So I recently purchased a Vibrant from a fellow off craigslist. I was able to eventually get SGS unlocker from the market to get me a code. That code didnt work, so I tried flashing to a different vibrant firmware. My phone froze up and I had to send it to samsung. I just got it back after 8 days and they fixed it. I am now not able to get SGS unlock to work and the Get_Unlockcodes doesnt yield results. Is my phone hopeless or what? This is driving me crazy!
Also, I bought a code from GSM Liberty and they came up with the same code that I already had, which obviously didnt work...
Any ideas?
bump
Nobody has any ideas??
There was an article that stated that "unlock codes we actually stored in the vibrant" & there should be a thread in the vibrant forum that you could search for. I'm only guessing, but it's possible that when you sent the phone back to sammy they could of locked it... But like I said thats just a wild guess.
Naw, probably not it because I couldnt get it unlocked before I sent it to them either... But a good hypothesis nonetheless.
jon102034050 said:
So I recently purchased a Vibrant from a fellow off craigslist. I was able to eventually get SGS unlocker from the market to get me a code. That code didnt work, so I tried flashing to a different vibrant firmware. My phone froze up and I had to send it to samsung. I just got it back after 8 days and they fixed it. I am now not able to get SGS unlock to work and the Get_Unlockcodes doesnt yield results. Is my phone hopeless or what? This is driving me crazy!
Also, I bought a code from GSM Liberty and they came up with the same code that I already had, which obviously didnt work...
Any ideas?
Click to expand...
Click to collapse
Since you own the phone outright and since you've already had T-Mobile support service the phone you've missed one obvious opportunity (unless you've tried this and not mentioned it).
Asking T-Mobile. T-Mobile is pretty easy going about providing unlock codes for devices.
Barring that I'd suggest Odin3'ing your way back to a full factory JFD release (unless T-Mobile's repair involved installing JFD instead of another build) and obtaining your lock code from the original build.
Best of luck
I actually sent it to Samsung for repair, not tmobile. Tmobile hasnt done anything for me, they refuse to do anything. Samsung hasnt really dont anything either in terms of unlocking it. I got the unlock and unfreeze codes myself, and samsung was able to veryify them. Other than that, they keep telling me to contact Tmob because they "have more unlock codes that can work"
I am actually running UVJFD currently, but at one point, I flashed to UVJI4. Then I tried flashing back to UVJFD, thats where I ran into some problems. Samsung reflashed it to UVJFD though.
remember when you enter the unlock code to the phone, it's the network unlock code you'll use, not the unfreeze code.
Also when(before) you flash a custom ROM, you need to make a backup of your nv_data.bin in the /efs directory, if at some point you did not do this, you may have lost the codes for your phone, if the unlock code does not work restoring your original nv_data.bin should help.
I'm working on a perm fix for this. Its going to take me a couple of days though. Playing it safe. Already bricked 1 vibrant.
watcher64 said:
Also when(before) you flash a custom ROM, you need to make a backup of your nv_data.bin in the /efs directory, if at some point you did not do this, you may have lost the codes for your phone, if the unlock code does not work restoring your original nv_data.bin should help.
Click to expand...
Click to collapse
I flashed with Odin to JI4 at one point, is that why SGS unlock from the market doesnt work anymore? How can I restore NV_Data.bin? I am not rooted, nor have i put a custom rom on my phone.
krylon360 said:
I'm working on a perm fix for this. Its going to take me a couple of days though. Playing it safe. Already bricked 1 vibrant.
Click to expand...
Click to collapse
You've got pm!
I flashed my phone with Odin to ECLAIR.UVJI5. I too had a nv_data.bin file that had all "FFFFFFFF" in the proper location for the
unlock code. sgux could not extract any codes.
I was lucky that the guy I bought the phone from on craigslist was really cool and helped me get the unlock code from T-Mobile. They
happen to match the unlock codes I pulled from the phone prior to flashing the new ROM.
I used a hexeditor to put the original unlock code back into nv_data.bin and sgux.exe was able to extract the codes as designed.
I used the commands below with the adb from the android SDK to put the nv_data.bin that sgux.exe can find the codes on, back to /efs
su
busybox mv /efs/.nv_data.bak /efs/.nv_data.bakk
busybox mv /efs/.nv_data.bak.md5 /efs/.nv_data.bakk.md5
rm /efs/nv_data.bin
rm /efs/nv_data.bin.md5
rm /efs/.nv2.bak
rm /efs/.nv2.bak.md5
busybox cp /sdcard/sd/nv_data.bin /efs/nv_data.bin
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin
Then I put in the SIM card from the foreign carrier (locked from t-mobile and put a NTT-DOCOMO sim card in). The phone boots and asked
for the unlock code.
Unlock unsuccessful.
Here is the excerpt from my nv.log file:
Mon Oct 11 11:29:01 2010: MD5 fail. orignal md5 'e11e0b6e98d3fc12af54beb0eb08dc10' computed md5 '74a79566d01203e5f3afc4d377756fc7'
(rild)
Mon Oct 11 11:29:01 2010: backup NV restored.
Mon Oct 11 11:38:01 2010: MD5 fail. orignal md5 '98afedaff5d7f230fa2ae73a0edaa0c2' computed md5 '74a79566d01203e5f3afc4d377756fc7'
(rild)
Mon Oct 11 11:38:02 2010: backup NV restored.
Mon Oct 11 22:28:05 2010: New MD5 created from unprotected nv_data.bin.
Mon Oct 11 22:41:09 2010: secondary NV built.
Mon Oct 11 22:41:09 2010: ERROR: Deleting plain text NCK failed.
Here is a listing of my /efs directory:
# ls -l -a
ls -l -a
drwxrwxrwx root root 2010-01-01 09:00 .android
-rwx------ radio radio 2097152 2010-10-11 22:55 nv_data.bin
-rw-rw-rw- radio radio 15 2010-10-01 14:08 .imei
drwxrwxrwx radio radio 2010-07-09 05:45 imei
-rwx------ radio radio 32 2010-10-11 22:55 nv_data.bin.md5
-rwx------ radio radio 1048576 2010-10-11 22:54 .nv2.bak
-rwx------ radio radio 32 2010-10-11 22:54 .nv2.bak.md5
-rw-rw-rw- radio radio 2198 2010-10-11 22:54 nv.log
-rw-rw-rw- radio radio 1 2010-09-18 10:09 .nv_state
-rwx------ radio radio 2097152 2010-10-11 11:16 .nv_data.bakk
-rwxr-xr-x radio radio 32 2010-10-11 11:16 .nv_data.bakk.md5
#
I am currently in Japan where this blasted thing is supposed to be working, but I have a SIM card that I paid for and a phone that won't
cooperate.
Does anybody have any suggestions?
Regards,
Cap'n Galaxy
Ok, so I fixed my own problem.
I figured out after doing a lot of testing with different versions of the nv_data.bin file and found that even after changing the unlock and unfreeze codes in nv_data.bin and putting it back into my vibrant /efs directory, the phone would overwrite the nv_data.bin file and put FFFFFFFF in where the unlock code was supposed to be.
I took a chance and did a chmod 555 on nv_data.bin instead of a chmod 755. I believe this made it so the boot process could not overwrite the nv_data.bin file. I copied the nv_data.bin file back to my PC and used the sgux.exe and confirmed that it was showing the unlock and unfreeze codes correctly.
