[HOWTO] Software Unlock; How to unlock Bell Galaxy S Vibrant i9000M

Search This thread

AllGamer

Retired Forum Moderator
  • May 24, 2008
    11,886
    1,646
    Razer Phone 2
    Motorola One Action
    Now that we have enough people with the new version on hand already.

    It's time to setup this topic.

    The aim obviously is to unlock this the Bell Galaxy S Vibrant i9000M

    There are possibly 3 ways to go about this:
    1. Software
    2. Hardware
    3. Pay $75 the carrier and get the unlock code after 60 days of purchase, or until some online unlockers gets the code, which ever first.
    4. Pay $35 to rhcp0112345 for the hack unlock method
    5. Self Hex Hack unlock method

    Past experiences in the PalmOS world leads me to believe it should be possible to be unlocked via software/firmware, so rooting the phone will be the first thing to do

    For hardware unlocking we'll be able to confirm once the iSim I've ordered arrives next week more or less

    Bell will not provide the unlock code until their "exclusivity" expires which is roughly November, that's when Fido/Rogers will get their own locked version for sure.

    So, I'm inviting any Android/Mobiles developers to pitch in with any ideas or if they know more or what to look for, change edit, hack replace, flash, etc.

    That's why i bough this device, it'll be a guineapig to possibly find the software unlocking method (flashing a ROM count as software)

    Stock Bell firmware:
    PDA/Phone: i9000ugjg9
    CSC: i9000bmcjg9

    WARNING: for anyone reading this DO NOT use the firmwares for the USA Vibrant / Captive, the Bell Vibrant is closer to the i9000 than to the USA variants

    - Update 1 -
    Adding unlock bounty! it actually started on the SGS Captivate subforum http://forum.xda-developers.com/showthread.php?t=739201
    Condition to hit the jackpot, it must be unlocked via software ROM flash, SPL, or something along the line.
    Lets all pitch in to make it work for all the SGS phones.

    List of members pledge & donation:
    AllGamer paid "unlocked" via ismartsim then by SGUX
    MKVFTW withdrawn he paid $75 to Bell way to get it unlocked
    SS2006 $25 payment pending
    decepticon paid unlocked by rhcp0112345
    BA_Flash_GOD paid unlocked by rhcp0112345

    - Update 2 -
    rhcp0112345 found out how to hex hack unlock the phone, it requires a file dump and a $35 fee.

    The bounty would still apply for anyone Developer able to release a ease to use software unlock for all XDA member at no charge, but if you can't wait you can go with rhcp0112345 solution or the self hack solution.

    - update 3 - [BOUNTY] goes to
    rhcp0112345 for finding the hack, and allowing rbnet.it and marcopon to create the SGUX tool for all of us.

    Please donate to our XDA members that made it all possible for you.

    AllGamer for jump-starting this project and providing the initial bounty, and for his regular contribution in the SGS forum
    rhcp0112345 for finding the hack
    rbnet.it & marcopon for the SGUX tool
    DaGentooBoy for keeping the Unlock Guide updated with the latest changes
     
    Last edited:

    AllGamer

    Retired Forum Moderator
  • May 24, 2008
    11,886
    1,646
    Razer Phone 2
    Motorola One Action
    Step 1. root your phone

    Bell's I9000M is slightly different than the regular I9000
    most of the root methods mentioned on other topics will not work.
    Even the 3 button recovery mode has been disabled

    After some experimentation this is the working method
    download the update.zip from this topic (Thanks to jentech)
    http://ip208-100-42-21.static.xda-developers.com/showpost.php?p=7536130&postcount=11

    then you need to run adb devices to make sure your phone is listed

    (ADB is part of Android SDK, download it from the source http://developer.android.com/sdk/index.html )

    if you get something like
    Code:
    adb.exe devices
    List of devices attached
    900098c722a9    device
    (if you run adb.exe devices and comes back with an empty list, then make sure you have set the phone into debugging mode Application > Settings > Development > USB Debugging)

    then you are can execute
    adb.exe reboot recovery

    this will take you to the recovery screen

    now if your device works with the Power + Volume Up + Home button, then you can skip that, however in my case the 3 button mode didn't work

    select the update.zip with the volume up/down button, then hit home screen, it should say installing in yellow, then you are done, it reboots back to normal, and now you can install Busy Box


    Step 2. Self Hex Hack unlock method
    Once you are done Rooting the phone

    1. Run ADB Devices on your PC
    open CMD
    change to your Android SDK folder
    type ADB devices
    hit Enter
    it should show your phone listed
    if not then check to make sure you have Enabled the USB debugging in Applications < Settings in your phone

    2. Once successful with the above step
    type ADB Shell
    hit Enter
    type SU
    hit Enter
    back on your phone screen you should see a pop up for "Superuser Permission" (try to keep your screen on, the timer automatically turns the screen off, you might miss the pop up message)
    "grant it permission" to allow, else you will get a "permission denied"

    3. back on the ADB shell
    type cd /dev/block
    hit Enter
    type dd if=/dev/block/bml3 of=/sdcard/bml3.bak
    hit Enter
    you should get something like

    Code:
    20480+0 records in
    20480+0 records out
    10485760 bytes transferred in 0.826 secs (12694624 bytes/sec)

    the bml3.bak file should now be at the root of your internal SD card

    4. Unplug the USB cable from the phone
    Disable the USB debugging in Applications < Settings

    5. Plug the USB cable back to the phone
    Use either Samsung Kies mode, or Mass Storage mode

    6. Copy the bml3.bak file from the internal SD card to your working folder where you have downloaded SGUX2

    7. Run CMD
    CD (change directory ) to the folder where you have the files
    execute/run sgux2.exe bml3.bak (assuming both files are in the same folder)

    then you should get something like this
    Code:
    SGUX v0.92b (C) 2010 By Mark0 & rbnet
    Samsung Galaxy Unlock code eXtractor
    (based on info by rhcp0112345 & RazvanG)
    
    Opening file <bml3.bak>...
    Searching code block...
    Found.
    Searching codes...
    
    Freeze code        : 98765432
    Network Control Key: 12345678

    8. power off your phone
    9. power the phone back on
    10. now enter the NCK (Network Control Key) code you found on step 2 part 7

    It should say "Requesting network unlock"
    followed by "Network unlock successful"

    Done, enjoy your phone with your favorite network.




    *** Alternative Unlock Methods ***

    Hardware unlock method
    Get an imartsim from ebay or deal extreme

    Software unlock method
    easier than ever please see guide for details
    http://forum.xda-developers.com/showthread.php?t=761045
    img.php


    Bell unlock method
    Call Bell convince them to unlock you, and Pay $75

    Paid Hack unlock method
    Guys.

    If you cannot wait. I found an easier way for me to get the codes for you. And the file is 10MB. and if you zip prob smaller as hell.

    Code:
    adb shell
    cd /dev/block
    # dd if=/dev/block/bml3 of=/sdcard/bml3.bak
    copy to computer / upload

    Send me $35 USD to [email protected]
    original topic link http://forum.xda-developers.com/showpost.php?p=7772955&postcount=588
     
    Last edited:

    leegoon84

    Senior Member
    Jul 13, 2006
    231
    4
    I tired flashing Asian EU version of radio but no luck.
    I believe simlock is something totally different,
    I ended up using a sim adapter that was lying around for last 2 years.

    Put the sim adapter along with my fido sim
    settings, APN typein APN setting (internet.fido.ca)
    3G is now active,
    I can make calls and recieve calls.

    EDIT:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    http://www.dealextreme.com/
    you can order any sim adapter, they all do the same thing.
    +++++++++++++++++++++++++++++++
    When you FLASH to JP3
    don't flash the RADIO, (just flash PDA with 512)
    I find RADIO FW on Stock BELL ROM works better than the one included in the JP3.
    =======================================================================
    BTW you don't have Vibrant,
    you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
    =======================================================================
    Another weird thing I noticed,
    the "download mode" for Odin (press vol down home pwr)
    works on one of the phones only.
    for the other phone, I had to plug in debugging mode and use "ADB reboot in recovery command.
    ======================================================================
    I ended up exchanging my 2nd galaxy S, If you can't put your phone into ""download mode"
    there's something wrong with your phone.
    as far as the unlock sim goes, yes it's like a turbo sim, any adapter will do.
    but the problem I noticed, 3G works great, I can make outgoing calls, BUT 1 out of 2 times, incoming call goes directly to my voicemail.
    it's probably because of my sim not seen as fido sim on the network.
    neways, I am going to try.
    http://unlockgenie.com/ for factory unlock code.
    they have the lowest price for bell unlock so far 26$
    ====================================================
    I assembled one click solution for ADB , no need for command line,
    double click the bat file while connected in DEBUG mode.
    it's for those people who are having trouble getting into the download mode by pressing keys.

    http://www.megaupload.com/?d=3H9UZNI4
     
    Last edited:

    leegoon84

    Senior Member
    Jul 13, 2006
    231
    4
    you can also unlock it using SAMSUNG factory code.
    you can get one code for around 25~30$ US

    seeing that EU version of the froyo rom JP3
    works fine with i9000m 3G
    I'm guessing I am on NAM network. (despite the radio rom being EU version)
     

    Benjamin Dobell

    Inactive Recognized Developer
    Jul 1, 2010
    843
    597
    Melbourne
    www.glassechidna.com.au
    Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.
     

    AllGamer

    Retired Forum Moderator
  • May 24, 2008
    11,886
    1,646
    Razer Phone 2
    Motorola One Action
    Well I started looking through the Android source for where it determines if a device is network locked but I got lost after a while (I'll have another go later). Presumably it's stored on a chips firmware that you can't easily flash, however just in case... Would someone mind backing up their whole system exactly prior to unlocking and then again afterwards using clockwork mod so we can look for changes.

    that's my plan, in the worse case scenario then we can de-brick and reload the original firmware that came with Bell

    i'll be trying more stuff later today, still at work :p
     

    Beast11

    Senior Member
    Mar 25, 2009
    215
    7
    Dublin
    Im looking into getting this phone as well... problem im not sure if the deving for the tmobile vibrant will transfer directly over to the bell galaxy s...

    Anyone try rooting the bell one with the root out for that phone??

    Edit: Nvm just saw that the root is for the i9000 :|

    But still would the root for the tmobile version work on this and vice versa?
     
    Last edited:

    sl8125

    Senior Member
    Mar 30, 2006
    953
    17
    Subscribed. Going to follow this thread til DEATH. Now i need solution to buy one. Someone please find a vendor that ships to US.
     
    M

    Muhamadabdelaall

    Guest
    you can also unlock it using SAMSUNG factory code.
    you can get one code for around 25~30$ US

    seeing that EU version of the froyo rom JP3
    works fine with i9000m 3G
    I'm guessing I am on NAM network. (despite the radio rom being EU version)
    Which site can I pay & sim unlock it please?
     

    Daneshm90

    Retired Recognized Developer
    Jun 1, 2009
    3,332
    661
    Yea same, subscribed.

    Im on the same boat as some of u : Want to trade up my magic for bell i9000

    But first i must wait for unlock. Root is already done. Then for a vibrant cm6 to be out and see if someone can flash and see how well it works out. Considering its identical hardware except for a few soft buttons + front facing camera, i wouldn't be surprised if its the same deal as with g1 / 32a magic.
     
    M

    Muhamadabdelaall

    Guest
    Now that we have enough people with the new version on hand already.

    It's time to setup this topic.

    The aim obviously is to unlock this the Bell Galaxy S Vibrant i9000M

    There are possibly 3 ways to go about this:
    1. Software
    2. Hardware
    3. Pay $75 the carrier and get the unlock code after 60 days of purchase, or until some online unlockers gets the code, which ever first.

    Past experiences in the PalmOS world leads me to believe it should be possible to be unlocked via software/firmware, so rooting the phone will be the first thing to do

    For hardware unlocking we'll be able to confirm once the iSim I've ordered arrives next week more or less

    Bell will not provide the unlock code until their "exclusivity" expires which is roughly November, that's when Fido/Rogers will get their own locked version for sure.

    So, I'm inviting any Android/Mobiles developers to pitch in with any ideas or if they know more or what to look for, change edit, hack replace, flash, etc.

    That's why i bough this device, it'll be a guineapig to possibly find the software unlocking method (flashing a ROM count as software)

    Stock Bell firmware:
    PDA/Phone: i9000ugjg9
    CSC: i9000bmcjg9

    Guys,

    I just called "Bell" again & I was transfered to a "level 2" technical support informing me that these are the conditions to sim unlock it:

    1- Have to be on an Active account even a prepaid is ok.
    2- Have to be after 30 days of activating the account.
    3- Unlocking will be instant right on the phone for $75.

    Seems like we can't do it that way, anyone knows a paid way of sim unlocking it rightaway from any site?
     

    BA_Flash_GOD

    Senior Member
    Sep 12, 2006
    315
    2
    Yay

    Hah glad to see it, and glad there will be quick dev on this device. I'm with the other USA folks in here like stated before, we just need to wait a bit to see it around online or know one of our fine neighbors to the north to hook a bro up hah. Thanks guys will be checking this out.

    ** at least it's not so bad having to wait for us US folk then if it's currently unlockable. Heck i'll thrown down a couple bucks to whomever pulls it off as well
     
    Last edited:

    ziadsa

    Senior Member
    Jun 28, 2007
    98
    7
    I tired flashing Asian EU version of radio but no luck.
    I believe simlock is something totally different,
    I ended up using a sim adapter that was lying around for last 2 years.

    Put the sim adapter along with my fido sim
    settings, APN typein APN setting (internet.fido.ca)
    3G is now active,
    I can make calls and recieve calls.

    EDIT:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    http://www.dealextreme.com/
    you can order any sim adapter, they all do the same thing.
    +++++++++++++++++++++++++++++++
    When you FLASH to JP3
    don't flash the RADIO, (just flash PDA with 512)
    I find RADIO FW on Stock BELL ROM works better than the one included in the JP3.
    =======================================================================
    BTW you don't have Vibrant,
    you have I9000 don't flash CAPTIVATE, VIBRANT ROMS
    =======================================================================
    Another weird thing I noticed,
    the "download mode" for Odin (press vol down home pwr)
    works on one of the phones only.
    for the other phone, I had to plug in debugging mode and use "ADB reboot in recovery command.



    what adapter are you using? kind of turbo sim? what is called to use it while waiting for unlock code?
    i have old iphone turbo sim, i have no clue if this can be used , as i tried it still no network
     

    rkantos

    Senior Member
    Jun 22, 2010
    116
    2
    Guys, just get a code from unlockallcellular.com. I got my European I9000 unlock code from there.

    Sent from my GT-I9000 using XDA App