@samwathegreat: From my testing, you can get the SPC if you've upgraded to 4.4.4 just by making a Nandroid backup and flashing the stock 4.4.2 ROM ZIP (instead of the full firmware package).
Last edited:
[GUIDE] SUCCESS!!! SIM-Unlock Sprint XT1056 (SIM-CRACK) Moto X GSM **NOW U.S. TOO!**
- Thread starter samwathegreat
- Start date
Excellent, thanks for the info.
I just hope people understand well enough the difference between this and using rsd lite.
Hate to see an inexperienced user brick because they don't understand and attempt a downgrade...
I suggest either reading the last few pages of this thread, or using search.
Nevermind, was talking about this part of the second post:
But it refers to the radio of sprint's X on other carriers
Enviado desde mi Moto X usando Tapatalk 2
@samwathegreat i found this http://xdaforums.com/crossdevice-dev/sony/thread-progress-please-leave-im-updating-t2871269
This is too good to be true.
This is too good to be true.
Last edited:
If this seems likely to work on our device I would love to unlock the AWS bands for T-Mobile USA, even if the T-Mobile LTE bands end up not being available. I get robust HSPA+ in refarmed areas near where I live but elsewhere 2G/EDGE, even on some major roads and highways.
This would be an awesome addition to your international and domestic SIM unlock!
Absolutely not. See here for progress regarding unlocking samsung devices: http://xdaforums.com/showthread.php?t=2743024&page=62
Would you mind editing your post and removing the extremely long quote of my entire first post? Thanks.
I recently bought a Sprint Moto X Sim unlocked with a T-Mobile ROM and APN to work on T-Mobile. I'm assuming he used this method good job BTW. It has a unlocked boot loader but doesn't seem to be rooted. I have grown tired of T-Mobile service and want to use this phone on Sprint. So my question to you is, how do I get the stock Sprint ROM back on the phone so I can use this phone with Sprint? Thanks in advance!
The unlock worked perfect for me. Is the unlock permanent? Will it stick even after the imminent Android L update?
Use RSD Lite to flash the entire stock sprint ROM. You risk bricking if you attempt to flash the 4.4.2 sbf instead of waiting for the 4.4.4 sbf.
You really should wait for it to be released. Since the t-mobile rom is on 4.4.3 you will be downgrading if you flash 4.4.2 (and a brick is likely to happen). Waiting for the 4.4.4 sbf to be leaked and flashing the entire thing is the only *safe* way to return now that you are running a 4.4.3 ROM.
The only alternative is to flash twrp, and then flash the sprint twrp-flashable ROM, then use fastboot to erase modemst1 and modemst2 partitions. This is also risky because you will have a mismatched partition table **AND THE WRONG MODEM** (which could prevent it from working on Sprint at all....) so taking OTAs in the future could brick your device. That will revert the sim-lock and put you back on Sprint ***assuming*** nothing else has been modified. If the previous owner also flashed to page plus, OR changed the SPC code, the phone will never work on Sprint again.
Good Luck.
Since it is controlled by an NVITEM, it *should* persist, but I have no way of knowing for sure. Have to wait and see.
Any update taken via OTA or XML that includes a new radio image will reset the NV to default configuration, requiring redoing the edit after updating.
Wow sounds complicated I just want it back to the way it was when it came out of the box and able to get OTAs, that being said, would you recommend the first one?
Yep doesn't look like their is a Sprint 4.4.4 or 4.4.3 sbf yet. Since I can't downgrade to a lower version sprint rom, could i downgrade to a lower version TMO rom then install a 4.4.2 sprint sbf, update to 4.4.4 through OTA, then update PRL to get Sprint modem?
D
Darth
Guest
No, that is even more hazardous. Downgrading in any form is dangerous, and flashing another carrier firmware doesn't change that.
What do you suggest I do? I have a Sprint Moto X 4.4.3 on T-mobile Sim-Unlocked and I want it back on Sprint
D
Darth
Guest
You need to wait for files that are the same or higher version to flash. Not much else you can do I'm afraid.
Similar threads
- Locked
- Poll
Top Liked Posts
-
There are no posts matching your filters.