Then I shut down the phone, put the NTT-DOCOMO sim card, booted back up and BAM! I got basic phone service.
Ater putting in the APN, user name and password, I then had solid 3G. I am now tethering my Dell laptop over Wifi and am happy as a clam. I'll now work on getting SMS working, but I'll save that for another thread.
Thanks to all the vibrant pioneers before me for laying the groundwork that made it possible for me to get phone and data services during my visit in Japan.
capngalaxy said:
Ok, so I fixed my own problem.
I figured out after doing a lot of testing with different versions of the nv_data.bin file and found that even after changing the unlock and unfreeze codes in nv_data.bin and putting it back into my vibrant /efs directory, the phone would overwrite the nv_data.bin file and put FFFFFFFF in where the unlock code was supposed to be.
I took a chance and did a chmod 555 on nv_data.bin instead of a chmod 755. I believe this made it so the boot process could not overwrite the nv_data.bin file. I copied the nv_data.bin file back to my PC and used the sgux.exe and confirmed that it was showing the unlock and unfreeze codes correctly.
Then I shut down the phone, put the NTT-DOCOMO sim card, booted back up and BAM! I got basic phone service.
Ater putting in the APN, user name and password, I then had solid 3G. I am now tethering my Dell laptop over Wifi and am happy as a clam. I'll now work on getting SMS working, but I'll save that for another thread.
Thanks to all the vibrant pioneers before me for laying the groundwork that made it possible for me to get phone and data services during my visit in Japan.
Click to expand...
Click to collapse
Hi. I have a question. I do get an unlock code (samsung vibrant with TMobile btw) but it does not work. My phone is rooted and I got that code with an app(sgs unlocker) and it does not work. If i just change permissions for the file nv_data.bin (555), do you think that is enough to unlock my phone with the same code I get?
I got the same issue like yours, Could you explain step-by-step your solution? I will appreciate
Thanks in advance
Could Someone Make a Sticky Guide
charlysx said:
I got the same issue like yours, Could you explain step-by-step your solution? I will appreciate
Thanks in advance
Click to expand...
Click to collapse
If possible could someone make a sticky guide with how to get this done with all the "IF YOUR ON THIS FIRMWARE" and so on and so ons?
I had updated to JI6 then Used Odin and flashed back to JFD then I Flashed to Bionix Fusion12 and I could not at any point get anything when running the SGSu from Market. Tried Running It from Desktop and it never finds nv_data.bin tried using file explorer with superuser installed,...EFS always Empty! Copy to SD card and take a look with show hidden files on computer in effect...Nothing in the EFS Directory....That is the Extent of what Im able to do,...I at one point extracted the .bak file only to discover when searching SSNV that there was no code, I did see 8 letters clustered that were "FFFFFFFF" Tried Changing them to "00000000" and Saving the .BAK file now Im clueless at this step what to do, its sitting on my Embedded SD card and I have no Idea how to load it back into the phone?.....Major problem is If it was windows mobile I could comprehend to some degree what I was doing, but with this being my first Android device Im depending entirely on Directions from other users, Luck,...And Help from the community,....If somebody could make a foolproof guide and sticky it I would be so happy. Thank you.
Flashing ROMS makes you lose the ability to unlock your Vibrant?
Wait I'm confused.
If you have flashed a custom rom, and you never backed up your nv_data.bin, then you have totally lost the ability to unlock your phone even with the correct unlock code????
I had the same problem. Even I have the correct code, It cannot be unlocked and gives the error "Network unlock request unsuccessful" but then I used helroz's method and I unlocked my phone. I am fine now
fatihaky said:
I had the same problem. Even I have the correct code, It cannot be unlocked and gives the error "Network unlock request unsuccessful" but then I used helroz's method and I unlocked my phone. I am fine now
Click to expand...
Click to collapse
Can you please provide the link to Helroz's method.
I wish the bible had indicated one loses the ability to unlock their phone after installing a custom ROM. I did my research like a good little boy before I started messing with my phone, and not once did I read any warnings that this may happen
fatihaky said:
I had the same problem. Even I have the correct code, It cannot be unlocked and gives the error "Network unlock request unsuccessful" but then I used helroz's method and I unlocked my phone. I am fine now
Click to expand...
Click to collapse
why did you get the network unlock request unsuccessful message, was it because you installed a custom ROM or was it because you cleared efs?
Related
So I accidently have locked myself out of my phone by changing my number to another network and thinking I could still use my current SIM in my phone until I got it unlocked.
I haven't been able to send or receive texts or anything for around 3 days now.
The place online I was getting it unlocked at said there was a delay with Samsung so they refunded me.
I tried the unlock apps but they don't work.
In GalaxSim, it says my phone is unlocked by when I try another SIM it doesn't work.
In the FAQ it says this could be a second SIM lock by the service provider, and to fix it I have to flash a full unbranded Samsung ROM.
I was wondering how I do this?
I'm on Cyanogen 10 and I currently have Jellybean on my device but I'm not too sure on what I have to do to flash to this ROM and if it will erase my data?
Thanks for any help!
AndyOHart said:
So I accidently have locked myself out of my phone by changing my number to another network and thinking I could still use my current SIM in my phone until I got it unlocked.
I haven't been able to send or receive texts or anything for around 3 days now.
The place online I was getting it unlocked at said there was a delay with Samsung so they refunded me.
I tried the unlock apps but they don't work.
In GalaxSim, it says my phone is unlocked by when I try another SIM it doesn't work.
In the FAQ it says this could be a second SIM lock by the service provider, and to fix it I have to flash a full unbranded Samsung ROM.
I was wondering how I do this?
I'm on Cyanogen 10 and I currently have Jellybean on my device but I'm not too sure on what I have to do to flash to this ROM and if it will erase my data?
Thanks for any help!
Click to expand...
Click to collapse
Plenty of topics on how to sim unlock and flash stock roms, go read them.
TheATHEiST said:
Plenty of topics on how to sim unlock and flash stock roms, go read them.
Click to expand...
Click to collapse
Any chance you could link me on a good up to date guide? I don't want to brick my phone or anything, I thought I would have been on a Stock ROM since I'm on Jellybean now.
AndyOHart said:
Any chance you could link me on a good up to date guide? I don't want to brick my phone or anything, I thought I would have been on a Stock ROM since I'm on Jellybean now.
Click to expand...
Click to collapse
CM10/jellybean is not a "stock" rom. CM10 is a "AOSP" based rom.
Stock rom refers to your devices/carriers default rom, ie Samsung based rom. Get your needed rom from sammobile.com
Flashing Guide: http://forum.xda-developers.com/showthread.php?t=1075278
If you want to unlock your device use the search there is plenty of topics if you use keywords like "sim unlock" etc.
Oh so I have to reset my phone pretty much? Can I go back to Cyanogen 10 after I get the stock ROM?
AndyOHart said:
Oh so I have to reset my phone pretty much? Can I go back to Cyanogen 10 after I get the stock ROM?
Click to expand...
Click to collapse
I didnt say you have to do anything however you may have compatibility issues unlocking sim so would probably best to go back to stock.
Yes, you can go back and forth to any rom you want.
Flash stock rom via odin (download mode)
Flash Siyah kernel (again in download mode)
Reboot into recovery and wipe data/factory reset.
Boot Android and use sim unlock etc.
Reboot into recovery and flash whatever rom you like.
Thanks for that, I went onto that site you mentioned, sammobile.com and I chose to do their unlock method with SRS, it was only 15 euro so I'll see if it fixes it!
Thanks
AndyOHart said:
Thanks for that, I went onto that site you mentioned, sammobile.com and I chose to do their unlock method with SRS, it was only 15 euro so I'll see if it fixes it!
Thanks
Click to expand...
Click to collapse
Are you crazy?
There is plenty of ways to do it yourself for FREE if you would just stop been lazy and use search button.
Obviously I'm wasting my time, waste your money.
1) Get Mobile Odin Pro for 3 euro and download this Unbranded Stock ROM:
http://www.sammobile.com/2012/11/15/i9100xxlsj-%E2%80%93-galaxy-s-ii-android-4-1-2-jelly-bean-test-firmware/
2) Read Mobile Odin thread by chainfire:
http://forum.xda-developers.com/showthread.php?t=1347899
3) Flash the downloaded ROM following the guide above.
4) Check if your network still locked, If it is check this thread out:
http://forum.xda-developers.com/showthread.php?t=2070375
5) Tell us how you did.
When I try run Mobile Odin it gives me an error about not being able to detect the device. It's not asking for super user privileges either?
your device is not rooted? weren't you in CM 10.1?
What device are you packing? GT-I9100?
I followed everything you said and my phone is still locked. No luck
gastonw said:
your device is not rooted? weren't you in CM 10.1?
What device are you packing? GT-I9100?
Click to expand...
Click to collapse
It was rooted but then I did a root checker and it said it wasn't, must of lost it after changing to CM 10 I think.
I downloaded some auto rooter and that rooted the phone for me. Then I followed your instructions and now I'm freshly formatted but still not working. Tried all the unlocker tools again and still doesn't work. GalaxUnlock says I'm already unlocked so it must be a second network lock.
But in his instructions he says that flashing to a stock Samsung ROM fixes it, but I thought that's what I just done.
sure you don't have an IMEI issue? You did back EFS folder before you flashed for the first time right?
check you IMEI by dialing *#06# and see if it matches the imei number sticked below the battery.
gastonw said:
sure you don't have an IMEI issue? You did back EFS folder before you flashed for the first time right?
check you IMEI by dialing *#06# and see if it matches the imei number sticked below the battery.
Click to expand...
Click to collapse
IMEI matches the one that I had before I started trying all this and matches the one behind the battery.
In the Galaxy Unlocker app I backed up the EFS files when it asked me tther than that I haven't touched them really. Any recommendations? I've tryed pretty much everything I have seen.
I'm searching for the network info key-in code, for you to see what's locked and what's not. Can't seem to find it tho.
Do you have another carrier sim card to put in & see if it asks for an unlocking code?
gastonw said:
I'm searching for the network info key-in code, for you to see what's locked and what's not. Can't seem to find it tho.
Do you have another carrier sim card to put in & see if it asks for an unlocking code?
Click to expand...
Click to collapse
I currently have my Meteor sim card in the phone, that's the company I was with for years.
The phone lets me browse and use apps and stuff when this sim card is in it.
I have another sim card for 48 who I am changing to, which asks for the unlock code.
Before with GalaxSim Unlock, it said I was already unlocked. I downloaded an old version now everything says undefined, and said it can't read the nv data, however I am nearly positive I have backups of this as I saw them on the card.
Galaxy S2 SIM Unlock just gives me an unlock code of 00000000 which doesn't work and Galaxy S Unlock doesn't work either, altough it says it does
AndyOHart said:
I currently have my Meteor sim card in the phone, that's the company I was with for years.
The phone lets me browse and use apps and stuff when this sim card is in it.
I have another sim card for 48 who I am changing to, which asks for the unlock code.
Before with GalaxSim Unlock, it said I was already unlocked. I downloaded an old version now everything says undefined, and said it can't read the nv data, however I am nearly positive I have backups of this as I saw them on the card.
Galaxy S2 SIM Unlock just gives me an unlock code of 00000000 which doesn't work and Galaxy S Unlock doesn't work either, altough it says it does
Click to expand...
Click to collapse
Well, now we know that you are indeed locked, thats good.
busybox installed on your device?
if yes, try installing another version (older/newer) once downloaded install it and keep it working in the background, then run the unlocking apps again
---------- Post added at 01:19 AM ---------- Previous post was at 01:17 AM ----------
or try this:
http://forum.xda-developers.com/showthread.php?t=1360174
you could also restore the EFS folder and see what's up.
gastonw said:
Well, now we know that you are indeed locked, thats good.
busybox installed on your device?
if yes, try installing another version (older/newer) once downloaded install it and keep it working in the background, then run the unlocking apps again
---------- Post added at 01:19 AM ---------- Previous post was at 01:17 AM ----------
or try this:
http://forum.xda-developers.com/showthread.php?t=1360174
you could also restore the EFS folder and see what's up.
Click to expand...
Click to collapse
I have Busybox installed, but I have two versions, BusyBox free and BusyBox installer, don't know if it matters that I have the two of them.
I have went to a much lower version of it but GalaxSim Unlock still says it can't read nv data.
I tried that program also and it says my Video card isn't supported :S
And hit the restore button in Galaxy S 2 Unlock and GS2_Repair so I presume it got restored. Where should the efs folder be located so I can double check?
AndyOHart said:
I have Busybox installed, but I have two versions, BusyBox free and BusyBox installer, don't know if it matters that I have the two of them.
I have went to a much lower version of it but GalaxSim Unlock still says it can't read nv data.
I tried that program also and it says my Video card isn't supported :S
And hit the restore button in Galaxy S 2 Unlock and GS2_Repair so I presume it got restored. Where should the efs folder be located so I can double check?
Click to expand...
Click to collapse
I also got 2 busybox (free 8.9.7 & installer 4.1).
GalaxSim Unlock should have a restore button, dunno the location of the back up, but the EFS folder should be in the data folder, u'll need a root explorer to get to it.
Hello
I have a Samsung Galaxy S2 with NFC (I9100P)
I backed up the full efs folder and attempted to unlock it using galaxy s unlock, but any attempt to do so makes the device lose the IMEI, althought it gets unlocked properly
I tried to delete the md5 fils for them to get generated again with no luck, I also set permissions and group ownership to the files
If I restore my old backup and establish the file permissions and group manually the device gets the IMEI back but becomes locked again
What can I do?
Thank you.
albertocastillo2001 said:
Hello
I have a Samsung Galaxy S2 with NFC (I9100P)
I backed up the full efs folder and attempted to unlock it using galaxy s unlock, but any attempt to do so makes the device lose the IMEI, althought it gets unlocked properly
I tried to delete the md5 fils for them to get generated again with no luck, I also set permissions and group ownership to the files
If I restore my old backup and establish the file permissions and group manually the device gets the IMEI back but becomes locked again
What can I do?
Thank you.
Click to expand...
Click to collapse
Just pay your carrier, better than losing IMEI
Don't unlock it with that app, get galaxysim unlock from spocky thread.
Sent from the little guy
Hello
thank you, GalaxSim worked perfectly
I know
Sent from the little guy
Hi,
I used Android 4.1.2 and CM10.1 - on Samsung Galaxy S II model I9100.
