[HOWTO] Software Unlock; How to unlock Bell Galaxy S Vibrant i9000M

---

Now that we have enough people with the new version on hand already.

It's time to setup this topic.

The aim obviously is to unlock this the Bell Galaxy S Vibrant i9000M

There are possibly 3 ways to go about this:
1. Software
2. Hardware
3. Pay $75 the carrier and get the unlock code after 60 days of purchase, or until some online unlockers gets the code, which ever first.
4. Pay $35 to rhcp0112345 for the hack unlock method
5. Self Hex Hack unlock method

Past experiences in the PalmOS world leads me to believe it should be possible to be unlocked via software/firmware, so rooting the phone will be the first thing to do

For hardware unlocking we'll be able to confirm once the iSim I've ordered arrives next week more or less

Bell will not provide the unlock code until their "exclusivity" expires which is roughly November, that's when Fido/Rogers will get their own locked version for sure.

So, I'm inviting any Android/Mobiles developers to pitch in with any ideas or if they know more or what to look for, change edit, hack replace, flash, etc.

That's why i bough this device, it'll be a guineapig to possibly find the software unlocking method (flashing a ROM count as software)

Stock Bell firmware:
PDA/Phone: i9000ugjg9
CSC: i9000bmcjg9

WARNING: for anyone reading this DO NOT use the firmwares for the USA Vibrant / Captive, the Bell Vibrant is closer to the i9000 than to the USA variants

- Update 1 -
Adding unlock bounty! it actually started on the SGS Captivate subforum http://forum.xda-developers.com/showthread.php?t=739201
Condition to hit the jackpot, it must be unlocked via software ROM flash, SPL, or something along the line.
Lets all pitch in to make it work for all the SGS phones.

List of members pledge & donation:
AllGamer paid "unlocked" via ismartsim then by SGUX
MKVFTW withdrawn he paid $75 to Bell way to get it unlocked
SS2006 $25 payment pending
decepticon paid unlocked by rhcp0112345
BA_Flash_GOD paid unlocked by rhcp0112345

- Update 2 -
rhcp0112345 found out how to hex hack unlock the phone, it requires a file dump and a $35 fee.

The bounty would still apply for anyone Developer able to release a ease to use software unlock for all XDA member at no charge, but if you can't wait you can go with rhcp0112345 solution or the self hack solution.

- update 3 - [BOUNTY] goes to
rhcp0112345 for finding the hack, and allowing rbnet.it and marcopon to create the SGUX tool for all of us.

Please donate to our XDA members that made it all possible for you.

AllGamer for jump-starting this project and providing the initial bounty, and for his regular contribution in the SGS forum
rhcp0112345 for finding the hack
rbnet.it & marcopon for the SGUX tool
DaGentooBoy for keeping the Unlock Guide updated with the latest changes

Step 1. root your phone

Bell's I9000M is slightly different than the regular I9000
most of the root methods mentioned on other topics will not work.
Even the 3 button recovery mode has been disabled

After some experimentation this is the working method
download the update.zip from this topic (Thanks to jentech)
http://ip208-100-42-21.static.xda-de...0&postcount=11

then you need to run adb devices to make sure your phone is listed

(ADB is part of Android SDK, download it from the source http://developer.android.com/sdk/index.html )

if you get something like

Code:

adb.exe devices
List of devices attached
900098c722a9    device

(if you run adb.exe devices and comes back with an empty list, then make sure you have set the phone into debugging mode Application > Settings > Development > USB Debugging)

then you are can execute
adb.exe reboot recovery

this will take you to the recovery screen

now if your device works with the Power + Volume Up + Home button, then you can skip that, however in my case the 3 button mode didn't work

select the update.zip with the volume up/down button, then hit home screen, it should say installing in yellow, then you are done, it reboots back to normal, and now you can install Busy Box


Step 2. Self Hex Hack unlock method
Once you are done Rooting the phone

1. Run ADB Devices on your PC
open CMD
change to your Android SDK folder
type ADB devices
hit Enter
it should show your phone listed
if not then check to make sure you have Enabled the USB debugging in Applications < Settings in your phone

2. Once successful with the above step
type ADB Shell
hit Enter
type SU
hit Enter
back on your phone screen you should see a pop up for "Superuser Permission" (try to keep your screen on, the timer automatically turns the screen off, you might miss the pop up message)
"grant it permission" to allow, else you will get a "permission denied"

3. back on the ADB shell
type cd /dev/block
hit Enter
type dd if=/dev/block/bml3 of=/sdcard/bml3.bak
hit Enter
you should get something like

Code:

