[REF] How to unlock/unfreeze all SGS Models [NOW WORKS ON Vibrant 4G][Updated 4-9-11]

What model did this work on?

  • GT-I9000

    Votes: 2,074 49.3%

  • USA Vibrant

    Votes: 977 23.2%

  • USA Captivate

    Votes: 573 13.6%

  • Bell I9000

    Votes: 275 6.5%

  • Other

    Votes: 304 7.2%
  • Total voters
    4,203
Search This thread
By:
Advanced…
costygsm2

costygsm2

Senior Member
Dec 29, 2005
407
570
www.gsmcool.net
helroz said:
And all lost IMEI....

IMEI is crypted in nv_data.
Click to expand...
Click to collapse

are u sure?:D
IMEI will be 100% ok after that :) i edited nv_data.bin without altering anything else.all those deleted files will be recreated after restart.I tested in my phone ,i had no codes before and FFFFFFFF in nv_data.bin and now all is ok,imei,product code and unlock codes
But u can backup efs folder :)
 
H

helroz

Senior Member
Jul 3, 2008
244
215
I have not see this link is for only one person.

I have deleted my previous post after see it.

For information this method work only on eclair, don't work on froyo.

Froyo delete codes at restart.

And for create bak files, copy bin files with md5, this is the same files
 
Last edited:
P

pri*S*

New member
Nov 10, 2010
1
0
I'm from Brazil and I intent to buy a galaxy S on ebay.

Some of them are locked and I was wondering if it's possible to unlock them without the SIM card, because as I don't leave in US, I won't be able to buy the AT&T nor T-mobile SIM.

So is it possible to unlock it without the SIM??
 
T

tonie972

Senior Member
Nov 13, 2009
271
5
aridoasis said:
Hi guys.

I've been emailing back and forth with dagentooboy trying to figure out the unlock code for my BELL Vibrant which wouldn't display the code when using SGS unlocker. Unfortunately, the code was nowhere to be found. I was almost ready to give up.

I just tried this out of sheer gut feeling. This is so amazing. I noticed that when i mistakenly deleted a file on the efs folder, i did a reboot and the file was back. So, out of desperation, I deleted everything on efs folder (using Super Manager from market with root access), rebooted and ran the SGS unlock tool. Crazy enough, it said 'Found codes!' and the value for both Unlock Code and Unfreeze code were both null. I entered *#7465625# on the phone and Network Lock is now [OFF]. I inserted my sim (Rogers) and it's now working!

DO NOT TRY THIS IF YOU DON'T KNOW WHAT YOU'RE DOING!

dagentooboy, if you can incorporate this in your app, it would be a great alternative for those having problems with finding the code. although, I'm sure further testing needs to be done with this method as it seems I am the only one to have tried this.
Click to expand...
Click to collapse

I tried this method but it said "Null" for Unblock doe and Unfreeze code. I have a Vibrant. Any help?
 
  • Like
Reactions: mikeybaby72
dagentooboy

dagentooboy

Senior Member
Feb 16, 2008
544
156
Kansas
Right now we are working on a new app... It will incorporate both the root and no-root methods into one app. We are working on including some other features that will help with some of these issues. What I need to know is if you generate a new nv_data.bin file as described by helroz does your IMEI stay the same? Right now I think the methods I have heard of are....

The app... if you get a code there is about an 80% chance that it will work... for some reason Samsung's unlock procedure doesn't really work very well

The Froyo app... same as above except it works with more of Samsung's attempts to lock us out

Regenerate nv_data.bin with new codes and delete all other files in /efs/ and put your new nv_data.bin in there reset and it regenerates the md5

*2767*3855# for full factory reset and then try unlocking again (make sure you backup everything)

DO NOT TRY THIS
Delete everything in /efs/ and reboot (messes up IMEI but unlocks the phone)

I need to gather information on these ideas so I know what to put in the new app.
 
costygsm2

costygsm2

Senior Member
Dec 29, 2005
407
570
www.gsmcool.net
dagentooboy said:
Right now we are working on a new app... It will incorporate both the root and no-root methods into one app. We are working on including some other features that will help with some of these issues. What I need to know is if you generate a new nv_data.bin file as described by helroz does your IMEI stay the same? Right now I think the methods I have heard of are....