During a phone conversation it was hanged up, and the phone could not connect to the network anymore.
I got an error when tried to manually search for network operator, which lead me, after a research in the net, to find out that the IMEI of the phone is empty. I see also that the Baseband version is 'unknown'.
I have a backup of the efs folder and tried to restore it by manual overwrite it - with no success.
I also followed the guide to recover manually the IMEI from here: http://forum.xda-developers.com/showthread.php?t=1264021 with no success.
I tried to get back to a backup of the original ROM I used before (this time using ODIN), and now I get NULL/NULL in the IMEI and I still get Baseband 'unknown'.
Also re-installing the radio did not help. now when looking for network operator the error is different - now it is telling me that there is no SIM card.
the NULl/NULL IMEI and Baseband version is 'unknown' are still here and I still can't connect to the network.
last input: after 2 days of phone being unused - it suddenly got back to work, the original IMEI got back in, and it connected to the network. this happened without me doing anything, and it held for half a day, then the phone got back to the non-functioning mode as described above, again in the middle of a phone conversation.
I am out of new ideas, all related threads in here did not help.
Can anybody help ?
Does anybody know the reason for this issue?
Can tell what is the thing that is probably corrupted, and in case that the problem is with the files in efs folder - why doesn't a restore of the efs folder (including chown for nv_data.bin to user radio) did not help?
Thanks !
-- Amit.
amita74 said:
Hi,
I used Android 4.1.2 and CM10.1 - on Samsung Galaxy S II model I9100.
During a phone conversation it was hanged up, and the phone could not connect to the network anymore.
I got an error when tried to manually search for network operator, which lead me, after a research in the net, to find out that the IMEI of the phone is empty. I see also that the Baseband version is 'unknown'.
I have a backup of the efs folder and tried to restore it by manual overwrite it - with no success.
I also followed the guide to recover manually the IMEI from here: http://forum.xda-developers.com/showthread.php?t=1264021 with no success.
I tried to get back to a backup of the original ROM I used before (this time using ODIN), and now I get NULL/NULL in the IMEI and I still get Baseband 'unknown'.
Also re-installing the radio did not help. now when looking for network operator the error is different - now it is telling me that there is no SIM card.
the NULl/NULL IMEI and Baseband version is 'unknown' are still here and I still can't connect to the network.
last input: after 2 days of phone being unused - it suddenly got back to work, the original IMEI got back in, and it connected to the network. this happened without me doing anything, and it held for half a day, then the phone got back to the non-functioning mode as described above, again in the middle of a phone conversation.
I am out of new ideas, all related threads in here did not help.
Can anybody help ?
Does anybody know the reason for this issue?
Can tell what is the thing that is probably corrupted, and in case that the problem is with the files in efs folder - why doesn't a restore of the efs folder (including chown for nv_data.bin to user radio) did not help?
Thanks !
-- Amit.
Click to expand...
Click to collapse
EFS is corrupt.This was a bomb waiting to explode.I suggest you to go back to stock JB 4.1.2 ROM (see my signature),and flash Apolo kernel.Go to recovery and restore backup.Do not overwrite it manually.Do it in Recovery.
New inputs
GamingDj said:
EFS is corrupt.This was a bomb waiting to explode.I suggest you to go back to stock JB 4.1.2 ROM (see my signature),and flash Apolo kernel.Go to recovery and restore backup.Do not overwrite it manually.Do it in Recovery.
Click to expand...
Click to collapse
Hi GamingDj,
First thanks for the reply.
I want to add more inputs and few questions:
Right now, after more then another day that the phone was not functioning - it got back to operate again, and again, without me doing anything that will cause that to happen.
During the last time that it happened, this held the pone in a working state for about half a day until it hanged up on me during a phone conversation I had - and the phone stopped working again, so I am not very optimistic about the phone getting back to work for good right now....
I have a bit more data that I forgot to mention before:
1. About a day before this problem happened, Avast anti virus offered me to update the Avast Anti theft software, this required root access and I don't know if it has something with the reported problem or not.
2. The efs folder was "handled" by GalaxSim Unlock, after the phone got locked due to official upgrade to JB. Originaly this was an O2 locked phone, then it was unlocked with a code, but due to the upgrade to JB it got SIM locked again and the codes did not work anymore, which caused me to use the GalaxSim Unlock application - that indeed unlocked my phone. I know that the GalaxSim Unlock application changed some data in the nv_data.bin in efs folder, but after it unlocked my phone it was working fine for about a month or more, so I can't tell that this is the cause for the suspected corruption in the efs folder.
I have both backup of the efs folder before and after the unlock operation by GalaxSim unlock application.
Can you explain in more details:
1. Why you suggest to flush Apolo kernel? is it in order to have the phone rooted? can you give a link for this kernel?
2. Restore backup from where? should I have a backup file that you point to? not sure what backups I have that may have data that I don't already use.
3. Does the new data help with debugging this issue?
Thanks again.
-- Amit.
amita74 said:
Hi GamingDj,
First thanks for the reply.
I want to add more inputs and few questions:
Right now, after more then another day that the phone was not functioning - it got back to operate again, and again, without me doing anything that will cause that to happen.
During the last time that it happened, this held the pone in a working state for about half a day until it hanged up on me during a phone conversation I had - and the phone stopped working again, so I am not very optimistic about the phone getting back to work for good right now....
I have a bit more data that I forgot to mention before:
1. About a day before this problem happened, Avast anti virus offered me to update the Avast Anti theft software, this required root access and I don't know if it has something with the reported problem or not.
2. The efs folder was "handled" by GalaxSim Unlock, after the phone got locked due to official upgrade to JB. Originaly this was an O2 locked phone, then it was unlocked with a code, but due to the upgrade to JB it got SIM locked again and the codes did not work anymore, which caused me to use the GalaxSim Unlock application - that indeed unlocked my phone. I know that the GalaxSim Unlock application changed some data in the nv_data.bin in efs folder, but after it unlocked my phone it was working fine for about a month or more, so I can't tell that this is the cause for the suspected corruption in the efs folder.
I have both backup of the efs folder before and after the unlock operation by GalaxSim unlock application.
Can you explain in more details:
1. Why you suggest to flush Apolo kernel? is it in order to have the phone rooted? can you give a link for this kernel?
2. Restore backup from where? should I have a backup file that you point to? not sure what backups I have that may have data that I don't already use.
3. Does the new data help with debugging this issue?
Thanks again.
-- Amit.
Click to expand...
Click to collapse
Follow my guide to flash ICS official.Then root and sim Unlock it(if needed).Then flash Apolo kernel via Recovery.In apolo kernel Recovery go to EFS menu,and click restore.Now restore your backup.
status update
GamingDj said:
Follow my guide to flash ICS official.Then root and sim Unlock it(if needed).Then flash Apolo kernel via Recovery.In apolo kernel Recovery go to EFS menu,and click restore.Now restore your backup.
Click to expand...
Click to collapse
Hi,
Just want to update that its been about a week that the phone works without me doing anything, therefore not proceeding with the recovery process you suggested.
I will update if the problem will be back.
Thanks.
Some time ago I was able to downgrade my S3 i9300 from Claro to 4.1.1. I did this in order to unlock the phone, and based on what I read here and on the web I needed 4.1.1 in order to get the menu that unlocks the cell. However after doing all the instructions and getting the cell rooted when I type the code *#197328640# I only get the same menu that was there when I had the 4.1.2 version on the cell, and of course it will not let me unlock the phone.
Is there any other way, like modifying some file or something like that, which could help unlock it? I am not afraid of having to use and editor to mess around with files. Any help will be appreciated.
abyss1957 said:
Some time ago I was able to downgrade my S3 i9300 from Claro to 4.1.1. I did this in order to unlock the phone, and based on what I read here and on the web I needed 4.1.1 in order to get the menu that unlocks the cell. However after doing all the instructions and getting the cell rooted when I type the code *#197328640# I only get the same menu that was there when I had the 4.1.2 version on the cell, and of course it will not let me unlock the phone.
Is there any other way, like modifying some file or something like that, which could help unlock it? I am not afraid of having to use and editor to mess around with files. Any help will be appreciated.
Click to expand...
Click to collapse
type the code, go to 1.debug screen, then 8.phone control, and then 7.network lock. i'm currently on 4.1.2 (with mg4 modem), and i can't get past 7.network lock (it says menu not exist). please let me know if on 4.1.1 you are able to get past 7.network lock and unlock the phone, cause i want to downgrade too on 4.1.1 for unlocking.
I get the same thing you are getting with 4.1.2, my stayed as it was on 4.1.2. The downgrade did not work.
abyss1957 said:
I get the same thing you are getting with 4.1.2, my stayed as it was on 4.1.2. The downgrade did not work.
Click to expand...
Click to collapse
well, i gave up and asked a guy with z3x box to unlock it for 11€ . now i can flash any rom i want and still be unlocked, as long as the modem is above mg4
Second try
Sorry you gave up I am still fighting with mine. I found this thread: http://forum.xda-developers.com/showthread.php?t=1737449
posted by Faryaab back in June 2012 and it's got to builds on the page that were supposed to be previous builds for 4.1.1. What I would like to know if someone is monitoring this is if those builds are still working so that I can download and experiment with them to see if I finally get the menu to unlock. Any help will be welcomed.
abyss1957 said:
Sorry you gave up I am still fighting with mine. I found this thread: http://forum.xda-developers.com/showthread.php?t=1737449
posted by Faryaab back in June 2012 and it's got to builds on the page that were supposed to be previous builds for 4.1.1. What I would like to know if someone is monitoring this is if those builds are still working so that I can download and experiment with them to see if I finally get the menu to unlock. Any help will be welcomed.
Click to expand...
Click to collapse
well, why dont you pay a few dollars and unlock it? i can put you through the guy that helped me. you need a decent pc and a good internet connection.
It seems that there is a way to unlock 4.3, use this tutorial that @.NetRolller 3D sent to me. Firstly, i think you need to update to 4.3, then follow the steps:
Hi!
Follow this tutorial:http://forum.xda-developers.com/showthread.php?t=1718665
Skip steps 9-12 (including the reboot step - important! Do NOT reboot mid-unlock, or you will have to start over!)
Instead, execute (at a Unix shell) the command "(cat nv_data.bin; echo -n Samsung_Android_RIL) | md5sum" on the NEW (modified) nv_data.bin to get the md5 value to use in step 14.
Should work with 4.3 or even KitKat when it's released, unless Samsung fundamentally changes the way SIM locking works on this phone. Samsung closed down the original Voodoo unlock in an update by removing the "correct" MD5 printout from the log error messages, but the signature scheme is unchanged, and trivially easy to overcome once you know the magic constant "Samsung_Android_RIL" appended to the end of nv_data.bin.
Click to expand...
Click to collapse
Please let me know if it works for you so we can make a sticky topic for people who want to unlock 4.3. :good:
Only one thing
darkmage93 said:
It seems that there is a way to unlock 4.3, use this tutorial that @.NetRolller 3D sent to me. Firstly, i think you need to update to 4.3, then follow the steps:
Please let me know if it works for you so we can make a sticky topic for people who want to unlock 4.3. :good:
Click to expand...
Click to collapse
Thanks darkmage93 for this link. Like the modified instructions say: "Instead, execute (at a Unix shell) the command "(cat nv_data.bin; echo -n Samsung_Android_RIL) | md5sum" on the NEW (modified) nv_data.bin to get the md5 value to use in step 14." This is the only thing I do not know how to do. I never worked with Unix, and if it is done with in the phone I still don't know. The only funny thing is when I looked at the nv_data.bin it already had the number changed to 00. I will look some more and may finally go with the paying option. :laugh:
abyss1957 said:
Thanks darkmage93 for this link. Like the modified instructions say: "Instead, execute (at a Unix shell) the command "(cat nv_data.bin; echo -n Samsung_Android_RIL) | md5sum" on the NEW (modified) nv_data.bin to get the md5 value to use in step 14." This is the only thing I do not know how to do. I never worked with Unix, and if it is done with in the phone I still don't know. The only funny thing is when I looked at the nv_data.bin it already had the number changed to 00. I will look some more and may finally go with the paying option. :laugh:
Click to expand...
Click to collapse
i don't know either how to use unix, but i could've find out how if i weren't unlocked already. i feel sad now that i didn't recieved NetRoller's PM earlier maybe this tutorial works... so do some researching and see what you can do.
Any progress for unlocking S3 on MG4+ Baseband?
Hi
I have just bought a 2nd hand Galaxy S3, it's looked and on Android 4.3
I just downgraded to 4.1.2 and tried GalaxySimUnlock.apk but no success ( it says that the current EFS is not supported)
I am wondering if there is any solution for unlocking i9300 with EFS v2 (mg4+)
Follow the tutorial posted here a few posts up. It should work.
Hi all,
I had my S9+ unlocked, but then I flashed stock back (just boot/system/vendor, probably not the same version as the rest), and since then, I can no longer OEM unlock.
I can select the option, and initiate the unlock, this will even actually factory reset the device.
But then, if I go to bootloader, it says FRP unlocked, OEM locked.
I've tried flashing a full firmware, but the result remains the system.
FWIW, I flash usng heimdall not Odin. I'll probably try with Odin, but I expect to get the same result.
I think I've found in the logs the reason for that behaviour:
I have ro.frp.pst = /dev/block/dummy
While it should be /dev/block/persist
I've checked in all partition in the firmware I've flashed if there was any reason some part of the firmware set this to dummy, and I didn't find anything.
I couldn't even find any reference to /dev/block/dummy at all!
So, does someone have some clue about my issue?
Thanks!
Ok, so some updates from my part, I've found the culprit of ro.frp.pst = /dev/block/dummy
That's @jesec's OEM lock protection patch:
https://forum.xda-developers.com/showpost.php?p=75893923&postcount=3
Part of the patch is to set ro.frp.pst=/dev/block/dummy
I guess that the stock ROM I flashed somehow reseted FRP anyway.
If I had an EFS backup, the fix would be easy, but guess what... I don't...
So now I'm currently looking for ways to backup EFS, without root obviously. (or a way to root with closed bootloader)
phhusson said:
Ok, so some updates from my part, I've found the culprit of ro.frp.pst = /dev/block/dummy
That's @jesec's OEM lock protection patch:
https://forum.xda-developers.com/showpost.php?p=75893923&postcount=3
Part of the patch is to set ro.frp.pst=/dev/block/dummy
I guess that the stock ROM I flashed somehow reseted FRP anyway.
