How to carrier/SIM unlock the Galaxy Tab [Updated Dec 5 2010]

Search This thread

olegmamaev

Member
Dec 6, 2010
8
0
Roto,

Rooted my T-mobile tab, downloaded hexeditor, made copies of efs folder and tried to edit my bin file. Opened a file in hexeditor and realized to my shame that I'm a complete dummy! Firstly, didn't find values you mentioned in your post. If I emailed you my bin file, could you theoretically hexedit it for me and send it back?:rolleyes: please:)

Or, if you could help me locate 0x181469 and 0x18150e locations in hex editor - I can't see them!
 
Last edited:

abuser0815

Senior Member
Dec 14, 2010
113
15
Las Palmas
Rooted my T-mobile tab, downloaded hexeditor, made copies of efs folder and tried to edit my bin file. Opened a file in hexeditor and realized to my shame that I'm a complete dummy! Firstly, didn't find values you mentioned in your post. If I emailed you my bin file, could you theoretically hexedit it for me and send it back?:rolleyes: please:)

which hex editor u use?? try "hex-editor mx". it´s easy to use. come on, ty it before u r sending sensible files to someone.
i could do it for you, but no guarantee at all.

anyway, if you use rotohammers easy clicky copy paste version, it will not be needed to do hex editing....
 

abuser0815

Senior Member
Dec 14, 2010
113
15
Las Palmas
hi roto,

can u confirm about the locations 0x1880F6 to 0x188100 is the serial number of the device? (in nv_data.bin)

thanx so much...


ok roto, u just need to confirm.
i flashed the nv_data.bin with written in serial number on those locations back to my device and it shows my serial number like it should.

so if somebody would like to do serial number modding, here you have the possiblitity, 11 digits as you like.....
 

olegmamaev

Member
Dec 6, 2010
8
0
well, actually I sort of figured it out - I just tried editing bin file in the original folder, apparently it doesn't work. So I tried a copied bin file and voila! But... I can't find locations given by Roto - they are just not there!!!

Might try busybox, but, frankly, the alternative solution with BB is completely unclear. I had it installed on my tab, but what is next? Where should I type in "adb shell" and where to paste Roto's lines??? Would appreciate if anyone could explain it to me in more detail :)
 
Last edited:

abuser0815

Senior Member
Dec 14, 2010
113
15
Las Palmas
well, actually I sort of figured it out - I just tried editing bin file in the original folder, apparently it doesn't work. So I tried a copied bin file and voila! But... I can't find locations given by Roto - they are just not there!!!

Might try busybox, but, frankly, the alternative solution with BB is completely unclear. I had it installed on my tab, but what is next? Where should I type in "adb shell" and where to paste Roto's lines??? Would appreciate if anyone could explain it to me in more detail :)

ok,

if you don´t know were to start then i recommend this thread for you to read first and do what is written there:
http://xdaforums.com/showthread.php?t=502010

or just type in search "adb how to"

u have to start with the basics.
 

olegmamaev

Member
Dec 6, 2010
8
0
OK, thanks!! Will try it tomorrow... BTW, I found in hex locations 00181462 and 00181507 close to those by Roto and modified them, just as one of the bloggers did and succeeded. Infortunately, didn't work for me :-(... after rebooting with a non-Tmobile SIM card, tab requested code :-(... Anyone any suggestions?
 

abuser0815

Senior Member
Dec 14, 2010
113
15
Las Palmas
OK, thanks!! Will try it tomorrow... BTW, I found in hex locations 00181462 and 00181507 close to those by Roto and modified them, just as one of the bloggers did and succeeded. Infortunately, didn't work for me :-(... after rebooting with a non-Tmobile SIM card, tab requested code :-(... Anyone any suggestions?
:eek:
let me guess, you are looking for in decimal offset????
then you have to go to locations 01578089 and 01578254. rotos locations are postet in hex, thats the reason you´ll not find it.
be very carful with this file. i hope you have a backup from your phone.
 

Shane.Spina

Member
Dec 20, 2010
18
0
Chicago
Hi guys from Kalgoorlie :)

OK...

I have read almost ALL of this thread (its getting rather long...) and i havent found anyone with my particular situation..

I have a completely unlocked galaxy tab (used the codes listed in another thread to see this for sure) and it was purchased from a telco called Telstra.. I have put another carriers SIM card into the device and set up the APN.. Now i can get SMS, Phone calls and 2G internet ONLY.. no 3G nor HSDPA..

When i select UMTS only in the Network mode and then browse for Network Operators the only operator that lists is Telstra.. To further my investigations i have a Samsung i9000 as well that is carrier unlocked but bought from another carrier called Optus.. I changed the Network Settings to UMTS only on that phone using the SIM and browsed for Network Operators and it only shows Optus in the list..

Now, having read this thread a few times i have downloaded Z4Root onto the Tab and applied temporary root and got a Hex editor and i cannot find the 2 values Roto listed either.. (I do know Hex offsetting plus searched for the decimal offset as well). I am wondering if they exist in a non carrier locked tab? I am presently installing ADB on my laptop as I type this but i must admit i am loathe to run the script as i cant find the values represented in the script in the nv_data.bin.

ok from here I am at a loss anyone got an idea? I am moving to the US in 3 months so i really want this fixed b4 i leave or the Tab becomes a rather expensive WIFI device lol..

Oh one other thing i found.. I was reading a Samsung i9000 forum and found a thread on unlocking tha device and found some codes that allow access to the dubugging menus.. seems that only 850 Mhz was enabled not the 900 Mhz band that Optus uses.. Does this illuminate anything?

Cheers and TIA guys
 

foilole

New member
Dec 20, 2010
1
0
US Samsung Galaxy Tab for use in Europe

Funny...I have a similar situation. So...after extensive research on unlocking an American Samsung tab for use in Europe....My findings were that you can buy the tablet here in the US and have it unlocked by any 3rd party vendor or follow the site I provided below. T-Mobile will not unlock your device. You will also need to DL the European firmware:
P1000XXJH3
I’ve had several conversations with SG Tab users who have successfully done this.

Go to GalaxyTabNews to unlock ( i cant post links here)

I personally have not tried, but will know for sure by the end of this week and will update this blog. I hope this information helps as I have spend countless hours trying to research, hopefully you wont have to.
 

abuser0815

Senior Member
Dec 14, 2010
113
15
Las Palmas
don't do it the way from galaxytabnews. i did it and yes it works. But it fu. up your tab with the serial number.
do it the way roto showed in the first thread and you will be save.




Sent from my GT-P1000 using XDA App
 

olegmamaev

Member
Dec 6, 2010
8
0
OK, finally solved the problem - my T-mobile is unlocked now and works just fine on 3G in Russia :).... Locations 0181462 and 0181507 are the ones to be modified, at least, in my device. Looks like I just didn't save changes on exiting hex editor at hte first atempt
 
Last edited:

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
Hi guys from Kalgoorlie :)

OK...

I have read almost ALL of this thread (its getting rather long...) and i havent found anyone with my particular situation..

I have a completely unlocked galaxy tab

Stop right there! You may have read almost all this thread, but you surely don't understand any of it. Why are you even reading a thread on carrier unlocking when you own an unlocked phone?
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
Funny...I have a similar situation. So...after extensive research on unlocking an American Samsung tab for use in Europe....My findings were that you can buy the tablet here in the US and have it unlocked by any 3rd party vendor or follow the site I provided below. T-Mobile will not unlock your device. You will also need to DL the European firmware:
P1000XXJH3
I’ve had several conversations with SG Tab users who have successfully done this.

Go to GalaxyTabNews to unlock ( i cant post links here)

I personally have not tried, but will know for sure by the end of this week and will update this blog. I hope this information helps as I have spend countless hours trying to research, hopefully you wont have to.

I personally hope no one follows this advice.
 

Shane.Spina

Member
Dec 20, 2010
18
0
Chicago
It appears, in Australia anyway, that Android 2.1 and 2.2 phones seem to have SOME sort of carrier lock.. i tried an unlocked HTC Wildfire and had the same problem.. I work for Telstra so i have access to the entire product range.. On even outright purchased phones there is SOME sort of lock on the radio frequencies.. as i explained in my earlier post Telstra uses 850Mhz and Optus uses 900Mhz.. to add further muddle to the mix i have a IDEOS by Hueweii.. completely carrier inspecific bought from a non telco phone shop.. I have applied Z4Root and used a root explorer and the EFS folder doesn't exist on that phone.. annd obviously picks up all networks.. Got any ideas Roto as to my next move? have done nothing atm other than applying temporary root and examining the bin file
 
Last edited:

