Unlock your Samsung i5500 (Where is my /efs?) [UPDATE]

Search This thread
By:
Advanced…
Zero|Cool

Zero|Cool

Senior Member
May 23, 2008
264
8
Portugal
Guys I found a new method (easier, no need for ADB) based on this one!!!

Bear in mind that my phone is a galaxy gio s5660, stock rom 2.3.4 (samfirmware.com)

This is what I did:

-I rooted it using the method on the galaxy gio main page (update.zip)
-Market - Terminal Emulator
-Press power button for a while till the menu pops up. Select airplane mode
-Open Terminal and write "su". Then the superuser app asks to give access to superuser, you say YES and tick REMEMBER (very important!)
-Close the terminal using the back button
-Re-open terminal and write: "cat /dev/bml5>/sdcard/bml5.img"
-Then you see it laggin for 1 second (its the writing the bml5 to the sd card)
-Then when cursor appears write: "exit" (one time)
-Then exit the aplication on the back button
-Plug the phone via USB to the computer and activate usb storage. Copy the bml5.img on the root of your SD card to your desktop
-Unplug the phone, press power for a sec and deactivate airplane mode
-download xvi32 and open the bml5 file with it.
-click on the search menu (hex string,case sensitive, scope from begin) and enter the following string:

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30

-Then click search again but instead of scope from begin select scope from cursor
- scroll down a bit and you will see the 8 couples of numbers with your unlock code (last digit from pair corresponds to the code)
-Turn off the phone, put another network sim card and start it. Put the code when asked to
-YOU'RE DONE


Worked on 3 gio's, no problems, no hangs, no loops, imei mac and bluetooth all in place. Safe :):D
 
  • Like
Reactions: kicsrules and padre629
T

twoborg

Member
Jul 24, 2010
11
2
Hi,
I can only confirm the method.
Unlocked the phone within 3 mins, and after hours spent on thinking why do I get the "Premission denied" message in my PC CMD box.

I unlocked Galaxy Ace with Gingerbread 2.3.3.

and rooted with Universal_GB_ROOT.zip from this Thread
 
T

tkowalczuk

Member
Apr 16, 2008
7
0
Hi

I couldn't find this file - and at the end it was in /dev/block directory.

I'm looking it up and down but can't make any sense of it.

Can I upload it somewhere and ask You to have a look at it ?

Tom

tweakradje said:
Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse
 
Tobz

Tobz

Member
Jul 5, 2010
37
7
Canberra
ThinksAmoral said:
Yes! I just unlocked my Samsung using the supersafe method. :)

My bml5 file was in a separate 'block' folder.

I used Terminal Emulator to copy the file to my SD card:

Code: 
$ su
# cat /dev/block/bml5>/sdcard/bml5.img

The file was a little less than 25mb in size. I then used xlv32 to read the hex file, found the code by searching the hex posted. It started on line #11C1C0A.

So thank you OP for the working method. :D
Click to expand...
Click to collapse

YOU ARE A LIFE SAVER! Mine did the same thing and hid it in this additional folder, thank god i stumbled on your post.

Worked a treat from here.... I found mine on he 3rd search, first 2 were 1234567
 
nerdo

nerdo

Senior Member
Apr 11, 2008
494
113
BML5 method working on Samsung Galaxy Europa I5500

hexio said:
Steps:

1) Root the phone: I used Universal Androot
2) Install a SSH server from the market. I installed SSHDroid which is free (with ads)
3) Turn the phone into flight mode (not sure if necessary but I did it)
4) Turn on the ssh daemon with SSHDroid, allow root permissions.
5) Turn the wireless connection on and connect to the router, note the access details.

Now in the computer, connected to the same router.

6) Open a terminal, connect to the phone through SSH as root.
7) Once connected, run the command: cat /dev/bml5 > /sdcard/bml5.img
8) Copy the file to the computer. I used scp (copy over ssh) but any other method is good.
9) Use Vim to view the file in the laptop.
10) Change to hexadecimal mode by pressing ESC :%!xxd
11) Press / and then enter the pattern ffff ffff ffff 3030 3030 3030

The code is there (8 digits) followed by 3 other sets of zeros.

