FLOCK - unlocking/unfreezing S8500/S8530 for free could not be any easier!

Search This thread

Rebellos

Senior Recognized Developer
May 13, 2009
1,353
3,428
Gdańsk
This is the solution for unlocking Wave phones.
Big thanks goes to mijoma.
All you do and enter into your phone you do at your own risk. Nobody else but you take whole responsibility for what happens to your phone!
Remember than flashing of phone is a little risky, however if performed properly, risk of damaging anything is very low.


If your phone locked-up all of the sudden - be sure to read this thread aswell: http://xdaforums.com/showthread.php?t=1787648

Most of bada 1.2 and 2.0 final-release (not ones from beta releases) bootloaders should be supported.
You need some knowledge about flashing.

How to check what lock do you have?
Enter *#7465625# code, you will see list of active and inactive locks.

What do you need?
Wave 1 or 2 phone with bada 1.2 or 2.0
For Wave I with bada 1.2 - FLOCK_S8500_b1.2
For Wave I with bada 2.0 - FLOCK_S8500_b2x
For Wave II with bada 1.2 - FLOCK_S8530_b1.2
For Wave II with bada 2.0 - FLOCK_S8530_b2x

Flash the right FOTA file. Turn off the phone, wait few seconds, and then turn it on holding CALL (so you have to press CALL and ENDCALL, 2 keys) key until white screen with red texts shows up. Release keys.

Be patient, FOTA module is calculating 3 codes (Subset lock, Netlock, Unfreeze) for your phone, it can take up to 10 minutes. After you get the code you are interested in you can turn off the phone.

Write down the codes you need. Turn off the phone by holding power button for 15 seconds or taking off battery.

After obtaining code, do procedure below:
[Netlock], 2 ways:
1. Insert an unsupported SIM card, start phone and after being asked about "Network Lock" enter Unlock Code you had written down.
2. enter #7465625*638*Unlock code# <thanks to homelessghost for tip>


[Freeze]
1. Insert any SIM card, start phone and after being asked about "Freeze" make call and enter code you had written down.


[Subset]
Can anyone provide guide?


That's all - enjoy unlocked phone!

Troubleshooting:
Instead of white screen with red texts, usual booting logo appears and then Bada starts, what am I doing wrong?
Make sure you flashed right FLOCK without errors. If you did so, first - flash APPS from the same bada version, but from ROM that does contain .fota (certain APPS versions can have locked FOTA module), second - if it doesn't work - update your bootloader to some newer/another one and write post here containing information what version of bootloader (bootloader, not bada) you had before that was not working.

Important: Be very careful when writing down and entering unlock code.

If you got any other questions - please ask in this thread.
It is possible that some phones are not unlockable this method. Then the code wouldn't show up.

General method concept (if you are really interested in sources or way how it works - please PM me or mijoma) should work for most of "Samsung 3G" phones - like JET, Wave3, Monte. If you are owner of locked phone of this class and you are able to do dumps of memory - please contact with me.
 

Attachments

  • FLOCK_S8500_b1.2.zip
    6.3 KB · Views: 14,528
  • FLOCK_S8500_b2x.zip
    6.3 KB · Views: 15,288
  • FLOCK_S8530_b1.2.zip
    6.3 KB · Views: 10,594
  • FLOCK_S8530_b2x.zip
    6.3 KB · Views: 12,917
Last edited:

HandzUp!

New member
May 12, 2011
2
0
Hi,

Thanks a lot for your job, you're my god :)

Here's my Hash: C7 2D C4 73 07 18 FA 2B 15 7E 29 07 3F BD 04 2E C7 4C 82 E6

Thanks :)
 

dixter

Member
Jun 1, 2011
45
4
Thanks so much Rebellos! My phone has been network-locked since I got it and always unable to update with Kies, so I've been stuck on a May 2010 Bada 1.0 firmware forever. Looking forward to being able to flash it :)

Speaking of which, I've always read that you can't flash anything to a locked phone. Is flashing the bootloader and FOTA alright though? And will the bootloader be compatible with my firmware? It's S8500NEJE6/S8500H3GJ7.

If that is fine, then I'll send you my hash. Thanks so much for doing this!
 

homelessghost

Member
Apr 19, 2011
12
7
Thanks a lot, Rebellos!

Here it is my hash code (I only have the network lock):

01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47

Thanks again! :)
 

elkpojlb

Member
Apr 22, 2011
41
0
Very interesting your project but there is a problem.
In Latin America can not change firmware and than through KIES .. we can not use the "Multiloader" because we have the code "SUBSET [ON]" and if we have the code that the [ON] and flash our phone freeze only makes our telephone and so we are unable to use your tutorial.
You know any way to change the code first "SUBSET" to [ON] [OFF] and by doing so Latin American users can use "Multiloader" how many times we want.
I hope your answer and relied heavily on his wisdom!
Already many thanks! Greetings from Argentina!
 

