying that the first database returned a negative for my IMEI. Did unlocking the bootloader change my IMEI to something that would prevent me from unlocking my SIM and not change it back? Did I need to do them in a different order? Just concerned because I'm traveling out of the country tomorrow and need to get my SIM unlocked prior to leaving.
Click to expand...
Click to collapse
1. *#06# check your imei match your box
2. use the imei on your box to check on with cellunlocker.net
if those two doesn't match then...it changed your imei...else
if you can't get a unlock code with the imei on your box...it's some other issue lol...two people in general section had the same problem..
niceppl said:
1. *#06# check your imei match your box
2. use the imei on your box to check on with cellunlocker.net
if those two doesn't match then...it changed your imei...else
if you can't get a unlock code with the imei on your box...it's some other issue lol...two people in general section had the same problem..
Click to expand...
Click to collapse
So don't have the box with me (it's at home) and I've removed the sticker so I'll have to check later. Do you know if the IMEI is changed during the bootloader unlocking process? If it did, can I use the IMEI on the box for cellunlocker.net even if that doesn't match one in my phone? I'm guessing the unlock code was hard coded to the original IMEI so even if my IMEI has changed, the unlock code that cellunlocker.net would provide should still work?
The unlock process doesn't change IMEI.
gunnyman said:
The unlock process doesn't change IMEI.
Click to expand...
Click to collapse
The process of supercid may tho
Sent from my HTC One X using Tapatalk 2
It hasn't so far. Well the unlock without htc dev method does but you're supposed to change it back after.
Well I used the process that included HTC Dev. I first used Spoof-CID.bat to get the token that I then input on the HTC Dev site. They sent me my unlock_code.bin. If this doesn't change my IMEI, then why wouldn't it be working through cellunlocker? I really need this unlocked before tomorrow morning.
akates said:
Well I used the process that included HTC Dev. I first used Spoof-CID.bat to get the token that I then input on the HTC Dev site. They sent me my unlock_code.bin. If this doesn't change my IMEI, then why wouldn't it be working through cellunlocker? I really need this unlocked before tomorrow morning.
Click to expand...
Click to collapse
Until you match the IMEI reported by the phone with what's on the Box, we can't know how to assist you.
It would make sense for that partition to contain your imei as well.
You're going to have to find a method to write back the backup on your sd card
The method you used made a backup of the partition before it changed it
Sent from my HTC One X using Tapatalk 2
Another user posted on here that he tried unlocking the SIM through several different online services. They all reported that the IMEI was too new, and he would need to wait until the IMEI database was updated. Might be your issue as well.
I agree you need to just check your IMEI with what is on the box. The numbers and bar codes on the sticker are also on the hBoot screen, so you can check that also. Don't think that will change if you screw with the IMEI.
Nevermind
superchilpil said:
It would make sense for that partition to contain your imei as well.
You're going to have to find a method to write back the backup on your sd card
The method you used made a backup of the partition before it changed it
Sent from my HTC One X using Tapatalk 2
Click to expand...
Click to collapse
I believe everything was wiped from my SD Card when I formatted everything prior to installing CleanROM. Now I'm really worried that this is a big issue, but as gunnyman said, I guess I need to just wait and see what my box says my IMEI is.
What I don't understand is even if my IMEI changed, wouldn't my unlock code already have been hard coded based upon my original IMEI, so if I used that (assuming it's different) in cellunlocker, I would think my phone would accept the unlock code? Does changing the IMEI in the phone change the unlock code as well?
akates said:
I believe everything was wiped from my SD Card when I formatted everything prior to installing CleanROM. Now I'm really worried that this is a big issue, but as gunnyman said, I guess I need to just wait and see what my box says my IMEI is.
What I don't understand is even if my IMEI changed, wouldn't my unlock code already have been hard coded based upon my original IMEI, so if I used that (assuming it's different) in cellunlocker, I would think my phone would accept the unlock code? Does changing the IMEI in the phone change the unlock code as well?
Click to expand...
Click to collapse
Depends if your imei is also hard coded elsewhere
It's all speculation at this point
Sent from my HTC One X using Tapatalk 2
superchilpil said:
Depends if your imei is also hard coded elsewhere
It's all speculation at this point
Sent from my HTC One X using Tapatalk 2
Click to expand...