If I had an EFS backup, the fix would be easy, but guess what... I don't...
So now I'm currently looking for ways to backup EFS, without root obviously. (or a way to root with closed bootloader)
Click to expand...
Click to collapse
This just happened to me too. My factory.prop change came from a rmm bypass zip floating around that everyone was using to stop going to custom rom jail. The big difference here is I didn't try to (or want to) relock my bootloader, instead some GSI rom I was trying out did it for me without even a prompt, I don't know when. I just eventually rebooted and suddenly couldn't boot. My only guess on that front is I did once I think accidentally disable the developer settings area, which the rom may have decided it was a good idea to turn everything off in there.
Anyway, did you figure this out? I have multiple efs backups, but I can't find a way to actually restore one without root. Even the z3x can't do it without root and it doesn't have temp root shell ability for the 9650. On the s8 you could always flash efs via odin using a efs.img.ext4 file in a normal tar, but I made one like I've done on the s8 and I get secure check fail in download mode.
My only last recourse is to try and completely erase efs, imei and all and then hope that you can still toggle oem unlock without an imei. If so then I should be set as I can just root and restore my backup. But if not, I'm now even more boned.
Similar issue
Hello to everyone! :laugh:
I think that I have a similar issue with my Galaxy S9
I recently installed an android 9.0 GSI image.
After disabling developer options in settings and rebooting the phone it never completed the boot process.
It was showing "Custom binary blocked by FRP lock" error.
I successfully restored stock firmware through odin, but the phone is OEM and FRP locked.
I tried many times to toggle on OEM unlock through developer settings with no result, even though the phone goes through a factory reset.
Do you guys find out if there is any possible way at this stage to OEM unlock this device ?
phhusson said:
Ok, so some updates from my part, I've found the culprit of ro.frp.pst = /dev/block/dummy
That's @jesec's OEM lock protection patch:
https://forum.xda-developers.com/showpost.php?p=75893923&postcount=3
Part of the patch is to set ro.frp.pst=/dev/block/dummy
I guess that the stock ROM I flashed somehow reseted FRP anyway.
If I had an EFS backup, the fix would be easy, but guess what... I don't...
So now I'm currently looking for ways to backup EFS, without root obviously. (or a way to root with closed bootloader)
Click to expand...
Click to collapse
Did you ever fix this issue?
Interceptor777 said:
Did you ever fix this issue?
Click to expand...
Click to collapse
I managed to fix this. It resulted in another 7d jail session but I did manage to figure out a way to fool the device into resetting efs, and in a way that did not erase the important stuff (I think thanks to backup, but maybe not).
If you find yourself stuck like this, let me know and I'll help
partcyborg said:
I managed to fix this. It resulted in another 7d jail session but I did manage to figure out a way to fool the device into resetting efs, and in a way that did not erase the important stuff (I think thanks to backup, but maybe not).
If you find yourself stuck like this, let me know and I'll help
Click to expand...
Click to collapse
Hey! Thanks!
Could you tell me how you wiped EFS with a locked bootloader? I'm planning on flashing combo firmware to test some modem settings which are locked even with root on stock and I want to be able to go back to stock just in case and not wait 7 days.
Thanks for your help!
Interceptor777 said:
Hey! Thanks!
Could you tell me how you wiped EFS with a locked bootloader? I'm planning on flashing combo firmware to test some modem settings which are locked even with root on stock and I want to be able to go back to stock just in case and not wait 7 days.
Thanks for your help!
Click to expand...
Click to collapse
Wiping efs will not erase the RMM lock. The only thing it fixed was the very specific issue where your bootloader is relocked by non-samsung rom which doesn't look at the frp partition and when you try to unlock again from a Samsung rom, it does try to look at the frp partition which it can't find because the RMM bypass zip sets ro.frp.pst to /dev/block/dummy in /efs/factory.prop. when this happens you're basically screwed because you can't unlock without that prop being set right, and nothing erases that prop file and without root your can't even see it much less change it.
Luckily I found a nice loophole that let me overwrite the entire efs filesystem thus erasing the prop (but not the special data at the end fortunately) and allowing me to unlock again, but the act of doing this resulted in another 7d RMM jail which was annoying but given I was perm locked before it seemed like an ok trade ?.
What settings are you trying to adjust? I'm not aware of anything that combo has open that you can't get to with rooted stock provided you twiddle all the knobs in efs correctly. Did you set factory ON & keystr OFF an HiddenMenu ON?
partcyborg said:
Wiping efs will not erase the RMM lock. The only thing it fixed was the very specific issue where your bootloader is relocked by non-samsung rom which doesn't look at the frp partition and when you try to unlock again from a Samsung rom, it does try to look at the frp partition which it can't find because the RMM bypass zip sets ro.frp.pst to /dev/block/dummy in /efs/factory.prop. when this happens you're basically screwed because you can't unlock without that prop being set right, and nothing erases that prop file and without root your can't even see it much less change it.
Luckily I found a nice loophole that let me overwrite the entire efs filesystem thus erasing the prop (but not the special data at the end fortunately) and allowing me to unlock again, but the act of doing this resulted in another 7d RMM jail which was annoying but given I was perm locked before it seemed like an ok trade .
What settings are you trying to adjust? I'm not aware of anything that combo has open that you can't get to with rooted stock provided you twiddle all the knobs in efs correctly. Did you set factory ON & keystr OFF an HiddenMenu ON?
Click to expand...
Click to collapse
Hey, I'm trying to adjust LTE Cat Control settings and LTE Carrier Aggregation settings. These seetings are all available through the RIL Service Mode Main Activity, however Main Activity has been completely gimped and disabled in stock. Not only is it impossible to launch, I'm pretty sure at this point the package is just empty since it just force closes upon launch.
I said **** it and flashed combo firmware yesterday, and just like I thought, the menu was there and you don't even need root to access it. You just need to dial the code in the IME dialer. On stock, the only way to get to this menu was either by launching the activity (doesn't work anymore), using a su shell and broadcasting the code (also doesn't work anymore) or just broadcasting the code without su (never worked).
Luckily Samsung doesn't relock bootloader anymore by flashing stock so RMM Prenormal won't be an issue for me.
Also to cllarify, this is the main service menu that contains every other LTE service menu.
Also what do you mean by factory ON and those other things?
Interceptor777 said:
Hey, I'm trying to adjust LTE Cat Control settings and LTE Carrier Aggregation settings. These seetings are all available through the RIL Service Mode Main Activity, however Main Activity has been completely gimped and disabled in stock. Not only is it impossible to launch, I'm pretty sure at this point the package is just empty since it just force closes upon launch.
I said **** it and flashed combo firmware yesterday, and just like I thought, the menu was there and you don't even need root to access it. You just need to dial the code in the IME dialer. On stock, the only way to get to this menu was either by launching the activity (doesn't work anymore), using a su shell and broadcasting the code (also doesn't work anymore) or just broadcasting the code without su (never worked).
Luckily Samsung doesn't relock bootloader anymore by flashing stock so RMM Prenormal won't be an issue for me.
Also to cllarify, this is the main service menu that contains every other LTE service menu.
Also what do you mean by factory ON and those other things?
Click to expand...
Click to collapse
Exactly as I suspected ?
You don't need combo to get into ril service menu, you just need the settings I spoke of set correctly. I know this first hand as I got into mine this way, no combo necessary.
