Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,812,054 Members 46,842 Now Online
XDA Developers Android and Mobile Development Forum

[GUIDE][APP Now In Market] Unlock for Samsung Galaxy Tab 10.1 [11-14-11]

Tip us?
 
dagentooboy
Old
(Last edited by dagentooboy; 15th January 2012 at 03:39 PM.)
#1  
dagentooboy's Avatar
Senior Member - OP
Thanks Meter 134
Posts: 516
Join Date: Feb 2008
Location: Kansas
Default [GUIDE][APP Now In Market] Unlock for Samsung Galaxy Tab 10.1 [11-14-11]

So I managed to unlock my T-Mobile Tab 10.1 over the weekend and I discovered that it works on ATT at 3.5G speeds.
My Tab has several files in the /efs/ folder that weren't there in my previous Samsung phones.

Unlock App for anyone who doesn't feel comfortable with a hex editor


BTW... I cannot be held responsible for anything that happens to your phone.... EVER!

Before you start... if you don't have root you WILL need it.

ALSO MAKE SURE YOU HAVE A BACKUP OF THE /efs/ FOLDER


Step 1. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/nv_data.bin >> /sdcard/nv_data.bin
cat /efs/.nv_state >> /sdcard/.nv_state
busybox cp -r /efs /sdcard/
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x181468

you should see a string like this
ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
It should read ff 00 00 00 00 00 46 46 for unlocked
save and close file
unmount SD Card

Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR /efs/ FOLDER BEFORE YOU CONTINUE!!!!!

use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/nv_*
rm /efs/.nv_*
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
cat /sdcard/.nv_state >> /efs/.nv_state
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
chmod 755 /efs/.nv_state
chown radio.radio /efs/.nv_state || chown 1001.1001 /efs/.nv_state
reboot
your tab is now unlocked... enjoy

If you have any trouble with md5 and IMEI stuff change .nv_state from 0x30 to 0x31 (or ascii 0 to 1)

Give a big thanks to all the people that helped with the original unlock method (in the i9000 thread)

If it works please feel free to donate via Paypal
S4 Proximity Sensor Calibration Guide here

Free Unlock For
Samsung Galaxy S variant here
Samsung Galaxy S 4G here
Galaxy Tab here

If you find my guide or advice helpful please donate

S4 Proximity Sensor Calibration App here

In a world without walls and fences who needs Windows and Gates?
The Following 22 Users Say Thank You to dagentooboy For This Useful Post: [ Click to Expand ]
 
Itaintrite
Old
#2  
Senior Member
Thanks Meter 126
Posts: 1,207
Join Date: Feb 2008
Don't have a 3G tab but this is cool. I think you should price your app at under $2 to maximize profits. With the fix available for free, a lot of people won't pay for it. But if it's dirt cheap at 99c or $1.99, why not?

Anyway, good job.
 
viaper
Old
#3  
Junior Member
Thanks Meter 0
Posts: 19
Join Date: Jul 2005
Hello

Many thanks for the procedure, really waiting for it, but I have on my nv_data.bin the following bytes:

FF 01 00 00 00 00 BC 9D D4

Any clue of what I have to change to?

Thanks again in anycase
 
dagentooboy
Old
#4  
dagentooboy's Avatar
Senior Member - OP
Thanks Meter 134
Posts: 516
Join Date: Feb 2008
Location: Kansas
Quote:
Originally Posted by viaper View Post
Hello

Many thanks for the procedure, really waiting for it, but I have on my nv_data.bin the following bytes:

FF 01 00 00 00 00 BC 9D D4

Any clue of what I have to change to?

Thanks again in anycase
After you have a backup you can change that first 01 to a 00

FF 00 00 00 00 00 BC 9D D4

and you should be set... I had to delete all those other files in the folder. Could you tell me what files you have in /efs/?

su
busybox ls -la /efs/
S4 Proximity Sensor Calibration Guide here

Free Unlock For
Samsung Galaxy S variant here
Samsung Galaxy S 4G here
Galaxy Tab here

If you find my guide or advice helpful please donate

S4 Proximity Sensor Calibration App here

In a world without walls and fences who needs Windows and Gates?
The Following User Says Thank You to dagentooboy For This Useful Post: [ Click to Expand ]
 
dagentooboy
Old
#5  
dagentooboy's Avatar
Senior Member - OP
Thanks Meter 134
Posts: 516
Join Date: Feb 2008
Location: Kansas
Quote:
Originally Posted by Itaintrite View Post
Don't have a 3G tab but this is cool. I think you should price your app at under $2 to maximize profits. With the fix available for free, a lot of people won't pay for it. But if it's dirt cheap at 99c or $1.99, why not?