Click to collapse
Well if it helps at all, the IMEI shown in HBOOT with the barcodes matches the *#06# number. Don't know if that's recoded. Guess I sit nervously until I get home to see if it matches that box. Not sure whether I hope it's the same or different, because if it's the same there is no explanation for why I can't get my unlock code!
Appreciate all the help and I'll chime back in once I check it with the box.
akates said:
Not sure whether I hope it's the same or different, because if it's the same there is no explanation for why I can't get my unlock code!
Click to expand...
Click to collapse
Except for the explanation that I already gave.
See here also: http://forum.xda-developers.com/showthread.php?t=1808263
redpoint73 said:
Except for the explanation that I already gave.
See here also: http://forum.xda-developers.com/showthread.php?t=1808263
Click to expand...
Click to collapse
True. I guess what I meant to say is there is no fix for me by tomorrow if that's the case.
I am having an similar issue with my One X. I probably should have tried to sim unlock it before messing with the phone but its too late now.
What I mean by messing with: Unlocked bootloader, flashed kernel and installed new rom. After doing that I went to cellularunlocker.net for a code. They gave me a code with didn't work (ultimately got a refund). The very next day I got a friend who has AT&T to get the code. Turns out its the SAME UNLOCK CODE that the website gave me. Now I'm at my wits end.
Can someone please help me. I need this working before I go on vacation in a few days...
Hey folks,
I just lost a phone (again) and that was my back up, so I have the Galaxy S 4G I bought used a long time ago and apparently the IMEI is blocked and has the small "x" where the signal bars used to be.
I already tried unlocking it doing both method of the "AROMA Edition" from the S 4G section, and still the same. The unlock code doesn't seem to work. Are there any other methods of unlocking the IMEI?
I'm running team acid's ICS 4.0.4
Thanks!!
supercho said:
Hey folks,
I just lost a phone (again) and that was my back up, so I have the Galaxy S 4G I bought used a long time ago and apparently the IMEI is blocked and has the small "x" where the signal bars used to be.
I already tried unlocking it doing both method of the "AROMA Edition" from the S 4G section, and still the same. The unlock code doesn't seem to work. Are there any other methods of unlocking the IMEI?
I'm running team acid's ICS 4.0.4
Thanks!!
Click to expand...
Click to collapse
1st: This is a developer forums. Next time use the Q&A forums.
2nd: What you are asking is illegal in most countries, and against XDA rules.
3rd: To answer your question, if the thread didn't get deleted before you can
see the answer, you have two options (Both are illegal, since it involves tampering with IMEI number).
Option 1: Use NS Pro, Z3X tool box..etc! to change your IMEI number. Expensive
and it is over $100 to buy the box and cables.
Option 2: Erase your IMEI number and make it all Zero's 0, your phone will work,
and you will have signal, but most likely you will have 3g or weak data or no 4g at all. To do this, first backup your NV just in case you want to return to original. Read what is in the spoiler button below..
==========================
-=For educational Purposes Only=-
==========================
I didn't try this, but other users tried this on other galaxy phones and worked.
Make sure you are using stock rom (heimdall or odin). Using the dialer:
input: *#197328640# then go to COMMON, NV REBUILD (you can do backup here)
Choose Erase three partitions (Not a typo) then reboot.
if the above didn't work, just erase the NV_Data.bin manually using root explorer
and reboot.
Another option would be using QPST/QXDM (qualcomm tools). Search...
BACKUP FIRST..
Rebel_X said:
1st: This is a developer forums. Next time use the Q&A forums.
2nd: What you are asking is illegal in most countries, and against XDA rules.
3rd: To answer your question, if the thread didn't get deleted before you can
see the answer, you have two options (Both are illegal, since it involves tampering with IMEI number).
Option 1: Use NS Pro, Z3X tool box..etc! to change your IMEI number. Expensive
and it is over $100 to buy the box and cables.
Option 2: Erase your IMEI number and make it all Zero's 0, your phone will work,
and you will have signal, but most likely you will have 3g or weak data or no 4g at all. To do this, first backup your NV just in case you want to return to original. Read what is in the spoiler button below..
