So I managed to unlock my T-Mobile Tab 10.1 over the weekend and I discovered that it works on ATT at 3.5G speeds.
My Tab has several files in the /efs/ folder that weren't there in my previous Samsung phones.
Unlock App for anyone who doesn't feel comfortable with a hex editor
BTW... I cannot be held responsible for anything that happens to your phone.... EVER!
Before you start... if you don't have root you WILL need it.
ALSO MAKE SURE YOU HAVE A BACKUP OF THE /efs/ FOLDER
Step 1. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x181468
you should see a string like this
ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
It should read ff 00 00 00 00 00 46 46 for unlocked
save and close file
unmount SD Card
Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR /efs/ FOLDER BEFORE YOU CONTINUE!!!!!
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
your tab is now unlocked... enjoy
If you have any trouble with md5 and IMEI stuff change .nv_state from 0x30 to 0x31 (or ascii 0 to 1)
Give a big thanks to all the people that helped with the original unlock method (in the i9000 thread)
If it works please feel free to donate via Paypal
My Tab has several files in the /efs/ folder that weren't there in my previous Samsung phones.
Unlock App for anyone who doesn't feel comfortable with a hex editor
BTW... I cannot be held responsible for anything that happens to your phone.... EVER!
Before you start... if you don't have root you WILL need it.
ALSO MAKE SURE YOU HAVE A BACKUP OF THE /efs/ FOLDER
Step 1. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/nv_data.bin >> /sdcard/nv_data.bin
cat /efs/.nv_state >> /sdcard/.nv_state
busybox cp -r /efs /sdcard/
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x181468
you should see a string like this
ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
It should read ff 00 00 00 00 00 46 46 for unlocked
save and close file
unmount SD Card
Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR /efs/ FOLDER BEFORE YOU CONTINUE!!!!!
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/nv_*
rm /efs/.nv_*
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
cat /sdcard/.nv_state >> /efs/.nv_state
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
chmod 755 /efs/.nv_state
chown radio.radio /efs/.nv_state || chown 1001.1001 /efs/.nv_state
reboot
If you have any trouble with md5 and IMEI stuff change .nv_state from 0x30 to 0x31 (or ascii 0 to 1)
Give a big thanks to all the people that helped with the original unlock method (in the i9000 thread)
If it works please feel free to donate via Paypal
Last edited: