Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
How to Network unlock your Samsung i5800/i5801 using ADB
How to network unlock your Samsung i5800/i5801 phone using ADB
(or not as the case may be! Please read the entire thread before starting.)
Firstly, if you are concerned that unlocking your phone will void your warranty with your network carrier/provider, instructions are included at the end on how to re-lock your phone to your chosen carrier/provider.
Secondly, the instructions that follow do not harm you phone in anyway. You are simply copying a file from the phone to your PC and working on the file on your PC to extract the unlock code. The worst that can happen is that the program does not find the code. I have provided methods for rooted phones and non-rooted phones.
Thirdly, this guide is very detailed and is aimed at those new to Android phones and those with limited programming knowledge. There is plenty of explanation at each stage.
Preparation
ADB stands for Android Debug Bridge. The adb commands are meant to be run from the host machine (PC) that your phone is connected to via USB. The adb utility is installed automatically if you install the Android SDK (Software Development Kit) on your host machine. If you don’t want to install the full Android SDK you can install smaller tools which contain the adb utility.
The one we are going to install is AndroidControl, a tool developed by the xda-developers and available to download from their forum at
Registration is free. Download it and install it to a drive/folder on your PC which is easy to find. For example you could create a folder called ‘Workbench’ on the C: drive.
For phones that are rooted
Download the tool Samsung Galaxy Unlock code eXtractor SGUX2.exe file. It's a win32 executable.
Once downloaded extract the .zip file. A folder(s) will be created in which there will be a Windows batch file called Generate_Code.
Step 1
On your phone, go to the keypad and type the code *#7465625#
On typing the last character # , a pop up screen should appear titled Personalisation status. You should see the following:
Network Lock (on/off)
Network Subset Lock (on/off)
Service Provider(SP) lock (on/off)
Corporate Service Provider (CP) Lock (on/off)
Only the Network Lock should be showing as ON.
Step 2
On your PC, depending on your version of Windows, go to Start >All programs > Accessories and open Command prompt. Alternatively go to Start > Run and type cmd and hit <enter>.
This will take you to the Windows Command Prompt (it replaces the MS-DOS command prompt if you are old enough to remember it!). It will look something like
C:\Users\your_name>
You need to locate the drive/directory where you saved AndroidControl.
If you are unfamiliar with Windows / MS DOS commands the following should help:
To change drive, eg to drive E, type E: and hit <enter>.
To change to the root directory of a drive, type cd \ and hit <enter>
To change to another director/sub directory type the path
eg cd \Workbench\AndroidControl_v1.3 and hit<enter>
To see the contents of a directory type dir and hit <enter>
You are looking for the sub-directory in which adb.exe file is located. Mine is located in the directory AndroidControl_v1.3 itself.
Once located you should have a command prompt similar to:
C:\Workbench\AndroidControl_v1.3>
Step 3
Set your phone into USB debugging mode by going to Applications > Settings > Development > USB Debugging.
Step 4
Connect your phone to a USB port on your PC using the cable.
Step 5
Back on the computer, at the Windows command prompt
C:\Workbench\AndroidControl_v1.3>
type adb devices and hit <enter>
It should show your phone listed on one of the ports, eg:
List of devices attached
644298c722a9 device
Note: If you run adb devices and it comes back with an empty list, then make sure you have set the phone into USB debugging mode (Application > Settings > Development > USB Debugging) before connecting it to the PC.
Once successful with the above step
type adb Shell and hit <Enter>
the command prompt will change to #
Now type su and hit <Enter>
Back on your phone screen, if your phone is NOT rooted, you should see a pop up message for "Superuser Permission" (try to keep your screen on. The timer automatically turns the screen off, so you might miss the pop up message). "grant it permission" to allow, else you will get a "permission denied" ). If your phone is rooted, nothing will appear on your screen as you already have Superuser permission !
Step 6
If your phone is rooted
On the ADB shell command prompt #
type cd /dev/block and hit <Enter> (Note the change from \ to / )
Then type dd if=/dev/block/bml3 of=/sdcard/bml3.bak and hit <Enter>
The dd command line says, "Reading from the input file /dev/block/bml3 on the phone, write all of the data to the output file /sdcard/bml3.bak to be created on the sd card",
which effectively is making a backup copy of the bml3 file and storing it on the root of the sd card. You should get something like:
Code:
20480+0 records in
20480+0 records out
10485760 bytes transferred in 0.826 secs (12694624 bytes/sec)
If your phone is not rooted
On the ADB shell command prompt #
type cd /efs and hit <enter>
Then type dd if=/efs/nv_data.bin of=/sdcard/nv_data.bin and hit <enter>
The dd command line is explained above.