Click to expand...
Click to collapse
Thanks for your inputs and secrets!! I didn't want to be in this situation, I just bought the wrong phone.
I am aware this was illegal (after I bought the used phone) but not against the XDA rules, since I thought it was the same as carrier unlocking.
I will try.....thanks!
BTW: What is NV?
Can I do option 2 with any version installed or does it have to be the factory reset version?
supercho said:
BTW: What is NV?
Can I do option 2 with any version installed or does it have to be the factory reset version?
Click to expand...
Click to collapse
NV: I believe it is a nonvolatile memory (similar to the bios memory for PC)
The files are stored in a special partition, usually not touched by flashing custom
roms.
Since the process of dealing with this have high risk (bricking your phone, hence I don't want to be responsible for anything) I suggest you to search the forums or use google.
For option 2: you have to be on stock based firmware (gingerbread, rooted is ok) as long as you have the original Touchwiz dialer. AOSP roms can't handle MMI codes except maybe the famous *#06# to show the imei number.
At this point, you are on your own. Good luck. :good:
Thanks!!
Rebel_X said:
1st: This is a developer forums. Next time use the Q&A forums.
2nd: What you are asking is illegal in most countries, and against XDA rules.
3rd: To answer your question, if the thread didn't get deleted before you can
see the answer, you have two options (Both are illegal, since it involves tampering with IMEI number).
Option 1: Use NS Pro, Z3X tool box..etc! to change your IMEI number. Expensive
and it is over $100 to buy the box and cables.
Option 2: Erase your IMEI number and make it all Zero's 0, your phone will work,
and you will have signal, but most likely you will have 3g or weak data or no 4g at all. To do this, first backup your NV just in case you want to return to original. Read what is in the spoiler button below..
Click to expand...
Click to collapse
One last thing, while doing option 2, should my activated T-Mo sim card be inserted in the phone the whole time?
supercho said:
One last thing, while doing option 2, should my activated T-Mo sim card be inserted in the phone the whole time?
Click to expand...
Click to collapse
The process wouldn't hurt the SIM card. Whether it is there or not same thing.
Just want to clear this up for future readers, carrier unlocking is not the same as getting the IMEI number. The carrier unlock code can be gotten from T-Mobile directly and you can unlock the phone that way.
Changing your IMEI is not condoned or endorsed by any carrier. It's possible on the Galaxy S line of phones (we had someone who claimed to be able to on this forum before).
Wouldn't it be nice to have a keygen to unlock the bootloader without obtaining the key from motorola?
I have been investgating the relationship between the bootloader return code and unlock key and have discovered the following:
Note: For security I have replaced my IMEI and serial number, all other numbers are real. I'm not sure if anyone else has had a go at this but found nothing on XDA.
Code:
fastboot oem get_unlock_data
1A23457698214365#54413839303042
42443700585431303332000000#140A
858731D55F3B5DF78F0F6BB9EAE32A2
B8945#3D372B020F000000000000000
0000000
If I use the # character as a separator I get:
Code:
1A23457698214365
5441383930304242443700585431303332000000
140A858731D55F3B5DF78F0F6BB9EAE32A2B8945
3D372B020F0000000000000000000000
Line 1: With the exception of the 2nd character 'A' inserted, these characters are my IMEI number re-arranged a little.
The last 5 pairs of digits are swapped so an IMEI of 123456789123456 converts to 1A23457698214365
Line 2: Converting this line from hex to ascii gives me TA8900BBD7�XT1032���
This is serial and model number with a 00 byte as a spacer and 3 filler at the end.
Line 4: This is my bootloader UID (obtained from 'fastboot getvar uid' command)
Lines 1&2&4 I suspect have no relationship whatsoever with the unlock key.
Probably used to validate and log you on the motorola server when you request the unlock key, ultimately serving the purpose of voiding the warranty.
Line 3: Coincidence? Could this 20 byte string be relative to the 20 byte unlock key via some simple algorithm assuming lazy programming and/or limited space for code in the bootloader hardware? I couldnt tie this number to anything on my phone so I am guessing this code is derived from the unlock code during the 'fastboot oem get_unlock_data' command.