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
It appears, in Australia anyway, that Android 2.1 and 2.2 phones seem to have SOME sort of carrier lock.. i tried an unlocked HTC Wildfire and had the same problem.. I work for Telstra so i have access to the entire product range.. On even outright purchased phones there is SOME sort of lock on the radio frequencies.. as i explained in my earlier post Telstra uses 850Mhz and Optus uses 900Mhz.. to add further muddle to the mix i have a IDEOS by Hueweii.. completely carrier inspecific bought from a non telco phone shop.. I have applied Z4Root and used a root explorer and the EFS folder doesn't exist on that phone.. annd obviously picks up all networks.. Got any ideas Roto as to my next move? have done nothing atm other than applying temporary root and examining the bin file

Not being able to use a frequency is not a carrier lock. Its either done in harware or via the modem file. Stop using the word lock, you're confusing yourself. I'm not even sure what phone you're talking about in this post.
 

Shane.Spina

Member
Dec 20, 2010
18
0
Chicago
Thought I'd respond from here to alleviate any confusion as to the device lol.. Ok seems I have some crossed wires, should I take my enquiries to a different thread? Or could someone point me in the right direction please?

Sent from my GT-P1000T using XDA App
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
When i select UMTS only in the Network mode and then browse for Network Operators the only operator that lists is Telstra.. To further my investigations i have a Samsung i9000 as well that is carrier unlocked but bought from another carrier called Optus.. I changed the Network Settings to UMTS only on that phone using the SIM and browsed for Network Operators and it only shows Optus in the list..

Oh one other thing i found.. I was reading a Samsung i9000 forum and found a thread on unlocking tha device and found some codes that allow access to the dubugging menus.. seems that only 850 Mhz was enabled not the 900 Mhz band that Optus uses.. Does this illuminate anything?

Your Tab has the internal hardware for 850mhz only, not 900mhz. Since your i9000 is from a carrier that uses 900mhz, it makes sense that it gets 3G on 900mhz.

Regardless of all your frequency issues in Australia, in the US, AT&T uses 850mhz, so your Tab will work with 3G, your i9000 will not.

Theres no carrier lock to unlock, you are experiencing the effect known as "using one carriers phone on another carriers network and not getting 3G" which is normal when your carriers uses different frequencies for their 3G service and Samsung makes different hardware for each carrier, rather than one universal hardware capable of all frequencies.

Theres nothing you can do to "fix" your problem, that wont exist in the US anyway, unless you choose T-Mobile for service, then you're back to no 3G again (different carrier, different frequencies and hardware, sound familiar?).
 

docangle

Senior Member
Feb 3, 2005
156
30
T-Mobile USA Tab Can't get unlock working.

I followed the directions on the easy method on OP's and when it restarts it is asking for an unlock code. I have the backup files on the SDCARD that I backed up after my first attempt, but can't seem to get it working.

I have a couple of questions:

1. Does an Activated T-Mobile SIM have to be installed first?

2. Does the device need to be in Airplane Mode or out?

3. Should I have my AT&T SIM installed first?

4. I do have the device in 'Debug' and I can successfully obtain root (su permissions '#' not '$')?

The model I have is the SGH-T849. with stock launcher and an running Z4 Root with the latest Busybox (via Busybox installer)

Thanks in advance for any advice you guys can give.
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
I followed the directions on the easy method on OP's and when it restarts it is asking for an unlock code. I have the backup files on the SDCARD that I backed up after my first attempt, but can't seem to get it working.

I have a couple of questions:

1. Does an Activated T-Mobile SIM have to be installed first?

2. Does the device need to be in Airplane Mode or out?

3. Should I have my AT&T SIM installed first?

4. I do have the device in 'Debug' and I can successfully obtain root (su permissions '#' not '$')?

The model I have is the SGH-T849. with stock launcher and an running Z4 Root with the latest Busybox (via Busybox installer)

Thanks in advance for any advice you guys can give.

1 2 & 3 don't matter, 4 is good. Since you seem to know what you're doing, fire up the hex editor from the market and see what you've got. I'm sure there's a reason its not working. Perhaps there was an error running the commands?
 
  • Like
Reactions: Shane.Spina

Top Liked Posts

  • There are no posts matching your filters.
  • 62
    Background: I unlocked my Tab first by hex editing my nv_data.bin file. It was perfect, my IMEI and device serial number were unharmed. Then I got my official unlock code from Tmobile. So I reverted to my original nv_data.bin, placed an AT&T SIM into the Tab and it rebooted, I entered the code, unlocked the Tab, then compared the original file to the newly unlocked file. Very minor changes. I wrote a program to do the modification and the resulting nv_data.bin file worked fine.

    To clarify, I have a T-Mobile Tab and you must have rooted in order to do this.
    I also have an AT&T tab and the same procedure works.
    It also works on any GSM model.

    Heres the edit points for those of you comfy with a hex editor:

    Code:
    0x181469 change this one byte from 01 to 00
    0x18150e change this one byte to 00 if its not already

    If you're going to do this, please back up your /efs folder! Do it twice even :) Save your backups for at least 11.5 years.

    I just edit a copy of the nv_data.bin, then delete nv_data.bin and nv_data.bin.md5 in the phones /efs folder using Root Explorer, then copy my modified file back to the folder, then reboot. The nv_data.bin.md5 will be automatically regenerated for you.

    I've even edited a copy of the file right on my Tab using the Hexeditor in the Market.

    FYI, you can not swap nv_data.bin files from one phone to another, you get the bogus IMEI number as the file doesn't match the hardware IMEI number.



    UPDATE: New easier way that doesn't involve learning how to hex edit :)

    This requires you to be rooted and have busybox installed, which you should have but you can grab busybox installer from the market if not.

    Backup the contents of the /efs folder on the phone first!!! Save your backups for at least 11.5 years.

    From your computer, open an adb shell to your phone with the command:

    Code:
    adb shell

    Then paste all the following commands into the shell window at once, in other words, one big cut n paste:

    Code:
    su
    cd /sdcard
    echo "this takes about 45 seconds"
    if [ ! -f /sdcard/nv_data.bin.orig ]; then
      echo "copying file to /sdcard"
      cp /efs/nv_data.bin /sdcard/nv_data.bin.orig
    fi
    echo -en \\x00 > out0
    dd if=nv_data.bin.orig of=out1 bs=1 count=1578089
    dd if=nv_data.bin.orig of=out2 bs=1 skip=1578090 count=163
    dd if=nv_data.bin.orig of=out3 bs=1 skip=1578254 
    cat out1 out0 out2 out0 out3 > nv_data.bin.unlocked
    rm out0 out1 out2 out3
    rm /efs/nv_data.bin
    cp nv_data.bin.unlocked /efs/nv_data.bin
    rm /efs/nv_data.bin.md5
    reboot
    
    .


    Wait 45 seconds for the whole process to complete.
    Thats It! your phone will reboot and its carrier unlocked!

    If you can't get internet access with your new SIM its because you haven't set the APN for this carrier. For the settings you need, Google "APN setting your_carriers_name_here" and put those settings in
    Settings->Wireless->Mobile Networks->Access Point Names and then select it. Done!
    3
    Code:
    0x18150e change this one byte from 01 to 00

    On my pristine T-Mo US tab this one is already 00. Are you sure you haven't accidentally swapped the values?

    I just double checked, and its correct for my files. So theres a good chance this may not work for you (or anyone else) until we can compare more files.
    3
    So if I follow these steps on my t-mobile tab, and then I insert my att sim, I'll be getting edge with it, right?

    Sent from my SGH-T849 using XDA App

    Yes indeed.
    2
    It works! I did make all changes except the one at 0x18150e, that is:
    Code:
    0x180069 to 0x1800ce: change all these bytes from the values they are to ff
    0x181469: change this one byte from 01 to 00
    0x18150e: left this byte at 00

    This unlocked my tab, I just sent me a text message with a German SIM card.
    2
    Sorry for the attached :'>. I was in frustration thinking I did something wrong with the command and the original file is too big. I actually resized it 4 times. What do you mean by "didn't get the last carriage return in there when you pasted the script"? Is it that I have to enter after I paste your script? When I pasted it, automatically there was processing going on. I did not have to wait just 1 sec. Or did you mean I have to enter after ######?
    The T-mobile Sim I have now is the only one from different carrier besides the ATT original. I just bought this 250MB data prepaid SIM for T-mob tab from T-mobile shop in order to test this. But I still cannot access the net :(

    "Accessing the net" is not something you can fix by SIM unlocking the Tab. All this procedure does is to allow you to boot the Tab with a different carriers SIM card installed and bypass the lock screen that would prevent you from even using the T-Mobile SIM.

    Before you do anything else, you need to describe what you can and can't do with clarity.

    If you insert the T-Mobile SIM card and then turn on the Tab, does it boot to the home screen or a black screen that prompts you for an unlock code?