The app... if you get a code there is about an 80% chance that it will work... for some reason Samsung's unlock procedure doesn't really work very well

The Froyo app... same as above except it works with more of Samsung's attempts to lock us out

Regenerate nv_data.bin with new codes and delete all other files in /efs/ and put your new nv_data.bin in there reset and it regenerates the md5

*2767*3855# for full factory reset and then try unlocking again (make sure you backup everything)

DO NOT TRY THIS
Delete everything in /efs/ and reboot (messes up IMEI but unlocks the phone)

I need to gather information on these ideas so I know what to put in the new app.
Click to expand...
Click to collapse

u must make an application to modify the nv_data.bin file and replace FFFFFFFF with new codes and delete files that are recreated automatically.If u delete this file will be problems with IMEI.These are the addresses codes:
-unlock code - 00181460
-unfreeze code - 00180036

files that should be deleted after editing:
- .nv_data.bak
-.nv_data.bak.md5
-.nv_state
-nv_data.bin (old one)
-nv_data.bin.md5
 
dagentooboy

dagentooboy

Senior Member
Feb 16, 2008
544
156
Kansas
costygsm2 said:
u must make an application to modify the nv_data.bin file and replace FFFFFFFF with new codes and delete files that are recreated automatically.If u delete this file will be problems with IMEI.These are the addresses codes:
-unlock code - 00181460
-unfreeze code - 00180036

files that should be deleted after editing:
- .nv_data.bak
-.nv_data.bak.md5
-.nv_state
-nv_data.bin (old one)
-nv_data.bin.md5
Click to expand...
Click to collapse

Yeah that's what I got before... but you are saying if I do that it doesn't mess up the IMEI? What if I chmod -R 755 /efs? will that work through a reboot or will the permissions reset every reboot?
 
H

helroz

Senior Member
Jul 3, 2008
244
215
In my new method to unlock, I copy all information in new nv_data.bin already unlocked.

Copy offsets: 180004 - 180058 included (crypted imei)
Copy offsets: 188004 - 1880F1 included (product code, product and little more^^)

offset 180049 - 180050 included: unfreeze code
offset 180051 - 180058 included: unfreeze code

offset 18005A - 180061 included: simunlock code
offset 18146E - 181475 included: simunlock code

After reinsert this new nv_data.bin in the phone, with this method, no unlock demands and phone is sim unlocked.

Your method work only on Eclair Firmware, Froyo delete code at reboot, with this method, normally this is work on alll firmware if it create nv_data.bin.md5 at restart.

For information, no need delete .nv_state for work.

Your method is my old method in light.

dagentooboy work on this new method (post 31):

http://xdaforums.com/showthread.php?t=822008&page=4

My older method is here (post 107):

http://xdaforums.com/showthread.php?t=771158&page=11


On this 2 method if imei is good at the start, he is good at the end.

It's possible to work on .nv_data.bak or nv_data.JPC to rename it nv_data.bin if nv_data.bin don't have correct imei.



@ dagentooboy:

With this 2 methods: no lost imei if is good at the start.

But normally newer method (source files PM to you) Normally work on Froyo. and older method work only on eclair.

http://xdaforums.com/showthread.php?t=822008&page=4

With this 2 methods, i have repair much phone and if the instructions have been totally followed the imei is not lost.
 
Last edited:
S

speedeboy

New member
Nov 11, 2010
3
0
Samsung Captivate

Hey,
Im having a lot of trouble trying to get the actual unlock code when running the .bat file... Im not really a guru at this stuff but can follow instructions pretty well. thought i did everything right, but im getting a not recognized error after running the file. i can see the phone in windows 7 explorer also so i guess the drivers are ok. just cant get it to spit the code....

Any help would be great as i have to travel to Europe soon
 
costygsm2

costygsm2

Senior Member
Dec 29, 2005
407
570
www.gsmcool.net
speedeboy said:
Hey,
Im having a lot of trouble trying to get the actual unlock code when running the .bat file... Im not really a guru at this stuff but can follow instructions pretty well. thought i did everything right, but im getting a not recognized error after running the file. i can see the phone in windows 7 explorer also so i guess the drivers are ok. just cant get it to spit the code....

Any help would be great as i have to travel to Europe soon
Click to expand...
Click to collapse

post here your nv_data.bin...use "search" if u dont know how to find it
 
2

213inc

New member
Aug 17, 2009
2
0
Hello i would like to know if this will work for the tmobile Vibrant to make it work for simply mobile?
 