I tried online with varied IMEI and serials in the code and also using original values but with varied numbers in line 3 but could not get another unlock code. I don't think I can progress without more examples.
This was my unlock code: W4ZUEO2TZALOGJJWPRMO
Converted to hex: 57345A55454F32545A414C4F474A4A5750524D4F
Code:
So somehow 140A858731D55F3B5DF78F0F6BB9EAE32A2B8945
becomes 57345A55454F32545A414C4F474A4A5750524D4F
Could possibly involve the UID in the equation but I wouldn't bother if I were writing the bootloader and if so, then why have line 3 anyway?
I tried, a few sums but now I have a headache so I return to my life assisted by alcohol. Surely the solution has to be simple. Just thought I would post and see if anyone else could pick up from where I left off.
Have fun.......
I love the idea. I didn't unlock my phone because of the warranty but if we can find a way to unlock without allow Motorola to know it, it would be great...
Envoyé de mon Moto G en utilisant Tapatalk
Great thread. Hope in something of new
I can confirm that the first is the IMEI somehow swapped and an A added; the second one is the serial number with the model.
Certainly would help us Verizon Moto G users who currently are stuck with locked bootloaders :/
Takenover83 said:
Certainly would help us Verizon Moto G users who currently are stuck with locked bootloaders :/
Click to expand...
Click to collapse
I agree
Sent from my XT1028 using Tapatalk
Please, someone figure this out!
Help required!
What is needed is more examples. If people post the line 3 and unlock code in hex, then the problem can be solved. Unless you are the kid from mercury rising or rain man, the best that can be acheived with only one example is a headache. Trust me!
Those of you that have unlocked, please provide the required info. Maybe we need a new thread title to draw the atttention of those already unlocked.
"Request: Unlocked? Share your info here" etc..
Really nice that someone is trying to hack the bootloader protection. I intend to root my phone one day, but I am reluctant to use the official way because of warranty issues.
trifonius said:
Really nice that someone is trying to hack the bootloader protection. I intend to root my phone one day, but I am reluctant to use the official way because of warranty issues.
Click to expand...
Click to collapse
Same here. I was actually surprised to learn about this when I got this phone. I unlocked my Nexus 7 and assumed (my mistake) that I wouldn't have to get the manufacturer involved to unlock the bootloader.
Hope in some help from devs really
hey, i'm looking forward to this, actually i come from a device that had a locked bootloader but i could root it just with an exploit made with ics. maybe if someone finds an exploit in jellybean we will be able to root our phones but, that will be difficult
Hi.
Code:
My line 3: 5D0E47A39BBB9DA7B9632E8C19BD2873B018B7BA
My unlock code in hex: 4B415947324C4A424B454E414654573256544A45
I think of the possibility that all data used.
I am not an expert on algorithms, but the lines 1 2 3 and 4 are 64 bytes (whitout the #), groups of 8 or 16 bytes required for any algorithm.
The SHA1 with 64 bytes return 20 bytes hex the result.
Although I can be wrong, sorry for my bad english, i using g translator.
vientodearena said:
Although I can be wrong, sorry for my bad english, i using g translator.
Click to expand...
Click to collapse
Your English writing skills are better than many individuals from English speaking countries.
Thanks for your input. Hopefully, the people with the right skills can solved the problem.
My Unlock Code
I really couldn't stand to be without root, so here's my information:
Code:
fastboot oem get_unlock_data
3A55000805631104#54413931393030
364F4A00585431303334000000#FF1E
8DC44A01DC00C5CA53DB553418873A7
50D1C#5FABFE010F000000000000000
0000000
Code:
Unlock code:
BEXHELCKBBJZKZ5GYUWE
I hope this information can be of some use.
Aldo6 said:
I really couldn't stand to be without root, so here's my information:
Code:
fastboot oem get_unlock_data
3A55000805631104#54413931393030
364F4A00585431303334000000#FF1E
8DC44A01DC00C5CA53DB553418873A7
50D1C#5FABFE010F000000000000000
0000000
Code:
Unlock code:
BEXHELCKBBJZKZ5GYUWE
I hope this information can be of some use.
Click to expand...
Click to collapse
Converted to the following.
