Unlock your Samsung i5500 (Where is my /efs?) [UPDATE]

Search This thread
By:
Advanced…
B

BlocK240

Senior Member
Mar 17, 2011
51
3
Stop mucking around with random commands and read more carefully, it's /dev/block/stl5 , not /dev/stl5 . I have no idea if /dev/stl5 even exists, and if it does I'd rather not touch it even with a 2 meters pole.


s2003r said:
Thanks for your reply.
i've seen your thread :
http://xdaforums.com/showpost.php?p=12772293&postcount=174

maybe you could give us the steps taken by you ?

I've also checked :
http://xdaforums.com/showpost.php?p=12688230&postcount=156
did google translate but it did very poor translation.
question:
Code: 
dd if=/dev/block/stl5 of=/sdcard/stl5.rfs
dd if=/sdcard/stl5.rfs of=/dev/block/stl5
is that a copy from the phone to sd and then back ... what for ? as i understand it should be enough to make a copy of stl5 on sd then analyse it in hex for unlock code.

thanks
Click to expand...
Click to collapse

I have no idea if the Ace presents the same symptoms as the i5500, but our phone corrupts the efs once it is copied but will work just fine after being copied back.
Using dd from recovery mode should theoretically not require the second command, but I'd rather keep it there for safety purposes.
As I've said, using dd in recovery mode did NOT damage the phone in any possible way, so that is the safest bet.

As for mounting the SD card, search around. I'm afraid this thread is not a tutorial on how to partition and mount a SD card.
 
motafoca

motafoca

Senior Member
Dec 3, 2010
107
132
Sao Paulo
madteam.co
Tip for those with still bootable phone but have efs+backup

Mount the backup, format efs using fat and
Copy the files 1 by 1
I did that once and it worked
I bricked my phone during copying the files it rebooted
lol

Still trying odin stuff
 
B

BlocK240

Senior Member
Mar 17, 2011
51
3
mihaivt said:
1) 23 is hex for 35. I do not know whether in ops file need to have dec or hex. Benjamin suggest dec(35). Maybe somebody with a bricked phone should try first. My phone can still boot :). And using official froyo I5500OXFJPD.tar I can see I have WIFI again.

2) I will compare the 2 files attached by you with the ones in previosly stl5.rfs posted by other user. I want to know whether they are the same or are phone specific.
Anyway is another risc to mount /efs rw and overwrite the 2 files
Click to expand...
Click to collapse

2603 and 2635 are device specific.
 
P

psyke83

Inactive Recognized Developer
Mar 29, 2011
1,267
3,959
Look at our OPS file:
Code: 
0,mibib
1,qcsbl
2,oemsbl
3,amss
4,arm11boot
5,boot
6,recovery
7,system
8,data
9,csc
10,

Look at the reconstructed OPS (from the nID values, decreased by 1 to match OPS structure):
Code: 
0,mibib
1,qcsbl
2,oemsbl
3,amss
4,fota
5,arm11boot
6,???
7,???
8,???
32,???
33,???
34,efs2
35,???

Ignoring the efs and unknown partitions, only the first four are in the correct order!

Let's make some (fairly solid) assumptions:
1. We cannot repartition our phone - the option doesn't exist in Odin v4.28).
2. It is possible to flash an EFS file (as Odin v4.28 specifically has an EFS button).
3. The OPS file structure does *not* match the structure reported by the Android kernel (from the "atag", "BIE: nPartition Information / nID" output seen in dmesg). See above for proof why this appears to be the case.

What do you think?
 
Last edited:
  • Like
Reactions: s2003r
P

psyke83

Inactive Recognized Developer
Mar 29, 2011
1,267
3,959
I've made "some" progress towards resolving the different positions reported by the kernel vs the positions in the OPS file.

Look again at this output (NOTE: I added comments to the end of the line to fill in what the partitions are - some are still speculated):
Code: 
[BIF: ] nPartition Information (nVol : 0)
nVer : 0x10000
00 / nID:0x01 / nAttr:0x00001012 / 1stVun: 0 / Units: 6 MIBIB
01 / nID:0x02 / nAttr:0x00001012 / 1stVun: 6 / Units: 2 QCSBL
02 / nID:0x03 / nAttr:0x00001012 / 1stVun: 8 / Units: 3 OEMSBL
03 / nID:0x04 / nAttr:0x00001012 / 1stVun: 11 / Units: 100 AMSS
04 / nID:0x23 / nAttr:0x00001101 / 1stVun: 111 / Units: 97 EFS2
05 / nID:0x25 / nAttr:0x00001101 / 1stVun: 208 / Units: 20 NV_BACKUP???
06 / nID:0x05 / nAttr:0x00001001 / 1stVun: 228 / Units: 100 FOTA????
07 / nID:0x06 / nAttr:0x00001012 / 1stVun: 328 / Units: 8 ARM11BOOT
08 / nID:0x07 / nAttr:0x00001012 / 1stVun: 336 / Units: 40 BOOT???
09 / nID:0x08 / nAttr:0x00001012 / 1stVun: 376 / Units: 40 RECOVERY???
10 / nID:0x09 / nAttr:0x00001012 / 1stVun: 416 / Units: 3 ???
11 / nID:0x21 / nAttr:0x00001101 / 1stVun: 419 / Units: 710 SYSTEM
12 / nID:0x22 / nAttr:0x00001101 / 1stVun: 1129 / Units: 775 DATA
13 / nID:0x24 / nAttr:0x00001101 / 1stVun: 1904 / Units: 100 CSC

Here's what I propose:
  • Odin's OPS file is not based on the nID alone.
  • Odin's OPS file is based on the grouping of the type of partition (nAttr) first, followed by the nID of the partitions only that fit in the current group, in alphanumeric order.
  • It appears that Odin flashes the partitions with nAttr 0x00001012, followed by 0x00001011.


I've come up with this so far (in brackets is the nAttr followed by the nID):

Code: 
0,mibib (1012, 0x01)
1,qcsbl (1012, 0x02)
2,oemsbl (1012, 0x03)
3,amss (1012, 0x04)
4,arm11boot (1012, 0x06)
5,boot (1012, 0x07)
6,recovery (1012, 0x08)
7,system (1101, 0x21)
8,data (1101, 0x22)
9,efs2 (1101, 0x23)
10,csc (1101, 0x24)
11,nv_backup (1101, 0x25)

The file doesn't seem right, but it's a hell of a lot better than before - only the CSC is out of place.

Problems:
1. I'm not sure about the boot, recovery, fota and nv_backup partitions - they're just semi-educated guesses.
2. I have no idea what partition nID 0x09 with nAttr 0x00001012 can be. It should be position 7 in the OPS file, but that's impossible as the system partition should be there. Perhaps Odin knows that it should be ignored?
3. The efs partition is now in the position where the csc previously was. I don't think this is right.
 
Last edited:
P

psyke83

Inactive Recognized Developer
Mar 29, 2011
1,267
3,959
Hmm, maybe my theories are all wrong :p

motafoca and I tested several combination (efs in positions 34,35, 23, 22). The fact is that Odin crashes if you try to flash anything above 10, so that's the limit. We tried to flash efs in positions 9 and 10 - no crash, but it didn't solve the problem. Finally, out of desperation we flashed the partition map that's encoded into the boot image:

The strings from the boot image (apparently): http://pastebin.com/BGgfRqVB

Code: 
0,mibib
1,qcsbl
2,oemsbl
3,amss
4,efs2
5,nv_backup
6,fota
7,arm11boot
8,boot
9,recovery
10,parameter
11,system
12,userdata
13,cache

That permanently killed his phone. It seems pretty clear that if you flash something besides arm11boot in slot 4, your phone won't even power on.
 