To turn all the hidden stuff on, you need a combination of the following 3 flags set as given below, and to be on a csc that does not block secret codes/service menus
The flags are all files in efs that need specific values in them. For ease of use I just wrote them all as commands you can copy/paste into a terminal with root or in TWRP recovery after mounting /efs
OBLIGATORY WARNING: USE AT YOUR OWN RISK! modifying efs can be dangerous in that if you mess it up badly you can lose your imei and render your phone radioless. To anyone else reading this, don't do this unless you know what you are doing with it and why.
/efs/FactoryApp/factorymode ON
Code:
echo -n ON > /efs/FactoryApp/factorymode
/efs/FactoryApp/keystr OFF
Code:
echo -n OFF > /efs/FactoryApp/keystr
/efs/carrier/HiddenMenu ON
Code:
mkdir -p /efs/carrier; echo -n ON > /efs/carrier/HiddenMenu
*NOTE: this one is slightly different because at least on one of my devices the carrier directory did not exist at first as there are no other files in it, so this command is modified to create it if it's not there already.
Run those 3 commands after running su if you do this from adb or a term emulator while booted, or as I said you can do it from TWRP just be sure /efs is mounted first as it's not by default. Then reboot and you should be able to either use shortcut master to get to RIL servicemode (and a few more other goodies too), or you can always just open up either DRParser app or stock Samsung phone and enter *#27663368378# and it should pop right up.
If for some reason it doesn't let me know, there are more things to try including changing CSC, and there is a global hidden menu prop that wasn't necessary for me as the 9650s don't have the actual HiddenMenu app installed at all, but the above was all I had to do to get things working
As for the CSC thing idk if any of the cscs in whatever region you were running do this, or if even any cscs in the 9650 do it at all even but on Samsung "XXXXU" devices sold in the USA certain carriers block all hidden menu type access no matter what, so if this doesn't work take a backup and change your CSC and see if that fixes it.
Interceptor777 said:
Luckily Samsung doesn't relock bootloader anymore by flashing stock so RMM Prenormal won't be an issue for me.
Click to expand...
Click to collapse
I'm not sure what you mean by "doesn't relock bootloader anymore", but if you reflash stock vendor without flashing the RMM bypass your bootloader will be relocked and you will be unable to unlock it again for 7 days. This is precisely what I was talking about
partcyborg said:
Exactly as I suspected ?
You don't need combo to get into ril service menu, you just need the settings I spoke of set correctly. I know this first hand as I got into mine this way, no combo necessary.
To turn all the hidden stuff on, you need a combination of the following 3 flags set as given below, and to be on a csc that does not block secret codes/service menus
The flags are all files in efs that need specific values in them. For ease of use I just wrote them all as commands you can copy/paste into a terminal with root or in TWRP recovery after mounting /efs
OBLIGATORY WARNING: USE AT YOUR OWN RISK! modifying efs can be dangerous in that if you mess it up badly you can lose your imei and render your phone radioless. To anyone else reading this, don't do this unless you know what you are doing with it and why.
/efs/FactoryApp/factorymode ON
/efs/FactoryApp/keystr OFF
/efs/carrier/HiddenMenu ON
*NOTE: this one is slightly different because at least on one of my devices the carrier directory did not exist at first as there are no other files in it, so this command is modified to create it if it's not there already.
Run those 3 commands after running su if you do this from adb or a term emulator while booted, or as I said you can do it from TWRP just be sure /efs is mounted first as it's not by default. Then reboot and you should be able to either use shortcut master to get to RIL servicemode (and a few more other goodies too), or you can always just open up either DRParser app or stock Samsung phone and enter *#27663368378# and it should pop right up.
If for some reason it doesn't let me know, there are more things to try including changing CSC, and there is a global hidden menu prop that wasn't necessary for me as the 9650s don't have the actual HiddenMenu app installed at all, but the above was all I had to do to get things working
As for the CSC thing idk if any of the cscs in whatever region you were running do this, or if even any cscs in the 9650 do it at all even but on Samsung "XXXXU" devices sold in the USA certain carriers block all hidden menu type access no matter what, so if this doesn't work take a backup and change your CSC and see if that fixes it.
I'm not sure what you mean by "doesn't relock bootloader anymore", but if you reflash stock vendor without flashing the RMM bypass your bootloader will be relocked and you will be unable to unlock it again for 7 days. This is precisely what I was talking about
Click to expand...
Click to collapse
Hey, unfortunately it didn't work for me ;(
I tried it with TMB USA CSC and also on XEU CSC.
Maybe I also need to change that hiddenmenu prop? My phone actually has the hiddenmenu app.
partcyborg said:
Exactly as I suspected ?
You don't need combo to get into ril service menu, you just need the settings I spoke of set correctly. I know this first hand as I got into mine this way, no combo necessary.
To turn all the hidden stuff on, you need a combination of the following 3 flags set as given below, and to be on a csc that does not block secret codes/service menus
The flags are all files in efs that need specific values in them. For ease of use I just wrote them all as commands you can copy/paste into a terminal with root or in TWRP recovery after mounting /efs
OBLIGATORY WARNING: USE AT YOUR OWN RISK! modifying efs can be dangerous in that if you mess it up badly you can lose your imei and render your phone radioless. To anyone else reading this, don't do this unless you know what you are doing with it and why.
/efs/FactoryApp/factorymode ON
/efs/FactoryApp/keystr OFF
/efs/carrier/HiddenMenu ON
*NOTE: this one is slightly different because at least on one of my devices the carrier directory did not exist at first as there are no other files in it, so this command is modified to create it if it's not there already.
Run those 3 commands after running su if you do this from adb or a term emulator while booted, or as I said you can do it from TWRP just be sure /efs is mounted first as it's not by default. Then reboot and you should be able to either use shortcut master to get to RIL servicemode (and a few more other goodies too), or you can always just open up either DRParser app or stock Samsung phone and enter *#27663368378# and it should pop right up.
If for some reason it doesn't let me know, there are more things to try including changing CSC, and there is a global hidden menu prop that wasn't necessary for me as the 9650s don't have the actual HiddenMenu app installed at all, but the above was all I had to do to get things working
As for the CSC thing idk if any of the cscs in whatever region you were running do this, or if even any cscs in the 9650 do it at all even but on Samsung "XXXXU" devices sold in the USA certain carriers block all hidden menu type access no matter what, so if this doesn't work take a backup and change your CSC and see if that fixes it.
I'm not sure what you mean by "doesn't relock bootloader anymore", but if you reflash stock vendor without flashing the RMM bypass your bootloader will be relocked and you will be unable to unlock it again for 7 days. This is precisely what I was talking about
Click to expand...
Click to collapse
Hey! Nevermind that last comment.
I had to change my CSC from TMB to XAA which is USA unlocked, and I also added the hiddenmenu prop, and it's finally ****ing working now! Dialing the code in dialer brings up the menu.
Thanks so much for your help!
partcyborg said:
Exactly as I suspected ?
You don't need combo to get into ril service menu, you just need the settings I spoke of set correctly. I know this first hand as I got into mine this way, no combo necessary.