20480+0 records in
20480+0 records out
10485760 bytes transferred in 0.826 secs (12694624 bytes/sec)

the bml3.bak file should now be at the root of your internal SD card

4. Unplug the USB cable from the phone
Disable the USB debugging in Applications < Settings

5. Plug the USB cable back to the phone
Use either Samsung Kies mode, or Mass Storage mode

6. Copy the bml3.bak file from the internal SD card to your working folder where you have downloaded SGUX2

7. Run CMD
CD (change directory ) to the folder where you have the files
execute/run sgux2.exe bml3.bak (assuming both files are in the same folder)

then you should get something like this

Code:

SGUX v0.92b (C) 2010 By Mark0 & rbnet
Samsung Galaxy Unlock code eXtractor
(based on info by rhcp0112345 & RazvanG)

Opening file <bml3.bak>...
Searching code block...
Found.
Searching codes...

Freeze code        : 98765432
Network Control Key: 12345678

8. power off your phone
9. power the phone back on
10. now enter the NCK (Network Control Key) code you found on step 2 part 7

It should say "Requesting network unlock"
followed by "Network unlock successful"

Done, enjoy your phone with your favorite network.




*** Alternative Unlock Methods ***

Hardware unlock method
Get an imartsim from ebay or deal extreme

Software unlock method
easier than ever please see guide for details
http://forum.xda-developers.com/showthread.php?t=761045


Bell unlock method
Call Bell convince them to unlock you, and Pay $75

Paid Hack unlock method

Quote:

Originally Posted by rhcp0112345

Guys.

If you cannot wait. I found an easier way for me to get the codes for you. And the file is 10MB. and if you zip prob smaller as hell.

Code:

adb shell
cd /dev/block
# dd if=/dev/block/bml3 of=/sdcard/bml3.bak
copy to computer / upload

Send me $35 USD to service@mrcellphoneunlocker.com

original topic link http://forum.xda-developers.com/show...&postcount=588

Well first thing is have you tried flashing a different MODEM file onto the phone using Odin?

I tired flashing Asian EU version of radio but no luck.
I believe simlock is something totally different,
I ended up using a sim adapter that was lying around for last 2 years.

Put the sim adapter along with my fido sim
settings, APN typein APN setting (internet.fido.ca)
3G is now active,
I can make calls and recieve calls.

EDIT:+++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++
http://www.dealextreme.com/
you can order any sim adapter, they all do the same thing.
+++++++++++++++++++++++++++++++
When you FLASH to JP3
don't flash the RADIO, (just flash PDA with 512)
I find RADIO FW on Stock BELL ROM works better than the one included in the JP3.
================================================== =====================
BTW you don't have Vibrant,
you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
================================================== =====================
Another weird thing I noticed,
the "download mode" for Odin (press vol down home pwr)
works on one of the phones only.
for the other phone, I had to plug in debugging mode and use "ADB reboot in recovery command.
================================================== ====================
I ended up exchanging my 2nd galaxy S, If you can't put your phone into ""download mode"
there's something wrong with your phone.
as far as the unlock sim goes, yes it's like a turbo sim, any adapter will do.
but the problem I noticed, 3G works great, I can make outgoing calls, BUT 1 out of 2 times, incoming call goes directly to my voicemail.
it's probably because of my sim not seen as fido sim on the network.
neways, I am going to try.
http://unlockgenie.com/ for factory unlock code.
they have the lowest price for bell unlock so far 26$
================================================== ==
I assembled one click solution for ADB , no need for command line,
double click the bat file while connected in DEBUG mode.
it's for those people who are having trouble getting into the download mode by pressing keys.

http://www.megaupload.com/?d=3H9UZNI4

you can also unlock it using SAMSUNG factory code.
you can get one code for around 25~30$ US

seeing that EU version of the froyo rom JP3
works fine with i9000m 3G
I'm guessing I am on NAM network. (despite the radio rom being EU version)

Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.

Quote:

Originally Posted by Benjamin Dobell

Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.

that's my plan, in the worse case scenario then we can de-brick and reload the original firmware that came with Bell

i'll be trying more stuff later today, still at work

Im looking into getting this phone as well... problem im not sure if the deving for the tmobile vibrant will transfer directly over to the bell galaxy s...

Anyone try rooting the bell one with the root out for that phone??

Edit: Nvm just saw that the root is for the i9000 :|

But still would the root for the tmobile version work on this and vice versa?

Subscribed. Going to follow this thread til DEATH. Now i need solution to buy one. Someone please find a vendor that ships to US.

Quote:

Originally Posted by leegoon84

you can also unlock it using SAMSUNG factory code.
you can get one code for around 25~30$ US

seeing that EU version of the froyo rom JP3
works fine with i9000m 3G
I'm guessing I am on NAM network. (despite the radio rom being EU version)

Which site can I pay & sim unlock it please?