[FIX/UNLOCK] Bell (Canada) I747M SIM Lock/Unlock USB / ESM NVRAM Comparison/Analysis

Search This thread

iTchill

Senior Member
Jan 4, 2012
370
88
Great find thanks!!gonna try this soon .


Sent from my SGH-I747 using xda premium
 

sd_N

Senior Member
Oct 14, 2010
725
112
Hollister
Also...just noticed after changing sims...ERI Version: Not available
Is that due to sim unlock? Should I restore my NV backup or will that re-lock sim? Thx

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
 

thatsupnow

Senior Member
Jan 31, 2011
2,612
631
Vernon
Google Pixel 3a XL
Google Pixel 5
Also...just noticed after changing sims...ERI Version: Not available
Is that due to sim unlock? Should I restore my NV backup or will that re-lock sim? Thx

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

I almost doubt that it would even matter, if everything is working properly why worry? I'm not entirely sure but the eri sounds like some kind of software buried in the factory rom or sim that maintains that lock. Ha Ha Ha probably not but I'm just throwing that out there

Sent from my SGH-I747M using xda premium
 
  • Like
Reactions: sd_N

yulet

Senior Member
Dec 10, 2011
183
96
Also...just noticed after changing sims...ERI Version: Not available
Is that due to sim unlock? Should I restore my NV backup or will that re-lock sim? Thx

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

My phone is locked and completely stock. It says the same thing, ERI Version: Not available

Sent from my SGH-I747M
 
  • Like
Reactions: sd_N
Mar 27, 2012
42
7
New York City
I successfully unlocked my phone by following the unlock trick at this thread. This works on the UCLH9 firmware. Here is how I did it.

1. Use Mobile Odin Pro to flash LEM firmware (root injected).
2. Downloaded Voodoo OTA rootkeeper.
3. Backed up root.
4. Upgraded to UCLH9 through AT&T OTA update.
5. Restored root via Voodoo OTA rootkeeper.
6. Followed the previously mentioned thread's instructions. (DO EXACTLY AS WRITTEN! When you have to wait the 30 seconds and 1 minute, do so!)
7. Reboot.
8. Shut down, pop in a different sim and verify if it worked. If not, try again.

I advise you to backup your IMEI thru QPST before doing this. Back up your IMEI again once your successful. You could help this community by providing hex values. I will very soon.
 
  • Like
Reactions: sd_N

sd_N

Senior Member
Oct 14, 2010
725
112
Hollister
I successfully unlocked my phone by following the unlock trick at this thread. This works on the UCLH9 firmware. Here is how I did it.

1. Use Mobile Odin Pro to flash LEM firmware (root injected).
2. Downloaded Voodoo OTA rootkeeper.
3. Backed up root.
4. Upgraded to UCLH9 through AT&T OTA update.
5. Restored root via Voodoo OTA rootkeeper.
6. Followed the previously mentioned thread's instructions. (DO EXACTLY AS WRITTEN! When you have to wait the 30 seconds and 1 minute, do so!)
7. Reboot.
8. Shut down, pop in a different sim and verify if it worked. If not, try again.

I advise you to backup your IMEI thru QPST before doing this. Back up your IMEI again once your successful. You could help this community by providing hex values. I will very soon.

Great write up. Timing is crucial I believe. I think the people it isnt working for are getting a little impatient. Lol. ;)

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
 

iTchill

Senior Member
Jan 4, 2012
370
88

sid_wisc

Senior Member
Dec 19, 2010
81
24
Madison, WI
Wanted to report in this thread that the above link sim unlocked my att i747. I tried numerous sims and was never prompted for the sim unlock code. I tried a verizon sim, tmobile sim, simple mobile sim. Great find !!! Thank you. I believe that it is important to follow instructions to the t. It says "wait 30 seconds" at one point and "wait one minute" at another. Just my two cents and confirmation. :D

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

Sir: Are you on AT&T version of Samsung SIII (i747 aka d2att)? Since when i try to dial the following keys *#197328640# my phone says "Connection problem or invalid MMI code".