-
94Greetings fellow XDAers,
It's finally happened: SIM-Unlock for the Sprint Moto X (XT1056)
(International-use Only. Anyone in the U.S. - Don't bother at the moment. Myself and some others are looking into the possibility of extending the SIM-CRACK to U.S. users, but RIGHT NOW, not possible. Sorry.)NOW EXTENDED TO DOMESTIC U.S. USERS AS WELL! - I have discovered the domestic-unlock solution!!!!
First, a little background:
Since its debut in August, 2013 many people have been trying to crack the SIM-LOCK on the XT1056. Many have tried and long since given up. I officially became involved in the project in May, 2014, and since then, had taken over the project. After much research, I determined that a Chinese hacker had found the solution and was offering a SIM-Unlock service on Taobao.com. This individual was extremely secretive about his methods - and told no one the solution. In order to use the service, you had to SEND your XT1056 to China to be unlocked (for fear of someone discovering his method). Then, a short time afterwards, the listing completely disappeared from Taobao, never to be seen again. Afterwards, sellers only offered PRE-SIM-CRACKED XT1056's on Taobao. Fortunately, I had already discovered (by reading his prior listing), that the SIM-Unlock required that you NEVER erase the modemst1 and/or modemst2 partitions (the equivalent of EFS/baseband cache on the Moto X).
At this point, I knew without a doubt that the key was in the modemst partitions. The breakthrough, however, didn't come until Mid-July, when another XDA Member: @yefonme posted to the thread that they had obtained a China-SIM-Cracked XT1056. This user confirmed the information I already knew by telling me that the seller advised that they must never erase the modemst partitions or the SIM-Unlock would be lost. This user generously offered to assist in helping find the solution, just for sheer curiosity - they wanted to know HOW the SIM-Unlock was achieved.
At this point, I thought we had everything we needed. Knowing that the key lies in the baseband cache, I requested various users to use a tool to backup their modemst1/modemst2 partitions, and send them to me for comparison with a HEX-Editor. Several users obliged, but unfortunately, we hit another roadblock -- the EFS partitions turned out to be ENCRYPTED TO HELL! That method was going nowhere. Then I realized that upon erasing the baseband cache (modemst1/modemst2 partitions), that all NV-ITEMS were reset to their factory defaults. BINGO! This means that the baseband cache partitions MUST store the encrypted contents of NVRAM!
This meant we had another option! Using standard CDMA tools, we could do a "DUMP" of the values stored in NVRAM. Another user, @ezeuba, suggested a simple tool, and provided instructions for the other's involved to DUMP the contents of their NVRAM, for comparison. Another big issue: Since many NVITEMS are inactive / restricted, even between 2 Sprint SIM-Locked devices, it made it completely impossible to use a utility to run a differential comparison between these NV-DUMPS. This meant that the NV-ITEMS had to be compared manually, by-hand.
I spent countless hours scouring through the data, comparing the THOUSANDS of NV-ITEMS from the China-Cracked XT1056 with the dumps provided by the Sprint SIM-Locked users. It was taking forever! I knew that the key to comparing the NVITEMS was finding values that were the SAME on all the Locked XT1056s, but DIFFERENT, only on the SIM-CRACKED XT1056. If a particular NVITEM differs between 2 or more LOCKED XT1056s, it is likely not the value we are looking for.
Then, finally, I came across an NVITEM that struck me as unique. It was the SAME on all the LOCKED XT1056's I analyzed, but different ONLY on the CRACKED XT1056. I was hesitantly optimistic, and posted about it here: http://xdaforums.com/showpost.php?p=54334931&postcount=250
Well, my intuition was Spot-On, and this DID turn out to be the proverbial "smoking gun". Another user (ignoring my suggestions to WAIT and let another user who had offered to donate an XT1056 mainboard try it first) went ahead and wrote the new value as I had suggested. BAM!!! And the rest is HISTORY.
OK, so enough about the history, and on to the solution!!!!!
So the key lies in NVITEM # 8378
On the China-Cracked XT1056, the value was "01"
On all the SIM-LOCKED XT1056's, the value was "00"
That's all there is to it. You can use the CDMA Tool of your choice to write "01" to NVITEM 8378 to achieve SIM-Unlock!