You must log in or register to reply here.

Similar threads

P
  • Locked
[ROM][ICS][IML74K] teamhacksung's CM9 ALPHA for Galaxy S (BUILD 17) BUG REPORTS ONLY
Replies
15K
Views
6M
P
pawitp
DerTeufel1980
[ROM] Helly_Bean [4.1.2], based on sources of cm10, 11/15 also for i9000b
Replies
9K
Views
2M
jupiter5700
jupiter5700
D
  • Locked
[online KITCHEN] *ROM Kitchen* 10/5: Ginger JVH 2.3.3 up
Replies
40K
Views
7M
marcedli
marcedli
supercurio
[MOD] Taste Nexus S Gingerbread on Galaxy S v6 - network (unstable) - tech DEMO
Replies
2K
Views
3M
O
opxkishan
A
  • Poll
[ROM][30/10/11] Juwe's Smart Edition > v6.0 XXJVT Based On Official Android 2.3.5 <
Replies
8K
Views
2M
ipospa
ipospa

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 53
    dagentooboy
    dagentooboy
    Vibrant 4G/SGS 4G manual method here

    PRO App also works on Vibrant 4G/SGS 4G for anyone who doesn't feel comfortable with a hex editor

    Do NOT try this or any other unlock method on the SC-02B Docomo phone. Please see thread here for progress on the SC-02B

    Please note the same information used to develop the app is in the guide for free... the app just makes it easier

    ALL METHODS FOR NEWER PHONES REQUIRE ROOT... PLEASE GO GET ROOT ON YOUR PHONE AND THEN COME BACK.

    Oh and BTW... I cannot be held responsible for anything that happens to your phone.... EVER!

    Before you start... if you don't have root you WILL need it unless you are on a really old version of android 2.1 (look in Appendix A for depreciated methods)

    Step 1. - Retrieve nv_data.bin file
    use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
    Code: 
    su
cat /efs/nv_data.bin >> /sdcard/nv_data.bin

    Step 2. - Edit nv_data.bin file
    mount the internal SD Card on your computer
    make a backup copy of the nv_data.bin file on your computer
    using your favorite HEX editor open the nv_data.bin on the sdcard
    jump to address 0x181468

    you should see a string like this
    ff 01 00 00 00 00 46 46
    there are 5 different types of locks in 5 different bytes
    the FF byte should be left alone
    the first byte after the FF is the network lock
    the next byte is the network subset lock
    the next byte is the sp lock
    the next byte is the cp lock
    the last byte appears to be a data lock.
    the 46 46 should be left alone
    Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
    It should read ff 00 00 00 00 00 46 46 for unlocked
    save and close file
    unmount SD Card

    Step 3. - Replace nv_data.bin file
    I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR NV_DATA.BIN FILE BEFORE YOU CONTINUE!!!!!

    use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
    Code: 
    su
rm /efs/nv_data.bin
rm /efs/nv_data.bin.md5
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
reboot
    your phone is now unlocked... enjoy :D

    [OPTIONAL] Use the PRO app [OPTIONAL]
    Please note that this step is ONLY here for people that are not comfortable using a Hex editor.
    Search "Vibrant unlock" in the market or scan the QR code:
    img.php


    Install and run app
    press menu
    press Unlock Phone
    Select phone
    allow root
    at this point if you get an error code make SURE you mount your internal SD card on your computer and backup the nv_data.bin.orig file that is there.
    press unlock
    restart and your phone is now unlocked

    to lock your phone for warranty
    press lock instead of unlock
    restart your phone, remove root, and take your phone in for warranty


    APPENDIX A (DEPRECIATED)

    DOES NOT WORK ON 90% PHONES PLEASE USE THE APP
    Using ADB
    Make sure that Network Lock is the only thing on... go to phone and enter *#7465625#
    Make sure USB debugging is enabled (Settings->Applications->Development->USB Debugging)
    Using APP (Thanks ClarkeHackworth and DaGentooBoy)
    ClarkHackworth's page about the app
    Same thing as before if this bricks your phone sorry but we aren't responsible.

    Step A.1. – Get your code
    Search Samsung Galaxy S Unlock Tool in the market or scan the QR code.
    img.php

    Install SGS_Unlock.apk
    Applications->SGS Unlock
    Menu->Root Gen Codes (Root method is the most reliable method at this point)

    Jump to Step A.2.

    Step A.1.alternate – Get your code

    For Mac Updated!!! New Script

    nbs11 said:
    1. Download the Samsung Galaxy S Unlocker for Mac from this here:
    http://www.multiupload.com/9NEBR6FAKD

    2. Mount the DMG and drag the folder onto the hard drive. DO NOT DRAG THE ICON WITH THE LOCK (the app). Once the file is finished copying continue.

    3. Open the application with the lock. It should open a terminal window. Let it run for a few seconds and then it should show a screen like this:

    9039xs.png


    4. Write down your unlock code
    Click to expand...
    Click to collapse

    For Windows UPDATED!!! With Un-Freeze Codes
    Video Guide
    Download and extract the attached Generate Unlock Windows.zip.
    Run Generate_Code.bat
    Look for the line Network Control Key:YourCode
    Save the code

    Step A.2. – Enter the code

    Power down your phone
    Put in a SIM card from another carrier
    Power up your phone
    When it boots up it will ask for the unlock code that you found above

    OR

    NO SIM Method (Thanks RazvanG)
    (Apparently this just adds another SIM to the accepted SIM list... can someone confirm?)
    remove sim card
    power on phone without sim
    enter *7465625*638*# and relock the phone to another network other than the one u have u'r sim card (eg 22610)
    power off phone
    insert sim card back
    power on and enter nck code extracted from .bak file
    phone unlocked

    Step A.3. – Flash back (IF THE CODE DIDN'T WORK)

    Flash back to an older firmware (I9000XXJF7 with 513.pit worked for me on an I9000)
    Now enter the unlock code you generated in Step 2.


    RazvanG said:
    HOW TO LOCK SAMSUNG GALAXY S - FOR WARRANTY PURPOSES ONLY (TESTED)

    After you get the NCK code using the method above, enter: *7465625*638*#
    There will be a pop-up box.
    Complete the first field (MCC/MNC) with the network you want your phone locked to (eg. 226 10 where 226 = romania; 10 = orange etc.) and the second field (Control Key) with the NCK extracted from the .bak file.
    Press OK and your phone should relock.
    RazvanG
    Click to expand...
    Click to collapse

    Guide in Spanish here
    Guide in Italian here
    Guide in Chinese here

    LEGAL NOTES (because information should be free for all):
    YOU MAY NOT, BY ANY MEANS, USE THIS SOLUTION/CODE OR PART OF IT FOR COMMERCIAL PURPOSES.
    DO NOT USE THIS EXTRACTION METHOD COMMERCIALLY


    PLEASE give credit (and donations if you can) to
    For those of you that have donated THANKS! (You know who you are... you paid for my developer account so I could post the app)

    DaGentooBoy For this AWESOME guide, the free and PRO apps, finding the other unlock bits, the original mac and windows scripts, the no root cat nv_data method, the unfreeze code portion of the mac script, and a lot of troubleshooting :D (Paypal)

    dawen, Helroz, and NWolf for discovering the hex location of the lock bit in the nv_data.bin file (donate to NWolf here)

    RazvanG for pointing galaxysguy in the right direction, finding the Freeze Code location in the .bak file, the code for re-locking the phone to any network, and the solution to unlock with only one sim card (Paypal)

    rbnet.it and marcopon for the cool SGUX utility for windows to extract both the Unlock and Unfreeze codes (donate to marcopon and rbnet.it Here)

    nbs11 for the new mac script that makes it REALLY easy (donate here)

    Bowsa2511 for the command to extract the unlock code on a Mac (Paypal here)

    rhcp0112345 for finding the file and giving me (and others) a place to start (Donate here)

    galaxysguy for confirming that I was looking at the right code (Paypal here)

    AllGamer for starting the Bounty thread and giving the XDA devs the motivation to get started.

    If you want me to extract the code for you just PM me with a link to your zipped bml3.bak or nv_data.bin file and I will send you back the code. If it works please feel free to donate via Paypal
    View
    5
    H
    Happy Hunter
    Unlock Froyo 2.2 I9000M phone running I9000UGJK4

    Just updated post with more details, I hope someone will find it more useful. As always make sure you have a backup, make a backup of your nv_data.bin BEFORE editing.

    I was not able to unlock my phone Froyo 2.2 I9000M phone running I9000UGJK4 firmware by using this official thread http://xdaforums.com/showthread.php?t=761045
    and after few hours of searching I found this method which worked for me from first attempt.

