How to Network unlock your Samsung i5800/i5801 using ADBSupport

Last Updated:

  1. MrMister

    MrMister Well-Known Member

    Man so we are goosed, after struggling for a while and eventually getting the nb_data file I thought I had it cracked. So no other way apart from these stalls that do them? so I take it they use better, more expensive equipment to get the code then?

    Once network unlocked by a stall is it like this forever? eg any updates (although think the official Orange v2.2 will be last for i5801), will leave it unlocked?

    Will my Orange i5801 with officially updated v2.2 on be ok to network unlock then? ie nothing will happen if I put in a UK O2, or US AT&T SIM in?

    If it's only going to be a tenner suppose I'll have to now, bit disappointed as I bought off eBay for

  2. bjlabuk

    bjlabuk Well-Known Member

    Hey !!!! This thread has become a sticky !!!!!!!!!!!!!

    I am both honoured .. :)

    and embarrassed.. :eek: ...because the method doesn't work !!!!!! :(

    Never mind, if you do follow the instruction you will at least learn how to move files between your phone and PC using ADB and the Windows command prompt, which will give you the confidence to try other things.

  3. bjlabuk

    bjlabuk Well-Known Member

    Anyone still interested in trying to unlock their phone might like to look at

    How to: Spica(i5700) sim unlock free.

    You try this at your own risk, but it might give you an idea of what to look for in the nv_data.bin file.

    If you do find the right sequence you can let us know !

  4. bjlabuk

    bjlabuk Well-Known Member


    Looking at how to unlock the Spica i5700 it would appear that the third column of characters is encrypted, so without a decryption algorithm we are not going to find the unlock code itself. However it might be possible to change the hexidecimal values and unlock the phone the same way as the Spica. It will mean altering the nv_data.bin file and copying it back to the phone.

    I have temporarily installed the stock ROM I5800XXJPN which is unlocked but rooted. Following the above steps I have copied the nv_data.bin file to my PC and opened it with the Hex editor. Looking for something similar to the Spica I have the following lines

    0040000 ................................................................ I5800XXJP4..N...

    0040040 01 01 00 01 FF 00 FF FF 01 FF FF FF FF FF FF FF ....y.yy.yyyyyyy

    What would be interesting is if someone with a locked and not rooted i5800/i5801 could compare this line with the same line in their nv_data.bin file.

  5. jdepp

    jdepp New Member


    Here is mine, rooted but still locked:

    Baseband version: I5800DTLKE1 (after upgrade from firmware 2.1 to 2.2)

    Code (Text):
    1. 0040030h: 00 00 00 00 00 00 00 00 00 00 00 01 01 FF 01 01
    2. 0040040h: 01 01 00 01 FF 00 FF FF 01 FF FF FF FF FF FF FF
    NOTE that although the difference with yours is only that mine is locked, the second line is exactly like yours.

    So I suspect the unlock might be actually in the immediately previous editor line (@0040030h) - check out those "01" at its end.

    If we know for sure that the lock is coded with "01", we can try this by exhausting all 4 combinations.
  6. bjlabuk

    bjlabuk Well-Known Member


    Thanks for your posting. Unfortunately my line 040030h is exactly the same as yours.

  7. detdroid

    detdroid Active Member

    Will this work for a Huawei Ideos 2.2? Country: Philippines
    Thanks in advance.
  8. bjlabuk

    bjlabuk Well-Known Member

    Haven't a clue ! Sorry !
  9. bjlabuk

    bjlabuk Well-Known Member

  10. jdepp

    jdepp New Member

    I understand it. But GT-I5800 has different nv_data.bin file. Definitely smaller than the one they are talking about - there is no offset 0x181460 in our nv_data.bin

    Even the pattern is different - I looked for similar structure of the 4 codes in hex, but can't find it. Yet ...
  11. jdepp

    jdepp New Member


    hm, interesting: you are saing that if when su run on the adb shell cause a prompt on the phone to allow superuser, such phone is not rooted?

    I do get that prompt, but according to the root tool I use - SuperOneClick (the "Root" option) - I have rooted my phone.

  12. bjlabuk

    bjlabuk Well-Known Member


    Is your phone permanently rooted? ie do you have the Superuser app/icon on your screen ? or do you use Superoneclick as a tool when you need it?

    When I follow the steps I do not get a prompt on my phone to allow superuser, as my phone is permanently rooted.

    Did you know there are three levels of root? See

    Level 1: Shell Root (with ratc rooting the adb shell but no /system write access)
    Level 2: Temporary Root (/system/bin/su installed but lost on reboot)
    Level 3: Full Root (/system/bin/su installed and sticks)

    I agree the i9000/i9100 appears totally different. I think the Spica i5700 has a similar size nv_data.bin to ours.
  13. jdepp

    jdepp New Member


    on the rooting: I do not need to run SuperOneClick in order to get access to write to the phone's file system. I did that only once, chose "Root" button then.

    And yes, since then the "SuperUser" is listed in my Apps. And when I do "adb shell" and then "su", the phone pops up asking me to click OK to approve the root access.
    (I have intentionally not checked box "remember" on that prompt).

    So you tell what kind is my root :)

    on Spica i5700: I played about an hour with it. Initially I was very enthusiastic since I found exactly the same sequence of 6 bytes as per the posting you pointed me to (although surrounded by different ones on the left and the right).

    Changed nv_data.bin accordingly. Replaced the original one. Rebooted.

    But no joy :(

    Then I compared the edited nv_data.bin (the one before copying it to the phone) and the one after the reboot. Oooooops! A lot, I mean *a lot* of changes, like 30-40 bytes in different places. The bytes I have changed were still there.

    So nv_data.bin is being changed by the phone itself! (at least on my GT-I5800D)

    Contrary to a few posts I've seen (on other modles), the phone does *not* create an md5 after the reboot. Since the guy at the Spica i5700 thread doesn't mention explicitly deleting the md5 file, I even tried a case with the original md5 file left (although it obviously wont match).

    Still no joy ...
  14. bjlabuk

    bjlabuk Well-Known Member


    So nv_data.bin is being changed by the phone itself!

    I think that would be right. Using Root Explorer to look at the contents of my /efs folder I have:

    .nv_data-Copy.bak 13 Oct 2010
    .nv_data.bak 13 Oct 2010
    .nv_data.bak-Copy.md5 13 Oct 2010
    .nv_data.bak.md5 13 Oct 2010
    nv_data.bin 18 Jun 2011
    nv_data.bin.md5 30 Jan 2011

    I had to reboot my phone this morning which is why the nv_data.bin file is dated today, but the md5 file is still dated 30 Jan 2011.

    Don't know whether it would help to look at my earlier files for comparison ? Willing to help if I can.

  15. william25

    william25 New Member

    hi to all,im a new member,i bought samsung galaxy 3 in barcelona spain and when i got home here in the philippines i was able to use it for about 2 weeks,then after,suddenly it is looking for sin network unlock pin...i followed all the steps here and went successfully til step nine but when i got to step 10 it says...SGUX v0.92b (C) 2010 By Mark0 & rbnetSamsung Galaxy Unlock code eXtractor(based on info by rhcp0112345 & RazvanG)Opening file ...Searching code block...and i tried also using the Generate_code.bat but the same line i get...some help please...thank you
  16. bjlabuk

    bjlabuk Well-Known Member

    If you read the rest of this thread you will see that the SGU Unlock Code extractor does not work with the i5800/i5801. It only works with the Galaxy S.

    The i5800/i5801 either uses a different encryption algorithm to encrypt the unlock code, which is stored in the nv_data.bin file, or the location of the encrypted code is stored in a different location in the file, so the extractor doesn't find it.

    Until someone identifies the encryption algorithm used in the i5800/i5801, or comes up with some other hack, you are going to have to pay to have it unlocked professionally.

    william25 likes this.
  17. Colen

    Colen New Member

    I hit adb shell, show me one list of commands.
    And later, the prompt don't change for "#" and later i hit "su", but nothing happens.
    Please, all the steps were right, until you get that part.
  18. panagism

    panagism New Member

    there be someone who has managed to unlock it;
  19. bjlabuk

    bjlabuk Well-Known Member

    Someone has found a method here

    How long the video will be public I don't know and how long the method will work I don't know. You can also google "Gogy1906 samsung" and get it off Youtube.

    I haven't tried it but others on XDA developers forum have with success.

  20. jenula

    jenula Member

    Hi instead of using hardware or software to unlock your mobile use code to unlock it.It is the easiest way to unlock it.. i got the unlock code for samsung mobile from here at reasonable cost and unlocked it successfully.... if You want code for samsung i5800 and i5801 , You can get it. from here.for more details visit here...
  21. haibinhle

    haibinhle New Member

    I think my phone is in a special situation. I bought an i5801 in France and I had unlock code from the operator. My phone was unlocked.

    However, once I turned my phone off and turned it on again, it became locked. I was very surprised and unfortunately, I didn't remember the code. I tried your tutorial to unlock it but at the stage of extracting the code from the file bml3.bak (or nv_data.bin), I got the same result as what you had in my quoted message, no code was found :(

    From your experience, what would be a problem? I'm not in France anymore and it's not easy to request for the code again :(

    Thanks in advance
  22. bjlabuk

    bjlabuk Well-Known Member

    Well the easiest option is to take it to a shop and pay to get it unlocked again.

    Or use an internet site like the one Jenula suggests above.

  23. TheBorg

    TheBorg New Member

    Galaxy S - SGH-T959D.

    I have both bml3 and nv_data.bin and here's the hex contents searching for SSNV. Is the unlock code available or is it now encrypted?


  24. salhilam

    salhilam New Member

    Hi everybody,
    I tried All the steps with an locked I5800 without any result (rooted and unrooted) !

    Then with a unlocked one it's the same. So, no way !

    I think the solution is to found the 8 digits simlock or just try to upgrade the phone with another Froyo version. For me it's okay with I5800XXJPF4.

    I get my phone upgraded with just 8 USD ! The guy didn't tell me the secret !
  25. dalynjane

    dalynjane New Member

    I found samsung galaxy at franch country its compatible with USA?

Share This Page