I am currently on a JB 4.1.1 ROM (Slim ROM) as suggested by others will going to stock ROM will help and any idea if rooted status of the ROM will matter.. :highfive:
 

sd_N

Senior Member
Oct 14, 2010
725
112
Hollister
Sir: Are you on AT&T version of Samsung SIII (i747 aka d2att)? Since when i try to dial the following keys *#197328640# my phone says "Connection problem or invalid MMI code".

I am currently on a JB 4.1.1 ROM (Slim ROM) as suggested by others will going to stock ROM will help and any idea if rooted status of the ROM will matter.. :highfive:

Yes. I have a d2att Galaxy S3. The unlock method worked. I was on the stock rooted LH9 ICS when I performed the method.

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
 

sid_wisc

Senior Member
Dec 19, 2010
81
24
Madison, WI
Yes. I have a d2att Galaxy S3. The unlock method worked. I was on the stock rooted LH9 ICS when I performed the method.

Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

Thanks for your reply!! As mentioned by the other person after your response, I tried on Serenity but I cannot check until i manage to get a different SIM. I will check soon and report... Thanks for your help again
 

metalchef

Senior Member
Jan 22, 2009
249
50
Fredericton
www.metalchef.com
FWIW, I bought a Rogers i747 "NIB" (new in box) and it appeared to be factory unlocked -- and for the record, I got it from someone who I know isn't tech savvy, let alone capable of unlocking phones (he works for Rogers WBO). The box was sealed; the phone was never touched.

when I ran SGS unlock app (works on SGSIII even though it doesn't say so), it said my device was (already) unlocked.

...Just throwing that out there. Both my wife and I are anti-satan--er, Rogers people (even though Fido is a sister company, they're technically not the same).
 

sid_wisc

Senior Member
Dec 19, 2010
81
24
Madison, WI
FWIW, I bought a Rogers i747 "NIB" (new in box) and it appeared to be factory unlocked -- and for the record, I got it from someone who I know isn't tech savvy, let alone capable of unlocking phones (he works for Rogers WBO). The box was sealed; the phone was never touched.

when I ran SGS unlock app (works on SGSIII even though it doesn't say so), it said my device was (already) unlocked.

...Just throwing that out there. Both my wife and I are anti-satan--er, Rogers people (even though Fido is a sister company, they're technically not the same).

Which SGS unlock app are we talking about here? I tried one or two but there is no support for I747 (AT&T aka d2att) in any of them. I used the method suggested above but am still waiting for my t-mobile SIM to reach me and then i will check...
 

pilothaz

Senior Member
Dec 23, 2010
60
7
I am wanting to try and get this unlock to work on my phone but will have to flash back to stock... Will take this into account and maybe do it over the weekend.
 

anshuman2512

Member
Jul 18, 2010
21
4
Kolkata
Here's the 6th Block:

Before:
Code:
048352   7F 00 13 00 14 88 00 13 00 14 56 03 13 F0 62 86   ..........V...b.
048368   00 13 00 14 52 03 13 F0 62 8B 00 13 00 14 3D 00   ....R...b.....=.
048384   64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64   d..A.d....d....d
048400   F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0   ..x.d....d....d.
048416   10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10   .F.d....d..|.d..
048432   C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06   ..d..r.d....d...
048448   01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00   .d....d....d..H.
048464   64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 00 00 00   d....d....d.....
048480   88 00 01 00 D8 13 01 00 7F 00 13 00 14 88 00 13   ................
048496   00 14 56 03 13 F0 62 86 00 13 00 14 52 03 13 F0   ..V...b.....R...
048512   62 8B 00 13 00 14 3D 00 64 F0 00 41 00 64 F0 00   b.....=.d..A.d..
048528   D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9   ..d....d..x.d...
048544   03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01   .d....d..F.d....
048560   64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 72 00 64   d..|.d....d..r.d
048576   F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0   ....d....d....d.
048592   00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10   ...d..H.d....d..
048608   B6 01 64 F0 10 00 00 00 88 00 01 00 D9 13 00 00   ..d.............
048624   CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40   ..d..c.d..v.d..@
048640   00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01   .d....d....d....
048656   64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64   d....d..z.d....d
048672   F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0   ....d....d..o.d.
048688   10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00   .K.d..C.d..?.d..
048704   09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71   ..d....d..D.d..q
048720   00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00   .d..9.d....d....
048736   64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 00 00 00   d....d....d.....
048752   88 00 01 00 D9 13 01 00 CB 01 64 F0 10 63 00 64   ..........d..c.d
048768   F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0   ..v.d..@.d....d.
048784   10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10   ...d....d....d..
048800   7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9   z.d....d....d...
048816   01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00   .d..o.d..K.d..C.
048832   64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 0F 01 64   d..?.d....d....d
048848   F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0   ..D.d..q.d..9.d.
048864   00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00   ...d....d....d..
048880   C7 01 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00   ..d.............
048896   0C 01 64 F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42   ..d..;.d....d..B
048912   00 64 F0 00 C2 01 64 F0 10 79 00 64 F0 10 74 00   .d....d..y.d..t.
048928   64 F0 10 6F 02 00 F1 10 95 02 00 F1 10 A1 02 03   d..o............
048944   02 27 7F 02 03 02 27 EC 00 03 02 27 5C 03 03 02   .'....'....'\...
048960   27 42 03 03 02 27 3D 00 64 F0 00 41 00 64 F0 00   'B...'=.d..A.d..
048976   D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9   ..d....d..x.d...
048992   03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01   .d....d..F.d....
049008   64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 00 00 00   d..|.d....d.....
049024   88 00 01 00 DA 13 01 00 0C 01 64 F0 00 3B 00 64   ..........d..;.d
049040   F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0   ....d..B.d....d.
049056   10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10   .y.d..t.d..o....
049072   95 02 00 F1 10 A1 02 03 02 27 7F 02 03 02 27 EC   .........'....'.
049088   00 03 02 27 5C 03 03 02 27 42 03 03 02 27 3D 00   ...'\...'B...'=.
049104   64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64   d..A.d....d....d
049120   F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0   ..x.d....d....d.
049136   10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10   .F.d....d..|.d..
049152   C0 01 64 F0 10 00 00 00 88 00 01 00 DB 13 00 00   ..d.............
049168   72 00 64 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08   r.d....d....d...
049184   01 64 F0 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01   .d....d..H.d....
049200   64 F0 10 B6 01 64 F0 10 CB 01 64 F0 10 63 00 64   d....d....d..c.d
049216   F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0   ..v.d..@.d....d.
049232   10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10   ...d....d....d..
049248   7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9   z.d....d....d...
049264   01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00   .d..o.d..K.d..C.
049280   64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 00 00 00   d..?.d....d.....
049296   88 00 01 00 DB 13 01 00 72 00 64 F0 10 D3 01 64   ........r.d....d
049312   F0 10 06 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0   ....d....d....d.
049328   10 48 00 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10   .H.d....d....d..
049344   CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40   ..d..c.d..v.d..@
049360   00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01   .d....d....d....
049376   64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64   d....d..z.d....d
049392   F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0   ....d....d..o.d.
049408   10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00   .K.d..C.d..?.d..
049424   09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00   ..d.............
049440   0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39   ..d..D.d..q.d..9
049456   00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01   .d....d....d....
049472   64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64   d....d....d..;.d
049488   F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0   ....d..B.d....d.
049504   10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10   .y.d..t.d..o....
049520   95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF   ................



After: (color coding still in progress - manual process)
Code:
048352   [COLOR="Red"]70 02[/COLOR] 13 [COLOR="red"]F0 62 B3[/COLOR] 00 13 00 14 [COLOR="red"]B8 00 [/COLOR]13 [COLOR="red"]00 14 44[/COLOR]   p...b..........D
048368   [COLOR="red"]03[/COLOR] 13 00 14 [COLOR="red"]40[/COLOR] 03 13 [COLOR="red"]00 14 B1[/COLOR] 00 13 00 14 [COLOR="red"]B5[/COLOR] 00   ....@...........
048384   [COLOR="red"]13 00 14 BC[/COLOR] 00 [COLOR="red"]13 00 14 75 02 13[/COLOR] F0 [COLOR="red"]62 72 02 13 [/COLOR]  ........u...br..
048400   F0 [COLOR="red"]62[/COLOR] 78[COLOR="red"] 02 13 [/COLOR]F0 [COLOR="red"]62 B7 00 13 00 14 B9 00 13 00[/COLOR]   .bx...b.........
048416   [COLOR="red"]14 B0[/COLOR] 00 [COLOR="red"]13 00 14 73 02 13[/COLOR] F0 [COLOR="red"]62 46 03 13 00 14[/COLOR]   ......s...bF....
048432   3A 03 13 00 14 79 02 13 F0 62 BD 00 13 00 14 43   :....y...b.....C
048448   03 13 00 14 41 03 13 00 14 3F 03 13 00 14 3E 03   ....A....?....>.
048464   13 00 14 39 03 13 00 14 BA 00 13 00 14 00 00 00   ...9............
048480   88 00 01 00 D8 13 01 00 70 02 13 F0 62 B3 00 13   ........p...b...
048496   00 14 B8 00 13 00 14 44 03 13 00 14 40 03 13 00   .......D....@...
048512   14 B1 00 13 00 14 B5 00 13 00 14 BC 00 13 00 14   ................
048528   75 02 13 F0 62 72 02 13 F0 62 78 02 13 F0 62 B7   u...br...bx...b.
048544   00 13 00 14 B9 00 13 00 14 B0 00 13 00 14 73 02   ..............s.
048560   13 F0 62 46 03 13 00 14 3A 03 13 00 14 79 02 13   ..bF....:....y..
048576   F0 62 BD 00 13 00 14 43 03 13 00 14 41 03 13 00   .b.....C....A...
048592   14 3F 03 13 00 14 3E 03 13 00 14 39 03 13 00 14   .?....>....9....
048608   BA 00 13 00 14 00 00 00 88 00 01 00 D9 13 00 00   ................
048624   B6 00 13 00 14 38 03 13 00 14 3C 03 13 00 14 B4   .....8....<.....
048640   00 13 00 14 7C 02 13 F0 62 AF 00 13 00 14 45 03   ....|...b.....E.
048656   13 00 14 7B 02 13 F0 62 74 02 13 F0 62 7F 00 13   ...{...bt...b...
048672   00 14 88 00 13 00 14 56 03 13 F0 62 86 00 13 00   .......V...b....
048688   14 52 03 13 F0 62 8B 00 13 00 14 3D 00 64 F0 00   .R...b.....=.d..
048704   41 00 64 F0 00 D5 01 64 F0 10 01 01 64 F0 00 78   A.d....d....d..x
048720   00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 10 46 00   .d....d....d..F.
048736   64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 00 00 00   d....d..|.d.....
048752   88 00 01 00 D9 13 01 00 B6 00 13 00 14 38 03 13   .............8..
048768   00 14 3C 03 13 00 14 B4 00 13 00 14 7C 02 13 F0   ..<.........|...
048784   62 AF 00 13 00 14 45 03 13 00 14 7B 02 13 F0 62   b.....E....{...b
048800   74 02 13 F0 62 7F 00 13 00 14 88 00 13 00 14 56   t...b..........V
048816   03 13 F0 62 86 00 13 00 14 52 03 13 F0 62 8B 00   ...b.....R...b..
048832   13 00 14 3D 00 64 F0 00 41 00 64 F0 00 D5 01 64   ...=.d..A.d....d
048848   F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 03 64 F0   ....d..x.d....d.
048864   02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 64 F0 10   ...d..F.d....d..
048880   7C 00 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00   |.d.............
048896   C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06   ..d..r.d....d...
048912   01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00   .d....d....d..H.
048928   64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 CB 01 64   d....d....d....d
048944   F0 10 63 00 64 F0 10 76 00 64 F0 10 40 00 64 F0   ..c.d..v.d..@.d.
048960   00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 64 F0 10   ...d....d....d..
048976   D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 F0 10 D1   ..d..z.d....d...
048992   01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 10 4B 00   .d....d..o.d..K.
049008   64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 00 00 00   d..C.d..?.d.....
049024   88 00 01 00 DA 13 01 00 C0 01 64 F0 10 72 00 64   ..........d..r.d
049040   F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0   ....d....d....d.
049056   00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10   ...d..H.d....d..
049072   B6 01 64 F0 10 CB 01 64 F0 10 63 00 64 F0 10 76   ..d....d..c.d..v
049088   00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 10 F9 00   .d..@.d....d....
049104   64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 7A 00 64   d....d....d..z.d
049120   F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 01 64 F0   ....d....d....d.
049136   10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 64 F0 00   .o.d..K.d..C.d..
049152   3F 00 64 F0 00 00 00 00 88 00 01 00 DB 13 00 00   ?.d.............
049168   09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71   ..d....d..D.d..q
049184   00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00   .d..9.d....d....
049200   64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 0C 01 64   d....d....d....d
049216   F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42 00 64 F0   ..;.d....d..B.d.
049232   00 C2 01 64 F0 10 79 00 64 F0 10 74 00 64 F0 10   ...d..y.d..t.d..
049248   6F 02 00 F1 10 95 02 00 F1 10 A1 02 03 02 27 7F   o.............'.
049264   02 03 02 27 EC 00 03 02 27 5C 03 03 02 27 42 03   ...'....'\...'B.
049280   03 02 27 3F 00 64 F0 00 09 01 64 F0 00 00 00 00   ..'?.d....d.....
049296   88 00 01 00 DB 13 01 00 09 01 64 F0 00 0F 01 64   ..........d....d
049312   F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0   ..D.d..q.d..9.d.
049328   00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00   ...d....d....d..
049344   C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 F0 00 BA   ..d....d..;.d...
049360   01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 10 79 00   .d..B.d....d..y.
049376   64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 95 02 00   d..t.d..o.......
049392   F1 10 A1 02 03 02 27 7F 02 03 02 27 EC 00 03 02   ......'....'....
049408   27 5C 03 03 02 27 42 03 03 02 27 3F 00 64 F0 00   '\...'B...'?.d..
049424   09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00   ..d.............
049440   0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39   ..d..D.d..q.d..9
049456   00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01   .d....d....d....
049472   64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64   d....d....d..;.d
049488   F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0   ....d..B.d....d.
049504   10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10   .y.d..t.d..o....
049520   95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF   ................