Rebellos

Senior Recognized Developer
May 13, 2009
1,353
3,428
Gdańsk
Phone can be flash-locked - then bootloader will deny any attempt of flashing, though I can't promise I haven't ommited some malicious procedure allowing something like bootloader upgrade but refusing firmware upgrade and refusing bootloader downgrade, causing kinda brick.
Is it a rule that phone flashing is locked always when its [ON] SUBSET Lock?
I will try to look into it.
 
  • Like
Reactions: LeakeHunter

Rebellos

Senior Recognized Developer
May 13, 2009
1,353
3,428
Gdańsk
Hi,

Thanks a lot for your job, you're my god :)

Here's my Hash: C7 2D C4 73 07 18 FA 2B 15 7E 29 07 3F BD 04 2E C7 4C 82 E6

Thanks :)

25957353
Please let me know if it works.

Thanks a lot, Rebellos!

Here it is my hash code (I only have the network lock):

01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47

Thanks again! :)

code not found :(
Sorry, I'm looking for other ways of unlocking too.
 

dixter

Member
Jun 1, 2011
45
4
Phone can be flash-locked - then bootloader will deny any attempt of flashing, though I can't promise I haven't ommited some malicious procedure allowing something like bootloader upgrade but refusing firmware upgrade and refusing bootloader downgrade, causing kinda brick.
Is it a rule that phone flashing is locked always when its [ON] SUBSET Lock?
I will try to look into it.

Does that mean it's safe for me to flash bootloader and FOTA if my phone is only network-locked?
 

dixter

Member
Jun 1, 2011
45
4
I won't bet my hand for that it is in all cases. But I'm pretty certain it is.

OK, thanks. Presumably there is no way to obtain the hash without flashing? I suppose it should be fine since those who have already given you hashes must have flashed their network locked phones with no problems.
 

adfree

Senior Member
Jun 14, 2008
10,615
6,172
Samsung Galaxy Watch 4
Samsung Galaxy S22
In "theory" there AT Commands and/or Dev Commands... in combination with WinComm to see result.

Theory because not my business and I have no locked device for tests.

Anyway. :)

It is ever interesting, how many ways exists to disable Security. :D

@ Rebellos

Maybe you can teach me how to copy/find "SIMSecure" area in JTAG dump.
Then I could check if my theory is bull.shi.t.

Thanx.

My hints NOT for public... only for my little brain.

Best Regards
 

elkpojlb

Member
Apr 22, 2011
41
0
If we who possess a Wave in Latin America we have all the [ON]. The only problem is the SUBSET flash. If we have the SUBSET in [ON] the phone freezes (unnfreeze mode) after using Multiloader.
It would be good to try to change the way SUBSET to pass it to [OFF] and so test any firmware.
Thank you very much for your response. I hope you find some solution for us because we feel like slaves and prisoners of samsung and has forgotten us regarding updates and all you have to do with the Wave.
Thank you very much! Greetings from Argentina!
 

Rebellos

Senior Recognized Developer
May 13, 2009
1,353
3,428
Gdańsk
OK, thanks. Presumably there is no way to obtain the hash without flashing? I suppose it should be fine since those who have already given you hashes must have flashed their network locked phones with no problems.
The hash is generated from IMEI somehow. But I don't know how yet. I flashed my networklocked wave like hundreds of times with no problems. Even updated it from 1.2 to 2.0 while it was still netlocked.


@adfree:
These data are encrypted with SEED algorithm using key generated from oneNAND serial number. Are you able to obtain it?

@elkpojlb
It needs some work but can be done. Though I'm out of time for next few weeks.
 
  • Like
Reactions: adfree

elkpojlb

Member
Apr 22, 2011
41
0
Well no problem friend .. long time and we hope some solution so that we do not do anything but wait a bit! Thank you very much and I hope they can do!
Greetings friend!
 

dixter

Member
Jun 1, 2011
45
4
The hash is generated from IMEI somehow. But I don't know how yet. I flashed my networklocked wave like hundreds of times with no problems. Even updated it from 1.2 to 2.0 while it was still netlocked.


@adfree:
These data are encrypted with SEED algorithm using key generated from oneNAND serial number. Are you able to obtain it?

@elkpojlb
It needs some work but can be done. Though I'm out of time for next few weeks.

Wow, that's news to me, I've never flashed because I heard it'd brick a locked phone. Now the noob question, which checkboxes should I tick in Multiloader for just flashing bootfiles and FOTA? Boot Change, Full Download or nothing at all? Or does it require one flash for bootfiles and another flash for FOTA? Sorry - the next post from me should contain a hash!
 

Rebellos

Senior Recognized Developer
May 13, 2009
1,353
3,428
Gdańsk
Thanks a lot, Rebellos!

