Ok. So here's the deal:
My SGS3 I9300 exynos phone did the famous IMEI 0049 and SN null trick.
I cannot say what precipitated it but is simply stopped registering on the network, so no calling or data. All other functions operational.
After much searching and reading, I settled on flashing the stock 4.3 back. This succeeded only in doing absolutely nothing to alleviate this issue. I wiped the entire phone. Maybe I missed a critical section wipe, but since the stock ROM overwrites all? the CSC/BL/MODEM functions I thought it would set the default for EFS (which I believe is where these critical data live). I'm not a programmer so I cannot say diddly about the architecture and interrelationship of OS files, but I am technical and I know how SW and HW does what it does.
This phone is my own and I have all the rights to it.
I had loaded RRemix ROM a loong while ago and it was functioning fine. Probably a corruption of the EFS due to battery contact being loose. This is in my mind the most likely cause as the system may be accessing the EFS files, say making a call, or accessing data, and the power drops out and voila! Corruption. But again this is theoretical.
Needless to say I tried the usual hocus-pocus out there with no avail.
Getting to understand the system better it seems obvious that these critical identification numbers are hard-coded into the chips on the phone. Which explains the ability to 'fix' them with JTAG and other cable/box solutions and SW. However, I cannot see how the SW loses the ability to read the IMEI/SN that is hard-coded (fused?) into the main-board.
All my research pointed to the EFS files having something to do with this.
Way back when I loaded the custom ROM I did not come across the 'backup your EFS' as a necessary step, so I had nothing to go back on.
And loading the stock 4.3 ROM back on and not having that fix the issue, led me to believe something else was up.
Somewhere in the guts of this phone something is screwing up the layer between reading the registers where the numbers sit and the software layer that reports the numbers.
So, much searching led to the nv_data.bin file being a key component in all this fiasco.
Now, before I say any more, I believe that describing the next steps could be a big no-no here.
Now, understand, all I want to do is get MY personal device working again. I have the SN and IMEI numbers on the physical device.
Sure, I could have stolen it and am attempting to change these to avoid prosecution. Anyone can say anything online.
Therefore, before I can proceed, I need advice from moderators and VPP to either say 'Yes you may post this info' or 'No. Go away'.
Am I allowed to do the following:
1) Describe how I restored my IMEI (Not changed, overwritten, or subverted to my limited knowledge)
2) In the case of 1 not allowed, post the link to where I found the info to achieve this.
3) Submit the 'fix' to a moderator or developer to check whether this is indeed and restoration or a change.
If it's a restoration of existing functionality, I cannot see how this could be a problem. If its changing something, then it's a whole other sack of ferrets.
My reasons for posting are that xdadevelopers has given me years of joy with my SG devices. (Yes, I have the whole range exclusively) Many ROMS, customs, fixes, hints and saves deserves something back, and the difficulty in achieving this particular fix, warrants it.
But I don't want to break any rules, this being my first post.
So, please let me know what I can do to help others stuck in this position...
You can find it if you have the correct search parameters. Perhaps I can say that instead?
Thanks.
And thanks to all who have helped over the years.
T
[Edit] Just to clarify, the solution requires no special HW or 'boxes'. You do need root, however, and a hex editor. I had a reply explaining the use of Octoplus, which requires credits and registration. You will need none of those.
I can't speak English but I will try.
1- flash stock firmware.
2- root your device s3 .
3-in the web download " octuplus crack box"
4-in youtube see how install " octuplus crack"
5- before install stop your antivirus PC
6- open octuplus and connecte your phone with PC
7- chose your device i9300 .
8 click repair imie
9 click read info and do what OCTU said to do.
10- click repair or write the true imie in your device ( remove battery to see)and click repair.
11- restart phone .
12- see: call work fine
13- in phone go to mobile network\ access point names\ apn's
14- write your network.
TrinityTrip54 said:
Ok. So here's the deal:
Repair is ok Change or Modding is now:good::good::good:
Click to expand...
Click to collapse
How to restore corrupted or null 0049 IMEI on SGS3.
Right.
Thanks to the moderators for agreeing to let me share the solution. :good:
Thanks to the reddit poster who found this solution. I don't know how the hell you figured this out, but big-ups to you. For privacy I will not mention names or addresses.
You do need a rooted phone and I cannot assist anyone without root as I have not tried it.
Whether this only works to restore a corrupt IMEI or change it, I cannot say, but it managed to restore my existing one.
Preparation: Get your IMEI number from under your battery compartment. Say your IMEI no. is: 123456789101213, write/type it in the following fashion: 1 23 45 67 89 10 12 13
Now some funky transposition: Excluding the first number, transpose the subsequent pairs of numbers so that you have: 1 32 54 76 98 01 21 31. Can you see it? Swap 23 to get 32. 45 to get 54 and so on.
Now add 08 to the beginning and add A after the 1 so that the completed number is: 08 1A 32 54 76 98 01 21 31
Now you will need:
Rooted Galaxy S3 (This may work for all android devices that have an EFS folder. If anyone can confirm that would help others.)
Hex editor (PC based or Android app) - PC is faster and easier. I used hex workshop trial version but I'm sure any editor will do. I used the default install configuration.
USB Data cable (if using PC editor mentioned above)
You should probably back up the EFS folder entirely, just to be sure.
Using your favorite root explorer browse to root/EFS folder and copy the nv_data.bin file to an accessible area in sdcard. I use a /sdcard/Downloads folder.
Either open the file with your hex editor app or transfer the file to PC where you can open it with your hex editor program.
Open the file and jump to address 00550.