To turn all the hidden stuff on, you need a combination of the following 3 flags set as given below, and to be on a csc that does not block secret codes/service menus
The flags are all files in efs that need specific values in them. For ease of use I just wrote them all as commands you can copy/paste into a terminal with root or in TWRP recovery after mounting /efs
OBLIGATORY WARNING: USE AT YOUR OWN RISK! modifying efs can be dangerous in that if you mess it up badly you can lose your imei and render your phone radioless. To anyone else reading this, don't do this unless you know what you are doing with it and why.
/efs/FactoryApp/factorymode ON
/efs/FactoryApp/keystr OFF
/efs/carrier/HiddenMenu ON
*NOTE: this one is slightly different because at least on one of my devices the carrier directory did not exist at first as there are no other files in it, so this command is modified to create it if it's not there already.
Run those 3 commands after running su if you do this from adb or a term emulator while booted, or as I said you can do it from TWRP just be sure /efs is mounted first as it's not by default. Then reboot and you should be able to either use shortcut master to get to RIL servicemode (and a few more other goodies too), or you can always just open up either DRParser app or stock Samsung phone and enter *#27663368378# and it should pop right up.
If for some reason it doesn't let me know, there are more things to try including changing CSC, and there is a global hidden menu prop that wasn't necessary for me as the 9650s don't have the actual HiddenMenu app installed at all, but the above was all I had to do to get things working
As for the CSC thing idk if any of the cscs in whatever region you were running do this, or if even any cscs in the 9650 do it at all even but on Samsung "XXXXU" devices sold in the USA certain carriers block all hidden menu type access no matter what, so if this doesn't work take a backup and change your CSC and see if that fixes it.
I'm not sure what you mean by "doesn't relock bootloader anymore", but if you reflash stock vendor without flashing the RMM bypass your bootloader will be relocked and you will be unable to unlock it again for 7 days. This is precisely what I was talking about
Click to expand...
Click to collapse
Sorry for spam lol but I was wondering if you had any knowledge on how I can enable more carrier aggregation combos.
Currently my phone is not listing 4+12 as a supported combo even though I know 100% the modem supports that. My Exynos S7 and S8 had that combo out of the box.
I've got service menu but I just need to enable that combo to fix my ****ty LTE.
Thanks for a your help.
Interceptor777 said:
Sorry for spam lol but I was wondering if you had any knowledge on how I can enable more carrier aggregation combos.
Currently my phone is not listing 4+12 as a supported combo even though I know 100% the modem supports that. My Exynos S7 and S8 had that combo out of the box.
I've got service menu but I just need to enable that combo to fix my ****ty LTE.
Thanks for a your help.
Click to expand...
Click to collapse
Sorry, unfortunately this isn't an area I've had much experience with in terms of how it works and stuff. I can get to the service mode menu and everything I can find in there that I am at least aware of being related to CA (having "CA" in the menu items) looks to be enabled. It's possible this setting could be in the CSC data which is frustratingly encrypted on s9/+ firmwares, although there is a way to decrypt/reencrypt them but I haven't actually tried it and looked for myself
partcyborg said:
Sorry, unfortunately this isn't an area I've had much experience with in terms of how it works and stuff. I can get to the service mode menu and everything I can find in there that I am at least aware of being related to CA (having "CA" in the menu items) looks to be enabled. It's possible this setting could be in the CSC data which is frustratingly encrypted on s9/+ firmwares, although there is a way to decrypt/reencrypt them but I haven't actually tried it and looked for myself
Click to expand...
Click to collapse
Hey, so I found out how the CSC blocks the service menu, it uses the file in /system/omc/XXX/etc/XXX_keystrings.dat and in /system/etc/XXX_keystrings.dat.
Someone made a script to decrypt this file and edit it: https://github.com/chenxiaolong/keystrings-decrypter
However, my phone does not accept the decrypted file. It will only read the encrypted file.
I have no useful knowledge regarding scripts, would you have any idea how to encrypt the file again using a script similar to that one? Thank you.
partcyborg said:
Wiping efs will not erase the RMM lock. The only thing it fixed was the very specific issue where your bootloader is relocked by non-samsung rom which doesn't look at the frp partition and when you try to unlock again from a Samsung rom, it does try to look at the frp partition which it can't find because the RMM bypass zip sets ro.frp.pst to /dev/block/dummy in /efs/factory.prop. when this happens you're basically screwed because you can't unlock without that prop being set right, and nothing erases that prop file and without root your can't even see it much less change it.
Luckily I found a nice loophole that let me overwrite the entire efs filesystem thus erasing the prop (but not the special data at the end fortunately) and allowing me to unlock again, but the act of doing this resulted in another 7d RMM jail which was annoying but given I was perm locked before it seemed like an ok trade .
What settings are you trying to adjust? I'm not aware of anything that combo has open that you can't get to with rooted stock provided you twiddle all the knobs in efs correctly. Did you set factory ON & keystr OFF an HiddenMenu ON?
Click to expand...
Click to collapse
Hello, I was having the same issue that ro.frp.pst was set to /dev/block/dummy and my phone was permanently locked.
It just said "PersistentDataBlockService: java.io.FileNotFoundException: /dev/block/dummy (Permission denied)" -- I flashed 3rd party files and went back to stock and this happened.
Could you elaborate about the nice loophole that could let me overwrite the efs filesystem and erase the prop?
Thank you!
haojixu said:
Hello, I was having the same issue that ro.frp.pst was set to /dev/block/dummy and my phone was permanently locked.
It just said "PersistentDataBlockService: java.io.FileNotFoundException: /dev/block/dummy (Permission denied)" -- I flashed 3rd party files and went back to stock and this happened.
Could you elaborate about the nice loophole that could let me overwrite the efs filesystem and erase the prop?
Thank you!
Click to expand...
Click to collapse
What device? Is it a g9650?
phhusson said:
Hi all,
I had my S9+ unlocked, but then I flashed stock back (just boot/system/vendor, probably not the same version as the rest), and since then, I can no longer OEM unlock.
I can select the option, and initiate the unlock, this will even actually factory reset the device.
But then, if I go to bootloader, it says FRP unlocked, OEM locked.
I've tried flashing a full firmware, but the result remains the system.
FWIW, I flash usng heimdall not Odin. I'll probably try with Odin, but I expect to get the same result.
I think I've found in the logs the reason for that behaviour:
I have ro.frp.pst = /dev/block/dummy
While it should be /dev/block/persist
I've checked in all partition in the firmware I've flashed if there was any reason some part of the firmware set this to dummy, and I didn't find anything.
I couldn't even find any reference to /dev/block/dummy at all!
So, does someone have some clue about my issue?
Thanks!
Click to expand...
Click to collapse
Look at his post https://forum.xda-developers.com/showthread.php?p=78208022
Sent from my [device_name] using XDA-Developers Legacy app
Johnny camaro said:
Look at his post https://forum.xda-developers.com/showthread.php?p=78208022
Click to expand...
Click to collapse
2 minor things:
1) phutton already said way back this isn't an issue for him anymore
2) even if he was, the link you posted literally has nothing to do with the issue at hand, nor does it contain even links to anything that could even be used in the process of fixing it.
...
I guess by "minor" I meant "can not be distinguished from entering a few random words from this thread into ask jeves and selecting a website at random" ?
partcyborg said:
What device? Is it a g9650?
Click to expand...
Click to collapse
It was a N960N. I solved the issue, but thank you anyway. I just flashed the efs file as a tar zip from the stock image. The IMEI was reset but everything went back to normal.