Help How to Network unlock your Samsung i5800/i5801 using ADB

[MrMister]

Man so we are goosed, after struggling for a while and eventually getting the nb_data file I thought I had it cracked. So no other way apart from these stalls that do them? so I take it they use better, more expensive equipment to get the code then?

Once network unlocked by a stall is it like this forever? eg any updates (although think the official Orange v2.2 will be last for i5801), will leave it unlocked?

Will my Orange i5801 with officially updated v2.2 on be ok to network unlock then? ie nothing will happen if I put in a UK O2, or US AT&T SIM in?

If it's only going to be a tenner suppose I'll have to now, bit disappointed as I bought off eBay for

 

[bjlabuk]

Hey !!!! This thread has become a sticky !!!!!!!!!!!!!

I am both honoured ..

and embarrassed.. ...because the method doesn't work !!!!!!

Never mind, if you do follow the instruction you will at least learn how to move files between your phone and PC using ADB and the Windows command prompt, which will give you the confidence to try other things.

bjlabuk

 

[bjlabuk]

Anyone still interested in trying to unlock their phone might like to look at

How to: Spica(i5700) sim unlock free.

You try this at your own risk, but it might give you an idea of what to look for in the nv_data.bin file.

If you do find the right sequence you can let us know !

bjlabuk

 

[bjlabuk]

Okay,

Looking at how to unlock the Spica i5700 it would appear that the third column of characters is encrypted, so without a decryption algorithm we are not going to find the unlock code itself. However it might be possible to change the hexidecimal values and unlock the phone the same way as the Spica. It will mean altering the nv_data.bin file and copying it back to the phone.

I have temporarily installed the stock ROM I5800XXJPN which is unlocked but rooted. Following the above steps I have copied the nv_data.bin file to my PC and opened it with the Hex editor. Looking for something similar to the Spica I have the following lines

0040000 ................................................................ I5800XXJP4..N...

0040040 01 01 00 01 FF 00 FF FF 01 FF FF FF FF FF FF FF ....y.yy.yyyyyyy

What would be interesting is if someone with a locked and not rooted i5800/i5801 could compare this line with the same line in their nv_data.bin file.

bjlabuk

 

[jdepp]

@bjlabuk:

Here is mine, rooted but still locked:

Baseband version: I5800DTLKE1 (after upgrade from firmware 2.1 to 2.2)

0040030h: 00 00 00 00 00 00 00 00 00 00 00 01 01 FF 01 01
0040040h: 01 01 00 01 FF 00 FF FF 01 FF FF FF FF FF FF FF

NOTE that although the difference with yours is only that mine is locked, the second line is exactly like yours.

So I suspect the unlock might be actually in the immediately previous editor line (@0040030h) - check out those "01" at its end.

If we know for sure that the lock is coded with "01", we can try this by exhausting all 4 combinations.

 

[bjlabuk]

jdepp

Thanks for your posting. Unfortunately my line 040030h is exactly the same as yours.

bjlabuk

 

[detdroid]

Will this work for a Huawei Ideos 2.2? Country: Philippines
Thanks in advance.

 

[bjlabuk]

Haven't a clue ! Sorry !

 

[bjlabuk]

jdepp

You might be interested in

[HOWTO] GT-I9100 Free SIM Unlock via nv_data.bin by Odia - xda-developers

It gets a bit too technical for me.

Unlocking a phone does not void your warranty, but I believe rooting a phone does. I was looking for a way to manually unlock the i5800 without rooting it first.

Any suggestions welcome.

bjlabuk

 

[jdepp]

jdepp

You might be interested in

[HOWTO] GT-I9100 Free SIM Unlock via nv_data.bin by Odia - xda-developers

It gets a bit too technical for me.

Unlocking a phone does not void your warranty, but I believe rooting a phone does. I was looking for a way to manually unlock the i5800 without rooting it first.

Any suggestions welcome.

bjlabuk

I understand it. But GT-I5800 has different nv_data.bin file. Definitely smaller than the one they are talking about - there is no offset 0x181460 in our nv_data.bin

Even the pattern is different - I looked for similar structure of the 4 codes in hex, but can't find it. Yet ...

 

[jdepp]

@bjlabuk:

hm, interesting: you are saing that if when su run on the adb shell cause a prompt on the phone to allow superuser, such phone is not rooted?

I do get that prompt, but according to the root tool I use - SuperOneClick (the "Root" option) - I have rooted my phone.

Comments?

 

[bjlabuk]

jdepp,

Is your phone permanently rooted? ie do you have the Superuser app/icon on your screen ? or do you use Superoneclick as a tool when you need it?

When I follow the steps I do not get a prompt on my phone to allow superuser, as my phone is permanently rooted.

Did you know there are three levels of root? See

http://forum.xda-developers.com/showthread.php?t=803682

Level 1: Shell Root (with ratc rooting the adb shell but no /system write access)
Level 2: Temporary Root (/system/bin/su installed but lost on reboot)
Level 3: Full Root (/system/bin/su installed and sticks)

I agree the i9000/i9100 appears totally different. I think the Spica i5700 has a similar size nv_data.bin to ours.

 

[jdepp]

bjlabuk,

on the rooting: I do not need to run SuperOneClick in order to get access to write to the phone's file system. I did that only once, chose "Root" button then.

And yes, since then the "SuperUser" is listed in my Apps. And when I do "adb shell" and then "su", the phone pops up asking me to click OK to approve the root access.
(I have intentionally not checked box "remember" on that prompt).

So you tell what kind is my root

on Spica i5700: I played about an hour with it. Initially I was very enthusiastic since I found exactly the same sequence of 6 bytes as per the posting you pointed me to (although surrounded by different ones on the left and the right).