Line 3: 42455848454c434b42424a5a4b5a354759555745
Unlock Code: FF1E8DC44A01DC00C5CA53DB553418873A750D1C
Hope I did that right. Just trying to help.
Even if a keygen of sorts is created, won't the unlock still be flagged in the bootloader?
theoneofgod said:
Even if a keygen of sorts is created, won't the unlock still be flagged in the bootloader?
Click to expand...
Click to collapse
it would but you might be able to remove this flag and as long as motorola dont know that you have unlocked the bootloader all would be fine
Maybe it's need some help also from devs i think..
i have two different imei's from the terminal and *#06#. anyone know why is that?
was trying to unlock the phone using the sim unlock free, but wouldn't let me, maybe because of having 2 imei's.
jboy15 said:
i have two different imei's from the terminal and *#06#. anyone know why is that?
was trying to unlock the phone using the sim unlock free, but wouldn't let me, maybe because of having 2 imei's.
Click to expand...
Click to collapse
Boot phone into fastboot mode. Connect to pc. Open CMD. Type "fastboot getvar all" . The right IMEI will be shown up. BTW if you're S-OFF you can rewrite the IMEI if you facing any troubles. "Rewrite" does not mean "CHANGE" as changing the phone's IMEI is NOT LEGAL.
Hi All,
Been at this for several hours today and feeling a bit frustrated. Here's the context.
I bought a used Verizon Galaxy Note 10 and took it to another country.
I arrived and put a sim card in *(the phone is intended to stay here)
4G signal appeared and text messages came in
Phone blocked signal and said "sorry, your device cannot be activated on another Network right now" then it says to call Verizon.
I call Verizon and ask how to unlock.
After transferring to multiple agents, the answer is that the phone is not locked in their system and that upon inserting a SIM from another carrier, I should be prompted to put in a code and it will be "00000000" to unlock the phone
The phone never presents this option and is perpetually unable to activate because of this sim lock.
At this point, I started reading up on how I could get around this and settled on using odin to flash firmware for a different carrier and maybe having to flash the SM-N970U1 packages because that should allow me to have different stock firmware.
So I proceed to download various different images.
Here is the TMB image for SM-N970U that I downloaded:
https://samfw.com/firmware/SM-N970U/TMB/N970USQU6FUBH
I also figured maybe I would be able to flash the verizon base image and get around this lock:
https://samfw.com/firmware/SM-N970U/VZW/N970USQU6FUCD
So then I proceed to use Odin3_v3.14.4 and place all of the 4 files in their corresponding fields in odin. The file list is as follows for one of the packages:
BL_N970USQU6FUD9_CL21599467_QB39871099_REV00_user_low_ship_MULTI_CERT.tar.md5
AP_N970USQU6FUD9_CL21599467_QB39871099_REV00_user_low_ship_MULTI_CERT_meta_OS11.tar.md5
CP_N970USQU6FUD9_CP19049000_CL21599467_QB39871099_REV00_user_low_ship_MULTI_CERT.tar.md5
CSC_OMC_OYN_N970UOYN6FUD9_CL21599467_QB39871099_REV00_user_low_ship_MULTI_CERT.tar.md5
I click start, the phone is recognized and then the flashing appears to occur successfully until it says pass at the end.
I reboot the phone and I notice right away that the signal is present, but then disappears and as the phone initializes the VERIZON message appears again.
Immediately I'm thinking, ok, I've just reflashed it with the TMobile image but the phone boots and says verizon and the sim lock is still there, so I probably didn't do something right.
So I factory reset, try again, no changes, I try adding the USERDATA and it also does nothing different.
At this point I'm willing to try the U1 firmware, so I download from here:
https://forum.xda-developers.com/t/n970u-and-n970u1-firmware-links-here.3957705/
But when I run the odin flash, I get model mismatch, yet the thread says they're compatible as U1 is just the samsung unlocked version. so I try the odin patch b found here:
https://odindownload.club/download/197/Odin3-v3.14.1-3B-PatcheD.zip
And it fails to write.
I am in desperate need of help as I've been unable to find more specific information, typically in threads people may say they've resolved the issue, but then they don't actually indicate what steps they took, or any of the details surrounding the resolution. If I can get help getting this resolved, I can document the exact steps i've taken in explicit detail so that others can follow them and achieve the same result.