    I give all the credits for this idea to cursor2010 from http://xdaforums.com/showpost.php?p=8656481&postcount=156

    Here are the detailed steps

    * Your phone must be rooted (I used SuperOneClick http://xdaforums.com/showthread.php?t=803682) to do this unlocking and busybox from market is installed
    * Get the archive file from first post of this topic. The archive contains ADB software which we will use to connect to the phone.
    * Turn On USB debugging Application->Settings->Application->Development
    * Follow the instructions of STEP 4 from http://www.communityhosting.net/sgsunlock/i9000.html to get your nv_data.bin to your PC

    Get your current nv_data.bin file from the /efs directory on your phone. This can be done with ADB. Most often, the nv_data.bin file is not readable and you will get a permission denied message. You'll need to enter the commands manually.
    To do this with ADB, from the DOS command prompt you can type:

    adb pull /efs/nv_data.bin

    If you receive a permission denied error, you can fix it by typing the following commands from an ADB shell (type "adb shell" at the DOS command prompt) or from within a terminal on the phone:

    adb shell
    su
    chmod 777 /efs/nv_data.bin
    exit
    exit

    Then from the DOS command prompt:

    adb pull /efs/nv_data.bin

    Using Hex editor edit the file ( you can use any hex editor, http://www.logitheque.com/logiciels/windows/utilitaires/editeur_hexadecimal/telecharger/edithexa_9903.htm for example). I personally use UltraEdit.

    UEdit.jpg

    At the offset of 180069H you will see your provider MCC and MNC codes see http://en.wikipedia.org/wiki/Mobile_Network_Code

    In my case the code was 30261020404... which is Bell Canada, so I changed 610 to 720 Rogers Canada now the code is 30272020404...

    Again the offset in the file is 180069H.

    Save the file on the pc.

    * Follow the instructions from http://xdaforums.com/showpost.php?p=8182729&postcount=107

    Copy your nv_data.bin to temporary folder on your phone:

    adb shell "mkdir /sdcard/efs"
    adb push nv_data.bin /sdcard/efs
    adb shell
    su
    ls -l -a /efs

    If there is an nv_data.bin.md5 file in the directory, all is well. You should continue with these commands:

    mv /efs/.nv_data.bak /efs/.nv_data.bakk
    mv /efs/.nv_data.bak.md5 /efs/.nv_data.bakk.md5
    rm /efs/nv_data.bin
    rm /efs/nv_data.bin.md5
    rm /efs/.nv2.bak
    rm /efs/.nv2.bak.md5
    busybox cp /sdcard/efs/nv_data.bin /efs/nv_data.bin
    chmod 755 /efs/nv_data.bin
    chown radio.radio /efs/nv_data.bin
    exit
    exit

    if you have errors on the chown command, use
    chown 1001.1001 /efs/nv_data.bin


    If there was no nv_data.bin.md5 file, then something is wrong and you'll need to see other options or reflash again with a known working ROM that generates a new MD5 file when it's missing.

    * Reboot the phone, it should not ask any unlock codes or anything, in my case it simply just registered on Rogers network

    * Obviously you also need to program your APN settings for Rogers from http://xdaforums.com/showthread.php?t=809003 to make your 3G working. For your own provider please search forum.

    I wish it would be much simpler or automated or tested on bigger variety of phones.If somebody could gather the statistics and check if this method is applicable throughout all the versions of I9000, that would be very nice.

    Feel free to comment my post.
    View
    2
    dagentooboy
    dagentooboy
    slytidar said:
    can you tell me which method you used ??
    Click to expand...
    Click to collapse

    The HEX hack is the one that works on most devices. Unfortunately the unlcok code was removed from the bin file a long time ago.
    View
    2
    slytidar
    slytidar
    budgreen24 said:
    Hey, I know this thread is old but I just wanted to say Thanks man. This worked perfectly to unlock an AT&T Captivate SGH-i897.
    Click to expand...
    Click to collapse

    can you tell me which method you used ??
    View
    1
    dagentooboy
    dagentooboy
    AllGamer said:
    re: credits
    apparently marcopon helped rbnet.it to write that sgux utility.
    Click to expand...
    Click to collapse

    thanks... I saw the bounty thread is updated. Feel free to link to the instructions on this thread so that they all go to one place.
    View

New posts