You should get something like:
Code:
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.633 secs (828259 bytes/sec)
bml3.bak or nv_data.bin is now on the root of your sd card.
Step 7
Now, on your phone disable USB debugging by going to Applications > Settings > Applications > Development > USB debugging. Unplug the USB cable from the phone.
Step 8
Plug the USB cable back to the phone. Now go to Settings > Wireless and Network > USB settings and choose USB Mass Storage mode.
Accept the choice to copy files between your device and PC. A pop-up window should appear on your Windows desktop (called 'Autoplay'). Choose the option 'Open folder to view files using Windows Explorer'. You should now see your phone as a 'Removable Drive' and should see the the bml3.bak or nv_data.bin file listed. Using Windows Explorer copy the file from the sd card to your PC.
If your phone is rooted
Copy the bml3.bak file from the internal SD card to your working folder on your PC where you have downloaded SGUX2.exe file
If your phone is NOT rooted
Copy the nv_data.bin file from the internal SD card to your working folder on your PC where the Generate_Code batch file is located.
Step 9
Back on the Windows Command Prompt screen we have finished with ADB, so type exit at both the # and $ prompts to completely clear the PC from the phone. You should now be back to the MS DOS command prompt C:\Workbench\AndroidControl_v1.3>
Step 10
If your phone is rooted
change directory to the folder where you have the SGUX2.exe file and the bml3.bak file (they should be in the same folder).
type sgux2.exe bml3.bak and hit <enter>
You should get something like this
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Wow thanks for the detailed post I hope it works when my Orange locked i5801 arrives as I need it network unlocked.
I asked in another post in here if it was possible to network unlock but replies said best to goto a stall that do them and pay around £10-15. But this way you say you can re-lock to network fr warranty which is great.
So my phone will be a standard Orange locked i5801, I'm not planning on doing any custom firmware, rooting or anything will this work for me?
I believe there's an official froyo update fir Orange i5801s via Kies in UK so will do this before I try this
OK got phone, updated it to v2.2 officially as still on Orange at moment.
Followed these instruction, get adb devices list, but when I type adb shell, I get the $ sign not the # sign above. I then typed su anyway after the $ sign and says su: not found.
I have the usb debugging mode ticked. can you help?
Hi bjlabuk,
I came across your writting for the unlocking prodedure and its a very nice ... thanks for that details.
I am trying to unlock my "galaxy s Fascinate" using your steps. When I came to the step for getting su access it did not take it. The su is not their in the bin directory and also the directories are in a read-only state.
I hope that I can get your help in getting this phone to be unlocked.
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Okay,
Not sure what you mean by "The su is not their in the bin directory and also the directories are in a read-only state."
The file you are looking for is nv_data.bin and it is in the /efs directory.
Make sure when you type the command su on your PC that you are watching your phone screen for the 'permission allow' message.
If that still doesn't work, then from the MS-DOS command prompt type:
adb pull /efs/nv_data.bin
(adb pull copies the specified file from your phone to the directory on your computer where you ran the adb command from)
If you receive a permission denied error, you can fix it by typing the following commands from an ADB shell (type "adb shell" at the DOS command prompt):
su
chmod 777 /efs/nv_data.bin
exit
exit
(chmod changes the permissions of each given file according to mode. chmod 777<file> allows everyone to read, write, and execute <file>.)
Then from the DOS command prompt:
adb pull /efs/nv_data.bin
This should copy the nv_data.bin file to you computer.
If you don't like the idea of using chmod 777, then try using AndroidControl which you downloaded at the start. Remember to put your phone into USB debug mode.
Failing all the above the simplest answer would be to root your phone which you can do with Superoneclick at
still not working for me, I have a bin file after typing "adb pull /efs/nv_data.bin" but now what do I do with it please? it says its 0 bytes in the folder
Last edited by MrMister; May 9th, 2011 at 01:47 PM.
