Unlock your Samsung i5500 (Where is my /efs?) [UPDATE]

Search This thread
By:
Advanced…
W

woudwijk

New member
Nov 29, 2013
3
0
Galaxy gio unlock

tweakradje said:
EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse

hi, i tried to unlock my galaxy gio phone with this tutorial but it still does't unlock my phone it still asks for a network lock control key. The code i found in the mbl5 file is : 51302826. i tried to upload the file but it exeeds the max upload size. Can anyone please help me. Many thanks
 
Franck78

Franck78

Member
May 22, 2012
12
19
Near Paris
franck78.ath.cx
Hello,
just to say it's ok.
Visually finding the code may be easier than search strings.
When you check the locking state of the phone it replies with 4 locking status.
Quit sure the 3 remaining numbers are also unlocking codes.
So search for the pattern or go directly near offset 142000 (hex)

My phone was ON/OFF/OFF/OFF and is now OFF/OFF/OFF/OFF ;)
It is a GT-S5830 (galaxy ace) baseband S5830XXKB1 froy.pockC1

Time to update now.

Franck

/data/android-sdk-linux/platform-tools/bml5.txt 0x00142533 13%
00141E80 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141EA0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141EC0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141EE0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141F00 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141F20 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141F40 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141F60 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141F80 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141FA0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141FC0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00141FE0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
00142000 FF FF FF FF │ FF FF FF FF │ FF FF 31 36 │ 31 34 32 35 │ 38 32 FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF 16142582
00142020 FF FF FF FF │ FF FF FF FF │ FF FF 30 30 │ 30 30 30 30 │ 30 30 FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF 00000000
00142040 FF FF FF FF │ FF FF FF FF │ FF FF 30 30 │ 30 30 30 30 │ 30 30 FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF 00000000
00142060 FF FF FF FF │ FF FF FF FF │ FF FF 30 30 │ 30 30 30 30 │ 30 30 FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF 00000000
00142080 FF FF FF FF │ FF FF FF FF │ FF FF 00 00 │ 00 00 00 03 │ 05 05 05 05 │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF ..........
001420A0 FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF │ FF FF FF FF
 
C

carlos1984

Senior Member
Mar 31, 2011
182
11
tweakradje said:
EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse

tried this on my wind galax y ace 2 e T599v and I cannot find the bml5 file in dev/bml5, is there another way to unlock it.
 
Franck78

Franck78

Member
May 22, 2012
12
19
Near Paris
franck78.ath.cx
Hello,

do you think quoting an entire one page message really helps ?
There is no /dev/bml5 file ? Well, your device is just not similar and this solution is not applicable to it !
Unless your are more descriptive on 'your' phone/tests...

Franck
 
Z

zuzu512

New member
Feb 16, 2014
1
0
Unlock Sansung galay Gio

Hi,

I tried This
irst check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

and if every thing shows off it's because it is unlock ?








tweakradje said:
EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse
 
Y

yvautrin

New member
Mar 3, 2014
1
0
can't find bml5 file

Hi to all!

I know this question has been raised hundreds of time, but i can not find the bml5 file in /dev/ nor in /dev/block

It is a galaxy i8160, rooted...

Any help would really be appreciated!

Yann
 
M

milhastugas

New member
Oct 4, 2009
2
0
I can't find the unlock code, my phone is galaxy ace, someone can help?
attached the Hex file.
Tnk you.
 

Attachments

  • bml5.7z
    4 MB · Views: 57
S

sjp770

New member
Aug 8, 2014
2
0
milhastugas said:
I can't find the unlock code, my phone is galaxy ace, someone can help?
attached the Hex file.
Tnk you.
Click to expand...
Click to collapse

You haven't exported the right file. Check /dev/block/bml5 ?

---------- Post added at 07:53 AM ---------- Previous post was at 07:23 AM ----------

So I've rooted the phone and retrieved the bml5.img fine, found the 8 digit code and I cant unlock the phone. I have gone back to stock firmware and tried again and I get "Connection problem or invalid MMI code."