Now, get your modified IMEI number from the prep steps above and enter the values in the ASCII TEXT window to the right, NOT the HEX values window to the left. This may be different for other editors but hex workshop works like this.
Double check your address and entered data. When satisfied, save the file and transfer back to the phone if copied to PC.
Now, place the phone in Airplane mode, turning off the cell radios.
Go to the EFS folder and rename the original nv_data.bin file to something else. I used nv_databak.bin.
Copy the modified nv-data file into the EFS folder.
Turn off Airplane mode and do a full reboot.
Your IMEI number should be restored and cellular functions should work.
My previously garbled serial number was also restored.
I hope this works for you. I have no knowledge of any other method as I did not delve further into trying other numbers or such. I can't assist any more other than further clarifying the steps above if you don't understand something.
If anyone can decipher what is going on here, I would love to hear about it. I suspect something between the HW and SW layers is getting garbled or corrupted and this kick starts the process to get the correct data again.
Maybe.
May also contain nuts.
Hastalavista.
T
THANKS FOR POSTING THIS HERE!
I have this Samsung Galaxy S3 that I bricked 4 years ago and never wanted to sell it or even try to give it away. I searched for months for a frekin solution to this problem. Yesterday night i decided i wanted to try and install custom roms on it and so i wanted to give another shot at this stupid issue i had with the lost IMEI before doing so...and BAM! Today it's fixed!
I'm so thankfull I wanted to post here so that you know that you helped at least one person with this
Thanks a bunch!
@TrinityTrip54
Hi,
can you confirm that this is a permantent solution and remains when flashing new (custom) ROMs? Or is it just for the current installed ROM?
And I am having an issue with "jump to address 00550" in Hex Workshop. There is no address like this, just 540 and the next one is already 558. When inserting 00550 in the goto search field of Hex Workshop it jumps to 210. Any idea?
thanks anyway.
bert
Related
OK IMEI-CHECK charge £20 to unlock the phone, and I say fair enough. Why am I posting this? Did you know that their method is probably writing a NEW locking code using some other algorithm? If you run their software, it will inflate and write (about 4K of data if i remember correctly) in the part of the Radio ROM, where you only get access from the bootloader (memory address h'0' to h'10000'). Now here's the thing: I bet if I call T-mobile and ask for the unlocking code, it won't work in my phone, as these guys are actually modifying the Radio ROM without even telling you. Have you guys thought about insurance? For those who don't pay £9.99 or whatever extra cover, what if you pricey and precious pda goes bonkers? I think they should tell you *before* doing anything, about any possible problems.
Come on you guys, someone said he has compiled a few logs/imei numbers. Let's crack this thing, it has been done before for xda I and II, why can't we do it for IIs/IIi?
If that's the case, then I wonder what's in those .uif files they ask you to send back to them? Could it be a backup of the sections of the radio ROM that they're replacing?
Also, if they're writing a fixed set of data to the radio ROM, how come everyone seems to have different unlock codes? Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
-no1
Just had another thought - what if they're replacing code in the radio ROM with code from the Himalaya so that the unlock process then works in the same way as the Himalaya?
Has anyone tried using the xda2unlock tool after running the program from IMEI-Check??? I can't test this just now, so it's just a guess.
-no1
Could they be replacing the actual algorithm that calculates the unlock code so that it only accepts certain combinations of codes from them?
Click to expand...
Click to collapse
Yes I believe that's what they actually do. I tried to run their utility with a debugger but it does not allow execution as long as a debugger is running, nice one IMEI-CHECK. However, I have done a full USB port logging when the utility runs and I found out that they write a new image between addresses 0 and 10000 of the radio rom, and that they also read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes.
Yesterday I discovered something odd...after running their application, and by inserting a different SIM card, the attempts counter for the unlocking code had a negative value of several millions. Now I suspect that by writing in adresses 0-10000, i think they replace the default unlocking utility which allows to enter the code.
Another idea I will try will be to run a debugger in the PDA (if I can find one) and see if I can capture the memory address with which it compares the input code.
Come on guys, especially you who did the unlocking utility for XDA II!! Give us some help here!!!!
Zouganelis,
That's excellent that you've been able to sniff the USB traffic. Keep up the investigations!
I wonder why they'd need to read sections of the ROM? If they're replacing the calculation algorithm section of the ROM with their own code, then they should already know how to calculate the unlock code - i.e. they shouldn't need the user to send them back the .uif file.
This makes me wonder if the code they are replacing is just a copy of the code from another device e.g. the Himalaya.
If they are replacing with code from the Himalaya then the unlock process may revert back to how it works on the Himalaya.
Has anyone been able to test this by running the xda2unlock tool for the Himalaya *after* running the IMEI-Check program?
Does anyone have the source code for xda2unlock by the way? I tried searching for it, but it doesn't seem to be available.
-no1
Another thing, does anyone know if it's possible to back up and restore this secret area of the radio ROM using the backup to SD method? I assume that when you dump your radio ROM to SD card it's not including this part of the ROM???
I want to be able to fully restore any bits that the IMEI-Check tool is changing, just in case.
-no1
Come on guys, anyone else trying to crack this thing? We need someone who knows how to disassamble/reverse engineer this log file. It can't be that hard! Also, I think the key to understanding what their little proggy does, is to manage to run a debugger when the unlock program runs. It has some mechanism of detecting a running debugger and it quits if you have a debugger running at the same time. I bet my MDA III that some experienced programmer can overcome this and fool their application? I am running out of ideas guys and I am really against paying these thieves 20 quid for nothing. They MUST have done this using the previous unlocking methods for XDA I and II. Does any1 know who did those unlockign utilities? These guys must help us!!!
Have you tried to run OllyDbg as a debugger tool to see what is happening? Your earlier findings were very interesting...let me study this and get back to you all...
One remark upfront though: I do not think they are modifying your Radio ROM....this would mean that if you upgrade/replace your current Radio ROM, you would be SIM-lock free...and I do not think that is the case...
OK, some initial observations:
1. Lousy software...hard to use for novices...why have the phone enter BL mode automatically (using enterBL.exe)...I think we can do better!
2. Since the phone must be in BL mode, I do think it extracts some info from the radio ROM, but the SIM-Lock could also reside in the Extended ROM, since this is usually customized by the provider?
3. Interesting to see that the same proggie and procedure is used for all XDA-X models
4. Can anyone post a file (output of the proggie) of what they have mailed these folks, as an example?
5. I was always under the impression that the SIM-Lock resides in the SIM itself, so this is a software workaround? What happens if you upgrade your ROMs...you need to go through this process again? Does anyone have experience with this?
Thanks, and let's get this thing cracked!
HappyGoat,
My understanding is that SIM lock is implemented by the phone itself rather than the SIM card.
In the case of our HTC devices, there seems to be a small area of the radio ROM that does not get written to (even when you upgrade your ROM). This area is where the SIM lock is located, and probably other information such as your IMEI number.
This is probably why your IMEI and SIM lock information never get replaced when you upgrade your ROMs. I seem to remember that an older version of the xda2unlock tool was able to change your IMEI number but it got pulled for legal reasons.
When I unlocked my Himalaya, it stayed unlocked even after later upgrading the ROMs, so the state of the SIM lock is being stored somewhere. It can't be on the SIM because what if you change your SIM after you unlock it? The phone would need to be able to read your old SIM to check if the phone is locked!
Zouganelis,
Have you got any idea if it's possible to back up the areas of the radio ROM you mentioned to SD card? Like the current SD card backup method, but getting ALL of it?
-no1
Happygoat and no1,
i am pretty sure they write to the radio ROM some data they inflate from their "unlocking" executable file. How do I know this? Well, when I put a different SIM into my XDA IIs, after I enter the pin code, the simlock application comes up (simlock.exe under \windows\) which checks for the correct unlocking code. Now usually, you have 3 attempts available to do this, before the phone locks and says "contact customer services" or whatever. After I run their application, the counter had a value of -2billion or something, making it impossible to lock it. Interestingly enough, the memory adresses to which they WRITE, are between 0 and 10000. Is it a coincidence the simlock.exe application is 10.5kB? I don't think so!! i think they write their own simlock application to reset the counter, and then they read from 3FC000 the first 4000 bytes, and from FFFEF000 the first 20 bytes. The simlock code MUST be here!! i will post the log from the USB port sniffing tomorrow, as I don't have these files right now. It's pretty obvious to see how the bootloader works. Anyone with past experience especially with CE based devices will be able to figure out how to read these last two chunks of the radio rom.
Here's a link with some interesting files, RED has posted in the past:
http://www.pgwest.com/phone-files/
Username: xda
Passwrod: blueangel
I do agree with no1 regarding the simlock, I think this is exactly the way it works.
no1, I don't know how to do any backup to the SD card, but if you really know what you are doing in the bootloader, try reading from the memory addresses I mentioned earlier.
Keep it up guys, i think we know what their software does, we now need to find out how to read properly the output log.
Regards,
Zouga
Hi zouganelis and no1,
Thanks for the explanations and comments...all makes sense to me now, excellent.
Zouganelis, thanks for the website...that is the stuff I was looking for, cheers!
I do indeed think we are close...will report back later.
So... if they need the .uif file AND the IMEI number, could it just be a case of using the IMEI code to decrypt the contents of the .uif file? In other words the IMEI code is the decryption key??? But what kind of encryption are they using?
I think they used simple XORing in the past for encrypting the radio, OS, and extended ROMs, but this changed slightly for the Blueangel. I wonder if they used a similar method?
-no1
Interesting thought...and a simple one...which explains they can turn around a request so quickly...
You might be correct...the IMEI could bear the encrypted code for simlock or not. Nowadays, encryption standards are:
DES
MD5
SHA
DES is relatively easy to "crack", SHA being the hardest...they are one-way encryptions, which mean they can not be reversed. The only way to get a match is to try...I have numerous proggies for this and will explore this option...
OK, did some more googling, found the following. There appear to be only 3 companies or people who can do this, which makes it even more interesting...
1. www.imei-check.com (UK)
- Download proggie
- Send them back the output and EMEI number
- Receive unlock code
2. Ebay guy (Canada): http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=43312&item=5763970199&rd=1&ssPageName=WDVW
- Sends you software
- You will run this software and it will generate a log file (data cable required).
- You'll need to email us this log file and we will send you the unlock code with instructions as soon as possible
Looks like same procedure as EMEI-CHECK
3. www.UnLockItNow.com (Company in Malta): http://www.unlockitnow.com/remote/unlock/by_cable/Pocket_PC/unlock/XDA_IIs_unlock.php
Not sure what process they use, but looks the same.
-----------------------------------------
Then I also came across this interesting story: http://www.modaco.com/index.php?showtopic=200968
This guy writes (edited):
I happend across an official O2 email address that I sent an (abbreviated) SIM unlock request, briefly stating why I needed my XDA IIs to be SIM unlocked, and providing my O2 account number and the handset IMEI number. 30 minutes later and I was emailed back an unlock code.
No ifs, no buts, no questions asked and no payment required.
I placed my Orange SIM card in the IIs, waited for it to boot, entered the code and was greeted with "Unlock Code Accepted." Both dialling out and receiving calls on my Orange account no problemo.
...
Bearing the above in mind, I'm not going to directly post the email address, but will gladly pass it on via PM.
Click to expand...
Click to collapse
The interesting part here is that he only had to give his EMEI number, nothing else...and received an unlock code.
If you take the official route of unlocking your phone through your network provider, all they need is your IMEI number because they can calculate your unlock code from that.
I'm not 100% certain how the process works, but I'm fairly sure the algorithm they use to generate the unlock code is different for each handset manufacturer. I think the network provider either has to send your IMEI to the handset manufacturer for them to calculate the unlock code, or possibly the provider is given a database of unlock codes for all the handsets they purchase. This might explain why it sometimes takes them a few days or weeks to get back to you with the unlock code.
So figuring out how they convert the IMEI number to the unlock code would be another way to attack the problem. Although, I think it would probably be very difficult to figure out what hashing algorithm they're using to generate the code. But if it can be done, then it would certainly make things a hell of a lot easier!
-no1
SH*TE I have been writing a post for about half an hour now explaining the files and as soon as I logged in it was lost. :evil: :evil: :evil: :evil: :evil:
Anyways, here we go again. I am posting the files I promised yesterday. The are three JPEGs which are handwritten notes from the first time I run their application, and a log file from the second time I run the application. Here's the thing: the first time, the software send a read command for the addresses 0-10000 of the radio rom (rrbmc x 0 10000) and store in the x variable. Then it probably compared the checksum with their data, and it didn't match, so they deleted this part of the rom (rerase 0 10000) and they written their own version of it stored in a vector called data (rw data 0 10000). So far so good.
The second time I run the software, it sent again the rrbmc command but this time it didn't erase or written anything, so I guess it does actually what I said before with the checksum.
Another important remark:
The first time I run the software, the software requested some information from the device (rinfo) and the xda replied:
BlueAngel B120 C6B23C704A59520150993080051FF87B
After it finished writing, it sent the same command once more and this time the xda replied:
BlueAngel B120 C6 BE3A709999541E509810802FD775B0
Now the second time I run the application, the rinfo command returned:
BlueAngel B120 C6BC3C70B329B2B1509980809FE49B11
Can these be some form of HEX encryption keys or something?
Happygoat maybe you could use them in your nice proggies?
Anyhow, I think this is all for now. The commands in the logs should be straight forward to understand, it's just the data part which needs real decoding of some sort.
Hope it helps, regards Zouga
Zouga,
Thanks alot for the info...and your patience!
I downloaded a program called USB Monitor, which supposedly logs all data transferred via the USB port...is that the proggie you used as well?
What I want to do is run the IMEI-CHECK program on my device a few times in a row..since it was never SIMLOCKED, I wonder what the output will be...and if they will be different.
I suggest other people run this software as well with a USB port logger, so we can compare logs, and perhaps figure out precisely what we need to do.
Regarding the encryption, I will have a look. I do not think that the data you gave me (C6BC3C70B329B2B1509980809FE49B11) is encrypted...looks like plain ol' HEX to me...will do some more research.
What I think would be the ultimate solution, is to develop an app that calculates the unlock code based upon IMEI number...easy to use, no workarounds, and something I understand: Encryption...
Yes, I am biased...but I am reading up on ass'y code right now to get my arms around this thing...so bare with me...
Hi HappyGoat,
It's good that finally you guys got interested in this! Yes it is the same piece of software I used to sniff the port, it would be interesting to see the output of your unlocked device. Could you please post it as soon as you have it? I hope we can crack this!!
Come on guys, don't just complain for the £20 charge, give us some help here!! We should all run the software and log the data to compare them, as HappyGoat suggested. Then we should all be HappyXdaUsers
Looking forward to some news,
Zouga
Zouga,
Can't download the zip file (bottom one) for some reason...reports that file can not be found...can you try again please?
Cheers,
HG
Hi to everyone.
Before this HTC device I had others and also had a Motorola Mpx220 (WM2003 SE).
I was used to move the files within "\Windows\Start Menu" (mostly .lnk files to installed programs) into newly created subfolders, to be able to use and/or access the function I needed in a faster way.
I've tried doing the same on this WM5 device, but everytime I try I get an error message reporting it is not possible (File Explorer has greyed out options to cut and/or copy, while TotalCommander just reports it's not possible to "overwrite" ???).
Does anyone have an idea of how this can be done (registry ???) ?
Thank you.
Ciao
Here is the solution...
Hi Mix, it's Mix answering (yes, I'm the same person...)...
First of all I would like to thank you ALL the people which knew the solution and were fighting to answer to my doubt...
You were so many, I wonder why the message has been read times and so many answers arrived: 0 (yes, ZERO).
Anyway, I came across the solution myself, by chance...
The problems seems being the smartphone versions of WM5 being protected against file modifications. This protection extends also to some files execution and to certificate installations (hence some problems may arise when connecting to an Exchange Server for syncronization).
Some tools are needed to remove this protection, and some experience of registry modification is required too (I will not help anyone beside what is in this message and I take no responsability for any mistakes and/or troubles you may produce or face).
First of all you need a special version of RegEdit (the tool from PHM): you should find an HTC digitally signed copy of it called RegEditSTG.exe.
Look around for it: there are many forums around which do hold a copy of it.
Place it in your phone's memory, not on the MicroSD card...
With this tool you should change the following values:
HKLM\Security\Policies\Policies\00001001 = 2 => 1 (RAPI)
HKLM\Security\Policies\Policies\00001005 = 16 => 40 (Cert)
HKLM\Security\Policies\Policies\00001017 = 128 => 144 (?)
The first is the value you will find, the second is the value you should enter. The third line has a question mark because someone says it should be made, someone not... It's up to you. I made it.
Then you should find another tool (with the same above method) called SDA_ApplicationUnlock.exe which has to be run on your desktop PC with the phone already connected with USB (and possibly with ActiveSync not in the middle of a sync...).
Once you run this, you will get a message that the unlock took place (if not, it may be the first operations did not complete well).
Disconnect your phone from the USB cable and power cycle it (switch it off and then on again).
Opla'... the phone is not APPLICATION UNLOCKED and you will be able to move file around the directories as I was looking to when I first posted my message.
Now I have a very quick Start Menu, as I wanted.
Please, be aware that this operation hacks the security policies of WM5 and then any other application which may be dangerous can now run on your phone.
If you wish to stay on the safe side, it could be useful to restore the registry settings to their original values, but I do not know if this could cause other problems, since I didn't on my phone.
I actually double check every single file by myself before launching it and I do not run anything which I'm not sure it is safe.
So, pay attention... (you have been warned...).
Hope this helps someone else out there.
Ciao
Thanks for the tips mate! I was searching around for the same problem.
Can a hard reset put all the files back as in the old WM2003? I'm asking that 'cause if you look at the windows directory, many exe and dll files are repeated, with a different code. I guessed they are for the many different languages the phone support and the code is the country code. Maybe when you switch from one language to another those files are renamed so you have the correct exe and dll for the language you need...
If I can erase all the files I don't need (I will never change the language or maybe have only italian and english) I can save lot of space.
Am I wrong? Was that ever tried before?
vbi said:
Thanks for the tips mate! I was searching around for the same problem.
Click to expand...
Click to collapse
;-) I knew...
Can a hard reset put all the files back as in the old WM2003? I'm asking that 'cause if you look at the windows directory, many exe and dll files are repeated, with a different code. I guessed they are for the many different languages the phone support and the code is the country code. Maybe when you switch from one language to another those files are renamed so you have the correct exe and dll for the language you need...
If I can erase all the files I don't need (I will never change the language or maybe have only italian and english) I can save lot of space.
Am I wrong? Was that ever tried before?
Click to expand...
Click to collapse
In order:
- Yes, I suppose a hard reset of the device completely restores the original factory settings, hence, the device will appear as "brand new".
- You're right: all the localized files present there are just to be able to swithc to other languages (maybe following user's settings and maybe also following user's SIM settings too...).
- Erasing the unused files may appear as a "space saving" job. It is not. First of all you will not be able to remove ROM resident files, but provided you could be able to do this, you will not be able to use ROM space as you intend...
Finally then, it's completely unuseful to try to remove them, just a waste of time trying...
Ciao
Thanks Michele.
Are you sure the windows directory is in ROM?
I always tought ROM was only to store the "disk" image when you hard reset the device. I was so for the Qtek S100.
vbi said:
Are you sure the windows directory is in ROM?
Click to expand...
Click to collapse
Yes it is. On the fact that it is then copied into RAM, well, this is a tecnique which was used up to WM2003 SE devices.
Starting from WM5 devices MS somewhat changed the behaviour of the whole system, hence I'm not then so sure.
Indeed, I have never been sure of anything, beside death, so you can imagine...
I'm not really so "expert".
Having used an MPx220 for over one year (with all its limitations, but exploiting it very much), using a WM5 device now is a much more relaxed experience (faster, more realiable and less troubly in terms of memory).
Just MHO
Thanks Mix - i followed your directions and it worked.
Got my QTEK (running i-Mate ROM) Application Unlocked
[GUIDE] How to fix "unknown baseband" / "stuck on airplane mode" problem
Today my friend who has a i9100 as I presented the unit with the following problem: not connected in any way in the mobile carrier, airplane mode was stucked.
Well, looking on the internet and especially this forum, I found several solutions to make the flash the original rom to accept that his incredible Samsung Galaxy SII had become an amazing Samsung Play SII. As I'm Brazilian and never give up, here's what worked for me.
---------
Most importantly, use at your own risk. If you are unsure of the steps below, do not do or have someone who has more experience. The procedures worked for me, but does not mean it will work for you.
Special care was always doing this kind of operation in any type of phone: use good quality cables, make sure that there is no bad contacts and preferably make the flash operations with a notebook with the battery at 100% load and phone with 100% load. After all, nobody wants the operation is interrupted and you get a plastic brick.
----
Here are the steps:
1) Download this application: http://forum.xda-developers.com/showthread.php?t=1308546. EFS Pro serves to backup / restore partition EFS.
2) To use EFS Pro, your phone must be enabled with the root. To do this, follow:
2.a) Paving the way for SuperOneClick: http://forum.xda-developers.com/showthread.php?t=1056334
2.b) Using SuperOneClick to "open legs": http://forum.xda-developers.com/showthread.php?t=803682
2.c) Now, some screwdrivers and screws inside your device: https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.
Hi, ljlima,
thanks for your report, I'am Brazilian too, but I'm almost giving up
Completely disappointed with this ****ty problem... Made a hard reset typing a code in phone keypad (since I could not access ID samsung in factory reset) and nothing...
Very afraid of following your instructions since I'am totally newbie and there is no replies confirming your method.
Is there a chance of solving this by upgrading android version (although KIES is crappy as hell) or other non invasive and easier method ?
thank you!
Samsung Galaxy SII
2.3.3
kernel version
2.6.35.7-I9100XWKE2-CL187606 [email protected] #2
GINGERBREAD.XWKE2
ljlima said:
4) Give the problem phone a boot and see the problem disappear.
Click to expand...
Click to collapse
But the IMEI will be 0049...
THANK YOU THANK YOU THANK YOU!
SAVED MY GALAXY SII from Bell
Also, sometimes, if your /EFS is not totally corrupted, you can just reflash your modem. I had issues with this on CM7 nightlies, and my problem was always solved with a simple reflash. Its easier than restoring your whole /EFS backup, and a lot quicker. But, mind this is only if your /EFS isn't done for.
Thnx a lot. for refreshind download links.
any one confirm the success of this method?
Confirmed Solution
This worked for me!!! You can find this software on net. Search with GSII_Repair. This works for sure!!! This can be downloaded from Google Play Market also. Available for free!!!
ghassir said:
Thnx a lot. for refreshind download links.
any one confirm the success of this method?
Click to expand...
Click to collapse
"lambergino" user tryed on january and works. And I wrote this post after resolve my friend problem.
"Unknown" baseband on a non-rooted SGS2!
Help!
My SGS2 suddenly would not recognize any SIM after a failed attempt at backing up my files using the sh!tty Kies software.
All I did was make a backup using Kies and somehow it got stuck "Preparing". I left it overnight and in the morning, when I checked, it still didn't go through the backup process - just kept saying preparing. Anyway, I decided to cancel it as I needed to use my phone already. I clicked on the cancel button and guess what? It also got stuck in cancelling! I left it and went to shower and when I got back after about 15 minutes (probably longer), it still didn't cancel. Frustrated, I plugged the USB cable out. Later that day, I noticed that I didn't receive any SMS/call. Then, I noticed that the notification bar displayed the "no signal" icon. I rebooted my phone, hoping the signal would return. But, I still got no signal after it switched on.
I did a factory reset, hoping it will put everything back to normal. I used the volume+power key combination as the factory reset option under Settings, somehow, would not work. Anyway, after doing the factory reset, it still wouldn't connect to the network.
I then noticed that the About screen displayed an "Unknown" baseband version.
From what I read from this thread and several other forums, this could be due to a corrupted /efs partition, which could have resulted from improperly rooting/flashing the device. However, I never rooted my phone in the first place!!!
And I heard the ICS update is rolling out now but I can't update because, somehow, Kies won't connect to my phone anymore!!!
My phone now is practically a very expensive music player. THIS IS SO FRUSTRATING!!!
Please help, anyone!
Hi there
I have a I9100G with missing IMEI and Baseband. Can I use your I9100 EFS file on my I9100G ?
Or is there someone who can provide EFS files for I9100G?
Thanks in advance!!!
Regards
Please try one these solutions
ljlima said:
Today my friend who has a i9100 as I presented the unit with the following problem: not connected in any way in the mobile carrier, airplane mode was stucked.
Well, looking on the internet and especially this forum, I found several solutions to make the flash the original rom to accept that his incredible Samsung Galaxy SII had become an amazing Samsung Play SII. As I'm Brazilian and never give up, here's what worked for me.
---------
Most importantly, use at your own risk. If you are unsure of the steps below, do not do or have someone who has more experience. The procedures worked for me, but does not mean it will work for you.
Special care was always doing this kind of operation in any type of phone: use good quality cables, make sure that there is no bad contacts and preferably make the flash operations with a notebook with the battery at 100% load and phone with 100% load. After all, nobody wants the operation is interrupted and you get a plastic brick.
----
Here are the steps:
1) Download this application: http://forum.xda-developers.com/showthread.php?t=1308546. EFS Pro serves to backup / restore partition EFS.
2) To use EFS Pro, your phone must be enabled with the root. To do this, follow:
2.a) Paving the way for SuperOneClick: http://forum.xda-developers.com/showthread.php?t=1056334
2.b) Using SuperOneClick to "open legs": http://forum.xda-developers.com/showthread.php?t=803682
2.c) Now, some screwdrivers and screws inside your device: https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.
Click to expand...
Click to collapse
Braidonh said:
Also, sometimes, if your /EFS is not totally corrupted, you can just reflash your modem. I had issues with this on CM7 nightlies, and my problem was always solved with a simple reflash. Its easier than restoring your whole /EFS backup, and a lot quicker. But, mind this is only if your /EFS isn't done for.
Click to expand...
Click to collapse
scorypto said:
This worked for me!!! You can find this software on net. Search with GSII_Repair. This works for sure!!! This can be downloaded from Google Play Market also. Available for free!!!
Click to expand...
Click to collapse
You need to try one of these.
None of this works for me, I tried everything
Any other advice
Regards
Service centre or JTag repair .
jje
gordskin
ljlima said:
Today my friend who has a i9100 as I presented the unit with the following problem: not connected in any way in the mobile carrier, airplane mode was stucked.
Well, looking on the internet and especially this forum, I found several solutions to make the flash the original rom to accept that his incredible Samsung Galaxy SII had become an amazing Samsung Play SII. As I'm Brazilian and never give up, here's what worked for me.
---------
Most importantly, use at your own risk. If you are unsure of the steps below, do not do or have someone who has more experience. The procedures worked for me, but does not mean it will work for you.
Special care was always doing this kind of operation in any type of phone: use good quality cables, make sure that there is no bad contacts and preferably make the flash operations with a notebook with the battery at 100% load and phone with 100% load. After all, nobody wants the operation is interrupted and you get a plastic brick.
----
Here are the steps:
1) Download this application: http://forum.xda-developers.com/showthread.php?t=1308546. EFS Pro serves to backup / restore partition EFS.
2) To use EFS Pro, your phone must be enabled with the root. To do this, follow:
2.a) Paving the way for SuperOneClick: http://forum.xda-developers.com/showthread.php?t=1056334
2.b) Using SuperOneClick to "open legs": http://forum.xda-developers.com/showthread.php?t=803682
2.c) Now, some screwdrivers and screws inside your device: https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.
Click to expand...
Click to collapse
YOu are lifesaver, it actually worked after I have tried 100's of difernet thinks. Thanks:good:
need your help
gordskin said:
YOu are lifesaver, it actually worked after I have tried 100's of difernet thinks. Thanks:good:
Click to expand...
Click to collapse
please can you share wich way helped you !!!
Your Fix
ljlima said:
Today my friend who has a i9100 as I presented the unit with the following problem: not connected in any way in the mobile carrier, airplane mode was stucked.
Well, looking on the internet and especially this forum, I found several solutions to make the flash the original rom to accept that his incredible Samsung Galaxy SII had become an amazing Samsung Play SII. As I'm Brazilian and never give up, here's what worked for me.
---------
Most importantly, use at your own risk. If you are unsure of the steps below, do not do or have someone who has more experience. The procedures worked for me, but does not mean it will work for you.
Special care was always doing this kind of operation in any type of phone: use good quality cables, make sure that there is no bad contacts and preferably make the flash operations with a notebook with the battery at 100% load and phone with 100% load. After all, nobody wants the operation is interrupted and you get a plastic brick.
----
Here are the steps:
1) Download this application: http://forum.xda-developers.com/showthread.php?t=1308546. EFS Pro serves to backup / restore partition EFS.
2) To use EFS Pro, your phone must be enabled with the root. To do this, follow:
2.a) Paving the way for SuperOneClick: http://forum.xda-developers.com/showthread.php?t=1056334
2.b) Using SuperOneClick to "open legs": http://forum.xda-developers.com/showthread.php?t=803682
2.c) Now, some screwdrivers and screws inside your device: https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.
Click to expand...
Click to collapse
Will this work in Germany? I have the same problem. Can I use your baseband since I dont have a donor Handy SII? I have been racking my brain for 3 days trying to correct this.
ScottsDesk said:
Will this work in Germany? I have the same problem. Can I use your baseband since I dont have a donor Handy SII? I have been racking my brain for 3 days trying to correct this.
Click to expand...
Click to collapse
As I said, try it on own risk. But I think that will work because other international users tried and worked, as you can see in this thread.
Good luck.
Donor EFS backup file needed..
Hi, I need a donor file compatible with EFSPro the links given in OP post have a .tar file whereas the latest version of EFS Pro works with a tar.gz with .img file in it.
I have also tried to replace the nv_data.bin file with the .bak version but the folder is Read only and I cannot over write the original file.
Any help is appreciated.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.[/QUOTE]
ljlima said:
Today my friend who has a i9100 as I presented the unit with the following problem: not connected in any way in the mobile carrier, airplane mode was stucked.
Well, looking on the internet and especially this forum, I found several solutions to make the flash the original rom to accept that his incredible Samsung Galaxy SII had become an amazing Samsung Play SII. As I'm Brazilian and never give up, here's what worked for me.
---------
Most importantly, use at your own risk. If you are unsure of the steps below, do not do or have someone who has more experience. The procedures worked for me, but does not mean it will work for you.
Special care was always doing this kind of operation in any type of phone: use good quality cables, make sure that there is no bad contacts and preferably make the flash operations with a notebook with the battery at 100% load and phone with 100% load. After all, nobody wants the operation is interrupted and you get a plastic brick.
----
Here are the steps:
1) Download this application: http://forum.xda-developers.com/showthread.php?t=1308546. EFS Pro serves to backup / restore partition EFS.
2) To use EFS Pro, your phone must be enabled with the root. To do this, follow:
2.a) Paving the way for SuperOneClick: http://forum.xda-developers.com/showthread.php?t=1056334
2.b) Using SuperOneClick to "open legs": http://forum.xda-developers.com/showthread.php?t=803682
2.c) Now, some screwdrivers and screws inside your device: https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
3) Now the easy part, get another Galaxy S2 to be the "donor" baseband. You do not? Download mine by this link:
https://hotfile.com/dl/149885347/a004c04/EFS_20111227_235358.tar.html or https://rapidshare.com/files/2401446638/EFS_20111227_235358.tar. If you use my baseband, skip to step 3.b.
3.a) Pick up the phone "donor", run the EFS Pro and select the backup option. To accelerate the process, ask to put the backup on the sdcard. There, he set up and placed in the / sdcard / EFSProBackup.
3.b) Copy / Create the folder / sdcard / EFSProBackup problem to the phone with the same path.
3.c) EFS Pro back in, ask to restore the backup from the device (will find the file you copied) and ready.
4) Give the problem phone a boot and see the problem disappear.
----
This is my first post and hopefully it will be useful. Pay me a beer if you like it.
Click to expand...
Click to collapse
dud id used your EFS...i did not work for me...i then factory reset my phone.,..now there is an input password when opening the phone! now i totally cant acces my phone because of this password...pin code...
SIM Pin or Network Code?
Either way your IMEI must be back.