Here it is my hash code (I only have the network lock):

01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47

Thanks again! :)

03935173 - say kudos to mijoma, he found my mistake in code founder. ;)


Wow, that's news to me, I've never flashed because I heard it'd brick a locked phone. Now the noob question, which checkboxes should I tick in Multiloader for just flashing bootfiles and FOTA? Boot Change, Full Download or nothing at all? Or does it require one flash for bootfiles and another flash for FOTA? Sorry - the next post from me should contain a hash!

Boot Change, then select directory with bootfiles and file with FOTA. Try to find some tutorial before you do it.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 46
    This is the solution for unlocking Wave phones.
    Big thanks goes to mijoma.
    All you do and enter into your phone you do at your own risk. Nobody else but you take whole responsibility for what happens to your phone!
    Remember than flashing of phone is a little risky, however if performed properly, risk of damaging anything is very low.


    If your phone locked-up all of the sudden - be sure to read this thread aswell: http://xdaforums.com/showthread.php?t=1787648

    Most of bada 1.2 and 2.0 final-release (not ones from beta releases) bootloaders should be supported.
    You need some knowledge about flashing.

    How to check what lock do you have?
    Enter *#7465625# code, you will see list of active and inactive locks.

    What do you need?
    Wave 1 or 2 phone with bada 1.2 or 2.0
    For Wave I with bada 1.2 - FLOCK_S8500_b1.2
    For Wave I with bada 2.0 - FLOCK_S8500_b2x
    For Wave II with bada 1.2 - FLOCK_S8530_b1.2
    For Wave II with bada 2.0 - FLOCK_S8530_b2x

    Flash the right FOTA file. Turn off the phone, wait few seconds, and then turn it on holding CALL (so you have to press CALL and ENDCALL, 2 keys) key until white screen with red texts shows up. Release keys.

    Be patient, FOTA module is calculating 3 codes (Subset lock, Netlock, Unfreeze) for your phone, it can take up to 10 minutes. After you get the code you are interested in you can turn off the phone.

    Write down the codes you need. Turn off the phone by holding power button for 15 seconds or taking off battery.

    After obtaining code, do procedure below:
    [Netlock], 2 ways:
    1. Insert an unsupported SIM card, start phone and after being asked about "Network Lock" enter Unlock Code you had written down.
    2. enter #7465625*638*Unlock code# <thanks to homelessghost for tip>


    [Freeze]
    1. Insert any SIM card, start phone and after being asked about "Freeze" make call and enter code you had written down.


    [Subset]
    Can anyone provide guide?


    That's all - enjoy unlocked phone!

    Troubleshooting:
    Instead of white screen with red texts, usual booting logo appears and then Bada starts, what am I doing wrong?
    Make sure you flashed right FLOCK without errors. If you did so, first - flash APPS from the same bada version, but from ROM that does contain .fota (certain APPS versions can have locked FOTA module), second - if it doesn't work - update your bootloader to some newer/another one and write post here containing information what version of bootloader (bootloader, not bada) you had before that was not working.

    Important: Be very careful when writing down and entering unlock code.

    If you got any other questions - please ask in this thread.
    It is possible that some phones are not unlockable this method. Then the code wouldn't show up.

    General method concept (if you are really interested in sources or way how it works - please PM me or mijoma) should work for most of "Samsung 3G" phones - like JET, Wave3, Monte. If you are owner of locked phone of this class and you are able to do dumps of memory - please contact with me.
    3
    Thanks a lot, Rebellos!

    Here it is my hash code (I only have the network lock):

    01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47

    Thanks again! :)

    03935173 - say kudos to mijoma, he found my mistake in code founder. ;)


    Wow, that's news to me, I've never flashed because I heard it'd brick a locked phone. Now the noob question, which checkboxes should I tick in Multiloader for just flashing bootfiles and FOTA? Boot Change, Full Download or nothing at all? Or does it require one flash for bootfiles and another flash for FOTA? Sorry - the next post from me should contain a hash!

    Boot Change, then select directory with bootfiles and file with FOTA. Try to find some tutorial before you do it.
    2
    Czesc to mój Hash

    A9 67 68 7D DC DB 43 BD 77 18 97 CA FD 09 A4 2E 33 17 44 5E

    93819157

    Cheers
    2
    Hi,

    Thanks a lot for your job, you're my god :)

    Here's my Hash: C7 2D C4 73 07 18 FA 2B 15 7E 29 07 3F BD 04 2E C7 4C 82 E6

    Thanks :)

    25957353
    Please let me know if it works.

    Thanks a lot, Rebellos!

    Here it is my hash code (I only have the network lock):

    01 6C 99 C4 BF DC 57 72 B1 23 2E 0B 4C 71 C8 0E C7 DC 79 47

    Thanks again! :)

    code not found :(
    Sorry, I'm looking for other ways of unlocking too.
    2
    Does that mean it's safe for me to flash bootloader and FOTA if my phone is only network-locked?

    I won't bet my hand for that it is in all cases. But I'm pretty certain it is.