I don't have a third party SIM installed though. (phone locked to Telstra, telstra sim.)

Ideas?

This is happening with 5x phones of the same type.
 
droidshan

droidshan

Senior Member
Oct 17, 2013
56
4
Not working with SG grand Prime :SM-G530H!
after executing
- cat /dev/bml5>/sdcard/bml5.img
im getting error :: tmp-mksh: - not found.
 
Last85

Last85

Member
Nov 12, 2014
13
0
tweakradje said:
EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#

Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

Just found another way of doing it ;) Someone needs to do it. Thanks.

In a DOS box (phone does! need to be routed)

See for temporary rooting EDIT2 below!

- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above :)

I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.

That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code: 
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

In bml5.img
Code: 
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?

EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)

Let me know.

Cheers

EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone ;)
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
Click to expand...
Click to collapse
Thanks for your share, i need some help please I could´t find my code in the bml5 file.
 
kicsrules

kicsrules

Senior Member
Apr 13, 2012
198
9
Zero|Cool said:
Guys I found a new method (easier, no need for ADB) based on this one!!!

Bear in mind that my phone is a galaxy gio s5660, stock rom 2.3.4 (samfirmware.com)

This is what I did:

-I rooted it using the method on the galaxy gio main page (update.zip)
-Market - Terminal Emulator
-Press power button for a while till the menu pops up. Select airplane mode
-Open Terminal and write "su". Then the superuser app asks to give access to superuser, you say YES and tick REMEMBER (very important!)
-Close the terminal using the back button
-Re-open terminal and write: "cat /dev/bml5>/sdcard/bml5.img"
-Then you see it laggin for 1 second (its the writing the bml5 to the sd card)
-Then when cursor appears write: "exit" (one time)
-Then exit the aplication on the back button
-Plug the phone via USB to the computer and activate usb storage. Copy the bml5.img on the root of your SD card to your desktop
-Unplug the phone, press power for a sec and deactivate airplane mode
-download xvi32 and open the bml5 file with it.
-click on the search menu (hex string,case sensitive, scope from begin) and enter the following string:

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30

-Then click search again but instead of scope from begin select scope from cursor
- scroll down a bit and you will see the 8 couples of numbers with your unlock code (last digit from pair corresponds to the code)
-Turn off the phone, put another network sim card and start it. Put the code when asked to
-YOU'RE DONE


Worked on 3 gio's, no problems, no hangs, no loops, imei mac and bluetooth all in place. Safe :):D
Click to expand...
Click to collapse

thnx, worked on s5830L says network unlocked successful but the phone says no service :/
 
J

jappish84

New member
Dec 27, 2018
1
0
I'm having issues finding the code aswell, my "bml5.img" is only 9Mb and I can only find the first sequence of
Code: 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

I've uploaded the bml5.img to here (sorry, can't publish links yet so you will have to stich it together ) use tinyurlDOTcom SLASH ybwxhm96

if someone can take a look I'd really appreciate it. Thanks
 
Z

zukes1966

New member
Jun 29, 2014
1
0
SM-G357FZ

I am using the phone SM-G357 FZ, I have slightly different files in the / dev directory. I don't have bml5.
Do you have any suggestions on where to look for the code in / dev / block files

bootdevice
loop0
loop1
loop2
loop3
loop4
loop5
loop6
loop7
mmcblk0
mmcblk0p1
mmcblk0p10
mmcblk0p11
mmcblk0p12
mmcblk0p13
mmcblk0p14
mmcblk0p15
mmcblk0p16
mmcblk0p17
mmcblk0p18
mmcblk0p19
mmcblk0p2
mmcblk0p20
mmcblk0p21
mmcblk0p22
mmcblk0p23
mmcblk0p24
mmcblk0p25
mmcblk0p26
mmcblk0p27
mmcblk0p3
mmcblk0p4
mmcblk0p5
mmcblk0p6
mmcblk0p7
mmcblk0p8
mmcblk0p9
mmcblk0rpmb
mmcblk1
mmcblk1p1
param
platform
ram0
ram1
ram10
ram11
ram12
ram13
ram14
ram15
ram2
ram3
ram4
ram5
ram6
ram7
ram8
ram9
vold
zram0
 
You must log in or register to reply here.

Similar threads

Anzil R
  • Locked
  • Poll
[CLOSED][Updated 11/9/2019] [UNLOCK] [NETWORK] [CARRIER] any samsung device with Samsung Tool
Replies
228
Views
296K
SacredDeviL666
SacredDeviL666
K
Support List of KingRoot [Samsung]
Replies
284
Views
937K
Tousifmeer
Tousifmeer
tdunham
[Guides & Links] TOUCHWIZ UNIFIED MODS THREAD
Replies
12K
Views
2M
J
josephpatrick
K
Samsung Rugby Pro (SGH-I547) Super Thread
Replies
1K
Views
355K
Largen
Largen
Area51©
[MOD] AppRadio Unchained - Full mirroring for Pioneer AppRadio 2 and 3
Replies
10K
Views
2M
Area51©
Area51©

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 51
    T
    tweakradje
    New method with /dev/bml5

    EDIT: first goto OP of this thread for latest news: http://xdaforums.com/showthread.php?t=828534

    Note: first check if your phone is locked at all. Obvious, but some forget it.
    Goto dialer and type: *#7465625#

    Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode

    Just found another way of doing it ;) Someone needs to do it. Thanks.

    In a DOS box (phone does! need to be routed)

    See for temporary rooting EDIT2 below!

    - adb shell
    - su
    - cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
    - exit (2x)
    - adb pull /sdcard/bml5.img
    - now open in hex editor on PC (like xvi32)
    - find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)
    - my unlock code is at #1282C0A
    - put locked sim in phone, boot and enter code from above :)

    I did reboot twice without any problems. Also checked other bml5 images found on xda.
    All have the unlock code in it !!! If your phone is not SP locked you will have 000000
    instead of provider code in the same block.

    That is perso.txt but 00 are FF.
    In perso.txt from stl5:
    Code: 
    00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    In bml5.img
    Code: 
    FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36  = 61493638 (my unlock code)
33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33
35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03
05 03 05 05

    Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
    30 30 ?

    EDIT: find the proper block with hex search:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
    Scroll a few pages of FF's down until you see the first number (unlock code)

    Let me know.

    Cheers

    EDIT:
    The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
    VFAT. Only by stl5 device. But that is dangerous as we have seen before.
    You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
    Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
    So for now you have to do with the FSR_STL file and search in it for your unlock code.
    More on Samsungs FLASH system: http://xdaforums.com/showthread.php?t=801223

    EDIT2:
    For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
    - download RageAndAdb.zip from attachement and unpack
    - put rageagainstthecage ELF executable in user writeable part of your phone:
    1) adb push rageagainstthecage /data/local/tmp
    2) adb shell
    3) cd /data/local/tmp
    4) chmod 777 rageagainstthecage
    5) ./rageagainstthecage
    - back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
    - start adb shell again
    - now you are superuser on your phone ;)
    - continue with bml5 dump as written above
    Samsung USB drivers can be found here: http://xdaforums.com/showpost.php?p=12099386&postcount=6
    View
    8
    T
    tweakradje
    SP unlock your i5500 (probably more)

    EDIT: Phones has been bricked with this stl5 method. Do use supersafe bml5 method.
    http://xdaforums.com/showpost.php?p=17148825&postcount=334

    Since I can't give up on this one I digged a little further into my i5500 memory.

    Guess what? I f.ckin did it. Big hoora. I'am good I know ;) Thank you!

    Code: 
    - root your phone
- adb shell
- su
- cd /
- mount -o remount,rw -t rootfs rootfs / (or do it before adb with root explorer)
- mkdir /efs
- mount -o nosuid,ro,nodev -t vfat /dev/block/stl5 /efs
- cat /efs/mits/perso.txt
- umount /efs
- reboot

    EDIT: stl5 is es-tee-el-five (like STL5)

    EDIT: /efs on the Galaxy the /etc/fstab says: mount rfs /dev/block/stl5 /efs nosuid nodev check=no

    You will see some numbers: In my case 20404 for Vodafone NL.
    Then you will see your SP unlock code followed by some 000000000 codes and another
    code. Write the first one (and second just in case) down.

    Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

    Cheers

    EDIT:
    Rooting: http://blog.23corner.com/2010/08/30/universal-androot-1-6-2-beta-5/
    Rooting newer roms: http://xdaforums.com/showthread.php?t=803682. Need reboot after.
    Adb and USB drivers: see attachement

    EDIT: possible fix for bad imei after doing above procedure:
    http://xdaforums.com/showpost.php?p=15408191&postcount=4

    EDIT: nice tutorial for my method - http://xdaforums.com/showthread.php?p=16597429
    View
    7
    T
    tweakradje
    ALL PHONES HAVE BEEN BRICKED USING THE DD METHOD, SOME WITH STL5 METHOD, NONE WITH BML5 METHOD

    EDIT 22 apr 2013: use stock ROM, Helroz made this on the appstore. If you have newer Galaxy try this from Doky

    EDIT 7 nov 2011: BML5 method guide: http://xdaforums.com/showthread.php?t=1335548

    EDIT 10 oct 2011: Relock experience?: http://xdaforums.com/showpost.php?p=18294355&postcount=421

    EDIT 31 aug 2011: Now Supersafe (BML5) method: http://xdaforums.com/showpost.php?p=17148825&postcount=334

    EDIT 18 march 2011: Unsafe (STL5) method: http://xdaforums.com/showpost.php?p=12099386&postcount=6


    !!! THIS IS STILL EXPERIMENTAL !!! (OLD STUFF, please disregard)

    Before you do anything read the whole thread. It is still unclear why some phones were bricked
    ----------------------------------------------------------------------------

    Hi, Can anyone help me with this question? I have never had the original SIM card in it. Does that help?

    Finally i have I5500XWJJ6 rom installed, rooted the phone and used "adb shell su" to get into the shell. Now I cannot find the /efs file system? Why not?
    I am looking for the nv_data.bin :)

    Did something change with the newer firmwares?

    Read somewhere that it is /dev/bml11
    I copied it with dd if=/dev/bml11 of=/sdcard/bml11.img Then it only shows SER in the editor.

    With getprop I get (some numbers are deleted for privacy :) what can be set with setprop?
    Code: 
    # getprop
getprop
[ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
[ro.serialno]: []
[ro.bootmode]: [unknown]
[ro.baseband]: [unknown]
[ro.carrier]: [unknown]
[ro.bootloader]: [unknown]
[ro.hardware]: [GT-I5500]
[ro.revision]: [0]
[ro.emmc]: [0]
[wifi.interface]: [wlan0]
[ro.build.id]: [ERE27]
[ro.build.display.id]: [ERE27]
[ro.build.version.incremental]: [XWJJ6]
[ro.build.version.sdk]: [7]
[ro.build.version.codename]: [REL]
[ro.build.version.release]: [2.1-update1]
[ro.build.date]: [Thu Oct 21 18:41:03 KST 2010]
[ro.build.date.utc]: [1287654063]
[ro.build.type]: [user]
[ro.build.user]: [root]
[ro.build.host]: [SE-S611]
[ro.build.tags]: [test-keys]
[ro.product.model]: [GT-I5500]
[ro.product.brand]: [Samsung]
[ro.product.name]: [GT-I5500]
[ro.product.device]: [GT-I5500]
[ro.product.board]: [GT-I5500]
[ro.product.cpu.abi]: [armeabi]
[ro.product.manufacturer]: [Samsung]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [GB]
[ro.wifi.channels]: []
[ro.board.platform]: [msm7k]
[ro.build.PDA]: [I5500XWJJ6]
[ro.build.hidden_ver]: [I5500XWJJ6]
[ro.build.changelist]: [650697]
[ro.build.product]: [GT-I5500]
[ro.build.description]: [GT-I5500-user 2.1-update1 ERE27 XWJJ6 release-keys]
[ro.build.fingerprint]: [Samsung/GT-I5500/GT-I5500/GT-I5500:2.1-update1/ERE27/XWJJ6:user/release-keys]
[rild.libpath]: [/system/lib/libsec-ril.so]
[rild.libargs]: [-d /dev/smd0]
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[DEVICE_PROVISIONED]: [1]
[debug.sf.hw]: [0]
[ro.sf.lcd_density]: [120]
[dalvik.vm.heapsize]: [24m]
[ro.url.legal]: [http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html]
[ro.url.legal.android_privacy]: [http://www.google.com/intl/%s/mobile/android/basic/privacy.html]
[ro.com.google.locationfeatures]: [1]
[ro.setupwizard.mode]: [DISABLED]
[ro.com.google.gmsversion]: [2.1_r10]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.opengles.version]: [131072]
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[ro.config.sync]: [yes]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[ro.com.google.clientidbase]: [android-samsung]
[ro.com.google.clientidbase.yt]: [android-samsung]
[ro.com.google.clientidbase.am]: [android-samsung]
[ro.com.google.clientidbase.vs]: [android-samsung]
[ro.com.google.clientidbase.gmm]: [android-samsung]
[ro.csc.homescreen.defaultscreen]: [0]
[ro.csc.homescreen.screencount]: [7]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.ringtone]: [Club_Cubano.ogg]
[persist.sys.country]: [NL]
[persist.sys.localevar]: []
[persist.sys.timezone]: [Europe/Amsterdam]
[persist.sys.language]: [nl]
[audioflinger.bootsnd]: [0]
[ro.FOREGROUND_APP_ADJ]: [0]
[ro.VISIBLE_APP_ADJ]: [1]
[ro.SECONDARY_SERVER_ADJ]: [2]
[ro.BACKUP_APP_ADJ]: [2]
[ro.HOME_APP_ADJ]: [4]
[ro.HIDDEN_APP_MIN_ADJ]: [7]
[ro.CONTENT_PROVIDER_ADJ]: [14]
[ro.EMPTY_APP_ADJ]: [15]
[ro.FOREGROUND_APP_MEM]: [1536]
[ro.VISIBLE_APP_MEM]: [2048]
[ro.SECONDARY_SERVER_MEM]: [4096]
[ro.BACKUP_APP_MEM]: [4096]
[ro.HOME_APP_MEM]: [4096]
[ro.HIDDEN_APP_MEM]: [5120]
[ro.CONTENT_PROVIDER_MEM]: [6144]
[ro.EMPTY_APP_MEM]: [8960]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [4095,87380,110208,4096,16384,110208]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[init.svc.playlogo]: [stopped]
[init.svc.servicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.debuggerd]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.DR-daemon]: [running]
[init.svc.mobex-daemon]: [running]
[init.svc.cnd]: [restarting]
[init.svc.zygote]: [running]
[init.svc.media]: [running]
[init.svc.dbus]: [running]
[init.svc.wlan_tool]: [stopped]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.memsicd]: [stopped]
[init.svc.adbd]: [running]
[wlan.driver.status]: [ok]
[ril.dataoff_nwk_op]: [false]
[ro.csc.country_code]: [Russia]
[ro.csc.sales_code]: [SER]
[ril.ICC_TYPE]: [2]
[ril.rildReset]: [1]
[debug.sf.nobootanimation]: [0]
[EXTERNAL_STORAGE_STATE]: [mounted]
[init.svc.bootanim]: [stopped]
[ril.lac]: [0066]
[ril.cid]: [02bd45d9]
[hw.keyboards.65537.devname]: [europa_keypad0]
[hw.keyboards.0.devname]: [europa_headset]
[sys.settings_secure_version]: [10]
[init.svc.wpa_supplicant]: [running]
[sys.settings_system_version]: [41]
[dev.bootcomplete]: [1]
[dhcp.wlan0.result]: [ok]
[init.svc.dhcpcd]: [running]
[dhcp.wlan0.pid]: [18943]
[ro.runtime.started]: [1288831305799]
[dhcp.wlan0.reason]: [BOUND]
[gsm.version.ril-impl]: [Samsung RIL(IPC) v2.0]
[dhcp.wlan0.dns1]: [192.168.1.254]
[dhcp.wlan0.dns2]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.eons.name]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED]
[gsm.current.phone-type]: [1]
[dhcp.wlan0.ipaddress]: [192.168.1.94]
[dhcp.wlan0.gateway]: [192.168.1.254]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.server]: [192.168.1.254]
[net.dns1]: [192.168.1.254]
[net.dnschange]: [39]
[ril.prl_num]: [0]
[ril.sw_ver]: [I5500XWJG3]
[ril.hw_ver]: [MP 0.700]
[ril.rfcal_date]: [2010.09.18]
[ril.product_code]: [GT-I5500YKAVDP]
[ril.model_id]: []
[ril.bt_macaddr]: [101DC0D3380F]
[ril.wifi_macaddr]: [10:1D:C0:D3:38:10]
[ril.IMEI]: [.........263228]
[gsm.wifiConnected.active]: [true]
[dev.bootdone]: [1]
[init.svc.qcom-post-boot]: [stopped]
[gsm.version.baseband]: [I5500XWJG3]
[gsm.STK_SETUP_MENU]: [Fun & info]
[gsm.STK_USER_SESSION]: [0]
[ril.ecclist]: [112,911,112,911]
[gsm.network.type]: [UMTS]
[gsm.operator.alpha]: []
[gsm.operator.numeric]: [20404]
[gsm.operator.iso-country]: [nl]
[gsm.operator.isroaming]: [false]
[ril.rildSerial]: [..........g4kzu1ox]

    [gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED] is what I don't want to see :)

    Mount table:
    Code: 
    # mount
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/stl14 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl13 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl12 /system rfs ro,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0602,allow_utime=0020,codepage=cp437,iocharset=is
o8859-1,shortname=mixed,utf8 0 0

    Already looked in /init.rc for some efs reference but not found.

    Should I look into the ril app for some refrences to efs?

    Cheers

    EDIT1: Already got more http://forum.samdroid.net/f28/complete-imei-restore-how-1817/#post28598
    View
    3
    H
    hexio
    The bml5 method worked like a charm here. I'm writing to confirm it because the stl5 method bricked my first phone, which needed to be replaced, but with this new method everything went fine and I could unlock my (new) phone.

    I used a slight variation to the methods explained here that might be of use to other Linux users like myself, so I'll explain it here. But all the credit goes to tweakradje, of course. Many thanks! :)

    Phone details: Galaxy Europa (i5500) with stock Android 2.2 purchased recently.
    PC details: Laptop with Ubuntu 11.04
    Connection details: Standard wireless connection (wifi)

    Steps:

    1) Root the phone: I used Universal Androot
    2) Install a SSH server from the market. I installed SSHDroid which is free (with ads)
    3) Turn the phone into flight mode (not sure if necessary but I did it)
    4) Turn on the ssh daemon with SSHDroid, allow root permissions.
    5) Turn the wireless connection on and connect to the router, note the access details.

    Now in the computer, connected to the same router.

    6) Open a terminal, connect to the phone through SSH as root.
    7) Once connected, run the command: cat /dev/bml5 > /sdcard/bml5.img
    8) Copy the file to the computer. I used scp (copy over ssh) but any other method is good.
    9) Use vi to view the file in the laptop.
    10) Change to hexadecimal mode by pressing ESC :%!xxd
    11) Press / and then enter the pattern ffff ffff ffff 3030 3030 3030

    The code is there (8 digits) followed by 3 other sets of zeros.

    Good luck!
    View
    2
    T
    tweakradje
    WARNING

    Strange and sounds dangerous. Better not mount /dev/block/stl5 then and
    use dd if=/dev/block/stl5 of=/sdcard/stl5.rfs and use windows program winimage (or similar)
    to get the info from mits/perso.txt

    But did you unlock?

    Cheers
    View

New posts