Good luck!
Click to expand...
Click to collapse

Thanks everyone
Just to confirm that bml5 worked for me on three I5500 phones
Rooted with SuperOneClick 2.1.1
Stuggled a bit with finding code, I recommend using Vim hex reader (dowload here)

Follow steps quoted above
can convert to hex view in Vim reader by choosing
Tools>Convert to HEX
wait for few seconds, when it is in HEX choose
Edit>Find and paste this ffff ffff ffff 3030 3030 3030
and your code is just nearby :D
 
A

art2111

Senior Member
Oct 23, 2011
195
26
need a help to unlock my virgin i5500

tweakradje said:
Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse

I followed it step by step with my i5500 (Virgin).
Had the following in my bml5.img after the second search for
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF, third search did not returned any results:

FF FF FF FF FF FF FF FF FF FF 30 31 32 33 34 35
36 37 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 31 32 33 34 35
36 37 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

So I assumed that my unlock code is 01234567.
But the code didn't work when I inserted a Rogers SIM into the phone.

Also was not able to find "FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30"

Please help .
 
Last edited:
Z

zliott

New member
Oct 24, 2011
4
0
Thanks tweakradje, I've worked out the unlock code for my Samsung Galaxy Ace S5830D using this method. There are multiple places in bml5 have the unlock code.

I see a lot of ppl have successfully unlocked their phone using the unlock code, but when I powered on my phone with an unsupported SIM, I got ""Enter Network Lock Control Key", entered #7465625*638*UnlockCODE#, then pressed the "unlock" button.

What I got was "network unlock request unsuccessful" msg. I double checked that the correct unlock code is used. Did I missing anything in the unlock steps ?

Is there any different unlock step for S5830D model (just got it two weeks ago) ?

I also tried *#7465625*638*UnlockCODE#, same result. I have tried total 4 times, not sure how many times I can try before the phone freeze

Thanks in advance for any tips.
 
Last edited:
A

art2111

Senior Member
Oct 23, 2011
195
26
that what I also had with my I5500M
tried to unlock using this 01234567 with a different SIM and it didn't work
search for FF FF FF FF 30 30 30 30 doesn't return anything
Please let me know about your progress
 
T

twoborg

Member
Jul 24, 2010
11
2
Hi,
did you enter the whole thing (*#7465625*638*UnlockCODE#) when asked to enter the code or just the 8 digit code ?

when you boot up your phone with another SIM, you only have to enter 8 digit number not the whole thing...

this "*#7465625*638*UnlockCODE#" String is used from dialpad to unlock you phone.
 
Z

zliott

New member
Oct 24, 2011
4
0
twoborg said:
Hi,
did you enter the whole thing (*#7465625*638*UnlockCODE#) when asked to enter the code or just the 8 digit code ?

when you boot up your phone with another SIM, you only have to enter 8 digit number not the whole thing...

this "*#7465625*638*UnlockCODE#" String is used from dialpad to unlock you phone.
Click to expand...
Click to collapse

Thanks !

I thought I need the whole thing, but the 8 digit code only worked.
 
N

necrosy

New member
Aug 26, 2011
4
0
Hello,
few days ago, I bougth second 3-branded i5500 and succesifully unlocked it via b* method.
Could anyone help me with making full backup of "3-logo" firmware from second phone to copy it to first one (also i publish it for all ppl who flashed their phones with gray firmwares be4 bricking its).

Cheers, Alexei.
 
A

AlonR

Member
Sep 30, 2008
19
1
Mexico City
Samsung ACE "hardlocked" ??

Hi,

I've performed all the above and got the 8 digits code (I assume :)

But when entering a foreign SIM, I get only the 'Dismiss' button, without a way to enter the unlock code.
Using the keypad (*#7465625*638*UnlockCODE#) didn't affect at all.

Any ideas what options do I have? Looking a round a bit I understood that this situation called "hardlocked" and I couldn't find a solution.

Thanks!

I'm using rooted Samsung ACE 2.3.4 with stock ROM from Telcel (Mexico)



Alon
 
I

isotske

Member
Oct 28, 2011
10
0
Confirm: Samsung Galaxy Mini (SG-S5570?)
Bml5 method worked, bml5 was found both in /dev/ and in /dev/block/
I took from second source, file was about 9MB, found unlock code twice, serached by pattern in quote, thank you.
tweakradje said:
Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?
Click to expand...
Click to collapse
Maybe later I will try to unlock Ace model.
 
K

kiewirevo

Senior Member
Jun 3, 2010
51
12
Santo-Domingo
what to do?

my friend has an ace too we got the code just fine but the problem is that the phone never asks to put in the code ????? what is wrong??? we do the *#7465625*638*UnlockCODE# method and it doesnt affect it either and it i=only displays that there is no network avaible?????? what to do?
 
S

Sichas

New member
Oct 30, 2011
1
0
for the ibml5 use FF FF FF FF FF FF FF FF 30 30 30 30 30 30 (x2) and code should be right above (just scroll 1 line up after the second search)
 
T

twoborg

Member
Jul 24, 2010
11
2
AlonR said:
Hi,

I've performed all the above and got the 8 digits code (I assume :)

But when entering a foreign SIM, I get only the 'Dismiss' button, without a way to enter the unlock code.
Using the keypad (*#7465625*638*UnlockCODE#) didn't affect at all.

Any ideas what options do I have? Looking a round a bit I understood that this situation called "hardlocked" and I couldn't find a solution.

Thanks!

I'm using rooted Samsung ACE 2.3.4 with stock ROM from Telcel (Mexico)



Alon
Click to expand...
Click to collapse

Hi,
See this:

*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock

from here : http://gleez.com/articles/did-you-know/samsung-secret-codes

I hope I helped
 
Last edited:
T

tehhoe

Senior Member
Feb 20, 2008
79
1
41
Bangor, N.Ireland
How do i start the /dev/bml5 process of?it start with "In a DOS box"

Am I missing something?

I have a rooted Ace and the SDK but not sure how to use it.

Cheers

Scott
 
T

twoborg

Member
Jul 24, 2010
11
2
No need for SDK,

Follow/Use the method from post #441.
Less complicated from the method that uses PC Box and ADB...
 
You must log in or register to reply here.

Similar threads

Anzil R
  • Locked
  • Poll
[CLOSED][Updated 11/9/2019] [UNLOCK] [NETWORK] [CARRIER] any samsung device with Samsung Tool
Replies
228
Views
297K
SacredDeviL666
SacredDeviL666
K
Support List of KingRoot [Samsung]
Replies
284
Views
937K
Tousifmeer
Tousifmeer
tdunham
[Guides & Links] TOUCHWIZ UNIFIED MODS THREAD
Replies
12K
Views
2M
J
josephpatrick
K
Samsung Rugby Pro (SGH-I547) Super Thread
Replies
1K
Views
355K
Largen
Largen
ronbo76
  • Poll
Safe mode in Android - what to do if you see that label on your screen
Replies
14
Views
581K
E
eye.wander

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 51
    T
    tweakradje
    New method with /dev/bml5

    EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

    Note: first check if your phone is locked at all. Obvious, but some forget it.
    Goto dialer and type: *#7465625#

    Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

    Just found another way of doing it ;) Someone needs to do it. Thanks.

    In a DOS box (phone does! need to be routed)

    See for temporary rooting EDIT2 below!

    - adb shell
    - su
    - cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
    - exit (2x)
    - adb pull /sdcard/bml5.img
    - now open in hex editor on PC (like xvi32)
    - find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)
    - my unlock code is at #1282C0A
    - put locked sim in phone, boot and enter code from above :)

    I did reboot twice without any problems. Also checked other bml5 images found on xda.
    All have the unlock code in it !!! If your phone is not SP locked you will have 000000
    instead of provider code in the same block.

    That is perso.txt but 00 are FF.
    In perso.txt from stl5:
    Code: 
    00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    In bml5.img
    Code: 
    FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
    30 30 ?

    EDIT: find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)

    Let me know.

    Cheers

    EDIT:
    The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
    VFAT. Only by stl5 device. But that is dangerous as we have seen before.
    You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
    Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
    So for now you have to do with the FSR_STL file and search in it for your unlock code.
    More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

    EDIT2:
    For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
    - download RageAndAdb.zip from attachement and unpack
    - put rageagainstthecage ELF executable in user writeable part of your phone:
    1) adb push rageagainstthecage /data/local/tmp
    2) adb shell
    3) cd /data/local/tmp
    4) chmod 777 rageagainstthecage
    5) ./rageagainstthecage
    - back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
    - start adb shell again
    - now you are superuser on your phone ;)
    - continue with bml5 dump as written above
    Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
    View
    8
    T
    tweakradje
    SP unlock your i5500 (probably more)

    EDIT: Phones has been bricked with this stl5 method. Do use supersafe bml5 method.
    http://xdaforums.com/showpost.php?p=17148825&postcount=334

    Since I can't give up on this one I digged a little further into my i5500 memory.