You will also need to change the RUIM config to "RUIM-Only" in order to prevent the phone from reverting to CDMA-mode upon reboot. This is controlled by NVITEM 855 (see instructions in post # 2)
This method is KNOWN to unlock for all international GSM carriers,but DOES NOT unlock for Domestic U.S. carriers. Something else is in place, it appears, that BLOCKS the United States MCCs.NOW EXTENDED TO U.S. USERS AS WELL!!!
POST # 2 in this thread will be reserved for complete instructions for those of you who aren't familiar with how to write NV-ITEMS. These instructions are courtesy of @ezeuba.
POST # 3 will be reserved for detailed instructions on how to install the necessary DIAG Drivers, and how to manually FORCE driver installation, if necessary.
I believe in giving credit where it is due, so I want to personally thank:
* @hsngt and @jaaa1976 - who provided me with the NVDUMPS I used to find the SIM-Unlock method. @jaaa1976 was the FIRST person to be unlocked by my method
* @ezeuba for providing these users with step-by-step instructions on how to READ and SAVE said NVITEM dumps.
* @Vivjen for support and generous offer to donate a XT1056 mainboard (which turned out to be unnecessary)
* @crabbyone for encouraging me to take a 2nd look at NVITEM # 8322 (which turned out to be the Domestic Unlock solution)
* @Arnold Snarb for originally discovering the property of NVITEM # 8322 (which unlocked the Razr M for domestic use)
* All the others who submitted EFS and/or NVDUMPS (even though I didn't use them to find the solution)
* Everyone who believed in me and provided encouragement and moral support ( that includes YOU, @KJ )
* Everyone who makes good on their bounty pledges and everyone who DONATES (paypal: samwathegreat@gmail.com )
* Everyone who is appreciative and gracious for the ENORMOUS amount of time I've spent making this SIM-Unlock possible for everyone
* The China-man who found the solution FIRST, even though he didn't share it with anyone and intended to only use it for Profit (I bet he is PISSED at me -- he was charging $80 U.S. for EACH unlock )
*** and ESPECIALLY @yefonme --- without YOU, NONE of this would be possible.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: samwathegreat@gmail.com
DO NOT email me asking for help with this. I won't answer you. *Post in the Thread* - this is the only way you will get support. I'm sure that you understand...
Additional info:
This works for all Republic Wireless XT1049's also, but ONLY if you can unlock the bootloader (only possible through the "China Middleman" - use search). You MUST flash the Sprint XT1056 ROM to your RW XT1049 device for this to work for you.
DISCLAIMER:
If you use my SIM-CRACK, I'm not responsible for ANYTHING that goes wrong. USE CAUTION! If you hit the wrong button, or write the wrong NVITEM, you could end up in BIG TROUBLE (possible BRICK). You have been warned.
And lastly, YOU MAY ---NOT--- COPY ANY PART OF MY SIM-UNLOCK METHODS. YOU MAY NOT SHARE/RE-DISTRIBUTE MY FILES, OR POST THEM TO OTHER SITES. THE ONLY ACCEPTABLE THING IS TO ---LINK--- THIS THREAD TO OTHER SITES. IT IS UNACCEPTABLE TO STEAL MY (OR ANYONE ELSE'S) WORK!!!!! I will be extremely offended if I find that someone stole my work and posted it elsewhere. ONLY Link this thread. Don't copy any or all of its contents elsewhere. PERIOD.
^This is NOT an unreasonable request....66FULL INSTRUCTIONS
!!!!! A WORD OF WARNING:
Once you complete this method, it is possible that you will NEVER be able to use your phone on Sprint / CDMA again! I -stupidly- flashed my Republic Wireless XT1049 (I should have known better -- I am using their service, and had no intentions of switching to GSM) in attempt to get better results / instructions for you guys. Now my phone is STUCK in GSM mode, the roaming indicator will not go away, I can't make calls on CELL, and no matter what I've tried, I cannot revert back. Not flashing my EFS backup, nor flashing back to stock, nor erasing the modemst partitions has been able to get me back on CDMA. PRL is STUCK on "1", and no matter how many times I write a new PRL, it won't stick. I'll be lucky if I can get my phone back in working order.....
