• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

How to carrier/SIM unlock the Galaxy Tab [Updated Dec 5 2010]

Search This thread

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
Background: I unlocked my Tab first by hex editing my nv_data.bin file. It was perfect, my IMEI and device serial number were unharmed. Then I got my official unlock code from Tmobile. So I reverted to my original nv_data.bin, placed an AT&T SIM into the Tab and it rebooted, I entered the code, unlocked the Tab, then compared the original file to the newly unlocked file. Very minor changes. I wrote a program to do the modification and the resulting nv_data.bin file worked fine.

To clarify, I have a T-Mobile Tab and you must have rooted in order to do this.
I also have an AT&T tab and the same procedure works.
It also works on any GSM model.

Heres the edit points for those of you comfy with a hex editor:

Code:
0x181469 change this one byte from 01 to 00
0x18150e change this one byte to 00 if its not already

If you're going to do this, please back up your /efs folder! Do it twice even :) Save your backups for at least 11.5 years.

I just edit a copy of the nv_data.bin, then delete nv_data.bin and nv_data.bin.md5 in the phones /efs folder using Root Explorer, then copy my modified file back to the folder, then reboot. The nv_data.bin.md5 will be automatically regenerated for you.

I've even edited a copy of the file right on my Tab using the Hexeditor in the Market.

FYI, you can not swap nv_data.bin files from one phone to another, you get the bogus IMEI number as the file doesn't match the hardware IMEI number.



UPDATE: New easier way that doesn't involve learning how to hex edit :)

This requires you to be rooted and have busybox installed, which you should have but you can grab busybox installer from the market if not.

Backup the contents of the /efs folder on the phone first!!! Save your backups for at least 11.5 years.

From your computer, open an adb shell to your phone with the command:

Code:
adb shell

Then paste all the following commands into the shell window at once, in other words, one big cut n paste:

Code:
su
cd /sdcard
echo "this takes about 45 seconds"
if [ ! -f /sdcard/nv_data.bin.orig ]; then
  echo "copying file to /sdcard"
  cp /efs/nv_data.bin /sdcard/nv_data.bin.orig
fi
echo -en \\x00 > out0
dd if=nv_data.bin.orig of=out1 bs=1 count=1578089
dd if=nv_data.bin.orig of=out2 bs=1 skip=1578090 count=163
dd if=nv_data.bin.orig of=out3 bs=1 skip=1578254 
cat out1 out0 out2 out0 out3 > nv_data.bin.unlocked
rm out0 out1 out2 out3
rm /efs/nv_data.bin
cp nv_data.bin.unlocked /efs/nv_data.bin
rm /efs/nv_data.bin.md5
reboot

.


Wait 45 seconds for the whole process to complete.
Thats It! your phone will reboot and its carrier unlocked!

If you can't get internet access with your new SIM its because you haven't set the APN for this carrier. For the settings you need, Google "APN setting your_carriers_name_here" and put those settings in
Settings->Wireless->Mobile Networks->Access Point Names and then select it. Done!
 
Last edited:

leftbrain

Member
Nov 17, 2010
14
1
A little off topic here, in reference to your official unlock process....
did you have to put in AT&T's network settings before you entered your unlock code? I'm only asking because tech support had no solution for why my unlock codes doesn't work.
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
A little off topic here, in reference to your official unlock process....
did you have to put in AT&T's network settings before you entered your unlock code? I'm only asking because tech support had no solution for why my unlock codes doesn't work.

No, Its not related. Your code is compared to the data stored on the phone for a match. Nothing more. I really think they screwed up an IMEI digit when requesting your code.
 
  • Like
Reactions: cgerdb

Volker1

Senior Member
Jul 31, 2009
259
79
Code:
0x18150e change this one byte from 01 to 00

On my pristine T-Mo US tab this one is already 00. Are you sure you haven't accidentally swapped the values?
 

Volker1

Senior Member
Jul 31, 2009
259
79
It works! I did make all changes except the one at 0x18150e, that is:
Code:
0x180069 to 0x1800ce: change all these bytes from the values they are to ff
0x181469: change this one byte from 01 to 00
0x18150e: left this byte at 00

This unlocked my tab, I just sent me a text message with a German SIM card.
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
It works! I did make all changes except the one at 0x18150e, that is:
Code:
0x180069 to 0x1800ce: change all these bytes from the values they are to ff
0x181469: change this one byte from 01 to 00
0x18150e: left this byte at 00

This unlocked my tab, I just sent me a text message with a German SIM card.

Sweet, I reverted BOTH those bytes to 01 and I got the unlock prompt on next boot. So you ended up with 00 in both those bytes too?
 
  • Like
Reactions: cgerdb

calin75

Senior Member
Mar 6, 2008
467
35
Miami
So if I follow these steps on my t-mobile tab, and then I insert my att sim, I'll be getting edge with it, right?

Sent from my SGH-T849 using XDA App
 
Nov 6, 2010
42
2
A bit off topic... are we thinking that ATT's Tab will be euro-firmware flashable - giving us access to ATT's 3G network and the ability to make voice calls?
 

Croak

Senior Member
Oct 9, 2007
1,629
271
Mulberry
Just as soon as I can track down a firmware backup for my Bell Canada (850/1900) unit, I'll be trying the Euro firmware.

But I bet ya money that AT&T is doing the same thing T-Mobile is doing, and locking out the IMEI numbers of their tabs from voice services. Which means you'll likely need to import a Bell or Rogers unit, or spoof your IMEI (not something I'd recommend).
 

clubtech

Senior Member
Jun 26, 2007
1,915
353
USA
Just as soon as I can track down a firmware backup for my Bell Canada (850/1900) unit, I'll be trying the Euro firmware.

But I bet ya money that AT&T is doing the same thing T-Mobile is doing, and locking out the IMEI numbers of their tabs from voice services. Which means you'll likely need to import a Bell or Rogers unit, or spoof your IMEI (not something I'd recommend).

Sadly, I think you are going to be right.
I am keeping my eyes open on the Bell version to see how it will work with the euro firmware .
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
How did you get T-mobile to send a code? They tell me they can't do it yet.

Also, will this be usable as a phone if unlocked? At least abroad? I'm off to egypt, probably to use vodafone service.

Thanks!
Kevin

I paid full price, and then called then to explain I'm entitled to the unlock code. I had to fax my receipt to their Sim Unlock Team.

Unlocked means you can get internet via a different carriers SIM card. This doesnt give you phone capability, as they crippled the software, regardless of SIM inserted.
 

kevinsneel

Member
Jan 27, 2008
41
0
San Mateo, CA (SF Bay Area)
@wawoox: Yes, we go to Cairo, Luxor, and Aswan. I'd rather not publicize the dates on the web, however :(.

@rotohammer: Funny, I talked to them on phone and via chat and had no luck (slightly different answers from both, but neither said they even saw a mechanism yet). I assume by full price you mean $600, not the $700 unlocked price we see elsewhere? I too paid the $600, but I didn't mention it, thinking they'd know that; I assumed they treated the $600 as itself a discount. I guess I'll have to mention it and ask them to talk to that group. Thanks!
 

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
@rotohammer: Funny, I talked to them on phone and via chat and had no luck (slightly different answers from both, but neither said they even saw a mechanism yet).

When I talked to them, I made it clear, I paid the full unsubsidized price, then asked them, "so I am entitled to the unlock, right? All 4 customer service agents I spoke to said "yes". Now, the first two attempts by them failed, the third, where I was told to fax my receipt to them, worked. Its odd that I had to spend 3 days to do this, but I got what I was entitled to.

I paid $600.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 62
    Background: I unlocked my Tab first by hex editing my nv_data.bin file. It was perfect, my IMEI and device serial number were unharmed. Then I got my official unlock code from Tmobile. So I reverted to my original nv_data.bin, placed an AT&T SIM into the Tab and it rebooted, I entered the code, unlocked the Tab, then compared the original file to the newly unlocked file. Very minor changes. I wrote a program to do the modification and the resulting nv_data.bin file worked fine.

    To clarify, I have a T-Mobile Tab and you must have rooted in order to do this.
    I also have an AT&T tab and the same procedure works.
    It also works on any GSM model.

    Heres the edit points for those of you comfy with a hex editor:

    Code:
    0x181469 change this one byte from 01 to 00
    0x18150e change this one byte to 00 if its not already

    If you're going to do this, please back up your /efs folder! Do it twice even :) Save your backups for at least 11.5 years.

    I just edit a copy of the nv_data.bin, then delete nv_data.bin and nv_data.bin.md5 in the phones /efs folder using Root Explorer, then copy my modified file back to the folder, then reboot. The nv_data.bin.md5 will be automatically regenerated for you.

    I've even edited a copy of the file right on my Tab using the Hexeditor in the Market.

    FYI, you can not swap nv_data.bin files from one phone to another, you get the bogus IMEI number as the file doesn't match the hardware IMEI number.



    UPDATE: New easier way that doesn't involve learning how to hex edit :)

    This requires you to be rooted and have busybox installed, which you should have but you can grab busybox installer from the market if not.

    Backup the contents of the /efs folder on the phone first!!! Save your backups for at least 11.5 years.

    From your computer, open an adb shell to your phone with the command:

    Code:
    adb shell

    Then paste all the following commands into the shell window at once, in other words, one big cut n paste:

    Code:
    su
    cd /sdcard
    echo "this takes about 45 seconds"
    if [ ! -f /sdcard/nv_data.bin.orig ]; then
      echo "copying file to /sdcard"
      cp /efs/nv_data.bin /sdcard/nv_data.bin.orig
    fi
    echo -en \\x00 > out0
    dd if=nv_data.bin.orig of=out1 bs=1 count=1578089
    dd if=nv_data.bin.orig of=out2 bs=1 skip=1578090 count=163
    dd if=nv_data.bin.orig of=out3 bs=1 skip=1578254 
    cat out1 out0 out2 out0 out3 > nv_data.bin.unlocked
    rm out0 out1 out2 out3
    rm /efs/nv_data.bin
    cp nv_data.bin.unlocked /efs/nv_data.bin
    rm /efs/nv_data.bin.md5
    reboot
    
    .


    Wait 45 seconds for the whole process to complete.
    Thats It! your phone will reboot and its carrier unlocked!

    If you can't get internet access with your new SIM its because you haven't set the APN for this carrier. For the settings you need, Google "APN setting your_carriers_name_here" and put those settings in
    Settings->Wireless->Mobile Networks->Access Point Names and then select it. Done!
    3
    Code:
    0x18150e change this one byte from 01 to 00

    On my pristine T-Mo US tab this one is already 00. Are you sure you haven't accidentally swapped the values?

    I just double checked, and its correct for my files. So theres a good chance this may not work for you (or anyone else) until we can compare more files.
    3
    So if I follow these steps on my t-mobile tab, and then I insert my att sim, I'll be getting edge with it, right?

    Sent from my SGH-T849 using XDA App

    Yes indeed.
    2
    It works! I did make all changes except the one at 0x18150e, that is:
    Code:
    0x180069 to 0x1800ce: change all these bytes from the values they are to ff
    0x181469: change this one byte from 01 to 00
    0x18150e: left this byte at 00

    This unlocked my tab, I just sent me a text message with a German SIM card.
    2
    Sorry for the attached :'>. I was in frustration thinking I did something wrong with the command and the original file is too big. I actually resized it 4 times. What do you mean by "didn't get the last carriage return in there when you pasted the script"? Is it that I have to enter after I paste your script? When I pasted it, automatically there was processing going on. I did not have to wait just 1 sec. Or did you mean I have to enter after ######?
    The T-mobile Sim I have now is the only one from different carrier besides the ATT original. I just bought this 250MB data prepaid SIM for T-mob tab from T-mobile shop in order to test this. But I still cannot access the net :(

    "Accessing the net" is not something you can fix by SIM unlocking the Tab. All this procedure does is to allow you to boot the Tab with a different carriers SIM card installed and bypass the lock screen that would prevent you from even using the T-Mobile SIM.

    Before you do anything else, you need to describe what you can and can't do with clarity.

    If you insert the T-Mobile SIM card and then turn on the Tab, does it boot to the home screen or a black screen that prompts you for an unlock code?