    Guess what? I f.ckin did it. Big hoora. I'am good I know ;) Thank you!

    Code: 
    - root your phone
- adb shell
- su
- cd /
- mount -o remount,rw -t rootfs rootfs / (or do it before adb with root explorer)
- mkdir /efs
- mount -o nosuid,ro,nodev -t vfat /dev/block/stl5 /efs
- cat /efs/mits/perso.txt
- umount /efs
- reboot

    EDIT: stl5 is es-tee-el-five (like STL5)

    EDIT: /efs on the Galaxy the /etc/fstab says: mount rfs /dev/block/stl5 /efs nosuid nodev check=no

    You will see some numbers: In my case 20404 for Vodafone NL.
    Then you will see your SP unlock code followed by some 000000000 codes and another
    code. Write the first one (and second just in case) down.

    Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

    Cheers

    EDIT:
    Rooting: http://blog.23corner.com/2010/08/30/universal-androot-1-6-2-beta-5/
    Rooting newer roms: http://xdaforums.com/showthread.php?t=803682. Need reboot after.
    Adb and USB drivers: see attachement

    EDIT: possible fix for bad imei after doing above procedure:
    http://xdaforums.com/showpost.php?p=15408191&postcount=4

    EDIT: nice tutorial for my method - http://xdaforums.com/showthread.php?p=16597429
    View
    7
    T
    tweakradje
    ALL PHONES HAVE BEEN BRICKED USING THE DD METHOD, SOME WITH STL5 METHOD, NONE WITH BML5 METHOD

    EDIT 22 apr 2013: use stock ROM, Helroz made this on the appstore. If you have newer Galaxy try this from Doky

    EDIT 7 nov 2011: BML5 method guide: http://xdaforums.com/showthread.php?t=1335548

    EDIT 10 oct 2011: Relock experience?: http://xdaforums.com/showpost.php?p=18294355&postcount=421

    EDIT 31 aug 2011: Now Supersafe (BML5) method: http://xdaforums.com/showpost.php?p=17148825&postcount=334

    EDIT 18 march 2011: Unsafe (STL5) method: http://xdaforums.com/showpost.php?p=12099386&postcount=6


    !!! THIS IS STILL EXPERIMENTAL !!! (OLD STUFF, please disregard)

    Before you do anything read the whole thread. It is still unclear why some phones were bricked
    ----------------------------------------------------------------------------

    Hi, Can anyone help me with this question? I have never had the original SIM card in it. Does that help?

    Finally i have I5500XWJJ6 rom installed, rooted the phone and used "adb shell su" to get into the shell. Now I cannot find the /efs file system? Why not?
    I am looking for the nv_data.bin :)

    Did something change with the newer firmwares?

    Read somewhere that it is /dev/bml11
    I copied it with dd if=/dev/bml11 of=/sdcard/bml11.img Then it only shows SER in the editor.