^EDIT to above: This turned out to be EASILY fixed by flashing the entire SPRINT SBF to my Republic Wireless device, then, subsequently flashing back the Republic Wireless ROM (I WANT to STAY on Republic Wireless). DO NOT ATTEMPT THIS SIM-Unlock on the Republic Wireless ROM. Something about the RW ROM prevents you from going back to CDMA once on GSM. Flash the SPRINT ROM, FIRST, if you want to GSM-Unlock your Republic Wireless XT1049. The SPRINT ROM does not seem to have this issue, so you are probably OK, but take caution, nonetheless. I'm finally back on Republic Wireless (CDMA) after hours of frustration and fear that I was permanently stuck on GSM.
I don't recommend this if you plan to ever go back to CDMA / SprintProbably fine - But once again, use caution.
Still want to continue? ------> Don't blame me if you end up STUCK on GSM
If you want my support, you must be on the Stock XT1056 Sprint ROM. I will not support any other ROMS from any other variants, or any custom roms. If you change roms, good luck, but no support will be provided. Additionally, support will ONLY be provided by posting to this thread. Do not email me or PM me with questions. I'm sure you understand...
AND Don't forget: This DOES NOT unlock for Domestic use, in the United States. Blame Motorola/Sprint. Something else is in place, it seems, that BLOCKS the U.S. MCCs. If you live in the U.S., DON'T BOTHER, unless you plan to sell your device to someone overseas. Myself and others are looking into the possibility of extending the SIM-Unlock to those in the U.S., but hasn't happened YET.I've also discovered the DOMESTIC UNLOCK solution now, as well!!!
FIRST, you must be in DIAGNOSTIC MODE:
You MUST have "USB Debugging" DISABLED, or the DIAG Port will NOT activate!!!
****If you are having driver issues, and you have an entry for "Motorola QC Diag Interface" (not "Port") under "Other Devices" (and not "Ports (COM & LPT)"), SEE POST # 3 for detailed instructions (WITH PICTURES) on how to FORCE the driver installation.
Next, download and install the attached "SPCUtility.apk" app on your phone. Run it -- it will give you YOUR SPC Code. Write it down / take note of it.
IF ANYONE CAN TELL ME WHO DEVELOPED THIS APP, I WILL GIVE THEM THE APPROPRIATE CREDIT. I have tried (without success) to find out who the author is.
Then, flash the attached nv-unlock.txt, nv-unlock2.txt, unlock-domestic.txt AND nv-ruim-only.txt files as per these instructions:
1. Open the attached "NV-Items Reader-Writer"
2. Enter YOUR COM PORT # as shown in DEVICE Manager
3. Enter YOUR SPC Code into the box, as shown.
4. Check the box immediately next to where you entered the SPC Code.
5. Click "Connect"!
Now, follow these instructions:
1. Click "READ" --AT THE TOP--
2. Make sure it says: "SPC is Correct. Phone Unlocked."
3. Click the "Write" button, and find the "nv-unlock.txt" file - make sure it confirms success
4. Click the "Write" button, and find the "nv-unlock2.txt" file - make sure this confirms success
5. Click the "Write" button, and find the "unlock-domestic.txt" file - make sure this also confirms success
6. Click the "Write" button, and find the "nv-ruim-only.txt" fine - and make sure it confirms success as well
7. Last, click MODE, then RESET
And lastly, once the phone reboots, go to Settings, More, Mobile Networks and select GSM/UMTS.
DONE! You are SIM-Unlocked!
KNOWN ISSUES: On domestic carriers, users are reporting that although it DOES work, the signal bars may show no service. (I am looking into this.) Additionally, if data isn't working, YOU NEED TO INPUT THE PROPER APN FOR YOUR CARRIER (as with all GSM phones).
^^^***THIS MAY BE SOLVED*** Apparently, it involves simply using fastboot to set your carrier! (THANKS, @ejlmd , and @leonardoafa !!!) You can see this post for more details: http://xdaforums.com/showpost.php?p=54468353&postcount=126 (And hit the "THANKS" to @ejlmd, and @leonardoafa in the linked post). This **should** fix your signal bar issues, AND roaming indicator, and allow SMS without issue.