S

s2003r

Member
Apr 15, 2011
12
0
movieson.ru
subpsyke said:
PLEASE, read this thread fully. Hell, even the first post. Running the commands you quoted will brick your phone. Don't say you haven't been warned.
Click to expand...
Click to collapse

Hi,
Thanks for your reply
I did read this thread fully and understood that DD BRICKS the phone. No questions here.
Also there are beats and pieces stating that there is a safe way to read stl5 file using - su, but i couldn't find how.
what is clear here is that you need:
1. Rooted your phone
2. use adb
3. Do not use DD method on i5500
not sure what's next...

PS: i'm sorry for noob questions but thats what forums made for.. right ?? ask to be heard :)

BlocK240 said:
I have no idea if the Ace presents the same symptoms as the i5500, but our phone corrupts the efs once it is copied but will work just fine after being copied back.
Using dd from recovery mode should theoretically not require the second command, but I'd rather keep it there for safety purposes.
As I've said, using dd in recovery mode did NOT damage the phone in any possible way, so that is the safest bet.

As for mounting the SD card, search around. I'm afraid this thread is not a tutorial on how to partition and mount a SD card.
Click to expand...
Click to collapse

Thanks for reply BlocK240.
 
Last edited:
P

psyke83

Inactive Recognized Developer
Mar 29, 2011
1,267
3,959
s2003r said:
Hi,
Thanks for your reply
I did read this thread fully and understood that DD BRICKS the phone. No questions here.
Also there are beats and pieces stating that there is a safe way to read stl5 file using - su, but i couldn't find how.
what is clear here is that you need:
1. Rooted your phone
2. use adb
3. Do not use DD method on i5500
not sure what's next...
Click to expand...
Click to collapse

No, there is no safe way. It is not possible to read a block device (/dev/stl5 or any other) without using superuser (su) privileges anyway.

Oh, and /dev/stl5 is the same as /dev/block/stl5 - they're just symlinks.
 
  • Like
Reactions: s2003r
S

skippy__

New member
Mar 31, 2011
2
0
I had the misfortune of following the suggested commands (including the dd) and bricked my phone.
I'd really like to try again - but I don't think any solution has been found yet...

I don't know how the people unlock phones on the market... how do they do it? Does anyone know?
 
T

tweakradje

Senior Member
Mar 18, 2005
1,129
571
Android
sites.google.com
Redmi Note 8
Redmi 9 Power
Anyone tried unbricking with this: http://life4gadgets.com/2011/04/18/tutorial-unbrick-samsung-galaxy-i5500/

Dunno why it should work but it says it does.

Cheers

Strings containing efs found in amss:
Code: 
-> strings amss|find /i "efs"
EFS h
 efs_deltree () Failed
/.efs_private/iter/%08ld.lnk
/.efs_private/iter
Assertion efs_iter_callback != NULL failed
VP3: Nothing to store in EFS this session
MMGSDI: efs_read procedure failed
MMGSDI: efs_stat procedure failed
EFS File or Dir Not Found
gsdi_efs.c
MMGSDI: efs_mkdir procedure failed
efs_stat procedure success
MMGSDI: efs_stat procedure failed: %x
 efs_deltree () Failed
Assertion efs_iter_callback != NULL failed
OK IMEI EFS File Ready
Saving GPS-to-RTC offsets to EFS
MC_SlowClk: Write EFS file: %d
MC_SlowClk: Reading EFS file
LOC_MW:loc_pa_access_efs_data, ret_val = %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, unknown operation: %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, data size too large: %d > %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, filename is NULL
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, filename too long, len=%d, max=%
No Private keys  in the EFS,
secsslcert_init failed: No Keys/ in EFS
secsslcert_init failed: No cert/ in EFS
Num EFS Certs %d
fs_device_efs_flash.c
0:EFS2
EFS: Resultant filename is too long
MMGSDI: efs_stat failed on file "%s".
MMGSDI: efs_read failed.
MMGSDI: efs_write failed.
MMGSDI: efs_open Procedure Failed
MMGSDI: efs_write failed
MMGSDI: efs_write failed.
MMGSDI: efs_open failed.
MMGSDI: efs_stat failed.
NULL efs filename ptr
efs_close procedure failed 0x%x
fs_device_efs_flash.c
EFS init failed Error %d
AF_preset_coefs:%x
Writing PND Freq Bias Data to EFS
EFS: Loading SV No Exist List (%lX)
EFS: Loading SBAS Almanac (%d)
EFS: Loading Almanac (%d)
EFS: Loading SBAS Ephemeris (%d)
EFS: Loading Ephemeris (%d)
Invalid parameters when reading EFS record.
EFS DATABASE SYNC ERROR: ALMANAC
EFS: Loading Iono & UTC
EFS DATABASE SYNC ERROR: IONO / UTC
EFS DATABASE SYNC ERROR: IONO UTC
EFS DATABASE SYNC ERROR: POSITION
EFS DATABASE SYNC ERROR: SV HEALTH INFO
EFS DATABASE SYNC ERROR: EPHEMERIS
EFS DATABASE WRITE: XTRA ALM CORRECTIONS
EFS DATABASE SYNC ERROR: SV NO EXIST LIST
mgp_pe_efs.c
EFS: No Almanac available, so injecting default alm from ROM for SV %d, Week %d, ToA %d
EFS DATABASE SYNC ERROR: ALMANAC - Sv = %2d
EFS DATABASE SYNC ERROR: SBAS ALMANAC - Sv = %2d
EFS DATABASE SYNC ERROR: EPHEMERIS - Sv = %2d
EFS DATABASE SYNC ERROR: SBAS EPHEMERIS - Sv = %2d
EFS: Loading SV Health Page
Unable to get efs ram cache data pointer for almanac correction
Deleting existing %s, size %u in efs.  New File is %u bytes
EFS: Loading SBAS Canned SV List
refSID
refSeconds
UimEfsAPDULog.Txt
EFS LOGGED START(idx=%d, mask=0x%x)
EFS LOGGED END
gps_fs_task:%s EFS_PUT %lu  Error Code: %d
gps_fs_task: EFS_PUT: %s %lu  bytes written : %ld
Invalid EFS SBAS Canned List entry: SBAS PRN = %u, Valid = %u
SBAS_Steer: From EFS CANNED SV - %3d
EFS
ASSERT! efs_lseek() failed!
Read NV_SMS_BEARER_PREFS_I failed: %d
Write NV_SMS_BEARER_PREFS_I failed
Create dir in EFS
Create EFS Dir Failed: %d
efs_lstat error %d
Write to efs failed
Error removing file for EFSLog, or no old file to remove
EFS add failed with error %d.
PBM EFS delete failed with error %d.
Could not write to efs buffers.
pbmefs.c
PBM EFS wrile lock callback error Error %d
Failed NVIM EFS initialization
Assertion TRUE == info->efs_valid failed
/.efs_private/.rollback/%08lX.rbk
/.efs_private/.rollback
/.efs_private/.rollback/%s
hc_detect_RND_NBO( x, start_ref=%u, stop_ref=%u, numrefs=%u )
Matched IA using Request Refs
efs_estdio_init failed, efs_errno=%d.
@IPC Log : ss_qxdm_efs_log_replay_timer_set unset
ALM-ECEFsbasAlmanacSet
Param: GPSDIAG_PA_EFS_DATA
gpsdiag_PaEventsDispatchCb: PDSM_PA_EVENT_EFS_DATA received
create cert/ in EFS
secca_init failed: No cert/ in EFS
Num EFS CAs %d
EFS num CA [%d] is larger than allowed
No CA in the EFS, cannot verify certs
efs_estdio_init failed, efs_errno=%d.
NF: SFT RefSV: %2d RefTimeMs %10lu
15IxFileSystemEfs
Failed NVIM EFS initialization
MMGSDI - GSTK ADDITIONAL EFS READ DURING FCN
Maximum EFsmsp count = %d
EFsmsp PI mask has not SCA indicator!!!
There is no SCA mask in EFsmsp PI  : written to EFsmsp PI mask = %x
efs_open failed for %d errno = %d.
efs_open failed for %d errno=%d.
efs_open failed fd=%d errno=%d.
efs_open failed for fd=%d errno=%d.
efs_open failed errno=%d.
efs_close failed for %d errno = %d
efs_lseek failed for %d errno = %d
efs_stat failed errno = %d
efs_lseek failed for fd = %d errno=%d
efs_close failed for %d errno=%d
efs_lseek failed for %d errno=%d
efs_close failed fd=%d errno=%d
efs_read failed for fd=%d errno=%d
efs_close failed for fd=%d errno=%d
efs_write failed for fd=%d errno=%d
efs_read read wrong num of bytes=%d errno=%d
efs_write wrote wrong num of bytes=%d errno=%d
efs_close failed errno=%d
CELLDB EFS Record not available or cannot be trusted
CELLDB EFS WR: Size mismatch
TM_CORE EFS FILE RESP HANDLER result = %d
EFS File path was truncated.  Destination Length %u
TM_PDAPI: PDSM_PA_EFS_DATA: Null file name or file ptr
TM_PDAPI: PDSM_PA_EFS_DATA: Invalid directory file name,  file_operation %d, file len %d
../../modem/uim/mmgsdi/src/gsdi_efs.c
/.efs_private
/.efs_private/iter
EFS LOGGED END
[4]NLMS_preset_coefs : 0x%x
cakefSh
NV read for bearer prefs failed -- reset all to ALLOWED!!
Corrupt value? Resetting bearer_prefs[%d]=%d to WMS_BEARER_USAGE_ALLOWED(%d)
Assertion TRUE == info->efs_valid failed
MMGSDI: EFS PERSO_FILE MISSING
@IPC Log : ss_qxdm_read_item_from_efs(hndle_ss_ipc_log_reqply = NULL) failed!
@SS_QXDM : diagdiag_ss_qxdm_efs_replay_request()
@SS_QXDM : ss_qxdm_ram_to_efs(log_index =%d) Failed!(ss_qxdm_logging_enable = %d)
@LOG : ss_qxdm_ram_to_efs(log_index = %d, current_ram_cnt = %d)
alm-ecefSBASAlmanac
Sending EndOfModPrdInd refSFN %d start %d end %d
MCCH critInfo refSFN %d curSFN %d latestDRX_SFN %d DRX mode %d already passed
MC msg Delete Freq Bias from EFS rcvd
IxFileSystemEfs::Read returned %d
IxFileSystemEfs::ChMod returned %d
IxFileSystemEfs::Close returned %d
IxFileSystemEfs::Truncate returned %d
IxFileSystemEfs::FTruncate returned %d
IxFileSystemEfs::Write returned %d
IxFileSystemEfs::Initialize returned %d
IxFileSystemEfs::LSeek returned %d
IxFileSystemEfs::ReadLink returned %d
IxFileSystemEfs::SymLink returned %d
IxFileSystemEfs::Unlink returned %d
IxFileSystemEfs::Open returned %d
IxFileSystemEfs::ChOwn returned %d
IxFileSystemEfs::PowerDown returned %d
IxFileSystemEfs::ReadDir returned %d
IxFileSystemEfs::CloseDir returned %d
IxFileSystemEfs::MkDir returned %d
IxFileSystemEfs::RmDir returned %d
IxFileSystemEfs::OpenDir returned %d
IxFileSystemEfs::StatVfs returned %d
IxFileSystemEfs::FStatVfs returned %d
IxFileSystemEfs::Access returned %d
IxFileSystemEfs::Stat returned %d
IxFileSystemEfs::FStat returned %d
IxFileSystemEfs::LStat returned %d
IxFileSystemEfs::Mount returned %d
IxFileSystemEfs::Umount returned %d
IxFileSystemEfs::Remount returned %d
IxFileSystemEFS.cpp
and for string imei:
Code: 
-> strings amss|find /i "imei"
 .... IMEI
oemapi_imei_reboot_ind
Haven't Valid IMEI
oem_imeitool.c
valid_imei1:%d valid_imei2:%d
Need Creat IMEI File
Can't Creat IMEI File
mits/imeitool.txt
OK IMEI EFS File Ready
Assertion imei_ptr != NULL failed
Assertion imeisv != NULL failed
../../mits/oem/oem/oem_imeitool.c
oem_imeitool.c
Can't Creat IMEI File
hsu_conf_sel_nv_get_imei: Failed to read IMEI
*_esn_imei_read(): Couldn't read NV_ESN_I and NV_UE_IMEI_I from NV
IMEI length must be 8
Error=%d reading IMEI
Bad identity length=%d for IMEI
IMEI = %s, Key = %s
ui_ipc_imei_pre_config_cfrm result:
oemapi_imei_pre_config_cfrm result:
send IMEI Start Ind to PDA
Invalid IMEI
ui_ipc_imei_write_item_cnfm result:%d
ui_ipc_imei_start_cfrm result:%d
ui_ipc_imei_compare_ind
ui_ipc_imei_item_write_ind
ui_ipc_imei_check_ind
oemapi_imei_mass_storage_info_ind
oemapi_imei_mass_storage_file_number_ind
ui_ipc_imei_clear_reset_result_ind
ui_ipc_imei_pre_config_noti
ui_ipc_imei_update_item_noti
oemapi_imei_verify_compare_status_noti
oemapi_imei_compare_item_cfrm
oemapi_imei_mass_storage_info_cfrm
oemapi_imei_mass_storage_file_number_cfrm
oemapi_imei_verify_factory_reset_cfrm
oemapi_imei.c
IMEI :len:%d NUM item:%d
can't read imei file
oemapi_imei_verify_factory_reset_event
oemapi_imei_start_event
realTimeIntegrityRequested
IMEI
emergency call is restricted... imei_status .. %d
IMEI TLV Err: NULL
IMEISV TLV Err: NULL
** Packing imei
** Packing imeisv
IMEI:%s len:%d
Couldn't read IMEI
imei
rrc_CipheringModeInfo_rb_DL_CiphActivationTimeInfo_present not present
NV IMEISV_SVN %d > 98 using default value 0
Unable to read IMEI from NV
Assertion imei_ptr != NULL failed
Assertion imeisv != NULL failed
NVRead IMEI failed=%d, use default
NVRead IMEISV_SVN failed=%d, use default
Problem reading IMEI from NV
Invalid IMEI value from NV
IMEI not programmed in NV
oem_imeisec.c
imeisv_length = %d (10)
Invaild IMEISV, check IMEI in NV
imeisv_ascii[%d] = 0x%x
TransmissionTimeInterval
SFN-TimeInfo
DurationTimeInfo
RB-ActivationTimeInfo
IMEI-Digit
RB-ActivationTimeInfoList
MBMS-NetworkStandardTimeInformation-LCR-v890ext
UE-Positioning-GANSS-RealTimeIntegrity
PLCIRATWaitingForListSrchTimeInd
Failed to allocate memory for IMEI
 [1] READ IMEI
 IMEI :
 IMEI NOT ACTIVE
IMEI MATCHED
Failed to allocate memory for IMEI
IMEI not accepted
MMGSDI: Could not get IMEI
MMGSDI: PERSO: IMEI Does not match
PERSO: me_imei length is zero
../../mits/oem/oemapi/oemapi_imei.c
oemapi_imei.c
can't read imei file
IMEI Already exist Error !!
Bad IMEI: %d
IMEI Write command received
Error reading IMEI
IMEI TYPE is correct..%d
IMEI TYPE is not correct..%d
IMEI wrong size %d from ghdi
MMGSDI: PERSO: Could not get IMEI
MMGSDI: PERSO: IMEI is not set or improperly set
IPC_IMEI_PRE_CONFIG
IPC_IMEI_COMPARE_ITEM
IPC_IMEI_WRITE_ITEM
IPC_IMEI_CHECK_DEVICE_INFO
IPC_IMEI_MASS_STORAGE_INFO
IPC_IMEI_VERIFY_FACTORY_RESET
IPC_IMEI_REBOOT
IPC_IMEI_START
iMEI
mbmsNetworkStandardTimeInformation-LCR
gANSS-TimeId
ganssTimeId
gANSS-timeId
transmissionTimeInterval
sfn-TimeInfo
durationTimeInfo
rb-DL-CiphActivationTimeInfo
rb-UL-CiphActivationTimeInfo
timeInfo
realTimeIntegrityRequest
uePositioningGANSSRealTimeIntegrity
ganssRealTimeIntegrity
ue-positioning-GANSS-realTimeIntegrity
ue-positioning-GPS-Real-timeIntegrity
 
Last edited:
B

BlocK240

Senior Member
Mar 17, 2011
51
3
tweakradje said:
Anyone tried unbricking with this: http://life4gadgets.com/2011/04/18/tutorial-unbrick-samsung-galaxy-i5500/

Dunno why it should work but it says it does.

Cheers

Strings containing efs found in amss:
Code: 
-> strings amss|find /i "efs"
EFS h
 efs_deltree () Failed
/.efs_private/iter/%08ld.lnk
/.efs_private/iter
Assertion efs_iter_callback != NULL failed
VP3: Nothing to store in EFS this session
MMGSDI: efs_read procedure failed
MMGSDI: efs_stat procedure failed
EFS File or Dir Not Found
gsdi_efs.c
MMGSDI: efs_mkdir procedure failed
efs_stat procedure success
MMGSDI: efs_stat procedure failed: %x
 efs_deltree () Failed
Assertion efs_iter_callback != NULL failed
OK IMEI EFS File Ready
Saving GPS-to-RTC offsets to EFS
MC_SlowClk: Write EFS file: %d
MC_SlowClk: Reading EFS file
LOC_MW:loc_pa_access_efs_data, ret_val = %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, unknown operation: %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, data size too large: %d > %d
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, filename is NULL
LOC_MW ERROR:loc_pa_xlate_efs_data_from_locapi_to_pdapi, filename too long, len=%d, max=%
No Private keys  in the EFS,
secsslcert_init failed: No Keys/ in EFS
secsslcert_init failed: No cert/ in EFS
Num EFS Certs %d
fs_device_efs_flash.c
0:EFS2
EFS: Resultant filename is too long
MMGSDI: efs_stat failed on file "%s".
MMGSDI: efs_read failed.
MMGSDI: efs_write failed.
MMGSDI: efs_open Procedure Failed
MMGSDI: efs_write failed
MMGSDI: efs_write failed.
MMGSDI: efs_open failed.
MMGSDI: efs_stat failed.
NULL efs filename ptr
efs_close procedure failed 0x%x
fs_device_efs_flash.c
EFS init failed Error %d
AF_preset_coefs:%x
Writing PND Freq Bias Data to EFS
EFS: Loading SV No Exist List (%lX)
EFS: Loading SBAS Almanac (%d)
EFS: Loading Almanac (%d)
EFS: Loading SBAS Ephemeris (%d)
EFS: Loading Ephemeris (%d)
Invalid parameters when reading EFS record.
EFS DATABASE SYNC ERROR: ALMANAC
EFS: Loading Iono & UTC
EFS DATABASE SYNC ERROR: IONO / UTC
EFS DATABASE SYNC ERROR: IONO UTC
EFS DATABASE SYNC ERROR: POSITION
EFS DATABASE SYNC ERROR: SV HEALTH INFO
EFS DATABASE SYNC ERROR: EPHEMERIS
EFS DATABASE WRITE: XTRA ALM CORRECTIONS
EFS DATABASE SYNC ERROR: SV NO EXIST LIST
mgp_pe_efs.c
EFS: No Almanac available, so injecting default alm from ROM for SV %d, Week %d, ToA %d
EFS DATABASE SYNC ERROR: ALMANAC - Sv = %2d
EFS DATABASE SYNC ERROR: SBAS ALMANAC - Sv = %2d
EFS DATABASE SYNC ERROR: EPHEMERIS - Sv = %2d
EFS DATABASE SYNC ERROR: SBAS EPHEMERIS - Sv = %2d
EFS: Loading SV Health Page
Unable to get efs ram cache data pointer for almanac correction
Deleting existing %s, size %u in efs.  New File is %u bytes
EFS: Loading SBAS Canned SV List
refSID
refSeconds
UimEfsAPDULog.Txt
EFS LOGGED START(idx=%d, mask=0x%x)
EFS LOGGED END
gps_fs_task:%s EFS_PUT %lu  Error Code: %d
gps_fs_task: EFS_PUT: %s %lu  bytes written : %ld
Invalid EFS SBAS Canned List entry: SBAS PRN = %u, Valid = %u
SBAS_Steer: From EFS CANNED SV - %3d
EFS
ASSERT! efs_lseek() failed!
Read NV_SMS_BEARER_PREFS_I failed: %d
Write NV_SMS_BEARER_PREFS_I failed
Create dir in EFS
Create EFS Dir Failed: %d
efs_lstat error %d
Write to efs failed
Error removing file for EFSLog, or no old file to remove
EFS add failed with error %d.
PBM EFS delete failed with error %d.
Could not write to efs buffers.
pbmefs.c
PBM EFS wrile lock callback error Error %d
Failed NVIM EFS initialization
Assertion TRUE == info->efs_valid failed
/.efs_private/.rollback/%08lX.rbk
/.efs_private/.rollback
/.efs_private/.rollback/%s
hc_detect_RND_NBO( x, start_ref=%u, stop_ref=%u, numrefs=%u )
Matched IA using Request Refs
efs_estdio_init failed, efs_errno=%d.
@IPC Log : ss_qxdm_efs_log_replay_timer_set unset
ALM-ECEFsbasAlmanacSet
Param: GPSDIAG_PA_EFS_DATA
gpsdiag_PaEventsDispatchCb: PDSM_PA_EVENT_EFS_DATA received
create cert/ in EFS
secca_init failed: No cert/ in EFS
Num EFS CAs %d
EFS num CA [%d] is larger than allowed
No CA in the EFS, cannot verify certs
efs_estdio_init failed, efs_errno=%d.
NF: SFT RefSV: %2d RefTimeMs %10lu
15IxFileSystemEfs
Failed NVIM EFS initialization
MMGSDI - GSTK ADDITIONAL EFS READ DURING FCN
Maximum EFsmsp count = %d
EFsmsp PI mask has not SCA indicator!!!
There is no SCA mask in EFsmsp PI  : written to EFsmsp PI mask = %x
efs_open failed for %d errno = %d.
efs_open failed for %d errno=%d.
efs_open failed fd=%d errno=%d.
efs_open failed for fd=%d errno=%d.
efs_open failed errno=%d.
efs_close failed for %d errno = %d
efs_lseek failed for %d errno = %d
efs_stat failed errno = %d
efs_lseek failed for fd = %d errno=%d
efs_close failed for %d errno=%d
efs_lseek failed for %d errno=%d
efs_close failed fd=%d errno=%d
efs_read failed for fd=%d errno=%d
efs_close failed for fd=%d errno=%d
efs_write failed for fd=%d errno=%d
efs_read read wrong num of bytes=%d errno=%d
efs_write wrote wrong num of bytes=%d errno=%d
efs_close failed errno=%d
CELLDB EFS Record not available or cannot be trusted
CELLDB EFS WR: Size mismatch
TM_CORE EFS FILE RESP HANDLER result = %d
EFS File path was truncated.  Destination Length %u
TM_PDAPI: PDSM_PA_EFS_DATA: Null file name or file ptr
TM_PDAPI: PDSM_PA_EFS_DATA: Invalid directory file name,  file_operation %d, file len %d
../../modem/uim/mmgsdi/src/gsdi_efs.c
/.efs_private
/.efs_private/iter
EFS LOGGED END
[4]NLMS_preset_coefs : 0x%x
cakefSh
NV read for bearer prefs failed -- reset all to ALLOWED!!
Corrupt value? Resetting bearer_prefs[%d]=%d to WMS_BEARER_USAGE_ALLOWED(%d)
Assertion TRUE == info->efs_valid failed
MMGSDI: EFS PERSO_FILE MISSING
@IPC Log : ss_qxdm_read_item_from_efs(hndle_ss_ipc_log_reqply = NULL) failed!
@SS_QXDM : diagdiag_ss_qxdm_efs_replay_request()
@SS_QXDM : ss_qxdm_ram_to_efs(log_index =%d) Failed!(ss_qxdm_logging_enable = %d)
@LOG : ss_qxdm_ram_to_efs(log_index = %d, current_ram_cnt = %d)
alm-ecefSBASAlmanac
Sending EndOfModPrdInd refSFN %d start %d end %d
MCCH critInfo refSFN %d curSFN %d latestDRX_SFN %d DRX mode %d already passed
MC msg Delete Freq Bias from EFS rcvd
IxFileSystemEfs::Read returned %d
IxFileSystemEfs::ChMod returned %d
IxFileSystemEfs::Close returned %d
IxFileSystemEfs::Truncate returned %d
IxFileSystemEfs::FTruncate returned %d
IxFileSystemEfs::Write returned %d
IxFileSystemEfs::Initialize returned %d
IxFileSystemEfs::LSeek returned %d
IxFileSystemEfs::ReadLink returned %d
IxFileSystemEfs::SymLink returned %d
IxFileSystemEfs::Unlink returned %d
IxFileSystemEfs::Open returned %d
IxFileSystemEfs::ChOwn returned %d
IxFileSystemEfs::PowerDown returned %d
IxFileSystemEfs::ReadDir returned %d
IxFileSystemEfs::CloseDir returned %d
IxFileSystemEfs::MkDir returned %d
IxFileSystemEfs::RmDir returned %d
IxFileSystemEfs::OpenDir returned %d
IxFileSystemEfs::StatVfs returned %d
IxFileSystemEfs::FStatVfs returned %d
IxFileSystemEfs::Access returned %d
IxFileSystemEfs::Stat returned %d
IxFileSystemEfs::FStat returned %d
IxFileSystemEfs::LStat returned %d
IxFileSystemEfs::Mount returned %d
IxFileSystemEfs::Umount returned %d
IxFileSystemEfs::Remount returned %d
IxFileSystemEFS.cpp
and for string imei:
Code: 
-> strings amss|find /i "imei"
 .... IMEI
oemapi_imei_reboot_ind
Haven't Valid IMEI
oem_imeitool.c
valid_imei1:%d valid_imei2:%d
Need Creat IMEI File
Can't Creat IMEI File
mits/imeitool.txt
OK IMEI EFS File Ready
Assertion imei_ptr != NULL failed
Assertion imeisv != NULL failed
../../mits/oem/oem/oem_imeitool.c
oem_imeitool.c
Can't Creat IMEI File
hsu_conf_sel_nv_get_imei: Failed to read IMEI
*_esn_imei_read(): Couldn't read NV_ESN_I and NV_UE_IMEI_I from NV
IMEI length must be 8
Error=%d reading IMEI
Bad identity length=%d for IMEI
IMEI = %s, Key = %s
ui_ipc_imei_pre_config_cfrm result:
oemapi_imei_pre_config_cfrm result:
send IMEI Start Ind to PDA
Invalid IMEI
ui_ipc_imei_write_item_cnfm result:%d
ui_ipc_imei_start_cfrm result:%d
ui_ipc_imei_compare_ind
ui_ipc_imei_item_write_ind
ui_ipc_imei_check_ind
oemapi_imei_mass_storage_info_ind
oemapi_imei_mass_storage_file_number_ind
ui_ipc_imei_clear_reset_result_ind
ui_ipc_imei_pre_config_noti
ui_ipc_imei_update_item_noti
oemapi_imei_verify_compare_status_noti
oemapi_imei_compare_item_cfrm
oemapi_imei_mass_storage_info_cfrm
oemapi_imei_mass_storage_file_number_cfrm
oemapi_imei_verify_factory_reset_cfrm
oemapi_imei.c
IMEI :len:%d NUM item:%d
can't read imei file
oemapi_imei_verify_factory_reset_event
oemapi_imei_start_event
realTimeIntegrityRequested
IMEI
emergency call is restricted... imei_status .. %d
IMEI TLV Err: NULL
IMEISV TLV Err: NULL
** Packing imei
** Packing imeisv
IMEI:%s len:%d
Couldn't read IMEI
imei
rrc_CipheringModeInfo_rb_DL_CiphActivationTimeInfo_present not present
NV IMEISV_SVN %d > 98 using default value 0
Unable to read IMEI from NV
Assertion imei_ptr != NULL failed
Assertion imeisv != NULL failed
NVRead IMEI failed=%d, use default
NVRead IMEISV_SVN failed=%d, use default
Problem reading IMEI from NV
Invalid IMEI value from NV
IMEI not programmed in NV
oem_imeisec.c
imeisv_length = %d (10)
Invaild IMEISV, check IMEI in NV
imeisv_ascii[%d] = 0x%x
TransmissionTimeInterval
SFN-TimeInfo
DurationTimeInfo
RB-ActivationTimeInfo
IMEI-Digit
RB-ActivationTimeInfoList
MBMS-NetworkStandardTimeInformation-LCR-v890ext
UE-Positioning-GANSS-RealTimeIntegrity
PLCIRATWaitingForListSrchTimeInd
Failed to allocate memory for IMEI
 [1] READ IMEI
 IMEI :
 IMEI NOT ACTIVE
IMEI MATCHED
Failed to allocate memory for IMEI
IMEI not accepted
MMGSDI: Could not get IMEI
MMGSDI: PERSO: IMEI Does not match
PERSO: me_imei length is zero
../../mits/oem/oemapi/oemapi_imei.c
oemapi_imei.c
can't read imei file
IMEI Already exist Error !!
Bad IMEI: %d
IMEI Write command received
Error reading IMEI
IMEI TYPE is correct..%d
IMEI TYPE is not correct..%d
IMEI wrong size %d from ghdi
MMGSDI: PERSO: Could not get IMEI
MMGSDI: PERSO: IMEI is not set or improperly set
IPC_IMEI_PRE_CONFIG
IPC_IMEI_COMPARE_ITEM
IPC_IMEI_WRITE_ITEM
IPC_IMEI_CHECK_DEVICE_INFO
IPC_IMEI_MASS_STORAGE_INFO
IPC_IMEI_VERIFY_FACTORY_RESET
IPC_IMEI_REBOOT
IPC_IMEI_START
iMEI
mbmsNetworkStandardTimeInformation-LCR
gANSS-TimeId
ganssTimeId
gANSS-timeId
transmissionTimeInterval
sfn-TimeInfo
durationTimeInfo
rb-DL-CiphActivationTimeInfo
rb-UL-CiphActivationTimeInfo
timeInfo
realTimeIntegrityRequest
uePositioningGANSSRealTimeIntegrity
ganssRealTimeIntegrity
ue-positioning-GANSS-realTimeIntegrity
ue-positioning-GPS-Real-timeIntegrity
Click to expand...
Click to collapse

It's been stated in the comments by the one who posted that tutorial that it does not work.
 
P

psyke83

Inactive Recognized Developer
Mar 29, 2011
1,267
3,959
skippy__ said:
I had the misfortune of following the suggested commands (including the dd) and bricked my phone.
I'd really like to try again - but I don't think any solution has been found yet...

I don't know how the people unlock phones on the market... how do they do it? Does anyone know?
Click to expand...
Click to collapse

They use those "GSM boxes" that have specialized hardware/cabling. I have no idea how it really works, though.

I got my phone unlocked in a shop with one of these devices for 10 euro.
 
M

marcelorider

Member
Apr 13, 2011
25
0
well mine went to service because i don't have STL5 block backed up, and the far i went is just a simply other user's imei...
The phone wasn't mine, was from my father and yeah, really sucks when you don't have phone ^.^

So it went to Service, next time i know i have to do a Backup from it, i just ask you guys to simply tell how to connect ADB on recovery mode, or how do you get to it?
Is recovery mode the "Download Mode"?
Well, just some questions i should have made before :D
 
B

BlocK240

Senior Member
Mar 17, 2011
51
3
marcelorider said:
well mine went to service because i don't have STL5 block backed up, and the far i went is just a simply other user's imei...
The phone wasn't mine, was from my father and yeah, really sucks when you don't have phone ^.^

So it went to Service, next time i know i have to do a Backup from it, i just ask you guys to simply tell how to connect ADB on recovery mode, or how do you get to it?
Is recovery mode the "Download Mode"?
Well, just some questions i should have made before :D
Click to expand...
Click to collapse

Code: 
adb reboot recovery

The command that needs to be issued to send the phone to recovery mode.
 
C

catallin

New member
Apr 12, 2011
3
0
Hello guys, thanks for the useful info. I read the whole thread. The thing is that I have a samsung gt-s5570 and I don't know if the instructions here (although they are dangerous from what I can see) will work for me. What do you think, should I try to do this? Is there another unlock solution for my phone? (except imei based). From what I understand I have to put my phone in recovery, mount sd card (this I don't know how to do it) and after that run the dd command. Am I correct?
 
T

tweakradje

Senior Member
Mar 18, 2005
1,129
571
Android
sites.google.com
Redmi Note 8
Redmi 9 Power
This method from first page works 100% (done it a few times)

Code: 
- root your phone
- adb shell
- su
- cd /
- mount root rw (did it with root explorer) or use command mount -o remount,rw /
- mkdir /efs
- mount -o nosuid,ro,nodev -t vfat /dev/block/stl5 /efs
(from another phone /etc/fstab says: mount rfs /dev/block/stl5 /efs nosuid nodev check=no)
- cat /efs/mits/perso.txt
- umount /efs
- reboot

Cheers
 
C

catallin

New member
Apr 12, 2011
3
0
Thank you tweakradje for your reply. I'm struggling for 3 days now with this and only now I realized that I have a big big yet simple mistake - instead of stl5 I always tried st15 (when you wrap "code" you can see how similar L is with 1). Although I read the whole thread and with one or two occasions somebody made this difference but I guess it was too late for me to process :) Thanks once again guys, you are great!

PS: the initial reply I was willing to give you was that the command mount rfs /dev/block/stl5 fail for me and suddenly I realized the mistake I was doing. After that the code simply was there for me to note it in the cmd window. I'm so excited now!
 
D

dabigserver

Member
May 6, 2011
14
2
tweakradje said:
You will see some numbers: In my case 20404 for Vodafone NL.
Then you will see your SP unlock code followed by some 000000000 codes and another
code. Write the first one (and second just in case) down.

Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

Cheers
Click to expand...
Click to collapse

HELP!!!! since i did this, i got no signal service, when i attempt to connect to a network a message comes like "Error while searching for networks"!!!! :'( what happened? how can i solve it? ='( i cant even enter in service mode!!! when i write *#06# doesnt show not even the imei!!!!!!
 
Last edited:
A

alienvirus

Member
May 6, 2011
9
0
Thanks for clear instructions tweakradje, however, when I run through the safe method everything goes well except that I only get "01234567s" instead of the unlock code. Any suggestions for me? I'm running I5500MUGJJ7 baseband version. Thanks again in advance.
 
You must log in or register to reply here.

Similar threads

Anzil R
  • Locked
  • Poll
[CLOSED][Updated 11/9/2019] [UNLOCK] [NETWORK] [CARRIER] any samsung device with Samsung Tool
Replies
228
Views
296K
SacredDeviL666
SacredDeviL666
K
Support List of KingRoot [Samsung]
Replies
284
Views
937K
Tousifmeer
Tousifmeer
tdunham
[Guides & Links] TOUCHWIZ UNIFIED MODS THREAD
Replies
12K
Views
2M
J
josephpatrick
K
Samsung Rugby Pro (SGH-I547) Super Thread
Replies
1K
Views
355K
Largen
Largen
ronbo76
  • Poll
Safe mode in Android - what to do if you see that label on your screen
Replies
14
Views
581K
E
eye.wander

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 51
    T
    tweakradje
    New method with /dev/bml5

    EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

    Note: first check if your phone is locked at all. Obvious, but some forget it.
    Goto dialer and type: *#7465625#

    Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

    Just found another way of doing it ;) Someone needs to do it. Thanks.

    In a DOS box (phone does! need to be routed)

    See for temporary rooting EDIT2 below!

    - adb shell
    - su
    - cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
    - exit (2x)
    - adb pull /sdcard/bml5.img
    - now open in hex editor on PC (like xvi32)
    - find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)
    - my unlock code is at #1282C0A
    - put locked sim in phone, boot and enter code from above :)

    I did reboot twice without any problems. Also checked other bml5 images found on xda.
    All have the unlock code in it !!! If your phone is not SP locked you will have 000000
    instead of provider code in the same block.

    That is perso.txt but 00 are FF.
    In perso.txt from stl5:
    Code: 
    00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    In bml5.img
    Code: 
    FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
    30 30 ?

    EDIT: find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)

    Let me know.

    Cheers

    EDIT:
    The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
    VFAT. Only by stl5 device. But that is dangerous as we have seen before.
    You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
    Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
    So for now you have to do with the FSR_STL file and search in it for your unlock code.
    More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

    EDIT2:
    For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
    - download RageAndAdb.zip from attachement and unpack
    - put rageagainstthecage ELF executable in user writeable part of your phone:
    1) adb push rageagainstthecage /data/local/tmp
    2) adb shell
    3) cd /data/local/tmp
    4) chmod 777 rageagainstthecage
    5) ./rageagainstthecage
    - back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
    - start adb shell again
    - now you are superuser on your phone ;)
    - continue with bml5 dump as written above
    Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
    View
    8
    T
    tweakradje
    SP unlock your i5500 (probably more)

    EDIT: Phones has been bricked with this stl5 method. Do use supersafe bml5 method.
    http://xdaforums.com/showpost.php?p=17148825&postcount=334

    Since I can't give up on this one I digged a little further into my i5500 memory.

    Guess what? I f.ckin did it. Big hoora. I'am good I know ;) Thank you!

    Code: 
    - root your phone
- adb shell
- su
- cd /
- mount -o remount,rw -t rootfs rootfs / (or do it before adb with root explorer)
- mkdir /efs
- mount -o nosuid,ro,nodev -t vfat /dev/block/stl5 /efs
- cat /efs/mits/perso.txt
- umount /efs
- reboot

    EDIT: stl5 is es-tee-el-five (like STL5)

    EDIT: /efs on the Galaxy the /etc/fstab says: mount rfs /dev/block/stl5 /efs nosuid nodev check=no

    You will see some numbers: In my case 20404 for Vodafone NL.
    Then you will see your SP unlock code followed by some 000000000 codes and another
    code. Write the first one (and second just in case) down.

    Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

    Cheers

    EDIT:
    Rooting: http://blog.23corner.com/2010/08/30/universal-androot-1-6-2-beta-5/
    Rooting newer roms: http://xdaforums.com/showthread.php?t=803682. Need reboot after.
    Adb and USB drivers: see attachement

    EDIT: possible fix for bad imei after doing above procedure:
    http://xdaforums.com/showpost.php?p=15408191&postcount=4

    EDIT: nice tutorial for my method - http://xdaforums.com/showthread.php?p=16597429
    View
    7
    T
    tweakradje
    ALL PHONES HAVE BEEN BRICKED USING THE DD METHOD, SOME WITH STL5 METHOD, NONE WITH BML5 METHOD

    EDIT 22 apr 2013: use stock ROM, Helroz made this on the appstore. If you have newer Galaxy try this from Doky

    EDIT 7 nov 2011: BML5 method guide: http://xdaforums.com/showthread.php?t=1335548

    EDIT 10 oct 2011: Relock experience?: http://xdaforums.com/showpost.php?p=18294355&postcount=421

    EDIT 31 aug 2011: Now Supersafe (BML5) method: http://xdaforums.com/showpost.php?p=17148825&postcount=334

    EDIT 18 march 2011: Unsafe (STL5) method: http://xdaforums.com/showpost.php?p=12099386&postcount=6


    !!! THIS IS STILL EXPERIMENTAL !!! (OLD STUFF, please disregard)

    Before you do anything read the whole thread. It is still unclear why some phones were bricked
    ----------------------------------------------------------------------------

    Hi, Can anyone help me with this question? I have never had the original SIM card in it. Does that help?

    Finally i have I5500XWJJ6 rom installed, rooted the phone and used "adb shell su" to get into the shell. Now I cannot find the /efs file system? Why not?
    I am looking for the nv_data.bin :)

    Did something change with the newer firmwares?

    Read somewhere that it is /dev/bml11
    I copied it with dd if=/dev/bml11 of=/sdcard/bml11.img Then it only shows SER in the editor.

    With getprop I get (some numbers are deleted for privacy :) what can be set with setprop?
    Code: 
    # getprop
getprop
[ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
[ro.serialno]: []
[ro.bootmode]: [unknown]
[ro.baseband]: [unknown]
[ro.carrier]: [unknown]
[ro.bootloader]: [unknown]
[ro.hardware]: [GT-I5500]
[ro.revision]: [0]
[ro.emmc]: [0]
[wifi.interface]: [wlan0]
[ro.build.id]: [ERE27]
[ro.build.display.id]: [ERE27]
[ro.build.version.incremental]: [XWJJ6]
[ro.build.version.sdk]: [7]
[ro.build.version.codename]: [REL]
[ro.build.version.release]: [2.1-update1]
[ro.build.date]: [Thu Oct 21 18:41:03 KST 2010]
[ro.build.date.utc]: [1287654063]
[ro.build.type]: [user]
[ro.build.user]: [root]
[ro.build.host]: [SE-S611]
[ro.build.tags]: [test-keys]
[ro.product.model]: [GT-I5500]
[ro.product.brand]: [Samsung]
[ro.product.name]: [GT-I5500]
[ro.product.device]: [GT-I5500]
[ro.product.board]: [GT-I5500]
[ro.product.cpu.abi]: [armeabi]
[ro.product.manufacturer]: [Samsung]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [GB]
[ro.wifi.channels]: []
[ro.board.platform]: [msm7k]
[ro.build.PDA]: [I5500XWJJ6]
[ro.build.hidden_ver]: [I5500XWJJ6]
[ro.build.changelist]: [650697]
[ro.build.product]: [GT-I5500]
[ro.build.description]: [GT-I5500-user 2.1-update1 ERE27 XWJJ6 release-keys]
[ro.build.fingerprint]: [Samsung/GT-I5500/GT-I5500/GT-I5500:2.1-update1/ERE27/XWJJ6:user/release-keys]
[rild.libpath]: [/system/lib/libsec-ril.so]
[rild.libargs]: [-d /dev/smd0]
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[DEVICE_PROVISIONED]: [1]
[debug.sf.hw]: [0]
[ro.sf.lcd_density]: [120]
[dalvik.vm.heapsize]: [24m]
[ro.url.legal]: [http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html]
[ro.url.legal.android_privacy]: [http://www.google.com/intl/%s/mobile/android/basic/privacy.html]
[ro.com.google.locationfeatures]: [1]
[ro.setupwizard.mode]: [DISABLED]
[ro.com.google.gmsversion]: [2.1_r10]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.opengles.version]: [131072]
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[ro.config.sync]: [yes]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[ro.com.google.clientidbase]: [android-samsung]
[ro.com.google.clientidbase.yt]: [android-samsung]
[ro.com.google.clientidbase.am]: [android-samsung]
[ro.com.google.clientidbase.vs]: [android-samsung]
[ro.com.google.clientidbase.gmm]: [android-samsung]
[ro.csc.homescreen.defaultscreen]: [0]
[ro.csc.homescreen.screencount]: [7]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.ringtone]: [Club_Cubano.ogg]
[persist.sys.country]: [NL]
[persist.sys.localevar]: []
[persist.sys.timezone]: [Europe/Amsterdam]
[persist.sys.language]: [nl]
[audioflinger.bootsnd]: [0]
[ro.FOREGROUND_APP_ADJ]: [0]
[ro.VISIBLE_APP_ADJ]: [1]
[ro.SECONDARY_SERVER_ADJ]: [2]
[ro.BACKUP_APP_ADJ]: [2]
[ro.HOME_APP_ADJ]: [4]
[ro.HIDDEN_APP_MIN_ADJ]: [7]
[ro.CONTENT_PROVIDER_ADJ]: [14]
[ro.EMPTY_APP_ADJ]: [15]
[ro.FOREGROUND_APP_MEM]: [1536]
[ro.VISIBLE_APP_MEM]: [2048]
[ro.SECONDARY_SERVER_MEM]: [4096]
[ro.BACKUP_APP_MEM]: [4096]
[ro.HOME_APP_MEM]: [4096]
[ro.HIDDEN_APP_MEM]: [5120]
[ro.CONTENT_PROVIDER_MEM]: [6144]
[ro.EMPTY_APP_MEM]: [8960]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [4095,87380,110208,4096,16384,110208]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[init.svc.playlogo]: [stopped]
[init.svc.servicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.debuggerd]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.DR-daemon]: [running]
[init.svc.mobex-daemon]: [running]
[init.svc.cnd]: [restarting]
[init.svc.zygote]: [running]
[init.svc.media]: [running]
[init.svc.dbus]: [running]
[init.svc.wlan_tool]: [stopped]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.memsicd]: [stopped]
[init.svc.adbd]: [running]
[wlan.driver.status]: [ok]
[ril.dataoff_nwk_op]: [false]
[ro.csc.country_code]: [Russia]
[ro.csc.sales_code]: [SER]
[ril.ICC_TYPE]: [2]
[ril.rildReset]: [1]
[debug.sf.nobootanimation]: [0]
[EXTERNAL_STORAGE_STATE]: [mounted]
[init.svc.bootanim]: [stopped]
[ril.lac]: [0066]
[ril.cid]: [02bd45d9]
[hw.keyboards.65537.devname]: [europa_keypad0]
[hw.keyboards.0.devname]: [europa_headset]
[sys.settings_secure_version]: [10]
[init.svc.wpa_supplicant]: [running]
[sys.settings_system_version]: [41]
[dev.bootcomplete]: [1]
[dhcp.wlan0.result]: [ok]
[init.svc.dhcpcd]: [running]
[dhcp.wlan0.pid]: [18943]
[ro.runtime.started]: [1288831305799]
[dhcp.wlan0.reason]: [BOUND]
[gsm.version.ril-impl]: [Samsung RIL(IPC) v2.0]
[dhcp.wlan0.dns1]: [192.168.1.254]
[dhcp.wlan0.dns2]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.eons.name]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED]
[gsm.current.phone-type]: [1]
[dhcp.wlan0.ipaddress]: [192.168.1.94]
[dhcp.wlan0.gateway]: [192.168.1.254]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.server]: [192.168.1.254]
[net.dns1]: [192.168.1.254]
[net.dnschange]: [39]
[ril.prl_num]: [0]
[ril.sw_ver]: [I5500XWJG3]
[ril.hw_ver]: [MP 0.700]
[ril.rfcal_date]: [2010.09.18]
[ril.product_code]: [GT-I5500YKAVDP]
[ril.model_id]: []
[ril.bt_macaddr]: [101DC0D3380F]
[ril.wifi_macaddr]: [10:1D:C0:D3:38:10]
[ril.IMEI]: [.........263228]
[gsm.wifiConnected.active]: [true]
[dev.bootdone]: [1]
[init.svc.qcom-post-boot]: [stopped]
[gsm.version.baseband]: [I5500XWJG3]
[gsm.STK_SETUP_MENU]: [Fun & info]
[gsm.STK_USER_SESSION]: [0]
[ril.ecclist]: [112,911,112,911]
[gsm.network.type]: [UMTS]
[gsm.operator.alpha]: []
[gsm.operator.numeric]: [20404]
[gsm.operator.iso-country]: [nl]
[gsm.operator.isroaming]: [false]
[ril.rildSerial]: [..........g4kzu1ox]

    [gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED] is what I don't want to see :)

    Mount table:
    Code: 
    # mount
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/stl14 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl13 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl12 /system rfs ro,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0602,allow_utime=0020,codepage=cp437,iocharset=is
o8859-1,shortname=mixed,utf8 0 0

    Already looked in /init.rc for some efs reference but not found.

    Should I look into the ril app for some refrences to efs?

    Cheers

    EDIT1: Already got more http://forum.samdroid.net/f28/complete-imei-restore-how-1817/#post28598
    View
    3
    H
    hexio
    The bml5 method worked like a charm here. I'm writing to confirm it because the stl5 method bricked my first phone, which needed to be replaced, but with this new method everything went fine and I could unlock my (new) phone.

    I used a slight variation to the methods explained here that might be of use to other Linux users like myself, so I'll explain it here. But all the credit goes to tweakradje, of course. Many thanks! :)

    Phone details: Galaxy Europa (i5500) with stock Android 2.2 purchased recently.
    PC details: Laptop with Ubuntu 11.04
    Connection details: Standard wireless connection (wifi)

    Steps:

    1) Root the phone: I used Universal Androot
    2) Install a SSH server from the market. I installed SSHDroid which is free (with ads)
    3) Turn the phone into flight mode (not sure if necessary but I did it)
    4) Turn on the ssh daemon with SSHDroid, allow root permissions.
    5) Turn the wireless connection on and connect to the router, note the access details.

    Now in the computer, connected to the same router.

    6) Open a terminal, connect to the phone through SSH as root.
    7) Once connected, run the command: cat /dev/bml5 > /sdcard/bml5.img
    8) Copy the file to the computer. I used scp (copy over ssh) but any other method is good.
    9) Use vi to view the file in the laptop.
    10) Change to hexadecimal mode by pressing ESC :%!xxd
    11) Press / and then enter the pattern ffff ffff ffff 3030 3030 3030

    The code is there (8 digits) followed by 3 other sets of zeros.

    Good luck!
    View
    2
    T
    tweakradje
    WARNING

    Strange and sounds dangerous. Better not mount /dev/block/stl5 then and
    use dd if=/dev/block/stl5 of=/sdcard/stl5.rfs and use windows program winimage (or similar)
    to get the info from mits/perso.txt

    But did you unlock?

    Cheers
    View

New posts