It will reboot the system without loading the Extrom until the next time u do a hard reset. Actually, u can tell the SB staff not to test the fone...say it's ok..rushing for time or somethin'...I've done that twice.
HOW TO SIM-Unlock SoftBank X01ht post April (white versions) with radio 1.14.01.10
- Thread starter pof
- Start date
It will reboot the system without loading the Extrom until the next time u do a hard reset. Actually, u can tell the SB staff not to test the fone...say it's ok..rushing for time or somethin'...I've done that twice.
just curious. i checked my udp.log and it looks something like that, but not exactly. i'll paste it below. sorry if it's too long:
Code:
00:03:57 [msg] : Start. Version : v2.80
00:03:57 [msg] : QCT Retry Process Loop, Retry Times=0.
00:03:57 [msg] : QCT CreateFile (MSM1:) OK, Handle=c2952ab2.
00:03:57 [msg] : CreateEvent (RxDataFromQCT) OK, Handle=0xc28f1332.
00:03:57 [msg] : QCT DeviceIoControl (IOCTL_QCT_REGISTER_EVENT) OK.
00:03:57 [msg] : CreateThread (Read QCT Data) OK, Handle=285b956.
00:03:57 [msg] : CeSetThreadPriority (130) OK, bRet=1, Error Code=0
00:03:57 [msg] : QCT dload OK
00:03:57 [msg] : rget=4
00:03:57 [msg] : do rversion........
00:03:57 [msg] : rget=4
00:03:57 [msg] : got rversion=8
00:03:57 [msg] : do rseed........
00:03:57 [msg] : rget=44
00:03:57 [msg] : do rpass=0
00:03:57 [msg] : rget=16
00:03:57 [msg] : rpass ok
00:03:57 [msg] : Read Config File OK, FileSize=0.
00:03:58 [msg] : rget=16
00:03:58 [msg] : rwdata ok=0
00:03:58 [msg] : Read Config File OK, FileSize=65536.
00:03:59 [msg] : rget=16
00:03:59 [msg] : rwdata ok=65536
00:03:59 [msg] : Read Config File OK, FileSize=131072.
00:04:00 [msg] : rget=16
00:04:00 [msg] : rwdata ok=131072
00:04:00 [msg] : Read Config File OK, FileSize=196608.
00:04:01 [msg] : rget=16
00:04:01 [msg] : rwdata ok=196608
00:04:01 [msg] : Read Config File OK, FileSize=262144.
00:04:01 [msg] : rget=16
00:04:01 [msg] : rwdata ok=262144
00:04:01 [msg] : Read Config File OK, FileSize=327680.
00:04:03 [msg] : rget=16
00:04:03 [msg] : rwdata ok=327680
00:04:03 [msg] : Read Config File OK, FileSize=393216.
00:04:03 [msg] : rget=16
00:04:03 [msg] : rwdata ok=393216
00:04:03 [msg] : Read Config File OK, FileSize=458752.
00:04:04 [msg] : rget=16
00:04:04 [msg] : rwdata ok=458752
00:04:04 [msg] : Read Config File OK, FileSize=524288.
00:04:05 [msg] : rget=16
00:04:05 [msg] : rwdata ok=524288
00:04:05 [msg] : Read Config File OK, FileSize=589824.
00:04:05 [msg] : rget=16
00:04:05 [msg] : rwdata ok=589824
00:04:05 [msg] : Read Config File OK, FileSize=655360.
00:04:06 [msg] : rget=16
00:04:06 [msg] : rwdata ok=655360
00:04:06 [msg] : Read Config File OK, FileSize=720896.
00:04:07 [msg] : rget=16
00:04:07 [msg] : rwdata ok=720896
00:04:07 [msg] : Read Config File OK, FileSize=786432.
00:04:08 [msg] : rget=16
00:04:08 [msg] : rwdata ok=786432
00:04:08 [msg] : Read Config File OK, FileSize=851968.
00:04:08 [msg] : rget=16
00:04:08 [msg] : rwdata ok=851968
00:04:08 [msg] : Read Config File OK, FileSize=917504.
00:04:09 [msg] : rget=16
00:04:09 [msg] : rwdata ok=917504
00:04:09 [msg] : Read Config File OK, FileSize=983040.
00:04:10 [msg] : rget=16
00:04:10 [msg] : rwdata ok=983040
00:04:10 [msg] : Read Config File OK, FileSize=1048576.
00:04:10 [msg] : rget=16
00:04:10 [msg] : rwdata ok=1048576
00:04:10 [msg] : Read Config File OK, FileSize=1114112.
00:04:11 [msg] : rget=16
00:04:11 [msg] : rwdata ok=1114112
00:04:11 [msg] : Read Config File OK, FileSize=1179648.
00:04:12 [msg] : rget=16
00:04:12 [msg] : rwdata ok=1179648
00:04:12 [msg] : Read Config File OK, FileSize=1245184.
00:04:13 [msg] : rget=16
00:04:13 [msg] : rwdata ok=1245184
00:04:13 [msg] : Read Config File OK, FileSize=1310720.
00:04:15 [msg] : rget=16
00:04:15 [msg] : rwdata ok=1310720
00:04:15 [msg] : RFLASH ok
00:04:15 [msg] : CloseThread (Read QCT Data), Handle=285b956, Result=1.
00:04:15 [msg] : The End.i'm wondering if the significant part is the 'rversion' in there. mine says 8 where as the sample you posted (pof) says 82. does that 82 correspond to the radio BL or am i still SOL for the moment?
Yes, you had radio bootloader 0108 (that's why it shows '8'), and it upgraded the radio bootloader to 0182... you can see the flashing went OK. If you re-run the exe agian you'll get the same message as I posted because you now have 0182.
I've patched the exe to not look for #0x52 (82 in hex) and flash any radio bootloader which you embed inside, I can flash 0182 over 0182, but only unmodified because it contains a checksum, and I can't flash 0108 or 0107 because 0182 detects it's a downgrade. Will keep trying and post my findings when I have some success with that.
Hi pof,
I've successfull flashed my white x01ht to the patched radio rom and run unlocker.Tick unlock only and run after that reboot and put in simcard still prompt to the SIMLOCK screen and ask for password.
P/s i try to flash again the unlocker still the same.Any idea?
I've successfull flashed my white x01ht to the patched radio rom and run unlocker.Tick unlock only and run after that reboot and put in simcard still prompt to the SIMLOCK screen and ask for password.
P/s i try to flash again the unlocker still the same.Any idea?
@jxun: the softbank rom has the anoying UISM screen (software simlock protection), if this is what you're getting, search this forum for welcome.exe.
@jxun: check your radio version before running the exe, it must be 1.16.
@kayzee: see if you have file \windows\udp.log, if it is there you have already run the extrom and you can't unlock it with this method.
@kayzee: see if you have file \windows\udp.log, if it is there you have already run the extrom and you can't unlock it with this method.
It's pretty simple, i'll try to explain again in other words:
Softbank x01ht post april phones are sold with radio bootloader 0108 on them, so you can unlock them using the usual procedure, BUT softbank has added an exe file in the ExtROM which upgrades your radio bootloader to 0182. If this file is run ONCE, the radio bootloader is updated and there is no known way to downgrade it.
If you flash a radio and the radio version on your phone is kept to 1.14.01.10 means the exe file in extrom has already run and your radio bootloader has already been updated to 0182, so stop *****ing, as we don't know how to unlock those yet.
If you flash a radio, and the radio is updated to the version you're flashing means the exe file in extrom has never been executed and your radio bootloader is still 0108, so you can flash the patched radio and unlock it normally.
In addition to this, after you unlock it, it is _recommended_ that you flash another ExtROM in your phone to avoid executing the exe file accidentally after a hard reset, or at least unlock the extrom and delete the exe file.
And also in addition to this, softbank has added a software simlock protection on the rom, the USIM screen which doesn't let you use the hermes if softbank SIM is not inserted, if you want to avoid that you have to search for welcome.exe or flash another OS rom on it.
That's all... read and understand what you're doing and what you've done in the past, if you have never run the extrom you'll be able to unlock, otherwise wait until a solution to unlock with 0182 radio bootloaders is found, we're looking into it.
And if you want to check for sure which radio bootloader version do you have you can flash HardSPL-1.10 and run 'rtask a' & 'rversion' from mtty, it will show up there.
Hope it's clear now.
Softbank x01ht post april phones are sold with radio bootloader 0108 on them, so you can unlock them using the usual procedure, BUT softbank has added an exe file in the ExtROM which upgrades your radio bootloader to 0182. If this file is run ONCE, the radio bootloader is updated and there is no known way to downgrade it.
If you flash a radio and the radio version on your phone is kept to 1.14.01.10 means the exe file in extrom has already run and your radio bootloader has already been updated to 0182, so stop *****ing, as we don't know how to unlock those yet.
If you flash a radio, and the radio is updated to the version you're flashing means the exe file in extrom has never been executed and your radio bootloader is still 0108, so you can flash the patched radio and unlock it normally.
In addition to this, after you unlock it, it is _recommended_ that you flash another ExtROM in your phone to avoid executing the exe file accidentally after a hard reset, or at least unlock the extrom and delete the exe file.
And also in addition to this, softbank has added a software simlock protection on the rom, the USIM screen which doesn't let you use the hermes if softbank SIM is not inserted, if you want to avoid that you have to search for welcome.exe or flash another OS rom on it.
That's all... read and understand what you're doing and what you've done in the past, if you have never run the extrom you'll be able to unlock, otherwise wait until a solution to unlock with 0182 radio bootloaders is found, we're looking into it.
And if you want to check for sure which radio bootloader version do you have you can flash HardSPL-1.10 and run 'rtask a' & 'rversion' from mtty, it will show up there.
Hope it's clear now.
kayzee, you can check if the file is there using whatever method u like... activesync or file explorer... but you have to turn on the phone.