ALSO, you will NOT get LTE data...on any carrier except Sprint because the radio inside doesn't support any LTE bands except 25 (used by Sprint). You also won't get HSPA/HSPA+ (3G/4G) data for any carrier using frequencies not supported by the Sprint Moto X. For instance: If you are using T-Mobile, unless you are in an area that has been re-farmed to 1900mhz HSPA/HSPA+, you will only get EDGE data. This is because T-Mobile extensively uses HSPA/HSPA+ on the 1700mhz AWS band which is not supported by the Sprint Moto X. See the link below for a complete list of frequencies supported by the XT1056.
http://en.wikipedia.org/wiki/Moto_X
Keep in mind that once you write the "nv-ruim-only.txt" file, you will no longer be able to use CDMA without flashing the "revert" file listed below (puts you back on the default RUIM-CONFIG). The "revert" file is ONLY to be used if you want (for some reason) to switch back to CDMA. You do not need it if you intend to only use GSM. Also, the purpose of "nv-unlock2" is to unlock the MIP settings, and prevent the phone from reverting BACK to NV-Only upon reboot.
Additionally, keep in mind that if you ever "SBF" back to stock, using RSD Lite (or fastboot method), it will un-do the SIM-CRACK, and you will need to repeat these steps.
You ***SHOULD*** be able to accept Updates (OTAs) without losing the SIM-CRACK.
*****If you click any of the attached TXT files, and it OPENS in your browser, instead of downloading, RIGHT-CLICK on it, and click "Save Link As" -- it should download without issue.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: samwathegreat@gmail.com36Driver Issues?
This post is for you.
In order to use the DIAG interface, you must first install the Motorola Drivers from here: https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/88481
REMEMBER: As stated in POST # 2, you MUST have "USB Debugging" DISABLED, or the DIAG port will NOT activate.
If you installed these drivers, and you still can't get it to work, and you have an entry under "Other Devices" (In Device Manager) called "Motorola QC Diag Interface" (SEE PIC1, attached below) follow the instructions in the attached pictures STEP-BY-STEP, IN ORDER, to FORCE driver installation.
We are ONLY concerned with the QC Diag Interface - don't worry about the rest of the entries under "Unknown Devices" -- these are not important.
Once you have successfully FORCED the driver installation, you should have an entry under Ports (COM & LPT), called "Motorola QC Diag Port (COMX)" (SEE PIC8, attached below). NOTE the value of "X" - this is the COM port you will use for our purposes. When you successfully have this entry, you can continue with the "FULL INSTRUCTIONS" in POST # 2.
[Q]: How much should I donate to you for all the time (weeks) you spent working on this?
[A]: Please donate what you feel it is worth to you. The XT1056 can be found far cheaper than any other Moto X Variant, and now that we can SIM-UNLOCK it, it will become much more popular. If I have saved you money, or added value to the phone you already own, I would appreciate being compensated accordingly. I realize that some are not able to donate, and I understand. Do what you can / what you feel is fair. I spent countless hours on this, and would appreciate being somewhat-compensated for my efforts. This, of course, is not a requirement, since I have posted the solution and made it freely available to everyone. Keep in mind that the China Taobao-seller was charging $80 for EACH unlock...and HIS sim-crack didn't even unlock for Domestic U.S users!!!
PayPal Donation address: samwathegreat@gmail.com
11Done!!!
Just flash this attached file. Connect as usual to the NV-ITEMS Reader/Writer. Click Write and select the attached file which you must have downloaded. After writing, go to Mode and click reset. Phone will restart. Go to Settings, More, Mobile Networks and select GSM/UMTS. Phone unlocked. Special thanks again to @samwathegreat without whom this will not be possible.
I'm on GSM right now...
NB If you've been using this phone on CDMA, you need to change RUIM Config to RUIM Only, else whenever you restart it will revert back to CDMA mode.9
Do THIS:
Now, follow these instructions:
1. Click "READ" --AT THE TOP--
2. Make sure it says: "SPC is Correct. Phone Unlocked."
3. Click the "Write" button, and find the "nv-unlock.txt" file - make sure it confirms success
4. Click the "Write" button, and find the "nv-unlock2.txt" file - make sure this confirms success
5. Click the "Write" button, and find the "unlock-domestic.txt" file - make sure this also confirms success
6. Click the "Write" button, and find the "nv-ruim-only.txt" fine - and make sure it confirms success as well
7. Last, click MODE, then RESET
Then send me a screenshot of whatever error you get. Also tell me which file(s) gives you the ERROR.
Also, how about hitting the "THANKS" button on all my posts since you are:
1. Using my method
and
2. Asking me for help....
I don't get why people aren't doing this...