    With getprop I get (some numbers are deleted for privacy :) what can be set with setprop?
    Code: 
    # getprop
getprop
[ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
[ro.serialno]: []
[ro.bootmode]: [unknown]
[ro.baseband]: [unknown]
[ro.carrier]: [unknown]
[ro.bootloader]: [unknown]
[ro.hardware]: [GT-I5500]
[ro.revision]: [0]
[ro.emmc]: [0]
[wifi.interface]: [wlan0]
[ro.build.id]: [ERE27]
[ro.build.display.id]: [ERE27]
[ro.build.version.incremental]: [XWJJ6]
[ro.build.version.sdk]: [7]
[ro.build.version.codename]: [REL]
[ro.build.version.release]: [2.1-update1]
[ro.build.date]: [Thu Oct 21 18:41:03 KST 2010]
[ro.build.date.utc]: [1287654063]
[ro.build.type]: [user]
[ro.build.user]: [root]
[ro.build.host]: [SE-S611]
[ro.build.tags]: [test-keys]
[ro.product.model]: [GT-I5500]
[ro.product.brand]: [Samsung]
[ro.product.name]: [GT-I5500]
[ro.product.device]: [GT-I5500]
[ro.product.board]: [GT-I5500]
[ro.product.cpu.abi]: [armeabi]
[ro.product.manufacturer]: [Samsung]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [GB]
[ro.wifi.channels]: []
[ro.board.platform]: [msm7k]
[ro.build.PDA]: [I5500XWJJ6]
[ro.build.hidden_ver]: [I5500XWJJ6]
[ro.build.changelist]: [650697]
[ro.build.product]: [GT-I5500]
[ro.build.description]: [GT-I5500-user 2.1-update1 ERE27 XWJJ6 release-keys]
[ro.build.fingerprint]: [Samsung/GT-I5500/GT-I5500/GT-I5500:2.1-update1/ERE27/XWJJ6:user/release-keys]
[rild.libpath]: [/system/lib/libsec-ril.so]
[rild.libargs]: [-d /dev/smd0]
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[DEVICE_PROVISIONED]: [1]
[debug.sf.hw]: [0]
[ro.sf.lcd_density]: [120]
[dalvik.vm.heapsize]: [24m]
[ro.url.legal]: [http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html]
[ro.url.legal.android_privacy]: [http://www.google.com/intl/%s/mobile/android/basic/privacy.html]
[ro.com.google.locationfeatures]: [1]
[ro.setupwizard.mode]: [DISABLED]
[ro.com.google.gmsversion]: [2.1_r10]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.opengles.version]: [131072]
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[ro.config.sync]: [yes]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[ro.com.google.clientidbase]: [android-samsung]
[ro.com.google.clientidbase.yt]: [android-samsung]
[ro.com.google.clientidbase.am]: [android-samsung]
[ro.com.google.clientidbase.vs]: [android-samsung]
[ro.com.google.clientidbase.gmm]: [android-samsung]
[ro.csc.homescreen.defaultscreen]: [0]
[ro.csc.homescreen.screencount]: [7]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.ringtone]: [Club_Cubano.ogg]
[persist.sys.country]: [NL]
[persist.sys.localevar]: []
[persist.sys.timezone]: [Europe/Amsterdam]
[persist.sys.language]: [nl]
[audioflinger.bootsnd]: [0]
[ro.FOREGROUND_APP_ADJ]: [0]
[ro.VISIBLE_APP_ADJ]: [1]
[ro.SECONDARY_SERVER_ADJ]: [2]
[ro.BACKUP_APP_ADJ]: [2]
[ro.HOME_APP_ADJ]: [4]
[ro.HIDDEN_APP_MIN_ADJ]: [7]
[ro.CONTENT_PROVIDER_ADJ]: [14]
[ro.EMPTY_APP_ADJ]: [15]
[ro.FOREGROUND_APP_MEM]: [1536]
[ro.VISIBLE_APP_MEM]: [2048]
[ro.SECONDARY_SERVER_MEM]: [4096]
[ro.BACKUP_APP_MEM]: [4096]
[ro.HOME_APP_MEM]: [4096]
[ro.HIDDEN_APP_MEM]: [5120]
[ro.CONTENT_PROVIDER_MEM]: [6144]
[ro.EMPTY_APP_MEM]: [8960]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [4095,87380,110208,4096,16384,110208]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[init.svc.playlogo]: [stopped]
[init.svc.servicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.debuggerd]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.DR-daemon]: [running]
[init.svc.mobex-daemon]: [running]
[init.svc.cnd]: [restarting]
[init.svc.zygote]: [running]
[init.svc.media]: [running]
[init.svc.dbus]: [running]
[init.svc.wlan_tool]: [stopped]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.memsicd]: [stopped]
[init.svc.adbd]: [running]
[wlan.driver.status]: [ok]
[ril.dataoff_nwk_op]: [false]
[ro.csc.country_code]: [Russia]
[ro.csc.sales_code]: [SER]
[ril.ICC_TYPE]: [2]
[ril.rildReset]: [1]
[debug.sf.nobootanimation]: [0]
[EXTERNAL_STORAGE_STATE]: [mounted]
[init.svc.bootanim]: [stopped]
[ril.lac]: [0066]
[ril.cid]: [02bd45d9]
[hw.keyboards.65537.devname]: [europa_keypad0]
[hw.keyboards.0.devname]: [europa_headset]
[sys.settings_secure_version]: [10]
[init.svc.wpa_supplicant]: [running]
[sys.settings_system_version]: [41]
[dev.bootcomplete]: [1]
[dhcp.wlan0.result]: [ok]
[init.svc.dhcpcd]: [running]
[dhcp.wlan0.pid]: [18943]
[ro.runtime.started]: [1288831305799]
[dhcp.wlan0.reason]: [BOUND]
[gsm.version.ril-impl]: [Samsung RIL(IPC) v2.0]
[dhcp.wlan0.dns1]: [192.168.1.254]
[dhcp.wlan0.dns2]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.eons.name]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED]
[gsm.current.phone-type]: [1]
[dhcp.wlan0.ipaddress]: [192.168.1.94]
[dhcp.wlan0.gateway]: [192.168.1.254]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.server]: [192.168.1.254]
[net.dns1]: [192.168.1.254]
[net.dnschange]: [39]
[ril.prl_num]: [0]
[ril.sw_ver]: [I5500XWJG3]
[ril.hw_ver]: [MP 0.700]
[ril.rfcal_date]: [2010.09.18]
[ril.product_code]: [GT-I5500YKAVDP]
[ril.model_id]: []
[ril.bt_macaddr]: [101DC0D3380F]
[ril.wifi_macaddr]: [10:1D:C0:D3:38:10]
[ril.IMEI]: [.........263228]
[gsm.wifiConnected.active]: [true]
[dev.bootdone]: [1]
[init.svc.qcom-post-boot]: [stopped]
[gsm.version.baseband]: [I5500XWJG3]
[gsm.STK_SETUP_MENU]: [Fun & info]
[gsm.STK_USER_SESSION]: [0]
[ril.ecclist]: [112,911,112,911]
[gsm.network.type]: [UMTS]
[gsm.operator.alpha]: []
[gsm.operator.numeric]: [20404]
[gsm.operator.iso-country]: [nl]
[gsm.operator.isroaming]: [false]
[ril.rildSerial]: [..........g4kzu1ox]

    [gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED] is what I don't want to see :)

    Mount table:
    Code: 
    # mount
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/stl14 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl13 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl12 /system rfs ro,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0602,allow_utime=0020,codepage=cp437,iocharset=is
o8859-1,shortname=mixed,utf8 0 0

    Already looked in /init.rc for some efs reference but not found.

    Should I look into the ril app for some refrences to efs?

    Cheers

    EDIT1: Already got more http://forum.samdroid.net/f28/complete-imei-restore-how-1817/#post28598
    View
    3
    H
    hexio
    The bml5 method worked like a charm here. I'm writing to confirm it because the stl5 method bricked my first phone, which needed to be replaced, but with this new method everything went fine and I could unlock my (new) phone.

    I used a slight variation to the methods explained here that might be of use to other Linux users like myself, so I'll explain it here. But all the credit goes to tweakradje, of course. Many thanks! :)

    Phone details: Galaxy Europa (i5500) with stock Android 2.2 purchased recently.
    PC details: Laptop with Ubuntu 11.04
    Connection details: Standard wireless connection (wifi)

    Steps:

    1) Root the phone: I used Universal Androot
    2) Install a SSH server from the market. I installed SSHDroid which is free (with ads)
    3) Turn the phone into flight mode (not sure if necessary but I did it)
    4) Turn on the ssh daemon with SSHDroid, allow root permissions.
    5) Turn the wireless connection on and connect to the router, note the access details.

    Now in the computer, connected to the same router.

    6) Open a terminal, connect to the phone through SSH as root.
    7) Once connected, run the command: cat /dev/bml5 > /sdcard/bml5.img
    8) Copy the file to the computer. I used scp (copy over ssh) but any other method is good.
    9) Use vi to view the file in the laptop.
    10) Change to hexadecimal mode by pressing ESC :%!xxd
    11) Press / and then enter the pattern ffff ffff ffff 3030 3030 3030

    The code is there (8 digits) followed by 3 other sets of zeros.

    Good luck!
    View
    2
    T
    tweakradje
    WARNING

    Strange and sounds dangerous. Better not mount /dev/block/stl5 then and
    use dd if=/dev/block/stl5 of=/sdcard/stl5.rfs and use windows program winimage (or similar)
    to get the info from mits/perso.txt

    But did you unlock?

    Cheers
    View

New posts