Sent from the little guy
Hello all SGS3 users.
I have a strong issue on my branded Samsung I9300. When I browse the /efs folder (with Root Explorer for example), I notice a strange thing.
Two files are changed every hour (the date and the time). Revelant files are : nv_data.bin & nv_data.bin.md5
I know it's important files (including IMEI number and other important information). I have already make backup.
I said that my phone work properly with the right IMEI number, but I'm afraid to turn off my phone not to stop writing files.
Have you ever heard of this ?
Note : I use I9300XXBLG8/I9300OXABLG8 PDA/CSC. I have try to unlock my phone with Voodoo unlocker (thanks supercurio) with previous firmware. When I upgrade my phone to LG8 (and loose my unsimlock), I haven't try to fix Voodoo issue. I have the same network provider as the phone.
Note 2 : I'm sorry for my bad skill in english
just check on mine and it seems to do the same thing
It should come from the new samsung "feature" that make voodoo unlock useless for now
Do not be worry: I have turned my phone off a few times since I flashed LG8 without issue
Thank you for your reply.
If I can restard my phone without issue, it's a good news.
Can you just watch what happens in "nv.log". In my case, no record about it.
same thing: not listed in nv.log
I have upgrade my modem OTA (with the LH1 available today).
It does change this issue.
Others are in this situation ? (I think of guys who don't have try unlock their phones with software hacks)
lelinuxien52 said:
Hello all SGS3 users.
I have a strong issue on my branded Samsung I9300. When I browse the /efs folder (with Root Explorer for example), I notice a strange thing.
Two files are changed every hour (the date and the time). Revelant files are : nv_data.bin & nv_data.bin.md5
I know it's important files (including IMEI number and other important information). I have already make backup.
I said that my phone work properly with the right IMEI number, but I'm afraid to turn off my phone not to stop writing files.
Have you ever heard of this ?
Note : I use I9300XXBLG8/I9300OXABLG8 PDA/CSC. I have try to unlock my phone with Voodoo unlocker (thanks supercurio) with previous firmware. When I upgrade my phone to LG8 (and loose my unsimlock), I haven't try to fix Voodoo issue. I have the same network provider as the phone.
Note 2 : I'm sorry for my bad skill in english
Click to expand...
Click to collapse
As you have already stated in your post EFS folder contains important information such as IMEI number, Phone number and other details...the nv_data.bin file changes it size as the time passes... it is a known behaviour and is not a bug..backup your efs partition on to external medium and restore when required...
read this post.
http://forum.xda-developers.com/showthread.php?t=1314719
zoot1 said:
As you have already stated in your post EFS folder contains important information such as IMEI number, Phone number and other details...the nv_data.bin file changes it size as the time passes... it is a known behaviour and is not a bug..backup your efs partition on to external medium and restore when required...
read this post.
http://forum.xda-developers.com/showthread.php?t=1314719
Click to expand...
Click to collapse
Thanks for your answer. I have already make backup with Toolkit v4.0 and EFS Pro 1.8.
I understand that this may be considered duplicate. However due to the title of the previous thread clearly stating that the effort there is closed, I though I open this up. I would really love to get more 4g bands working as I have no LTE service in my area. Here is a post from the aforementioned thread.
-------
Maybe Possible Solution
Just found this thread after I unlock carrier locked my Hisense B16C2G phone that can't be unlocked for almost 3 years. This is just hypothesis, I suggest to try this with concern.
There are several file that determine bands capability in the devices. Most of it is in NV partition, but from the discussion I know that you guys have tried some popular ways to unlock it, but it failed. Like my phone at first i believe its hardware locked too, but i just discovered some Chinese article about unlocking oneplus device. Maybe you can try it too.
Here it is:
1. Connect to QPST and open EFS explorer
2. In policyman folder there are 3 file that most likely can be the cause of this network restiction
carrier_policy.xml
post.xml (in my phone there is none)
rat_mask (in my case this file that restrict my network even after I change NV values to support all bands)
3. Compare all three file with other phone's that most likely have same architechture (maybe MI8 or Pixel). For rat_mask, make sure it have same bits number(compare with Hex Editor)
4. replace that carrrier_policy.xml(and any file that contain this name) and rat_mask with modified files or use you can use other unrestricted phone's instead
These file originally in modem.img. Some phone replace them back with the original file when boot, you can modified init.radio.sh to prevent that.
We can modify carrier_policy.xml in modem.img and flash it to the phone but i cant find where rat_mask located
5. Reboot and hope if it solve your problem
I can't find any reference about how to generate unrestricted rat_mask and device_config so make sure you backup your original file before you make modification. Sorry I can confirm whether it will work or not because i don't own poco
NB: I solve my problem just with replacing carrier_config.xml and rat_mask. There is a file called device_config, be careful with this file because it control how the phone modem interact with qpst too, wrong modification can cause you cant connect to PC even in diag mode.
https://forum.xda-developers.com/poco-f1/help/poco-f1-lte-bands-unlock-t3835467/page22
-------
Does the above information help at all with this effort? I'm not quite savvy enough to pursue this on my own. I also found the below thread which describes a process which is apparently still working for many Qualcomm devices including Xiaomi. Has this method been attempted with the Poco F1?
http://in.c.mi.com/thread-527028-10-1.html
I sold my Poco and took over my GF's which was on 10.2.3. I had LTE at my place, confirmed with speed test and LTE app. After upgrading to 10.3.4 today I no longer have LTE. I've tried switching back and forth between APNs to no avail. Any ideas?
Any updates, did you got it working? I need to unlock B5 and 28.