Update:
Downloaded FRIJA to get the latest firmware, am going to explore doing a nand erase and repartition, followed by flashing tmobile firmware to see if that gets around it.
following:
https://technastic.com/odin-nand-erase-samsung/
@4rg3ntum
Flashing a (custom) ROM on an Android phone doesn't give one SIM unlock because the SIM lock stuff is in a separate ROM chip that is not part of the normal phone storage, AFAIK the SIM lock is stored in the Radio NVRAM, but I may err as always ...
Verizon has a 6 month unlock policy. if the phone is free of debt and older than 6 months it should be automatically unlocked. phone them, you bought the phone in good faith.
jwoegerbauer said:
@4rg3ntum
Flashing a (custom) ROM on an Android phone doesn't give one SIM unlock because the SIM lock stuff is in a separate ROM chip that is not part of the normal phone storage, AFAIK the SIM lock is stored in the Radio NVRAM, but I may err as always ...
Click to expand...
Click to collapse
That's why I am thinking of wiping the NVRAM and just re-partitioning. Then I'll flash a non-verizon system onto it. Could be that this resolves it.
Thoughts?
3mel said:
Verizon has a 6 month unlock policy. if the phone is free of debt and older than 6 months it should be automatically unlocked. phone them, you bought the phone in good faith.
Click to expand...
Click to collapse
I spent 2 hours on the phone with them and spoke to 3 different representatives. They all confirmed the phone was not locked in their system. I read it was 60 day unlock policy.
4rg3ntum said:
I spent 2 hours on the phone with them and spoke to 3 different representatives. They all confirmed the phone was not locked in their system. I read it was 60 day unlock policy.
Click to expand...
Click to collapse
With AT&T they give you requested then they gave you an unlock code, it's not automatic. At least it was like this a few years back.
4rg3ntum said:
I spent 2 hours on the phone with them and spoke to 3 different representatives. They all confirmed the phone was not locked in their system. I read it was 60 day unlock policy.
Click to expand...
Click to collapse
sorry yeah, 60 days is the right period.
jwoegerbauer said:
@4rg3ntum
Flashing a (custom) ROM on an Android phone doesn't give one SIM unlock because the SIM lock stuff is in a separate ROM chip that is not part of the normal phone storage, AFAIK the SIM lock is stored in the Radio NVRAM, but I may err as always ...
Click to expand...
Click to collapse
So this appears to be true.
I loaded up ADB and turned on USB debugging and started passing shell commands through and found these files in the system with nvram in the name:
/sys/module/dhd/parameters/nvram_path
/vendor/firmware/nvram.txt_ES03_semco_b0
/vendor/firmware/nvram.txt_1rh_es13_b0
/vendor/firmware/nvram.txt_CS01_semco_b1
/vendor/firmware/nvram.txt_ES02_semco_b0
/vendor/firmware/nvram.txt_1rh_es43_b1
/vendor/firmware/nvram.txt_1rh_es41_b1
/vendor/firmware/nvram.txt_1rh_es32_b0
/vendor/firmware/nvram.txt_ES00_semco_b0
/vendor/firmware/nvram.txt_ES01_semco_b0
/vendor/firmware/nvram.txt_1rh_es12_b0
/vendor/firmware/nvram.txt_1rh_es42_b1
/vendor/firmware/nvram.txt_1rh_es11_b0
Makes me wonder if the value for locked/unlocked is editable in one of those files.
a sample of what is in the /vendor/firmware/nvram.txt_ES03_semco_b0 file:
### RSDB mode Parameters(Both core are active)
## 2g normal:15dB airplane:14dB
#slice/1/grip_rsdb_dynsar_2g=0xbcbc
#slice/1/grip_rsdb_dynsar_2g_2=0xb8b8
## 5g normal:13dB airplane:12dB
#grip_rsdb_dynsar_5g=0xb4b4
#grip_rsdb_dynsar_5g_2=0xb0b0
#
### FCC Mode: 10dB
#slice/1/fccpwrch12=0x28
#slice/1/fccpwrch13=0x28
In any case I have an issue that I can't seem to resolve. Every guide I have found about how to change carrier firmware is pretty straightforward. Yet when I flash the firmware successfully through odin for say, the sprint version of the phone, upon reboot, in about phone still says VZW, which basically tells me the phone isn't actually flashing.
I need to understand why I can't seem to get it to have another carrier's firmware. What am I doing wrong?
jwoegerbauer said:
@4rg3ntum
Flashing a (custom) ROM on an Android phone doesn't give one SIM unlock because the SIM lock stuff is in a separate ROM chip that is not part of the normal phone storage, AFAIK the SIM lock is stored in the Radio NVRAM, but I may err as always ...
Click to expand...
Click to collapse
Maybe I can edit this with ADB?
I have seen several forums where people with the same error message simply flashed another carriers firmware onto the phone and were able to get around it.
Here is someone saying they tried the U1 firmware and it gave them the option to put in an unlock code:
https://forum.xda-developers.com/t/is-verizon-locking-s10.3908683/post-80813873
Every time I try to flash the U1 firmware odin tells me model mismatch.
Update:
I flashed the latest available ATT version of U1 firmware from here:
https://samfw.com/firmware/SM-N970U1/ATT/N970U1UEU6FUDA
Using Odin patch 3B downloaded from here:
https://www.droidmirror.com/downloading/download-odin3_v3-13-1_3b_patched-zip
Having tried many U firmware + USERDATA from different carriers and never was able to get it to say anything other VZW in the about phone section.
By going to the U1 version I was able to get the unlock code portion to pop up when inserting the sim card, the phone also claims it's model number is SM-N970U1 instead of SM-N970U now.
The code Verizon gave me on the phone 0000 0000 flat out DOESN'T work. I called again today and they had their manager use a tool to provide an unlock code because the "unlock" button in their system didn't appear for my IMEI.
That system said the unlock code is 0000 0000 just like the tech the previous day. So now, they're transferring me to the advanced technical support, but somehow I doubt they will give me a code.
In any case, what I would rather do is go through ADB and try to get some binaries or text files out (may require root for these files) and get the unlock code from the device itself.
I wish this thread was more active because there are some good opportunities here to explore the OS itself and the files in it as well as tools that can be used to read the binary.
Spoke with "Advanced" support at verizon. They had no way to generate a code to unlock the device. Basically Verizon's systems didn't automatically generate an unlock code after the previous owners had the phone activated for the minimum 60 days. Because the phone was a prepaid phone and not a post paid phone, their system deleted the history of the of the prepaid account after a certain period of time when the previous owner had sold the phone to the repair shop and it sat there for months.
BASICALLY, Verizon phones are uniquely equipped with a block that prevent legitimate purchasers of various types from being able to use their devices as they hold everyone hostage with their network locking.
It looks like I can't root the device either because of the oem unlock option not being present and the workaround of changing the date not presenting the option.
At this point I'm looking to root the device so I can inspect the OS
4rg3ntum said:
It looks like I can't root the device either because of the oem unlock option not being present and the workaround of changing the date not presenting the option.
At this point I'm looking to root the device so I can inspect the OS
Click to expand...
Click to collapse
Hello I came across your thread because I am having the same issue. I think mine is similar because thus phone was a replacement through asurion/verizon. It also says its unlocked when verszon looks and when asurion looks, but I do not have service for more than 10 secind with my new AT&T Sim. Have you found anything new?.
I also looked into rooting the phone but I don't plan to keep this phone and if I want to do the trade in process and they see the root on the back end I will not receive the trade in money.
TomHanks92 said:
Hello I came across your thread because I am having the same issue. I think mine is similar because thus phone was a replacement through asurion/verizon. It also says its unlocked when verszon looks and when asurion looks, but I do not have service for more than 10 secind with my new AT&T Sim. Have you found anything new?.
I also looked into rooting the phone but I don't plan to keep this phone and if I want to do the trade in process and they see the root on the back end I will not receive the trade in money.
Click to expand...
Click to collapse
If Verizon says the phone is unlocked, make sure to Flash the U package with Verizon bloat. Connect phone to Wifi and the unlock should happen. They only seem to unlock when on the Verizon bloat U package. Anything other than that and the phone stays locked. Once it unlocks you can flash back to whatever you want.