Great work, any idea how to SIM unlock for HTC windows mobile 6.1 . Any suggestion would be appreciated.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    Hi Folks,
    Just thought I'd throw this out here, I spent a good portion of my day digging through forums, ussd/mmi codes, tools, and hex editors trying to find a way to SIM Unlock my Bell S3 (I747M). I eventually 'gave in' and paid an eBay seller $8.00 to unlock my phone through a remote control application and USB network redirector (Successfully, although I never did get the actual SPC code from him even though I asked several times).

    For security and isolation reasons I used a clean Windows 7 VM in VMware Workstation 8 with just the Samsung Drivers (from mskip's S3 toolkit (Qualcomm version) -- THANK YOU!!), the remote control tool, and the usb redirector to allow the remote 'tech' to do his work.

    I ran a USB Logger tool (from the same vendor that makes the redirector) outside the VM on my host PC and had it capture the complete unlocking process from initial USB plug-in to post-unlock power-off.

    I also grabbed images of the EFS partition (using dd) and the NVRAM (with QPST Tools) before and after the unlocking process.

    I would expect the most 'useful' to furthering the secret of this unlock would be the delta of the NVRAM images, but alas while I have carefully looked it over a couples times, I don't see anything that looks to be the 'smoking gun'. I will follow-up this post with the relevant snippets as I'm sure there are many of you that may have more experience digging through this than I. Perhaps if someone else can send/post a similar delta, seeing the 'mutual' differences may again shed light on which areas to focus on in further detail.

    Analyzing the USB communications may also give us a better understanding of if there are commands or processes we can use in making our own tool to remove this SIM lock.

    FWIW, I'm using wxHexEditor for the dump comparisons.
    2
    Wow.. What your doing must be impressive. I have no idea what you just said lol

    Sent from my SGH-I747 using xda app-developers app



    Thanks, although I don't think it's that impressive, or I would have figured this out by now. :D

    I'll post the last 4 sections tomorrow, it's getting really late here.
    1
    NVRAM Hex Diff #1

    Here's the first block with a few changes:

    Before:
    Code:
    000608   00 00 00 00 00 00 00 00 00 00 00 00 B0 24 47 D3   .............$G.
    000624   82 CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00   ................
    000640   46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00   F.i.l.e._.V.e.r.
    000656   73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00   s.i.o.n.........
    000672   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000688   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000704   1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF   ................
    000720   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000736   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000752   00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00   ................
    000768   30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00   0.0.0.0.4.0.6.9.
    000784   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000800   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000816   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000832   12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00   ................
    000848   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000864   00 00 00 00 D0 B2 9E A0 82 CD CD 01 40 13 46 D3   ............@.F.
    000880   82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000896   64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00   d.e.f.a.u.l.t...
    000912   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000928   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000944   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000960   10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00   ................
    000976   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000992   00 00 00 00 D0 B2 9E A0 82 CD CD 01 B0 B3 44 D3   ..............D.
    001008   82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001024   06                                                .


    After:
    Code:
    000608   00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"]00 A6 22 2A[/COLOR]   ............[COLOR="red"].."*[/COLOR]
    000624   [COLOR="red"]DE[/COLOR] CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00   [COLOR="red"].[/COLOR]...............
    000640   46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00   F.i.l.e._.V.e.r.
    000656   73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00   s.i.o.n.........
    000672   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000688   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000704   1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF   ................
    000720   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000736   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000752   00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00   ................
    000768   30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00   0.0.0.0.4.0.6.9.
    000784   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000800   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000816   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000832   12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00   ................
    000848   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000864   00 00 00 00 [COLOR="red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]80 6D 21 2A[/COLOR]   ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].m!*[/COLOR]
    000880   [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00   [COLOR="red"].[/COLOR]...............
    000896   64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00   d.e.f.a.u.l.t...
    000912   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000928   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000944   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000960   10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00   ................
    000976   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    000992   00 00 00 00 [COLOR="Red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]00 35 20 2A[/COLOR]   ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].5 *[/COLOR]
    001008   [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00   [COLOR="red"].[/COLOR]...............
    001024   06                                                .


    http: //secure.eix.ca/s3/nvram1.png
    1
    Here's the second block:

    Before:
    Code:
    001536   52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00   R.o.o.t. .E.n.t.
    001552   72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00   r.y.............
    001568   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001584   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001600   16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00   ................
    001616   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001632   00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]60 6C 91 A0[/B][/COLOR]   ............[COLOR="Red"][B]`l..[/B][/COLOR]
    001648   [COLOR="Red"][B]82[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00   [COLOR="Red"][B].[/B][/COLOR].......@.......


    After
    Code:
    001536   52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00   R.o.o.t. .E.n.t.
    001552   72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00   r.y.............
    001568   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001584   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001600   16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00   ................
    001616   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
    001632   00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]50 E4 61 FD[/B][/COLOR]   ............[COLOR="Red"][B]P.a.[/B][/COLOR]
    001648   [COLOR="Red"][B]DD[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00   [COLOR="Red"][B].[/B][/COLOR].......@.......
    1
    Wow.. What your doing must be impressive. I have no idea what you just said lol

    Sent from my SGH-I747 using xda app-developers app