Oh... you dont understand anything of this, do you? look, su is to get in root of the android on the phone, and after get from there the nv_data.bin or blm3.bak file. In your case with the command adb pull /efs/nv_data.bin you take that nv_date.bin file from the telephone and it's copied on your location (ex. D:\Android\AndroidControl ). Go to your correct location and you will see that file into it.After that make the 10 step from this tutorial, for me it isnt work.
btw if you want to try to work with the SU command first you have to root your telephone. And here is a LINK how can you do that if you want to try. I hoped i help you ...
ok the file is 512Kb now. I then copied it to the folder for Generate Unlock Windows, ran the "Generate_Code.bat" and it just says...see screenshot
I opened the nv_data.bin in that hex editor, results around address you said are on screenshot, not sure what the results are or if I've done it correct.
did you see the last screenshot where I get $ sign? any ideas?
Last edited by MrMister; May 9th, 2011 at 04:41 PM.
Ive used the command adb pull /efs/nv_data.bin and get the bin file on my PC fine now. Ive opened up the bin file on 2 hex editors, and searched the string, but theres no code beside it, please see the screenshots.
Why dont I have a code? whats gone wrong? any more help greatly appreciated, need it unlocked asap to test
I tried to do with hex but it wasnt succesful ( i cant find the FF FF FF FF 01 00 00 00 00, it gives me a "NO OCCURRENCES OF ' FF FF FF FF 01 00 00 00 00 ' FOUND".
When I issue the su command it says its not found.. weither theirs no access for the directories .. no permission ... I tried the cat command but the eft directory is not access .. I do not have right for ... I can see it though. any utility that can let me get a su rights?? I trid the froy and frozend.
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Sajd
Make sure you set BYTES TO “32″and that the Char Set is ANSI.
In the Search field make sure Data-type is 'hex-values' and the Search Direction is 'All'.
You should get one or more hits, so press 'Find again' to move through each one.
until you have been through them all.
If you look at your Hex editor there are 3 window panes on the highlighted line.
The left hand pane - offset value, eg 4CCC60h
The middle pane - Hex Keys, eg FF FF FF FF 01 00 00 00 00
The right hand pane - ANSI text ,eg yyyyyyyyy where the code should be.
You are looking for an 8 digit code in the right hand pane. This is your unlock code NCK for your phone.
If all that fails then I can't think of anything else without altering the files on your phone. See
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Sajd / MrMrMr
I can't offer any other suggestions. If the two extraction programs aren't working and the hexEditor doesn't show the codes clearly then I think you are going to have to go to a shop.
hello bjlabuk and all,
I was able to root and got the #. then used su.
I was able to get the bml3.bak.
when downloading the sgux2.exe ... I got a message about a torajan viruse from any where I went to get on the net... I'm not sure the one that I got after all is clean but when used "sgux2 bml3.bak" it bring nothing back.
any advise would be appreciated. also I can open the file in the Hexeditor and see some numbers but they are not matching the tutorial... any suggestion guys would be appreciated.
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
To all,
By way of explanation when I bought my own i5800 it was SIM free and unbranded. I produced the above tutorial after following all the steps myself up to Stage 10 when I got the same message as Sajd:
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <bml3.bak>...
Searching code block..
I thought the program wasn't finding the code because my phone was already unlocked to all networks. I made the assumption that the programs would work on locked phones. It looks like I was wrong.
Even looking for the code manually using the HexEditor appears to be unsuccessful, so either (i)the code is there but we are not looking for it in the right place, or (ii) there is no unlock code stored.
It appears that on some Samsung Galaxy models the unlock code is stored in one of the files mentioned, but on others it is not - it is stored on a secure remote server. It looks like the SG3 is one of those phones, although I haven't found anything on the internet to confirm this. If that is the case then the only way to get the unlock code is by paying for it or asking your carrier / provider to supply it.
bjlabuk
Last edited by bjlabuk; May 15th, 2011 at 02:05 AM.
The Following User Says Thank You to bjlabuk For This Useful Post:
i have a problem, i cant see my i5800 listed as a device by the command adb devices at step 5 and debugger usb mode is enabel on my phone.
i read in other threads something about a special windows usb driver to be use but i installed android sdk and see many other webs and i am stuck in this step, can anybody tell me where can i download it?