Changed nv_data.bin accordingly. Replaced the original one. Rebooted.

But no joy

Then I compared the edited nv_data.bin (the one before copying it to the phone) and the one after the reboot. Oooooops! A lot, I mean *a lot* of changes, like 30-40 bytes in different places. The bytes I have changed were still there.

So nv_data.bin is being changed by the phone itself! (at least on my GT-I5800D)

Contrary to a few posts I've seen (on other modles), the phone does *not* create an md5 after the reboot. Since the guy at the Spica i5700 thread doesn't mention explicitly deleting the md5 file, I even tried a case with the original md5 file left (although it obviously wont match).

Still no joy ...

 

[bjlabuk]

Ummmmm......

So nv_data.bin is being changed by the phone itself!

I think that would be right. Using Root Explorer to look at the contents of my /efs folder I have:

.nv_data-Copy.bak 13 Oct 2010
.nv_data.bak 13 Oct 2010
.nv_data.bak-Copy.md5 13 Oct 2010
.nv_data.bak.md5 13 Oct 2010
nv_data.bin 18 Jun 2011
nv_data.bin.md5 30 Jan 2011

I had to reboot my phone this morning which is why the nv_data.bin file is dated today, but the md5 file is still dated 30 Jan 2011.

Don't know whether it would help to look at my earlier files for comparison ? Willing to help if I can.

bjlabuk

 

[william25]

hi to all,im a new member,i bought samsung galaxy 3 in barcelona spain and when i got home here in the philippines i was able to use it for about 2 weeks,then after,suddenly it is looking for sin network unlock pin...i followed all the steps here and went successfully til step nine but when i got to step 10 it says...SGUX v0.92b (C) 2010 By Mark0 & rbnetSamsung Galaxy Unlock code eXtractor(based on info by rhcp0112345 & RazvanG)Opening file ...Searching code block...and i tried also using the Generate_code.bat but the same line i get...some help please...thank you

 

[bjlabuk]

If you read the rest of this thread you will see that the SGU Unlock Code extractor does not work with the i5800/i5801. It only works with the Galaxy S.

The i5800/i5801 either uses a different encryption algorithm to encrypt the unlock code, which is stored in the nv_data.bin file, or the location of the encrypted code is stored in a different location in the file, so the extractor doesn't find it.

Until someone identifies the encryption algorithm used in the i5800/i5801, or comes up with some other hack, you are going to have to pay to have it unlocked professionally.

bjlabuk

 

[Colen]

I hit adb shell, show me one list of commands.
And later, the prompt don't change for "#" and later i hit "su", but nothing happens.
Please, all the steps were right, until you get that part.

 

[panagism]

there be someone who has managed to unlock it;

 

[bjlabuk]

Someone has found a method here

How long the video will be public I don't know and how long the method will work I don't know. You can also google "Gogy1906 samsung" and get it off Youtube.

I haven't tried it but others on XDA developers forum have with success.

bjlabuk

 

[jenula]

Hi instead of using hardware or software to unlock your mobile use code to unlock it.It is the easiest way to unlock it.. i got the unlock code for samsung mobile from here www.mobile-unlocker.com at reasonable cost and unlocked it successfully.... if You want code for samsung i5800 and i5801 , You can get it. from here.for more details visit here...

 

[haibinhle]

To all,

By way of explanation when I bought my own i5800 it was SIM free and unbranded. I produced the above tutorial after following all the steps myself up to Stage 10 when I got the same message as Sajd:

SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)

Opening file <bml3.bak>...
Searching code block..

I thought the program wasn't finding the code because my phone was already unlocked to all networks. I made the assumption that the programs would work on locked phones. It looks like I was wrong.

Even looking for the code manually using the HexEditor appears to be unsuccessful, so either (i)the code is there but we are not looking for it in the right place, or (ii) there is no unlock code stored.

It appears that on some Samsung Galaxy models the unlock code is stored in one of the files mentioned, but on others it is not - it is stored on a secure remote server. It looks like the SG3 is one of those phones, although I haven't found anything on the internet to confirm this. If that is the case then the only way to get the unlock code is by paying for it or asking your carrier / provider to supply it.

bjlabuk

I think my phone is in a special situation. I bought an i5801 in France and I had unlock code from the operator. My phone was unlocked.

However, once I turned my phone off and turned it on again, it became locked. I was very surprised and unfortunately, I didn't remember the code. I tried your tutorial to unlock it but at the stage of extracting the code from the file bml3.bak (or nv_data.bin), I got the same result as what you had in my quoted message, no code was found

From your experience, what would be a problem? I'm not in France anymore and it's not easy to request for the code again

Thanks in advance
BR,
HBL

 

[bjlabuk]

Well the easiest option is to take it to a shop and pay to get it unlocked again.

Or use an internet site like the one Jenula suggests above.

bjlabuk

 

[TheBorg]

Galaxy S - SGH-T959D.

I have both bml3 and nv_data.bin and here's the hex contents searching for SSNV. Is the unlock code available or is it now encrypted?

Thanks.


SSNV

 

[salhilam]

Hi everybody,
I tried All the steps with an locked I5800 without any result (rooted and unrooted) !

Then with a unlocked one it's the same. So, no way !

I think the solution is to found the 8 digits simlock or just try to upgrade the phone with another Froyo version. For me it's okay with I5800XXJPF4.

I get my phone upgraded with just 8 USD ! The guy didn't tell me the secret !

 

[dalynjane]

I found samsung galaxy at franch country its compatible with USA?