Anyway, good job.
I have always believed in providing the solution to everyone... I don't want anyone to think I am only in this for the money. When I was looking for the i9000 unlock someone was charging $35 and there was no way I was going to pay that so I started on this path of providing the information for free.

Thanks to the economy I lost my job and had lots of time to code but no money for devices.... enter the PRO app. I get a lot of people that buy codes and then they don't work and they end up using my app for half the price (half the time the samsung unlock doesn't work even with the code).
S4 Proximity Sensor Calibration Guide here

Free Unlock For
Samsung Galaxy S variant here
Samsung Galaxy S 4G here
Galaxy Tab here

If you find my guide or advice helpful please donate

S4 Proximity Sensor Calibration App here

In a world without walls and fences who needs Windows and Gates?
The Following User Says Thank You to dagentooboy For This Useful Post: [ Click to Expand ]
 
viaper
Old
#6  
Junior Member
Thanks Meter 0
Posts: 19
Join Date: Jul 2005
Hi dagentooboy

Going to test ASAP, many thanks for the quick answer, find here the result of the command:

busybox ls -la /efs/
total 5168
drwxrwx--x 6 1001 1000 4096 Oct 26 06:26 ←[1;34m.←[0m
drwxrwxrwx 15 0 0 0 Nov 6 07:51 ←[1;34m..←[0m
drwxrwxr-x 5 0 0 4096 Jan 1 2011 ←[1;34m.files←[0m
-rwx------ 1 1001 1001 1048576 Dec 31 2010 ←[1;32m.nv_core.bak←[0m

-rwx------ 1 1001 1001 32 Dec 31 2010 ←[1;32m.nv_core.bak.md5
←[0m
-rwx------ 1 1001 1001 2097152 Dec 31 2010 ←[1;32m.nv_data.bak←[0m

-rwxr-xr-x 1 1001 1001 32 Dec 31 2010 ←[1;32m.nv_data.bak.md5
←[0m
-rw-rw-rw- 1 1001 1001 1 Dec 31 2010 ←[0;0m.nv_state←[0m
drwxrwxr-x 2 1001 1001 4096 Jan 1 2011 ←[1;34mbluetooth←[0m
drwxrw-r-- 2 1000 1000 4096 Aug 23 03:25 ←[1;34mgyro←[0m
drwxrwxr-x 2 1001 1001 4096 Aug 23 03:31 ←[1;34mimei←[0m
-rw-rw-rw- 1 1001 1001 2210 Oct 22 21:21 ←[0;0mnv.log←[0m
-rwx------ 1 1001 1001 2097152 Nov 6 07:52 ←[1;32mnv_data.bin←[0m
-rwxr-xr-x 1 1001 1001 32 Nov 6 07:52 ←[1;32mnv_data.bin.md5←
[0m
-rwxrw-r-- 1 1001 1001 880 Dec 31 2010 ←[1;32mredata.bin←[0m
root@android:/ #
 
nandihno
Old
#7  
nandihno's Avatar
Senior Member
Thanks Meter 101
Posts: 1,007
Join Date: Jul 2010
Location: Brisbane
so this is only useful for the 3G version i would imagine
 
viaper
Old
#8  
Junior Member
Thanks Meter 0
Posts: 19
Join Date: Jul 2005
Thanks again for the good work, it run OK on a p7500 from Movistar Spain
 
NiN39Z
Old
#9  
Senior Member
Thanks Meter 4
Posts: 125
Join Date: Dec 2007
How did u root the tmobile galaxy tab 10.1 4g? I been looking for a guide and couldnt find one to root this. Someone point me to the right direction please?
Phone: T-Mobile Samsung Galaxy S4 White (Rooted & Sim Unlocked)
Rom: Dandroid's 4.4 Google Edition Rom
Kernel: KT Kernel

Samsung Galaxy Gear Watch (Rooted)
Rom: Null_ Rom
Kernel: Stock
 
dagentooboy
Old
#10  
dagentooboy's Avatar
Senior Member - OP
Thanks Meter 134
Posts: 516
Join Date: Feb 2008
Location: Kansas
What I did is just follow the instructions in the Overcome rom except the "re-stocking" part. Mine is running Overcome with no problems so far.
S4 Proximity Sensor Calibration Guide here

Free Unlock For
Samsung Galaxy S variant here
Samsung Galaxy S 4G here
Galaxy Tab here

If you find my guide or advice helpful please donate

S4 Proximity Sensor Calibration App here

In a world without walls and fences who needs Windows and Gates?

The Following User Says Thank You to dagentooboy For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes