Post Reply

[GUIDE][APP Now In Market] Unlock for Samsung Galaxy Tab 10.1 [11-14-11]

7th November 2011, 06:42 PM   |  #1  
dagentooboy's Avatar
OP Senior Member
Flag Kansas
Thanks Meter: 134
 
516 posts
Join Date:Joined: Feb 2008
More
So I managed to unlock my T-Mobile Tab 10.1 over the weekend and I discovered that it works on ATT at 3.5G speeds.
My Tab has several files in the /efs/ folder that weren't there in my previous Samsung phones.

Unlock App for anyone who doesn't feel comfortable with a hex editor


BTW... I cannot be held responsible for anything that happens to your phone.... EVER!

Before you start... if you don't have root you WILL need it.

ALSO MAKE SURE YOU HAVE A BACKUP OF THE /efs/ FOLDER


Step 1. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/nv_data.bin >> /sdcard/nv_data.bin
cat /efs/.nv_state >> /sdcard/.nv_state
busybox cp -r /efs /sdcard/
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x181468

you should see a string like this
ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
It should read ff 00 00 00 00 00 46 46 for unlocked
save and close file
unmount SD Card

Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR /efs/ FOLDER BEFORE YOU CONTINUE!!!!!

use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/nv_*
rm /efs/.nv_*
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
cat /sdcard/.nv_state >> /efs/.nv_state
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
chmod 755 /efs/.nv_state
chown radio.radio /efs/.nv_state || chown 1001.1001 /efs/.nv_state
reboot
your tab is now unlocked... enjoy

If you have any trouble with md5 and IMEI stuff change .nv_state from 0x30 to 0x31 (or ascii 0 to 1)

Give a big thanks to all the people that helped with the original unlock method (in the i9000 thread)

If it works please feel free to donate via Paypal
Last edited by dagentooboy; 15th January 2012 at 03:39 PM.
The Following 22 Users Say Thank You to dagentooboy For This Useful Post: [ View ]
7th November 2011, 07:07 PM   |  #2  
Senior Member
Thanks Meter: 126
 
1,210 posts
Join Date:Joined: Feb 2008
Don't have a 3G tab but this is cool. I think you should price your app at under $2 to maximize profits. With the fix available for free, a lot of people won't pay for it. But if it's dirt cheap at 99c or $1.99, why not?

Anyway, good job.
7th November 2011, 07:44 PM   |  #3  
Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jul 2005
Hello

Many thanks for the procedure, really waiting for it, but I have on my nv_data.bin the following bytes:

FF 01 00 00 00 00 BC 9D D4

Any clue of what I have to change to?

Thanks again in anycase
7th November 2011, 09:08 PM   |  #4  
dagentooboy's Avatar
OP Senior Member
Flag Kansas
Thanks Meter: 134
 
516 posts
Join Date:Joined: Feb 2008
More
Quote:
Originally Posted by viaper

Hello

Many thanks for the procedure, really waiting for it, but I have on my nv_data.bin the following bytes:

FF 01 00 00 00 00 BC 9D D4

Any clue of what I have to change to?

Thanks again in anycase

After you have a backup you can change that first 01 to a 00

FF 00 00 00 00 00 BC 9D D4

and you should be set... I had to delete all those other files in the folder. Could you tell me what files you have in /efs/?

su
busybox ls -la /efs/
The Following User Says Thank You to dagentooboy For This Useful Post: [ View ]
7th November 2011, 09:15 PM   |  #5  
dagentooboy's Avatar
OP Senior Member
Flag Kansas
Thanks Meter: 134
 
516 posts
Join Date:Joined: Feb 2008
More
Quote:
Originally Posted by Itaintrite

Don't have a 3G tab but this is cool. I think you should price your app at under $2 to maximize profits. With the fix available for free, a lot of people won't pay for it. But if it's dirt cheap at 99c or $1.99, why not?

Anyway, good job.

I have always believed in providing the solution to everyone... I don't want anyone to think I am only in this for the money. When I was looking for the i9000 unlock someone was charging $35 and there was no way I was going to pay that so I started on this path of providing the information for free.

Thanks to the economy I lost my job and had lots of time to code but no money for devices.... enter the PRO app. I get a lot of people that buy codes and then they don't work and they end up using my app for half the price (half the time the samsung unlock doesn't work even with the code).
The Following User Says Thank You to dagentooboy For This Useful Post: [ View ]
7th November 2011, 09:35 PM   |  #6  
Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jul 2005
Hi dagentooboy

Going to test ASAP, many thanks for the quick answer, find here the result of the command:

busybox ls -la /efs/
total 5168
drwxrwx--x 6 1001 1000 4096 Oct 26 06:26 ←[1;34m.←[0m
drwxrwxrwx 15 0 0 0 Nov 6 07:51 ←[1;34m..←[0m
drwxrwxr-x 5 0 0 4096 Jan 1 2011 ←[1;34m.files←[0m
-rwx------ 1 1001 1001 1048576 Dec 31 2010 ←[1;32m.nv_core.bak←[0m

-rwx------ 1 1001 1001 32 Dec 31 2010 ←[1;32m.nv_core.bak.md5
←[0m
-rwx------ 1 1001 1001 2097152 Dec 31 2010 ←[1;32m.nv_data.bak←[0m

-rwxr-xr-x 1 1001 1001 32 Dec 31 2010 ←[1;32m.nv_data.bak.md5
←[0m
-rw-rw-rw- 1 1001 1001 1 Dec 31 2010 ←[0;0m.nv_state←[0m
drwxrwxr-x 2 1001 1001 4096 Jan 1 2011 ←[1;34mbluetooth←[0m
drwxrw-r-- 2 1000 1000 4096 Aug 23 03:25 ←[1;34mgyro←[0m
drwxrwxr-x 2 1001 1001 4096 Aug 23 03:31 ←[1;34mimei←[0m
-rw-rw-rw- 1 1001 1001 2210 Oct 22 21:21 ←[0;0mnv.log←[0m
-rwx------ 1 1001 1001 2097152 Nov 6 07:52 ←[1;32mnv_data.bin←[0m
-rwxr-xr-x 1 1001 1001 32 Nov 6 07:52 ←[1;32mnv_data.bin.md5←
[0m
-rwxrw-r-- 1 1001 1001 880 Dec 31 2010 ←[1;32mredata.bin←[0m
root@android:/ #
7th November 2011, 11:16 PM   |  #7  
nandihno's Avatar
Senior Member
Flag Brisbane
Thanks Meter: 101
 
1,007 posts
Join Date:Joined: Jul 2010
More
so this is only useful for the 3G version i would imagine
8th November 2011, 06:11 AM   |  #8  
Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jul 2005
Thanks again for the good work, it run OK on a p7500 from Movistar Spain
8th November 2011, 12:54 PM   |  #9  
Senior Member
Thanks Meter: 4
 
125 posts
Join Date:Joined: Dec 2007
More
How did u root the tmobile galaxy tab 10.1 4g? I been looking for a guide and couldnt find one to root this. Someone point me to the right direction please?
8th November 2011, 01:10 PM   |  #10  
dagentooboy's Avatar
OP Senior Member
Flag Kansas
Thanks Meter: 134
 
516 posts
Join Date:Joined: Feb 2008
More
What I did is just follow the instructions in the Overcome rom except the "re-stocking" part. Mine is running Overcome with no problems so far.

The Following User Says Thank You to dagentooboy For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools
Display Modes


Top Threads in Galaxy Tab 10.1 Android Development by ThreadRank