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
You need the latest Windows USB drivers. You get them by installing the latest version of Samsung Kies.
By all means follow the steps, but I don't think you will find the unlock code. I have found a comment on the XDA developers website that basically says that the unlock methods for SGS phones don't work for the i5800/i5801 phones because the nv_data.bin file is different from them. Sorry.
bjlabuk
Last edited by bjlabuk; May 13th, 2011 at 12:51 PM.
Man so we are goosed, after struggling for a while and eventually getting the nb_data file I thought I had it cracked. So no other way apart from these stalls that do them? so I take it they use better, more expensive equipment to get the code then?
Once network unlocked by a stall is it like this forever? eg any updates (although think the official Orange v2.2 will be last for i5801), will leave it unlocked?
Will my Orange i5801 with officially updated v2.2 on be ok to network unlock then? ie nothing will happen if I put in a UK O2, or US AT&T SIM in?
If it's only going to be a tenner suppose I'll have to now, bit disappointed as I bought off eBay for £50, and was hoping no more cost.
Cheers
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Hey !!!! This thread has become a sticky !!!!!!!!!!!!!
I am both honoured ..
and embarrassed.. ...because the method doesn't work !!!!!!
Never mind, if you do follow the instruction you will at least learn how to move files between your phone and PC using ADB and the Windows command prompt, which will give you the confidence to try other things.
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Okay,
Looking at how to unlock the Spica i5700 it would appear that the third column of characters is encrypted, so without a decryption algorithm we are not going to find the unlock code itself. However it might be possible to change the hexidecimal values and unlock the phone the same way as the Spica. It will mean altering the nv_data.bin file and copying it back to the phone.
I have temporarily installed the stock ROM I5800XXJPN which is unlocked but rooted. Following the above steps I have copied the nv_data.bin file to my PC and opened it with the Hex editor. Looking for something similar to the Spica I have the following lines
Unlocking a phone does not void your warranty, but I believe rooting a phone does. I was looking for a way to manually unlock the i5800 without rooting it first.
Unlocking a phone does not void your warranty, but I believe rooting a phone does. I was looking for a way to manually unlock the i5800 without rooting it first.
Any suggestions welcome.
bjlabuk
I understand it. But GT-I5800 has different nv_data.bin file. Definitely smaller than the one they are talking about - there is no offset 0x181460 in our nv_data.bin
Even the pattern is different - I looked for similar structure of the 4 codes in hex, but can't find it. Yet ...
Level 1: Shell Root (with ratc rooting the adb shell but no /system write access)
Level 2: Temporary Root (/system/bin/su installed but lost on reboot)
Level 3: Full Root (/system/bin/su installed and sticks)
I agree the i9000/i9100 appears totally different. I think the Spica i5700 has a similar size nv_data.bin to ours.
Last edited by bjlabuk; June 17th, 2011 at 02:16 PM.
on the rooting: I do not need to run SuperOneClick in order to get access to write to the phone's file system. I did that only once, chose "Root" button then.
And yes, since then the "SuperUser" is listed in my Apps. And when I do "adb shell" and then "su", the phone pops up asking me to click OK to approve the root access.
(I have intentionally not checked box "remember" on that prompt).
So you tell what kind is my root
on Spica i5700: I played about an hour with it. Initially I was very enthusiastic since I found exactly the same sequence of 6 bytes as per the posting you pointed me to (although surrounded by different ones on the left and the right).
Changed nv_data.bin accordingly. Replaced the original one. Rebooted.
But no joy
Then I compared the edited nv_data.bin (the one before copying it to the phone) and the one after the reboot. Oooooops! A lot, I mean *a lot* of changes, like 30-40 bytes in different places. The bytes I have changed were still there.
So nv_data.bin is being changed by the phone itself! (at least on my GT-I5800D)
Contrary to a few posts I've seen (on other modles), the phone does *not* create an md5 after the reboot. Since the guy at the Spica i5700 thread doesn't mention explicitly deleting the md5 file, I even tried a case with the original md5 file left (although it obviously wont match).
Still no joy ...
Last edited by jdepp; June 17th, 2011 at 03:12 PM.
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
Ummmmm......
So nv_data.bin is being changed by the phone itself!
I think that would be right. Using Root Explorer to look at the contents of my /efs folder I have:
.nv_data-Copy.bak 13 Oct 2010
.nv_data.bak 13 Oct 2010
.nv_data.bak-Copy.md5 13 Oct 2010
.nv_data.bak.md5 13 Oct 2010
nv_data.bin 18 Jun 2011
nv_data.bin.md5 30 Jan 2011
I had to reboot my phone this morning which is why the nv_data.bin file is dated today, but the md5 file is still dated 30 Jan 2011.
Don't know whether it would help to look at my earlier files for comparison ? Willing to help if I can.
hi to all,im a new member,i bought samsung galaxy 3 in barcelona spain and when i got home here in the philippines i was able to use it for about 2 weeks,then after,suddenly it is looking for sin network unlock pin...i followed all the steps here and went successfully til step nine but when i got to step 10 it says...SGUX v0.92b (C) 2010 By Mark0 & rbnetSamsung Galaxy Unlock code eXtractor(based on info by rhcp0112345 & RazvanG)Opening file ...Searching code block...and i tried also using the Generate_code.bat but the same line i get...some help please...thank you
Device(s): SAGA PVT ENG S-OFF
HBOOT - 0.98.2000 (PG8810000)
RADIO - 38.03.02.11.M
eMMC - boot
Feb 24 2011
Hype
Carrier: Not Provided
Thanks: 0
Thanked 21 Times in 15 Posts
If you read the rest of this thread you will see that the SGU Unlock Code extractor does not work with the i5800/i5801. It only works with the Galaxy S.
The i5800/i5801 either uses a different encryption algorithm to encrypt the unlock code, which is stored in the nv_data.bin file, or the location of the encrypted code is stored in a different location in the file, so the extractor doesn't find it.
Until someone identifies the encryption algorithm used in the i5800/i5801, or comes up with some other hack, you are going to have to pay to have it unlocked professionally.
bjlabuk
The Following User Says Thank You to bjlabuk For This Useful Post:
I hit adb shell, show me one list of commands.
And later, the prompt don't change for "#" and later i hit "su", but nothing happens.
Please, all the steps were right, until you get that part.
How long the video will be public I don't know and how long the method will work I don't know. You can also google "Gogy1906 samsung" and get it off Youtube.
I haven't tried it but others on XDA developers forum have with success.
bjlabuk
Last edited by bjlabuk; September 21st, 2011 at 11:03 AM.
Hi instead of using hardware or software to unlock your mobile use code to unlock it.It is the easiest way to unlock it.. i got the unlock code for samsung mobile from here www.mobile-unlocker.com at reasonable cost and unlocked it successfully.... if You want code for samsung i5800 and i5801 , You can get it. from here.for more details visit here...
By way of explanation when I bought my own i5800 it was SIM free and unbranded. I produced the above tutorial after following all the steps myself up to Stage 10 when I got the same message as Sajd:
SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)
Opening file <bml3.bak>...
Searching code block..
I thought the program wasn't finding the code because my phone was already unlocked to all networks. I made the assumption that the programs would work on locked phones. It looks like I was wrong.
Even looking for the code manually using the HexEditor appears to be unsuccessful, so either (i)the code is there but we are not looking for it in the right place, or (ii) there is no unlock code stored.
It appears that on some Samsung Galaxy models the unlock code is stored in one of the files mentioned, but on others it is not - it is stored on a secure remote server. It looks like the SG3 is one of those phones, although I haven't found anything on the internet to confirm this. If that is the case then the only way to get the unlock code is by paying for it or asking your carrier / provider to supply it.
bjlabuk
I think my phone is in a special situation. I bought an i5801 in France and I had unlock code from the operator. My phone was unlocked.
However, once I turned my phone off and turned it on again, it became locked. I was very surprised and unfortunately, I didn't remember the code. I tried your tutorial to unlock it but at the stage of extracting the code from the file bml3.bak (or nv_data.bin), I got the same result as what you had in my quoted message, no code was found
From your experience, what would be a problem? I'm not in France anymore and it's not easy to request for the code again
1Likes
How to Network unlock your Samsung i5800/i5801 using ADB
( i cant find the FF FF FF FF 01 00 00 00 00, it gives me a "NO OCCURRENCES OF ' FF FF FF FF 01 00 00 00 00 ' FOUND".
...because the method doesn't work !!!!!! 
